1
on: May 16, 2022, 03:11:12 pm
|
||
Started by leana - Last post by leana | ||
Ok, I didn't know that it's not possible, it was just a concept. Thank you for your precious time.
|
2
on: May 14, 2022, 08:34:14 pm
|
||
Started by leana - Last post by misterx | ||
That's not how things work. You are lacking knowledge on the 802.11 protocol.
If you have a whitepaper published, or if you pass your CWNP, we can revisit this topic. |
3
on: May 14, 2022, 07:21:52 pm
|
||
Started by leana - Last post by leana | ||
> Is there a document that explains how we can reproduce this?
I'm fairly new to the domain, this is just a concept but I really believe it's feasible in some way. > They can only send one packet at a time the same way a wired network card does. Exactly, this is why I think it would work. What Slowloris does is that it sends requests to a web server as slowly as possible, little by little; and just before the webserver thinks the client is gone and closes the thread, Slowloris continues its unfinished request. If there's a way to send an unfinished packet, and the default behaviour of routers is to wait for the following packets, then this is definitely feasible. I think there are two parts of this attack that are worth trying: 1. Send packets at low speed. This would help waste the router's time exchanging with other devices. 2. Send partial packets and let the router wait. Just before the router quits the program continues and lets the router wait again. (I don't know the default behaviour of routers on this yet.) This combined with MAC address spoofing, we could let the router think that there are different clients that are not having a good connection, and hence upscale the attack. (While the router is waiting we could sent more partial packets to it using different MAC addresses) With this said I don't have the required knowledge to build low-level software to send some partial requests at low speed, what do you think? Thank you |
4
on: May 10, 2022, 09:03:31 pm
|
||
Started by misterx - Last post by misterx | ||
After more than 2 years, we are making a release with a decently large amount of fixes, improvements, and additions. We also broke the 4000 commits barrier, and this release has more than 400 commits.
Noticeable changes and fixes are present in a number of tools: airodump-ng, aircrack-ng, airdecap-ng, airmon-ng, aireplay-ng, airgraph-ng, besside-ng. And also osdep, our os-dependent interface for Wi-Fi capture and injection, as well as WPE patches for freeradius and hostapd. On the less visible side, we get a number of improvements and fixes as well. We did code refactoring, deduplication, cleanup, code style fixes, as well as miscellaneous improvements. We also fixed a bunch of typos, spelling, and wording issues across the board. We fixed a number of issues reported by different static analysis tools we use, among others, PVS-Studio, Coverity Scan, Infer. Read more in our blog post, or head to the download page. And finally, the full changelog:
|
5
on: May 08, 2022, 04:16:18 pm
|
||
Started by leana - Last post by misterx | ||
Is there a document that explains how we can reproduce this?
They can only send one packet at a time the same way a wired network card does. |
6
on: May 08, 2022, 07:13:46 am
|
||
Started by leana - Last post by leana | ||
Hello,
I watched a [Computerphile video](https://www.youtube.com/watch?v=vvKbMueRzrI). In the end Dr. Bagley talked about the fact that a router can only receive/send a packet at a time, so if one device is slow it will slow every device down, because all device talk sequentially to the router. He also mentioned that around 15 slow device is enough to drag the WiFi down to unusable speed. Assuming the attacker has the network passphrase, I wonder if it's possible to use the concept of Slow Loris Attack - having one device faking its MAC address pretending to be multiple devices, sending out really slow packets to the router to slow down the whole network. Or even without the network passphrase. Is this possible? What would it take to experiment this on my own network? Thanks! |
7
on: May 07, 2022, 08:07:09 pm
|
||
Started by Kolusion - Last post by misterx | ||
You misunderstood: when 802.11w is used, there is a mechanism triggered if an unencrypted deauth frame is sent. What it can do, is if that frame matches our deauth parameters is notify it happened, thus letting you know it failed.
|
8
on: May 07, 2022, 12:37:05 pm
|
||
Started by Kolusion - Last post by Kolusion | ||
If you feel there is already a lot of information on the screen then you could always make showing the encryption type optional which gets shown only when airodump-ng is executed with a parameter to show it.
Putting the client encryption type in aireplay-ng doesn't seem logical to me because one does intelligence gathering with airodump-ng before the death attack. It would be annoying to write a script to deauth multiple devices, only to find out afterwards that it was all for nothing. I needed aircrack-ng because my lunatic neighbour was purposely waking me up every morning at 7am by throwing glass bottles in her bin, two metres from my front door. I tried making her stop by jamming her WiFi and while I jammed her WPA2 devices, it was not enough to make her to stop waking me up as she had many WPA3 devices. Now I've started throwing my glass bottles in the bin at night in my backyard near her bedroom, and now she has stopped waking me up, so I am done with aircrack-ng. Thanks for the great app and all the best to you. ![]() |
9
on: May 04, 2022, 07:46:09 pm
|
||
Started by Kolusion - Last post by misterx | ||
Something like that? That adds 17 characters on an already long line.
Code: [Select] CH 9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ BAT: 2 hours 10 mins ][ WPA handshake: 00:14:6C:7E:40:80 That's not realistic, there is already a lot of info on these lines. How about that: it is possible to add in aireplay-ng something (and maybe on the top right in airodump-ng) when it sees frames indicating that deauth is useless, but it doesn't always happen. |
10
on: May 04, 2022, 05:18:32 am
|
||
Started by Kolusion - Last post by Kolusion | ||
Between 'Frames' and 'Notes' in the client section in airodump-ng.
|