 So, welcome to the noob talk. We're all noobs. Um, it just, some of us have been noobs for longer than others. Uh, I find that no matter what I'm doing, somebody else knows a whole lot more about it than I do, uh, with very, very, very few exceptions, uh, when being Wi-Fi. However, we all have something to learn from somebody else. Nobody is stupid, you're just inexperienced and that can change especially when you're here. So, we have a whole bunch of accessible challenges for everybody, including some of the stuff that we're about to run through, which is probably working right now. So probably. Uh, this is why we're doing screenshots. But the challenges are actually all available and some of these teams will make friends with you. We're running a Capture the Flag all weekend and the coolest thing about the Capture the Flag is for the last few years, the noob team has come in second. Because people will sit down and they'll say, I just got this in the vendor area and I don't know what to do with it and they will make friends and that team will end up with like 20 people on it all helping each other learn how to do this stuff and then they come in second place. Uh, normally to people to do this for a living. So, come in, have fun, this is accessible and we're all here to learn from each other and that's why we're doing it. So without further ado, we're going to start talking about the Wi-Fis. Uh, if you missed the in brief, this is very important. We are not lawyers. We're definitely not your lawyer and, um, you have permission to hack our shit. You don't have permission to hack the hotel, the casino, your neighbors, your mother's best friend. Um, yeah. As it turns out, the rules with radio are really, really easy. Don't be a jerk. Don't get caught and you're good. So, everybody be friendly and set up a network at home because setting up a network with web or WPA is half of learning how to crack it. So. And you have permission to do your own stuff? Yeah, as it turns out, if you own it, you can hack it. Well, I mean, unless you're in the US or something, I don't know. Maybe not even know your own password. Are you going to talk at all or should I just take all this? I'm going to talk sometimes. Maybe you could just dance to Taylor Swift and I'll talk. If you put on Taylor Swift, I will shake my booty to some Tay-Tay. Eric, Eric, could you fire Taylor Swift for background while we talk so that he can dance and I can talk? That'd be perfect. So, requirements to hack. Uh, download Kali Linux, put on a black t-shirt and then a black hoodie and then black jeans and then don't shower. Change the, change your terminal to green text. Yes, green text is very important. Now, truthfully it doesn't matter, okay? I happen to be the primary developer of Pent2 Linux and so we push it really, really hard in the wireless village because I test all of our challenges with it, uh, at least all the ones I could enough to take down and it works. So we know it works and when people say my laptop doesn't work, we say, well, that sucks. Here's a Pent2 ISO. Uh, anything works if you're good enough at Linux to fix your own problems. We recommend Pent2 because we don't want to do Linux troubleshooting while we're here. Uh, if you want to do Linux troubleshooting, find a new friend. We're not your friends for that. Uh, we're your friends for wireless. All right. Thank you. Okay. Um, you also need a Wi-Fi dongle, preferably one that can do packet injection. That's not always required, but it is way, way better. Uh, the list is pretty much exhaustive on the Aircrack Wiki, so we're not going to go into it, but there's quite a few cards that are very cheap, very accessible and good to go. Um, the TP-Link WN72N that people have been recommending for years is now garbage because they switched the chipset and made it version 2, which is a really wonderful thing to do. That said, the Aircrack team has been nice enough to, uh, well, they made a friend and he's been working on the driver for the Realtek 8812AU chips. And so all of the new AC chips from, like, Alpha actually work now if you use that driver. It's included in both Pent2 and Cali. And again, if you don't use one of those, you can compile it your goddamn self. And I'm probably going to cuss a lot, so if you have a problem with that, get the fuck out. You're also going to want the Aircrack NG suite. We'll talk about some newer stuff at the very end, but by and large, for the past 10 years, that's been the absolute standard. Aircrack NG contains all of the tools you need, all of the attacks you need, and that's primarily what we use. Kismet's awesome. You use it for sniffing everything, for profiling everything, especially the new version, which has a sweet little web interface and you can sort and press a little button to download handshakes when it doesn't crash. Things are clickable. Things are clickable. It's really cool. MDK3 for being a dick, pretty much exclusively for being a dick. We're both dicks. We're running what we call fog of war in here. So if you're not filtering your PCAPs properly, good luck. And a word list. We highly recommend that our contest is not a password cracking contest. So we give you the word list that we drew our passwords from. Password cracking is its own art form, and it will not be covered here, but you want a good word list, probably a big one, maybe many, many GPUs and things like that for cracking. But again, we're not going to go too deep into cracking. Oh boy, this is important stuff. You want to cover this for me? Absolutely. So inside of the Aero Dump, there will be a few things that you will need to become familiar with, like the BSSID, which is the Mac of the actual access point, the SSID, which is your SSID, all the cool things you've named it, like Pretty Fly for a Wi-Fi. And in the context- Abraham Linkes. Tell my Wi-Fi lover. So and then for station because Air Crack is amazing in the context and down at the bottom, station means the actual devices that are connecting to the access point where you would think it's the actual access point, but it's not. Because it's a vocabulary problem that they can't solve. Station means client. Just remember that. Super hard. It gets confusing really quickly. Drink less. So what you can't see, you don't know is there. So you need to scan the air. It's- Oh yeah, we're going to get DC, DCMA pooled. We're not going to be able to go up on YouTube. That was a short audio sample. That was not piracy. I mean, she's going to get more fans. And that's all we want. So the methodology I use and I will share today, you've got to configure your radios. 99.97% of the time the radio that is in your laptop is not going to be what you need to do amazing, hackery things. You're going to want to scan. You need to see the things that you have scanned, know how to pull them apart and see what truly is going on with it. You need to isolate down to the targets you want to go after. You need to start collecting on that specific target. You want to pull the exact WPA2. I'm going to go after this. I'm going to go after pretty fly for a Wi-Fi. I'm going to start collecting on it. I'm going to start opening it up in wiresharks or looking at it in different ways. I need to find what makes that thing tick. What's going on with its clients. What's going on with everything else about it. You need to find the thing. Again, targeting counts for like everything. Who here has ever opened up Wireshark and watched the packets fly by? Aside from that looking really cool in front of your boss, did that help you in any meaningful way? No. Because there's a reason there's a giant filter thing at the top because if you don't use it, it is completely worthless. Although, man, my screen can scroll really fast. Thanks Nvidia. And it's color coded. And it's color coded, right? Picking your target, filtering down on your target. These are absolutely critical skills. When you get people with like 900 bag B caps, they're like, the handshake, I can't find it in here. Like, there's a filter for that. Oh, I was scrolling through. Okay, that's one way. I'll see you in the next Ice Age. Soon. Yeah, soon. So, in the world that I live in, in hacking and cracking wireless, it doesn't work the first time. So, as you see, there's a nice little red line that says once you perform the attack and you can't get it, you need to start over again. Because you didn't find the thing. You didn't do the right stuff to collect the right things to win. Yeah, I can't stress that enough either. Like, I've been doing this for a really long time. I've been on the air crack team for a decade. And I will collect 100,000 IVs and then it won't crack. And then I will throw that in the garbage and I will do it again. Because it does take two minutes to crack web. The first time it works. But there's like three or four other times before where it just didn't work. You just don't count that time. That doesn't count. I was practicing. We're just making sure your radio was working. Yeah. Yeah. All right. So let's talk a little bit about web. I love web. It's good. It's just good enough. Yeah. So again, find your targets. Aerodump is nice enough to show this. Kismet's nice enough to show this. Your friggin cell phones nice enough to show this. Most likely. Don't buy iOS. Identify what you're looking for. I'm going to attack pretty fly for a Wi-Fi or whatever it is. And then fake off is quite often the standard way of doing it. The reason we do things the way we do is not because it is the only way to do it. It's because it's the more reliable way to do it. You can capture somebody else who's already on. You can try to steal their MAC address. But then they disconnect and then you're invalid and then this AP deoffs you and then it doesn't work. So if you make your own authentication, you make sure you stay authenticated and things like that. So again, collect packets, replay packets, crack packets. It's really easy stuff. Why is any of this possible? Right? Who here remembers when Wi-Fi came out? So three months before that, they were like, okay, we've got the stamp on this thing. It is good to go. Let's start marketing it. Oh, hey, what kind of encryption are we using? Oh, we should probably put some encryption on this instead of just plain text. And so the marketing team slapped on some crypto and didn't bother reading any of the notes. RC4 was known vulnerable at the time and they knew how to solve the vulnerability and chose not to do it for Wi-Fi. So as it turns out, letting the marketing team run crypto is a terrible plan. So bad, bad, bad. Yeah, entropy fails. Basically the first, I think it's a kilobyte of key stream that comes out is just complete garbage. And in any sane implementation, you just throw that away. Wi-Fi doesn't, it's predictable and you use it to make a key really quick. Under normal conditions, this doesn't take long. I can just sit there and just listen while they're streaming Tay-Tay and I can get enough packets to crack it. I think that was actually the longest you've ever listened. Just now. Negative. It is always playing. Yeah. Aircrack will automatically retry after every 5,000 IVs that are captured. So if you let aircrack run on the dump while you're making it, it'll just keep retrying for you until it succeeds or the number gets really high and you're like, something's broken in here. It says right here about 100,000 is where we tend to say it's broken or it should have already given me the key. About 120 is where I just give up and wipe that file off of my disk and start over. Assuming something weird got corrupted or the math just didn't work out for some reason that I don't understand because I am not a math major. And in a room like this, while there's a competition going on, while everybody's doing all their fancy magical hackery things, there may be a lot of things in the air that you catch that is just playing garbage that's showing up as an IV. So you're going to cross the 100,000 mark and not have the exact things you need to be successful. Very true. Oh boy, this is my second favorite program in the world. Airmon NG is a great tool. If you're running PEN2, it's been recently updated to support the RTR 881 to the new alpha. You can buy them in the vendor area. I don't actually know who's selling them, but I'm positive they're selling them. The new AC driver ones are all supported in this now and will be in the next aircrack release. But basically what this does is it identifies your card, tells you about your card, looks for a couple of basic problems to tell you if the driver's broken or if network manager's running and going to mess with you or something like that. You could luck system the users. Well that's just a general bit of advice. So the first thing I do when I plug in an external card is I just run Airmon NG to just see if my card has even showed up because anything else you do after that is not going to work if your operating system does not know that your card is there and the drivers aren't proper for it. Really I run it with a verbose flag because I'm noisy. We know that you are. Alright so Airmon NG start and then your interface name which if you're on system D is WLPZV. XYZ1234. Beta Gamma. If you use a saying system or you turned off that stupid naming it's like WLAN zero. Then it'll take it and put it into monitor mode and it will denote that it's in monitor mode by just adding the suffix mon to the end of it so you don't get confused. It also helps network monitor keep its hands off. That way it doesn't flip it back out of monitor mode for you. If anything goes wrong it normally tells you. I can't tell you how important this is. Not just read the manual because I can forgive you for not reading the manual but read what's on the screen. The number of people that tell me like well I ran Airmon NG and then it wasn't in monitor mode. What was the output? Well it says it's not in monitor mode and it told me why but I didn't read that until you asked. Cool story. Read it next time first. Thank you. These tools mostly have decent output. I'm definitely not going to say always but a lot of times it's very useful so try to read it and understand it. I destroyed this interface. I created this interface. This interface is in monitor mode. These are useful bits of information to know and understand about how Linux works. If it goes bad for you Airmon NG stop takes it out of monitor mode or it actually aborts and does that by itself if it's really bad. Check tells you if there's any problems and then check kill fixes your problems the safest way possible by killing all of the services that mess with it like that were manager and you're about to lose internet. Yeah yeah using the internet with a Wi-Fi card while hacking with a Wi-Fi card is a very advanced topic that we should not be covering. Is it that advanced? Yeah I recommend wired users. Here at Defcon you can have 7k a second wired it's very nice. So here's an example just running Airmon NG shows me that I have my internal WLAN 0. I got my WLAN 1. Choke up a little kind of quiet. That's not what she said. Anyway so here when you have an actual problem it will identify through the process ID and the name the processes that are going to prevent you from being able to get a monitor. Otherwise down below you'll see that it will tell you it's WLAN Mon and you're going to be able to go from there. Alright this is the single most important slide and I'm just saying that because he removed it saying it wasn't important and we made him put it back. Testing your gear is incredibly important. I spent literally more time testing wireless drivers than I did building the entire wireless capture the flag because if it's not stable if it doesn't work right I just don't want to use it because that's really what bites me configuring an access point sometimes is easy except for this morning. Anyway test, test, test. I'm sending a million D offs a second and it's not working at all. Why? Did you run an injection test? Does the card inject at all? Well no I didn't test it. Okay. Test it. Oh it doesn't inject at all. Cool. Well that's why you're sending a million packets to no one and it's not going to work. Again most of the cards anymore just kind of work but a lot of things with weird vendor drivers or staging drivers that aren't mainline Linux kernel drivers and then a lot of the embedded cards. We just got one of our team members just got a brand new XPS 13 and it's got a nice embedded Qualcomm chip on it soldered on to the board and it doesn't support monitor mode in any meaningful way but it will totally tell you it does so that's great. No monitor mode no injection but it pretends that it all works fine it just you know doesn't. So again testing your gear incredibly important most of this is really easily Googleable like which cards work in which cards don't but something to keep an eye for is just plain tested is the only way to know whether it works or not. Just like a gun don't point it at your foot while you're testing it but you know test it. And you need to actually stop that D off at one point so that you can get the re-association. Oh yeah that's a good point because if you just keep D off talking about that with WPA just you said just send a million packets just just D off it just kill it all. I hate Wi-Fi. Alright this is what AeroDump looks like for those of you that don't know it's incredibly helpful. So we've got the BSS ID which is the Mac address of the access point. We've got power level which is in signal strength which is a negative number which means negative 43 is a much bigger number than negative 71. That's how negative numbers work. I know that's really confusing to people. I just heard somebody earlier today saying oh my gosh I'm only getting negative 40 and I'm right next to it this thing's a piece of junk I'm going to take it back. Like well number one you're too close that's not good. And number two that's a very big number in Wi-Fi that's actually the top of what the standard requires you to pick up. If you see something like negative 40 you're almost certainly damaging your card. If you can use a 12 foot ethernet cable use the ethernet cable instead. The number one problem I see with personal test setups is they'll set it all up on their desk and then everything is so close when you're sending packets. It's actually like screaming into the person's ear with a bullhorn. It doesn't work. It distorts really badly. You need a nice 12 foot table or at least to put something on the other side of the room. That is like the biggest test set up problem I see all the time including myself. You have to get things spaced out enough especially when you get the ultra super power high power sweet excellent cards because we've got a couple of people over here playing with Yagis and I think they must be playing somebody else's contest because there's no way you need that to reach us in here. What they're doing is damaging their radios. Bigger the antenna the better. Bigger is always better. I promise. Yeah, that's why we have wasabi on the team. So this screen is not every single piece of information that you need just because you see that the WCTF-10 is web does not mean you know what? Let me just start running my attack. This is just your initial scan. This is just enough to start to decide what am I going to do next. There is not enough information here to move forward and that's where the enumeration comes out and finding the thing. You mean footprinting? How do I footprint something? You talk to sasquatch hunters. Tell me all about enumeration. I'm curious. So you download sans cheat sheets and they tell you how to use Wireshark real good. That's really important actually. Because I'm not going to tell you every flag off the top of my head right now to start sorting through your P-cap because I don't remember and I have my own cheat sheets and I run scripts. Alright, this comedy show sucks. So does it have a client? What kind of client? Is it an active client? Is it an intermittent client? Again, you can use somebody else's MAC address and you can do replay attacks from there to gather enough key material to crack the key. However, if they disconnects you disconnected too because they were the ones holding the authentication to you. The access point doesn't talk to people who aren't authenticated thereby your replay attack stops. So authenticating yourself helping a client maintain its authentication maybe are all really good tricks to keep yourself on the access point so you can keep generating traffic. Air replay is a wonderful thing. It's very easy to use. But keeping track of those clients or creating a fake one of your own weps authentication mechanism is so broken that they don't even use it in the field they just switched it back to open for the most part. Shared key authentication allows you to recover the key even faster than attacking the encryption itself. So yay capture our number one motto here in the wireless village is ABC Always be collecting always be collecting copies collecting money for okay. Yeah. So write everything to a file that's great. You can filter it down by BSS ID which is warmly recommended especially if you're attacking something specific. You can also just capture literally everything and then filter it before trying to attack it offline. So I have one device is capturing everything after a certain number of megs. I cut that off start a new file and I offline attack the file that I created. It's very common to just capture absolutely everything and then filter it before you try to use it. If you are channel hopping and the handshake happens while you're on the wrong channel you're not going to catch it. If all the traffic that you need from the web access point is happening on a different channel you're not going to catch it. Yeah. So not channel hopping is very important when you're trying to actually capture data. You channel hop when you are looking for things that's the default for aerodump as an example. You just add dash dash channel which again is in the help and I'm not going to cover every flag in the air crack but dash dash channel one if you want to stay on channel one and it just stays there. I think one of our team members had that problem yesterday where they couldn't figure out why they couldn't see something and they were channel hopping. It's a really really common thing to happen that happens to people who do this all the time. So be cognizant of like that little number that's changing really fast in the upper left corner. So it's the what else what else is going on? What else is is it this encryption algorithm is the client acting in this way? There is more than one web as crazy as that sounds it's not just web just like there's the different encryption types for WPA there's different encryption types for web you need to know those things because when it comes time to cracking you will be more successful if you know what's going on with what you were collecting in your pcap and cheat sheets cheat sheets and cheat sheets because that's what helped me be successful competing in the WCTF if you don't write it down you're going to have to Google it again and again air cracks wiki is really really helpful for stuff but boiling it down to just the things that you need to know once you understand the core concepts because there's a lot of explanation going on in the wiki that you only need the first time you read it writing down these are the steps I take or I run this Wi-Fi script and it does everything for me while I like drink my coffee write down the method that works best for you and follow that like it's a gospel is really the easiest way to do it web especially is just nightmarish because it does a lot of weird things that don't make any sense per a standard the way to tell the difference between 40 bit and 104 bit web is to crack it there's no marker in the air for that or anything you you just have to try to crack it both ways which is the default in air crack but you have no idea which one it is until you crack it and things like that make things a little more weird they also make things a little more unpredictable like how many packets do I need to crack this it's just a statistical attack against the poor encryption algorithm but to crack a bigger key you need more stuff for that statistical attack so it's a lot less reliable to say like oh you need 60,000 packets totally sometimes depending on which packets they are the attack is also based on a known plain text attack which is why we use ARP replay so often because ARP packets are so well known we know what is in an ARP packet and we know where everything is even after it's encrypted about like more than half of the packet is known to us because it's in the unencrypted header and in the encrypted part of the packet at the same time Wi-Fi is really wonderful like that where it gives you a fully unencrypted headers even with WPA yay sir in the front row sitting at the wireless capture the flag table that's that's not okay please sit where the contestants sit thank you no problem this was sobby the new guys got his eyes out and I'm hungry enough that if somebody brings me food I will tell you a really cool way to crack web with 40 IVs yes double double animal style extra points for more stuff I'm serious I cracked web with 40 IVs at schmoocon just saying he definitely didn't use a dictionary attack or maybe alright need to generate as much traffic as possible against statistical attack to do that what we do is we generate more ARP packets we capture something which means that somebody has to be on the network in the first place my most common thing after my shit doesn't work that I see in air cracks IRC channel is well I've been sniffing for like ever and I can't replay anything like well it's two o'clock in the morning and you're attacking your neighbor's network and they went to sleep there's no data to capture and thereby there's no data to replay creating a client and connecting to an access point will sometimes get you data if for example there's something on the wired side of the network that's generating packets and then the AP's like oh there's a wireless client I'll bridge this data to them because they need to know um but on a not busy network like say one of your test networks that you set up if there's no legitimate client there will be no legitimate traffic if our attack is a replay attack there is nothing to replay so you have to connect a legitimate client to the network out of nobody to generate some traffic something like that to generate traffic a network that has literally nobody on it has nothing to replay no matter what you do you can fake off and de-off yourself all you want which seems like a long way to masturbate but you're not going to get anywhere you have to have actual traffic to replay nothing you do generates real traffic you're making fake garbage in the air that the AP silently ignores because you don't know the actual key something has to know the key otherwise you don't have anything to replay so once you have something valid to replay preferably an ARP packet air crack handles that one by default you just say dash dash ARP replay it will sit there and wait for an ARP possibly until you die and then it will start sending them as fast as it possibly can the fake off helps us again because if there's something on the wired side that's generating packets will get those bridged to us Wi-fi access points that aren't made by Belkin are what are called smart bridges smart bridges know that if there's nobody on the other side I'm not going to forward the packet so if there's no wireless clients connected there's no reason to put packets into the air but as soon as a Wi-Fi client connects even if it's a fake authentication it says oh cool all the land traffic needs to go into the air now to support this guy lots of things you know net bios ARP a whole bunch of packets MDNS phones are great they're these are all broadcast packets so they have to go to everybody and so they just get immediately thrown into the air it's very noisy really great fake office nice and in collecting traffic the more radios the better one dedicated to collecting one dedicated to an attack with one tool and maybe another dedicated to attack in a different way so sometimes I've run replays and then I've also ran Wi-Fi with a completely different radio to generate more traffic yeah you can absolutely listen and transmit with the same card but just like humans you can't do it at the same time for every micro-second you're transmitting you are not listening thereby two cards is still really helpful or forty seven or whatever actually thirty two is the limit for Intel USB three chips can Google that one yeah thanks guys the cactus doesn't use USB it's all ethernet but it's got those cool lights those might be USB powered I don't know so you need to have success when you run the fake off or everything else is not going you're not going to have a good time it needs to say association successful yeah successful again reading the messages in these tools that come out incredibly helpful dash one is fake off zero is the flag you pass to say I only want to do this one time if you were to pass say thirty it'll do it every thirty seconds or every minute or whatever you tell it to do to maintain that authentication some access points actually have an unlimited time out as long as you're sending packets they think you're cool and they leave you alone the standard requires you to reauthenticate every five minutes because it may or may not work every time we do it we normally do it you know once a minute or something like that just to maintain that association so the AP doesn't reject our packets one quick tip control shift T is your friend if you've ran arrow dump in another tab copying into the adjacent tabs for running these is it's amazing you believe these kids don't run acts just put it in screen people you don't need a graphical manager for this or I can use t mox ma t mox fucking millennials I was born before you two months still counts alright so short flags are your friend when you're writing things they're not your friend when you're trying to learn this stuff again I keep saying them as long flags because frankly I use the long flags because I never remember which attack dash seven is dash dash ARP replay is really nice to remember because I know it's going to do an ARP replay attack for me it happens to be three you can also do dash dash interactive where it will tell you every single packet that comes by in an encrypted form which is really hard to read and then you say do you want to replay this one sure I do why not and then you can see what kinds of packets you get good responses with that's a really weird thing to do ARP replay is way better and it's number three and I also would like to point out that arrow dump uses dash a to filter for a b s s i d but air replay is modifying the b s i d by and so you need dash b which is modifying the packet not just filtering a b c in there somewhere I don't know there's a dash dash help for all of these tools that I can't stress enough is written for your benefit not mine is I used backtrack that's awesome because I don't use Cali to do wireless I think that's backtrack three I think it's backtrack five R three all over an air crack is that one point one okay so anywhere in the last nine years is that one if there's been three air crack releases in the last six weeks and before that it was like how many years I don't even know point is it still runs the same you tell it's open a p-cap you can also tell it to open like star dot cap or something like that and it'll open lots and lots of them if you made lots and lots of them and then it'll ask you which one you want to attack and you press 37 which is the number in the index list and then it starts trying really really really hard and again if you leave it running and you don't have enough of the right IVs like it'll tell you we tried this many keys and it was not successful and it'll say waiting for the next 5000 10,000 30,000 it'll keep going up in iterations the cool thing is it's also way way faster than more packets you have so trying with 5000 packets could take a few minutes trying with 100,000 packets takes a few seconds so reading in those packets actually takes longer than the cracking once you have enough of them because it narrows down the statistical probability of what the key could be you should totally enter this flag and see what happens oh it's off the screen WPA that's a thing and WPA too which are in no meaningful ways WPA and WPA two WPA one versus WPA two are standards given by the Wi-Fi Alliance for interoperability testing basically they require a different crypto and have optional the other crypto so it's T-Kip is required and CCMP is optional for version one and then CCMP is required and T-Kip is optional for version two it's actually written into the standard that you can use either one of those at any time but it's it's pretty much just you know this one is kind of backwards compatible this one is less backwards compatible although you know 10 plus years after it happening you really really really really want AES CCMP you want WPA too because the other ones finally showed some vulnerabilities and some flaws and it's just plain slower because all the Wi-Fi chips have a crypto accelerator for AES on them so in as few words as possible you need to see an association with an access point either you are forcing it or it happens by itself at two o'clock in the morning at Phil company name here if there's absolutely nobody there there's not going to be any associations or clients to knock off and let it back on it's also a rough time for social engineering you know when the whole place is closed and the lights are off you're not going to get in by sweet talking somebody who doesn't exist and if you show up at 7 AM when everybody starts coming to work you don't have to be loud and proud and do any kind of de-offs everybody's going to hook up and you're going to see an association weird the early bird gets the handshake that's what I heard cool bring a breakfast burrito that's how that goes right the early bird gets the handshake yeah you want to do want me all right so what is unique about the network pre-shared key so the vulnerability is the pre-shared key if you can grab enough for the handshake you can run a word list against it and if it is in that word list you will be successful so the vulnerability is you I mean let's be fair passwords suck we suck even amongst our team we've been cracking each other's handshakes because it's funny and we're lazy passwords are awful the standard specifically says from ten plus years ago if this isn't at least twenty characters and not in the dictionary then it's not even close to secure password is eight characters long which is the minimum that the standard allows and it will get you into way more networks than you think it does why I don't know just because it's the simplest possible thing password one capital P also works great usually for the open or for the the guest networks at any company it's probably the company's name it's probably on a post it next to the secretary's desk or on the wall too again we are the vulnerability and WPA primarily this is not a password cracking class there are guys that do heavy crypto and they can do really cool stuff but the vast majority of the cool stuff is like permutations off of a word list that a human being might type because we're incompetent there's no real vulnerability here there's throwing huge expensive amounts of compute resources against something that is resistant to specifically that and that just happening to get lucky because people suck if you take a password out of like line from your favorite show or your favorite song and it's nice and long in this case length is all that matters you really 63 characters are shorter and you you really it you'll never get cracked with this just use WPS yeah don't use WPS I want to type all that in yeah and who here's been at a conference where they say like connect to our secure Wi-Fi and it's open and or an airport or a hotel my other favorite is you go to a conference and they're like okay the pre-shared key is this if they put the pre-shared key on a sticky note how much does that do all you need to do is put that pre-shared key right into wire shark and it will decode all of the traffic decrypt all of the traffic for everybody for you because that is the only thing that is missing in unlocking the crypto that's the key that's the whole key that's everything about the key and then you can decrypt everybody's traffic you can also put up your own network you know here I am defcon pre-shared key I make one too because I know the pre-shared key and then you're on my network just the same pre-shared key is the only thing that secures you it's right there in the name pre-shared key as soon as it's known it's like pre-shared public information like posting your face next year driver's license on Twitter yay flow make sure you reconfigure your test network from from web to WPA now if you were following along to hack the test networks your card should already be bribed ooh bribes we'll be there in a few minutes if you don't mind we're just going to finish this talk real quick and we're done thank you for coming thanks for coming so sir we were kidding sir you can sit back down we were kidding okay bye yeah there you go thank you yeah there we go freesee so the flow we're going to go through we need to find the networks again we need to identify what's going on we need to start collecting on the client on the access point in the client and we need to cause we are creating that association we want to hurry up this process we don't want to watch it happen organically we want the we want the handshake now we're going to do a deal you need to catch that handshake crypto contest at that point again we're talking about the reliable way to do it where you send a de-auth and they re-authenticate but there is also the lazy or quiet way of doing it where you just kind of show up and hang out outside the wireless village waiting for us to turn on our equipment in the morning before we open the door that works at the office too you show up at six o'clock you sip your coffee in the car while sniffing everybody else shows up they authenticate you didn't send a single packet you were dead silent I mean everybody does Cali Linux what is it the quieter you are the louder everything is or something who has a Cali tattoo so same thing you do your initial scan you want to see what's going on in the air you say you know what I want to go after WCTF zero zero or the pretty fly for a Wi-Fi that you want to go after so who spelled cipher like that? was that you? nope that's not me that was me oh my God get off the stage good I'm going to eat pizza that's not okay you get off the stage for this whole slide I will do pizza you can't talk anymore okay so WPA what is the cipher this is something that Aircrack will tell you or AeroDump will show you right in there Kidzman will show you right as well a t-kip is a very vulnerable cipher because it's based on RC4 and all it does is cycle the keys that are in use for the crypto but it's still basically web they just cycle the keys fast enough that you can't run that statistical attack on it anymore AESCCMP again faster better crypto accelerator right on the card and really nice so definitely use that but if you don't there's some cool DOS attacks you can use they're in MDK3 I'm not going to say much more about that because DOS is well probably the reason I'm getting 7k a second thanks Kidz and is there a client connected again with no client there is no handshake with no handshake there is no cracking I'll talk a little bit at the end of this about a fact that may or may not be true anymore but that's what's really important all right what's up but when you're done with your P.T. you can come back up here you can see here the Cypher CCMP or T.Kip and those will be more or less it doesn't make a huge difference to you unless you want to run a DOS attack or you want to optimize your network to suck less so again DOS packet normally the Wi-Fi card handles replaying for you there's a very very sensitive ACK system in Wi-Fi where I say hey dude and you say ACK and I say it's great to see you dude and you say ACK and I know that you got every single packet because you have to ACK each one of them individually in monitor mode we completely ignore that so I can set a D off and I will not know if you ACK it or not so normally we send like a few in this case it's a hundred is what we tell it to send aircrack decided that people are too conservative so for every one you tell aircrack to send it will send so in this case we're sending sixty four hundred D off packets which is not very stealthy but it does work pretty well the important thing is is setting zero here will D off forever and if you don't stop D offing there will not be a re-association and no cake at the party no but seriously there's no cake at the party and at this point with the WCTF we provide our own word list because it becomes a crypto contest how sucky is your password and if it's sucky enough if you have a sufficient password you will crack it or if you have a sufficient word list it will crack it aircrack is a great tool for cracking it is reasonably accelerated it's been accelerated more and more this last couple of releases have been mostly about optimizations new CPU architectures that speed these things up and when you're cracking with a few meg word list that's fine when you start getting into I want to do permutations to dictionary attacks and crazy stuff like that both John the Ripper and hash cats support WPA formats and their very accelerated GPU clusters and like you can absolutely crack all this that we're doing on like an Intel atom from five years ago that's pink that you bought at Walmart for 200 bucks but if you want to do real work most of these people have like X number of GPU clusters that cost half a million dollars and need their own AC units you just do AWS yeah you could do AWS it doesn't actually cost all of your money just all of it but a dollar oh boy mdk three is for being a jerk that is the primary purpose of the tool it is for testing things we started off testing this morning by running a beacon flood attack at a thousand packets per second you're welcome and nobody's network manager was working it was really weird you'd think they test this crap Leonard it's Leonard pottering here no okay running everything through the bus wasn't actually the best idea anyway it's really important to test things and this is a tool specifically for testing protocol abuses sending thousands of beacon packets is very abnormal and it makes things crash it makes things very unhappy it makes sniffers very unhappy if you're not doing proper filtering to make sure you're only capturing the things you care about which is why we stressed on you know filtering filtering is good you can run de-auth attacks with this you can run very targeted de-auth attacks with this you can run very un targeted de-auth attacks with this it is a useful tool and I encourage you strongly to test it at home and not on your neighbors and I really really mean that because as it turns out when you toss a small city block people eventually get upset that was my job for a little while yes that is somebody's job if you run like a persistent de-authenticate flood on a business for long enough they will actually fly out some asshole with a directional antenna and I will find you typically with the police into because I'm not that big I just seem that big I'm on this stage I'm 24 inches shorter than this really so running the fog of war last night the team showed up early to try and see that they could catch off of us and in a short amount of time I gave them a gig and a half of garbage free wordlist yes I with the correct flags I used old wordlist from previous WCTFs and I sent out all the thousands of words from those word lists as beacons so dash dash help gives you a little bit tells you what the initial flags are like a dash a dash B dash C or just ABC and then dash dash full help drops a bunch of extra things underneath those sections and categories to let you know what other things that you can add to those to either be more specific or be more aggressive I'm going to spend the last few minutes because I didn't bother developing slides because none of my challenges were working until I want to talk about the elephant in the room and that is Adam from the hash cat team he's an elephant I mean an 800 pound gorilla I mean dudes awesome right he makes a sweet password cracker and he's got a whole bunch of team members that actually understand crypto as opposed to say me so while I am zero chaos there's this dude zero beat and yeah zero beat who actually was going through looking for a hall in WPA three there's more coming and I want to be his friend so hopefully he'll tell me all about them but about last week I guess last week there was a big announcement you know here's a random hash cat forum post not you know anything flashy but they released an attack on the PMK ID they didn't name it and give it like a logo there was no logo there was no name it's like these people aren't douche bags it's weird right they could have called it PM crack okay we'll name this later and logo contest 50 points in the capture the flag logo contest coolest logo in name and we'll send it over to Adam and his guys so they can feel special that way we can get them in the press you know because you can't get a vulnerability in the press without logo and a vulnerability name so anyway they came out with this attack and it's a really interesting attack it's basically attacking the fact that the access points send you the same information as the handshake to negate the need for the handshake so it's part of high-speed roaming protocols things called opportunistic key caching or 807 R will pass the PMK ID and the PMK ID is a known set of publicly available information plus the master key which you can then run a past a standard dictionary attack against just the same as you could before the difference is this is sent out when roaming is enabled on these access points in the first part of the handshake the way the handshake works is I'm a client and I say I want to connect to you Mr. AP and the AP says here's your challenge and it includes everything I need to crack the key that might have been a poor design choice it's a feature it is a feature it speeds up the process because I can say oh we already have a PMK negotiated we don't need to do this anymore I'm just going to start sending data at you but it also works as an attacker because the very first packet contains everything I need I can now lit illegitimately try to connect to an access point and it will send me everything I need to crack it whereas before we had to wait for a legitimate client to go back and forth with the access point and then we'd capture that and crack that so it is a very interesting attack but for a couple of reasons the sky isn't falling number one on a pre-shared key network there is literally no reason for that to happen it's it's just something that's completely unnecessary there are a few implementations that do and those are probably be fixed shortly but even still it's not a new vulnerability it's just saving you watching that client you can force a handshake basically for yourself as opposed to waiting for a legitimate client which again at 2 a.m. when you're hacking your neighbor is a legitimately helpful thing I guess but when you're attacking a corporation or something like that you know when you do this for a living this is just unnecessary because you get legitimate handshakes it is slightly optimized in that a lot of times you get bad packets because the air is like that you're not literally in between the access point in the client so sometimes your packet gets corrupted and there's didn't and you miss things so this is a nice reliable way to crack the key and that's a great improvement as well but it's not gonna speed up the cracking it's still a dictionary attack and it's it's again it's really cool but the sky did not fall so I I think that's an important thing to note it's also a very interesting attack against EAP networks all networks including the enterprise ones use a PMK they just derive it differently and the PMK ID is sent for those networks as well the difference is is the PMK changes constantly on an EAP network on an enterprise network so by the time you crack it it's worthless also in that case you're cracking a 64 character key because it's generated by the enterprise network human and that's definitely a thing so next I still have like two minutes right cool allegedly a minute or so WPA three your prayers have been answered almost you can do IOT things with this oh my god the IOT is that's so cool I love the IOT is I want to capture some packets um so WPA three has been a long time coming and when the cracks came out the crack attacks came out earlier this year and the fall people immediately jumped on to say like oh cool we've been working on WPA three forever what they meant to say was is there was a bunch of standards that had been sort of informational RFCs for years that were implemented by various people WPA supplicant and host APD none was standing you better have brought Club Monte and a hug or at least a hug um anyway I don't see any Monte so I'm just gonna keep giving my talk um so WPA three has a bunch of standards that were generally kind of released but not standards track they were like informational RFCs that were used for mesh mode and things like that and they're not really brand new the brand new part is that they're actually doing interoperability testing they're doing interoperability testing to prove this stuff all works together and it is really it whoop I broke my mic thanks Ronnie anyway broke my mic and then she leaves Mike all win now I'm sad where was I WPA three has a new handshake trying to kidnap somebody like volunteer for that yeah I know I'll see you next time with the Club Monte okay thank you I miss you um miss Club Monte too I had a bunch in Germany so the handshake has changed the main difference being that the handshake for WPA is attackable offline and that means I can capture the handshake and I can run it on my high speed cracker the handshake for WPA three as defined by I think it's it's an informational RFC and then it's used a lot in 802 11 s for mesh mode devices it's a zero knowledge handshake which basically means that you're doing a full I'm not sharing anything about the key but I'm proving in a way I have it that you can also prove that you have it and then we're like it's some of that spooky shit that again not math guy don't understand but the whole point is it's supposed to be resistant to offline attacks you shouldn't be able to attack it the way we're attacking things now and an online attack means you're literally like trying every password against the access point one at a time until it takes one you can walk into a room and say who are you looking for you're looking for John I'm John but you can't walk into a room and say you're looking for John you're looking for Frank Sam Sally I'm Sally it doesn't work right you can't just keep doing that over and over again maybe to your neighbor you can but certainly not to a corporation or an enterprise it's just not going to work so the whole idea is to improve that handshake mechanism which was so broken they also added in a few things which being part of the requirements the requirement is you must optionally support it which isn't really much of a freaking requirement it's 11 w is the signing of the D off packets so that people like me can't just make a million of them or more likely people like you yeah I see you with that big antenna adding in those kinds of things to the standard makes the whole thing a little bit more robust takes care of the problems that we have today and helps us move forward WPA hasn't changed much in the last 10 years or so but there have been a couple of add-on standards that really made a difference so all this is is wrapping them in a nice little interoperability standard to allow us to actually take advantage of it because although things like management frame protection have been around forever um things don't support it especially home access points don't support it you can't just check that box even an open WRT you can't just check that box you have to go into the config file I know a config file and set it it's hard there's no little beyond by default it should be on by default it will be on by default and that's my promise to you um so it's trying to solve a lot of the problems that we're having today and hopefully it's going to do a really good job but as of right now um nothing supports it and I don't think anybody's actually past the tests and quite frankly um Linux sure as shit doesn't so good luck folks thanks for playing um and with that I'll take a small bow