camerin
/
portfolio
mirror of https://github.com/RaspberryProgramming/portfolio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added more information to new article

This commit is contained in:
Camerin Figueroa 2021-11-23 15:32:02 -05:00
parent 82ffac2ef3
commit 4def0ceee4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/api/articles.json
View File

@ -16,7 +16,7 @@
"id": 2, "id": 2,
"title": "(POC) Cracking Wifi using Phone Numbers", "title": "(POC) Cracking Wifi using Phone Numbers",
"desc": "Showing you how to crack wifi passwords using phone numbers.", "desc": "Showing you how to crack wifi passwords using phone numbers.",
"contents":"*Introduction*This article is a proof of concept and should show you why it's dangerous to use your phone number as your wifi password. Since the introduction of wifi, people have tried breaking into and exploiting it. WEP an old edition of wifi password security was a very weak method and could be easily broken just by sniffing wifi traffic coming to/from the AP. Since the introduction of WPA security, cracking has become more and more difficult. Although, if you can find the right password, one could potentially crack the login for wireless networks. This is done by sniffing for a specific traffic containing an EAPoL or Extensible Authentication Protocol over Lan. This essentially contains an hashed version of the wifi password. Using this we can then bruteforce the password and crack the password. As found in another article (see references) many people use their phone numbers as their wifi passwords. This can make it specifically easy to crack since your phone number is often related to your location through your area code. For example, if I was living in New York City, my area code would be either 212 or 718. If the wifi's password hash was sniffed somewhere in NYC, every phone number could be stored in a file around 200MB in size. With the technology of today, that password would be cracked in a matter of minutes if you used a phone number as your password. *Prerequisits*~Linux~ ~Wifi Card~ ~git~ ~python3~ *Creating a Phone List* In order to create the list of phone numbers you'll need to use a tool that I created. You can grab the files by cloning the repository `git clone https://github.com/RaspberryProgramming/phone-wordlist-generator` Enter the folder by running `cd phone-wordlsit-generator` Using this you can generate every phone number in your area code and put it into a file. Replacing AREA with your area code run `python3 main.py --staticnum AREA` You will then find the phone numbers in a file called phones.list *Capturing Wifi Hashes* You might be wondering, how would I even get these password hashes? Theres a simple tool called aircrack-ng that gives you a suite of tools that you'll need. If you're running Ubuntu Linux you can run `sudo apt install aircrack-ng` to install all of the necessary tools. On Arch/Manjaro run `sudo pacman -Sy aircrack-ng-git` " "contents":"*Introduction*This article is a proof of concept and should show you why it's dangerous to use your phone number as your wifi password. Since the introduction of wifi, people have tried breaking into and exploiting it. WEP an old edition of wifi password security was a very weak method and could be easily broken just by sniffing wifi traffic coming to/from the AP. Since the introduction of WPA security, cracking has become more and more difficult. Although, if you can find the right password, one could potentially crack the login for wireless networks. This is done by sniffing for a specific traffic containing an EAPoL or Extensible Authentication Protocol over Lan. This essentially contains an hashed version of the wifi password. Using this we can then bruteforce the password and crack the password. As found in another article (see references) many people use their phone numbers as their wifi passwords. This can make it specifically easy to crack since your phone number is often related to your location through your area code. For example, if I was living in New York City, my area code would be either 212 or 718. If the wifi's password hash was sniffed somewhere in NYC, every phone number could be stored in a file around 200MB in size. With the technology of today, that password would be cracked in a matter of minutes if you used a phone number as your password. *Prerequisits*~Linux~ ~Wifi Card~ ~git~ ~python3~ *Creating a Phone List* In order to create the list of phone numbers you'll need to use a tool that I created. You can grab the files by cloning the repository `git clone https://github.com/RaspberryProgramming/phone-wordlist-generator` Enter the folder by running `cd phone-wordlsit-generator` Using this you can generate every phone number in your area code and put it into a file. Replacing AREA with your area code run `python3 main.py --staticnum AREA` You will then find the phone numbers in a file called phones.list *Capturing Wifi Hashes* You might be wondering, how would I even get these password hashes? Theres a simple tool called aircrack-ng that gives you a suite of tools that you'll need. If you're running Ubuntu Linux you can run `sudo apt install aircrack-ng` To install all of the necessary tools. On Arch/Manjaro run `sudo pacman -Sy aircrack-ng-git` Now that you've got aircrack installed, you can now set your wifi card in monitor mode. Run `ifconfig`. You'll get something similar to the following output `wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500\ninet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255\nether db:3d:4d:b5:ff:12 txqueuelen 1000 (Ethernet)\nRX packets 130672 bytes 152955605 (152.9 MB)\nRX errors 0 dropped 0 overruns 0 frame 0\nTX packets 40063 bytes 8409394 (8.4 MB)\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0`"
} }
] ]
} }