vivek hacktivity 2012
Post on 30-Oct-2015
50 Views
Preview:
DESCRIPTION
TRANSCRIPT
-
SecurityTube.net
Cracking WPA/WPA2 Personal + Enterprise for Fun and Prot
Vivek Ramachandran Founder, SecurityTube.net vivek@securitytube.net
-
SecurityTube.net
Shameless Self PromoHon
WEP Cloaking Defcon 19
Cae LaNe ANack Toorcon 9
MicrosoP Security Shootout
Wi-Fi Malware, 2011
802.1x, Cat65k Cisco Systems
B.Tech, ECE IIT GuwahaH
Media Coverage CBS5, BBC Trainer, 2011
-
SecurityTube.net
SecurityTube.net
Students in 65+ Countries
-
SecurityTube.net
Backtrack 5 Wireless PenetraHon TesHng
hNp://www.amazon.com/BackTrack-Wireless-PenetraHon-TesHng-Beginners/dp/1849515581/
-
SecurityTube.net
Agenda
WPA/WPA2 PSK Cracking Speeding up the cracking process AP-less WPA/WPA2 PSK Cracking Hole 196 WPS ANack Windows 7+ Wi-Fi Backdoors WPA/WPA2 Enterprise PEAP, EAP-TTLS
-
SecurityTube.net
Understanding WPA/WPA2
-
SecurityTube.net
Why WPA - WEP Broken Beyond Repair
AirTight 2007
2001 - The insecurity of 802.11, Mobicom, July 2001 N. Borisov, I. Goldberg and D. Wagner.
2001 - Weaknesses in the key scheduling algorithm of RC4. S. Fluhrer, I. ManHn, A. Shamir. Aug 2001.
2002 - Using the Fluhrer, ManHn, and Shamir ANack to Break WEP A. Stubbleeld, J. Ioannidis, A. Rubin.
2004 KoreK, improves on the above technique and reduces the complexity of WEP cracking. We now require only around 500,000 packets to break the WEP key.
2005 Adreas Klein introduces more correlaHons between the RC4 key stream and the key.
2007 PTW extend Andreas technique to further simplify WEP Cracking. Now with just around 60,000 90,000 packets it is possible to break the WEP key.
IEEE WG admi6ed that WEP cannot hold any water. Recommended users
to upgrade to WPA, WPA2
-
SecurityTube.net
We need WEPs Replacement
WPA WPA2
Intermediate soluHon by Wi-Fi Alliance Uses TKIP
Based on WEP Hardware changes not required Firmware update
Long Term soluHon (802.11i) Uses CCMP
Based on AES Hardware changes required
Personal Enterprise Personal Enterprise
PSK PSK 802.1x + Radius 802.1x + Radius
-
SecurityTube.net
WEP
Probe Request-Response AuthenHcaHon RR, AssociaHon RR
StaCc WEP Key StaCc
WEP Key
Data Encrypted with Key
-
SecurityTube.net
WPA: No StaHc Keys
Probe Request-Response AuthenHcaHon RR, AssociaHon RR
StaCc WEP Key StaCc
WEP Key
Data Encrypted with Dynamically Key
Dynamic Key Generated First
How are Dynamic Keys Created?
-
SecurityTube.net
WPA/WPA2 PSK (Personal) Cracking
-
SecurityTube.net
WPA Pre-Shared Key
Passphrase (8-63)
PBKDF2
Pre-Shared Key 256 bit
-
SecurityTube.net
PBKDF2
Password Based Key DerivaHon FuncHon RFC 2898 PBKDF2(Passphrase, SSID, ssidLen, 4096, 256) 4096 Number of Hmes the passphrase is hashed
256 Intended Key Length of PSK
-
SecurityTube.net
Lets Shake Hands: 4-Way Handshake
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce ANounce
-
SecurityTube.net
4 Way Handshake: Message 1
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK
-
SecurityTube.net
4 Way Handshake: Message 2
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 SNounce
-
SecurityTube.net
4 Way Handshake: Message 3
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
Message 3
Key InstallaHon
PTK
Key Installed
-
SecurityTube.net
4 Way Handshake: Message 4
AuthenHcator Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
Message 3
Key InstallaHon
PTK
Message 4 Key Install Acknowledgement
Key Installed
Key Installed
-
SecurityTube.net
Demo
How does the Handshake look like?
-
SecurityTube.net
A Quick Block Diagram
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
-
SecurityTube.net
WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
-
SecurityTube.net
Demo
WPA/WPA2 Personal Cracking
-
SecurityTube.net
BoNleneck in the WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit (PMK)
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
-
SecurityTube.net
PBKDF2
Requires SSID List of commonly used SSIDs
Requires Passphrase Can be provided from a DicHonary
PMK can be pre-computed using the above
-
SecurityTube.net
Other Parameters in Key Cracking
Snonce, Anonce, Supplicant MAC, AuthenHcator MAC varies and hence cannot be pre-calculated
PTK will be dierent based on the above MIC will be dierent as well
Thus these cannot be pre-calculated in any way
-
SecurityTube.net
Speeding up Cracking
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
Verify by Checking the MIC
Pre-Shared Key 256 bit (PMK)
Pre-Calculated List of PMK for a 1. Given SSID 2. DicHonary of Passphrases
-
SecurityTube.net
Plaqorms
MulH-Cores ATI-Stream Nvidia CUDA . In the Cloud Amazon EC2
-
SecurityTube.net
Fast Cracking Demo
Pyrit hNp://code.google.com/p/pyrit/
-
SecurityTube.net
Demo
Speeding up WPA/WPA2 Personal Cracking
-
SecurityTube.net
In the Cloud EC2 Cluster Compute
-
SecurityTube.net
AP-less WPA/WPA2 PSK Cracking
-
SecurityTube.net
Understanding Clients
SSID: default
Client
SSID CredenCals
Default
SecurityTube
ProtectedAP ********
.
-
SecurityTube.net
An Isolated Client
-
SecurityTube.net
Demo
Isolated Client Behavior
-
SecurityTube.net
Demo
CreaHng a Catch All Honeypot
-
SecurityTube.net
Cracking WPA with Only Client?
Hacker Honeypot
Supplicant Probe Request-Response AuthenHcaHon RR, AssociaHon RR
Pre-Shared Key 256 bit Pre-Shared Key 256 bit
Message 1
ANounce
Snounce
PTK Message 2 Snounce + MIC
DeAuthenHcaHon
-
SecurityTube.net
WPA-PSK DicHonary ANack
Passphrase (8-63)
PBKDF2 (SSID)
Pre-Shared Key 256 bit
SNonce ANonce AP MAC
Client MAC
4 Way Handshake
PTK
DicHonary Verify by Checking the MIC
-
SecurityTube.net
Demo
WPA/WPA2 AP-less Cracking
-
SecurityTube.net
WPA/WPA2 Personal Safe for use in SMB Long + Random Passphrase?
-
SecurityTube.net
WPA/WPA2 GTK Misuse Vulnerability (Hole 196)
-
SecurityTube.net
PTK and GTK
PTK1 GTK-Common
PTK1 GTK-Common
PTK1 GTK-Common
Pairwise Transient Key (PTK) Unique for All Clients Group Temporal Key (GTK) Same for All Clients
Access Point
Client 1 Client 2 Client 3
-
SecurityTube.net
Abusing the GTK
Insider ANack Malicious Insider can gain access to the common GTK
Use GTK to send trac to Clients on behalf of the AP
MulHple ANacks possible MITM RedirecHon DoS
-
SecurityTube.net
ARP Spoong ANack
Wired LAN
Access Point
User Laptop Malicious Insider
1. Gateway ARP Update
-
SecurityTube.net
DoS using Replay ANack ProtecHon PN = 1000 PN = 1000
PN = 1001
PN = 1500
PN = 1001
PN = 1500
PN = 1002
Malicious Insider
-
SecurityTube.net
WPS ANack
-
SecurityTube.net
Whats Wrong with WPS?
images from Google Image Search
-
SecurityTube.net
WPS Bruteforce Demo
DemonstraHon
-
SecurityTube.net
Windows 7 Wi-Fi Backdoors
-
SecurityTube.net
Available Windows 7 and Server 2008 R2 onwards Virtual adapters on the same physical adapter SoPAP can be created using virtual adapters
DHCP server included With this feature, a Windows computer can use a single physical wireless adapter to connect as a client to a hardware access point (AP), while at the same ;me ac;ng as a so
-
SecurityTube.net
CreaHng a Hosted Network
-
SecurityTube.net
Client sHll remains connected to hard AP!
-
SecurityTube.net
Demo of Hosted Network
DemonstraHon
-
SecurityTube.net
Wi-Fi Backdoor
Easy for malware to create a backdoor They key could be: Fixed Derived based on MAC address of host, Hme of day etc.
As host remains connected to authorized network, user does not noHce a break in connecHon
No Message or Prompt displayed
-
SecurityTube.net
Makes a Rogue AP on every Client!
Rogue AP Rogue AP
Rogue AP
-
SecurityTube.net
Why is this cool?
VicHm will never noHce anything unusual unless he visits his network sexngs has to be decently technical to understand
ANacker connects to vicHm over a private network no wired side network logs: rewalls, IDS, IPS Dicult, if not impossible to trace back Dicult to detect even while aNack is ongoing J
Abusing legiHmate feature, not picked up by AVs, AnH-Malware
More Stealth? Monitor air for other networks, when a specic network comes up, then start the Backdoor
-
SecurityTube.net
Demo of Metasploit + Hosted Network
DemonstraHon
-
SecurityTube.net
WPA-Enterprise
-
SecurityTube.net
WPA-Enterprise
AssociaHon
AuthenHcator Supplicant
AuthenHcaHon Server
EAPoL Start
EAP Request IdenHty EAP Response IdenHty
EAP Request IdenHty
EAP Packets
EAP Packets EAP Success
EAP Success PMK to AP
4 Way Handshake
Data Transfers
-
SecurityTube.net
WPA/WPA2 Enterprise
EAP Type Real World Usage
PEAP Highest
EAP-TTLS High
EAP-TLS Medium
LEAP Low
EAP-FAST Low
. .
-
SecurityTube.net
PEAP
Protected Extensible AuthenHcaHon Protocol Typical usage: PEAPv0 with EAP-MSCHAPv2 (most popular)
NaHve support on Windows PEAPv1 with EAP-GTC
Other uncommon ones PEAPv0/v1 with EAP-SIM (Cisco)
Uses Server Side CerHcates for validaHon PEAP-EAP-TLS AddiHonally uses Client side CerHcates or Smartcards Supported only by MicrosoP
-
SecurityTube.net Source: Layer3.wordpress.com
-
SecurityTube.net
Understanding the Insecurity
Server side cerHcates Fake ones can be created Clients may not prompt or user may accept invalid cerHcates
Setup a Honeypot with FreeRadius-WPE Client connects Accepts fake cerHcate Sends authenHcaHon details over MSCHAPv2 in the TLS tunnel ANackers radius server logs these details Apply dicHonary / reduced possibility bruteforce aNack using Asleap by Joshua Wright
-
SecurityTube.net
Network Architecture
BT5 VM
FreeRadius-WPE + Wireshark 1
eth1
mon0 Wireshark 2
Honeypot AP setup by ANacker
-
SecurityTube.net
PEAP Cracking with Honeypot
DemonstraHon
-
SecurityTube.net
Windows PEAP Hacking Summed Up in 1 Slide J
-
SecurityTube.net
EAP-TTLS
EAP-Tunneled Transport Layer Security Server authenHcates with CerHcate Client can opHonally use CerHcate as well No naHve support on Windows 3rd party uHliHes to be used
Versions EAP-TTLSv0 EAP-TTLSv1
-
SecurityTube.net
Inner AuthenHcaHon in EAP-TTLS
MSCHAPv2 MSCHAP CHAP PAP
-
SecurityTube.net
EAP-TTLS Cracking with Honeypot
DemonstraHon
-
SecurityTube.net
Leverage the Cloud
-
SecurityTube.net
EAP-TLS Peace of Mind!
Strongest security of all the EAPs out there Mandates use of both Server and Client side cerHcates
Required to be supported to get a WPA/WPA2 logo on product
Unfortunately, this is not very popular due to deployment challenges
-
SecurityTube.net
SecurityTube Wi-Fi Security DVD
hNp://www.securitytube.net/
top related