Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1] 2 3 ... 10
 on: September 22, 2018, 09:07:01 AM 
Started by jamaican_jason - Last post by jamaican_jason
Hi. I set up a soft AP with airbase-ng trying to fake a real one. It has its same ESSID but a different MAC address; it's on the same channel too. After that I send a deauth broadcast using aireplay-ng --deauth 0, and it seem to work: client disconnects. The problem is that the client never connects to the soft AP. On Wireshark I see no packets sent from the client to the soft AP. I thought as far as the soft AP had a better signal strength than the real one the client would connect to it, however this is not the case. I'm running my tests with an android phone as the client and an Alfa AWUS036NH doing everything else (soft AP, deauth, monitoring...). The OS is Ubuntu, though I have tried using Kali with same results.
Can someone kindly tell me what I'm doing wrong?

 on: September 21, 2018, 07:45:12 PM 
Started by spagzy - Last post by spagzy
Hey guys I'm new to penetration testing and I'm trying to use aircrack but I am having some troubles

When I run airodump-ng wlan0mon I get a listing of all the AP's that my device can pick up but when I target my specific router no stations show up even when I have 3 connected

I am running the newest kernel of Kali (4.18.0-kali1-amd64) and I am using an Alfa AWUS036NHA

 on: September 17, 2018, 07:01:40 AM 
Started by greenDay - Last post by Naivdose
Basically half your special characters wouldn't be ascii convertible.

 on: September 13, 2018, 05:24:18 PM 
Started by greenDay - Last post by misterx
Simply because some values don't match a printable character.

Here is an ASCII table:

 on: September 13, 2018, 01:42:54 PM 
Started by greenDay - Last post by greenDay

Is it possible to know the reason out of curiosity? :)

And if it's not convertible, is it possible to use the key in hex?

 on: September 13, 2018, 01:29:23 PM 
Started by greenDay - Last post by misterx
Not all keys can be converted to ascii

 on: September 13, 2018, 07:44:03 AM 
Started by greenDay - Last post by greenDay

I tested the airckrack-ng for finding a key. All is good but I have a probleme with this hex : C5:8C:A3:6A:68:FA:61:35:A2:19:B2:57:B2

If I convert this hex from I have this ???jh?a5???W?? and Ō£jhúa5¢²W² from

And from my terminal with echo C5:8C:A3:6A:68:FA:61:35:A2:19:B2:57:B2 | xxd -r -p I have Ō�jh�a5��W�%

Could anyone help me? becose I dont understand why I don't have the possibility to convert correctly the key.


 on: September 11, 2018, 04:36:40 PM 
Started by freeroute - Last post by tan112
Thank you for your reply, I'm sure someone will find it very useful. Just few remarks from my side, only for information.
"hacking tools" are used daily by penetration testers
That is not the only purpose of my job.
Braking things and getting paid for it, unfortunately is not my every day duty... mostly, I get paid to fix, and/or find the causes, of malfunctioning systems, using hacking tools is forbidden.
Regarding the Windows VM
That was just as mere example, only to describe the impossibility to use "hack" software/tools at (most of) Customer premises.
Taps can be fairly cheap
As Im' sure you have seen many times during your pentesting experience, network issues doesn't always come from the "ethernet", so a ethernet tap is most of times insufficient (besides, by most of SLAs, is forbidden to use taps in production).
Anyway, it would take ages if we would start telling about all absurdities and aberrations we have seen coming out of wireless devices.
Some of them caused by hardware issues, some by bugged firmware, some by bad quality software programmed, probably, under the effect of alcohol or other illegal drugs, and so on...
So a little piece of advice, relying solely on network taps, wont help debugging issues, as if it may come also from the wireless device...
My point is, we are clearly dealing with human errors here... hoping that stuffs will work, even after a super-secure WPA3 "certification", is just naive.
We need a fallback mechanism, to be able to revive from the hungover of that last programmer...  ;)

Anyway, I don't see this discussion is attracting much of a contributions...
Maybe that's not really an interesting topic...

 on: September 11, 2018, 03:44:00 PM 
Started by freeroute - Last post by misterx
Actually, "hacking tools" are used daily by penetration testers to check the security of networks (wired and wireless).

Regarding the Windows VM, you can provide anybody with an unactivated Windows VM AFAIK.

Taps can be fairly cheap, something like $100 and even cheaper (less than $20, search for throwing star LAN tap). Yes, you can use them in a production environment, they won't disturb anything. They've been used for IDS. Check out the options on Amazon "Network tap". The first few results are from Dualcomm. But yes, depending on the tap you want, it can get very expensive. But those are most often used for IDS purposes or large scale network capture.

 on: September 11, 2018, 01:35:52 PM 
Started by freeroute - Last post by tan112
Now that's a professional answer.
Thank you for the respect shown to another field professional, really appreciated.

I know my personal opinion as sole is valid nothing, but sharing it in public, I hope some other professionals might support it, if valid.
I'll refer to the workings of WEP compared to WPA
I do fully agree on that. But look at the difference between WPA3 and both WEP/WPA/WPA2 protocols.
Those protocols always integrated, now and before, a official way to decode traffic external (for whatever reasons, fallback emergencies, convenience, law enforcement investigations, and so on).
Provided of course the authorization to do so, and the most important ingredient, a strong password.
So as you say, and I fully agree
WPA2 is still very secure
It has indeed undergone few security improvements in the last years, as well as WPS, becoming now a very stable protocol in the newest hardware (and I repeat: newest hardware)

Now, look at the WPA3: it does NOT integrate any (known) way to decode external traffic, that possibility has been wiped out from the protocol foundations, that is official.
Even provided authorization, passwords, the owner looking in front of your computer, whatever, you can't decode the traffic.
My point is, there will be tools, but it might take a little while
That is true, maybe, but what "tools" are we talking about?
WPA3 officially removed the possibility to decode traffic, so the only "tools" which might come over in time will be temporary workaround bugs exploit from QA testers or worst, hackers.
As we all know very well, no respectable Customer, SME or Corporate, will never authorize the use of "hacking" tools in its environment, be it testing, stage, production or else.
( can see it even now, try to ask even your closer colleagues to provide a innocent VM with a cracked version of Window$... every cracked versions works just good as the original ones, yes no doubt... but just thinking of it you risk to lose your job...)

Unfortunately, that excessive "security" is going even further into obfuscating also the 80211 Open protocol.
You can also put a tap right after the AP, where you get the Ethernet packets, which are decrypted.
That you can do now indeed, and it's infact the preferred way to deal with issues in testing environments, but not in production.
Anyway, not all customers are rich Corporations willing to spend thousands of $ in such gadgets...
But as we see, with that new OWE, it will get a lot difficult even to debug a open wireless issue, bringing only frustration and loss of money, to everybody.

To conclude, my point is, security is important, but excessive "security" is destructive, and that was my evidence.
WPA3 protocol needs a fallback mechanism, OFFICIAL, in order to provide professionals (and law enforcement) a way to decode traffic in emergency situations (authorized by owners or Courts)

Thank you

Pages: [1] 2 3 ... 10