EvilZone
Hacking and Security => Hacking and Security => : itIsMe December 22, 2014, 10:38:02 PM
-
I have permission to try to crack a router just for educational purposes and have had no success. I've been all over the web trying to find info. I tried to use reaver and ended up locked out after a few attempts. Could anyone point me in the right direction because I have found nothing good.
-
I think your best effort would be to learn some basic networking before attempting to crack a router. Learning the actual tools wont teach you anything really, learning how the network packets communicate with eachother and learning about handshakes and how pre-shared keys operate would help you out massively. I was in the same position of you awhile ago, once you become more intricate towards networking you would find yourself knowing how to use the tool without having to spend hours on the internet.
-
Thanks. Seems to be a common theme for me. Always getting ahead of myself. Back to the basics it is.
-
What you mean exactly?
Because if what you want to do is to crack the admin password to get access to the router configuration, networking knowledge won't help you a lot. Why? because cracking a router doesn't have nothing to do with packets, hand-shakes, routing protocols, etc. Cracking a router IS NOT related with networking.
In the other hand, if what you want is crack a NETWORK offered by that router you can play with, then some basic networking concepts are needed. For what you said, it seems it's a Wireless Network, so the specific thing you have to study is Wireless security (WEP, WPA, TKIP, PSK, AES, maybe RADIUS), and that's not precisely networking but crypto.
Good luck.
-
What you mean exactly?
Because if what you want to do is to crack the admin password to get access to the router configuration, networking knowledge won't help you a lot.
Well if OP had tryed the reaver it's quit obvious that he is trying to crack wi-fi network's authentication, not configuration page(obviously because he is still "outside" of the network). He said that he has been "locked out", so he has propably been trying to crack wps pin and being locked out is because of the ap rate limiting.
But for OP,just do what syntax990 said and learn about basic networking and stuff..
-
That's exactly what I wanted to point out. Saying "cracking a router" is not the same as cracking a network. Things must be called by their correct names.
But for OP,just do what syntax990 said and learn about basic networking and stuff..
Despite basic networking is important, for cracking a wireless network is not relevant. What's the use of knowing the OSI and TCP/IP models on cracking a wireless network? what's the use of knowing about Layer 4 multiplexing, or Layer 2 framing, or IP Subnetting on cracking a wireless network? Nothing. And all of that topics are basic networking. Other thing is if we talk about attacks to IP Networks.
My advice is, read about crypto.
-
That's exactly what I wanted to point out. Saying "cracking a router" is not the same as cracking a network. Things must be called by their correct names.
Okay, i just answered because you asked what op mean exactly and i thought it was kind of obvious, even tho he didn't use the right words.
Despite basic networking is important, for cracking a wireless network is not relevant. What's the use of knowing the OSI and TCP/IP models on cracking a wireless network? what's the use of knowing about Layer 4 multiplexing, or Layer 2 framing, or IP Subnetting on cracking a wireless network? Nothing. And all of that topics are basic networking. Other thing is if we talk about attacks to IP Networks.
My advice is, read about crypto.
Yes you are right, knowledge of internet protocol suite doesn't directly has anything to do with wireless cracking and nobody really didn't event said so.
But, let me ask it this way, what is use for someone intrested in computing/hacking to know how to crack wireless network if you don't even have basic knowledge (for example) about tcp/ip model?
Also networking isn't so directly only about internet protocol suit. For example if you build LAN which includes wirelles AP, configuring it's authentication and other stuff also drops under the concept of networking. So the point was to learn how things work before starting to crack stuff.
If you are wondering how do i know that op doesn't have enough knowledge about these things, well you said 'things must be called by their correct names'. If op can't even be clear about what he is trying to do and how,then that tells to me that there is some lack of knowledge about more basic stuff.(no offence for op)
edit: And just for the record, i'm no pro in this stuff, just shared what in my opinion and afaik is right.
-
Okay, i just answered because you asked what op mean exactly and i thought it was kind of obvious, even tho he didn't use the right words.
It is called a rethorical question.
Yes you are right, knowledge of internet protocol suite doesn't directly has anything to do with wireless cracking and nobody really didn't event said so.
Well, you said: But for OP,just do what syntax990 said and learn about basic networking and stuff..
The very basic of networking includes TCP/IP.
But, let me ask it this way, what is use for someone intrested in computing/hacking to know how to crack wireless network if you don't even have basic knowledge (for example) about tcp/ip model?
Also networking isn't so directly only about internet protocol suit. For example if you build LAN which includes wirelles AP, configuring it's authentication and other stuff also drops under the concept of networking. So the point was to learn how things work before starting to crack stuff.
So, why didn't you tell him to study databases? or, going to an extreme, wave physics? because all of that topics are some of the basis of "how things works" (this was another example of a rethorical question). Despite we are agree in that those topics are about "computing/hacking", they're not relevant in this question. I'm totally agree with you, @gray-fox, that @itIsMe needs to know how things work before even trying to crack them, and that's why my advice was "study crypto", because in my opinion that's one of the most relevant topics if you want to attack a wireless network.
Finally excuse me, but I don't need you to clarify me what's networking about, for some reason I'm a networking professional. This is a forum, you share your opinion, I'm not agree with it, I explain why and share mine, both being respectful. It's just how forums works.
-
damn MadJ0ker what crawled up your butt and died?
'oh no he advised to study basic networking concepts before moving on to wireless hacks' whoopty dude, syntax and gray-fox are right. One could take your criticisms of their suggestions and extend it to your advice on crypto. Should he start studying elliptical curve cryptography or markhov chains? differential analysis?
Youre trying to advocate a specific domain knowledge as a cure for OP's problem, other people are saying hes clearly not ready for that and should be building up a working background of knowledge first.
If you really feel like splitting hairs(and you seem like the type that does, what with getting bitchy about rhetorical questions) a good portion of crypto attacks rely on abusing implementation which in wifi happens to involve a fair degree of networking knowledge.
No need to be butthurt just cause he used an example of how knowledge of networking doesnt mean OP has to memorize the tcp/ip protocol suite, no one gives a crap if you are a networking professional or not, his comment was made to form a point and not necessarily to imply you dont understand the concept.
You may also want to take your advice on respect and use it yourself ya know. This shit got started cause you got upset when someone merely pointed out that it was pretty clear what OP meant, no need to have escalated it beyond 'oh I knew what OP meant, I was just making a rhetorical question to help clarify what he was asking'. Before you get started, no I don't care if its a forum or not I'm not gunna treat you with 'respect' simply cause I don't know you. This isn't a professional space, my opinions on here aren't gunna be listed on my resume, no one here is going to be a reference. I for one am here to help people out that need that little push, learn a few things, and laugh at people who can't do their own homework. I don't even respect the long term members here yet cause I don't know them yet and I certainly don't expect them to respect me yet either. My point being though that if you believe, unlike myself, that others should give respect out of courtesy first then you should probably exemplify this yourself.
This however has the makings of flame war long before my not so nice post, and it is my 'opinion' that further off topic conversation taken to PMs i.e take pedantic arguments over semantics there, and leave actual talk about 'router cracking' here. Can't make ya, but I think that would be for the best.
-
What you mean exactly?
Because if what you want to do is to crack the admin password to get access to the router configuration, networking knowledge won't help you a lot.
Well, when you start talking if op is trying to crack admin password to gain access routers configuration, even though he obviously isn't even inside the network it kind of seemed that you where honestly lost in there, instead of using rhetorics to make a point. Sorry for my mistake.
Despite we are agree in that those topics are about "computing/hacking", they're not relevant in this question. I'm totally agree with you, @gray-fox, that @itIsMe needs to know how things work before even trying to crack them, and that's why my advice was "study crypto", because in my opinion that's one of the most relevant topics if you want to attack a wireless network.
You're kind of missing a point here. I'm not saying that tolding op to learn crypto is bad idea. But let say he gets himself inside that network. Now he has been able to crack that wireless network, propably still using some tool like reaver(and learned what?). But what then, packet sniffing, arp spoofing, reverse shells and what ever. Now i would say that all those "basic networking" knowledge comes a pretty handy. Without knowing what to do and what really happends inside network, what is point to being able to get in? He propably just ends up using some pentest tools without knowing what they really do. So that's why i thing it's good thing to tell op to learn about those areas first even if it wouldn't help him crack that wireless network. Ofc. he just could keep trying to crack that wireless with success or without and then learn that all other stuff, but i thing it's kind topsy-turvy way of learning.
Finally excuse me, but I don't need you to clarify me what's networking about, for some reason I'm a networking professional. This is a forum, you share your opinion, I'm not agree with it, I explain why and share mine, both being respectful. It's just how forums works.
This sentence is so contradictory that i don't know what to say. lol. I guess i could thank you for teaching how forum works, you propably become admin in no time. [emoji14] If you thought i had done something else than shared my opinions, please enlighten me.
edit: well, madf0x was quicker and kind of spoke what i was thinking and he is right that this talk should now get back more on topic...
-
@madf0x: Your argumentation is so poor, that I won't reply you in any way. All of my replies have been respectful, as well as @gray-fox's, because unlike you, I think courtesy is important in any human interaction. Good for you if you're a badass that respect no one. That's all I have to say to someone who expresses like you.
@gray-fox: It's not my fault, again, if you can't catch my figures of speech. But as you say, it's not the place to discuss about it. What OP does after he reach his goals is his problem, not ours. Maybe he just want to break the security just for the challenge, maybe he wants to try some of the attacks that you mentioned, but he's not asking for that. Clearly I'm limiting my reply to what OP asked.
I don't have any interest in becoming admin. and no, you didn't do anything else than sharing your opinions. As well as I did.
Good luck.
-
If your trying to learn how to crack a router, you would need to research more about war driving techniques. If your not particular with different protocols, and how networks communicate. Not sure about the encryption strength, amount of security controls, etc. but I'd say that this would be a great starting point.
-
Just to clear things up I do not know very much about a lot of these topics. I've only been in college for 2 years. Although I am a computer science major I have not taken many classes on the subject because I did my core first. As far as cracking this router the only thing I was trying to do I recover my father in laws password because he said he did not remember it and I thought it would be good to try and maybe learn a few things along the way. As I am sure you can tell I am not an English major so I don't use the right words a lot of times and am not good with communicating. I do appreciate all of the advice given and will read up on some of them.
-
The only real topics I think are worth your time are topics you probably already know. Since you are a computer science major, I assume you know about the TCP/IP and OSI model? If not then those are some topics you might want to study. You don't need to complete multiple Cyberoam courses and Cisco courses. MadJ0ker talking about layer 4 multiplexing was not really necessary for what you are trying to do.
The simple fact of me suggesting you to look over these topics was just to ensure that you actually learn something with this experience, as well as being able to diagnose issues you might come across when trying to crack into a router.
I'm going to assume you want to crack the routers main authentication password to allow you to get on to the network right? Well, the reason I suggested to look over pre-shared keys etc is because different routers use differnt encryption algorithms for password authentication. Some home routers require a WEP login, some require WPA2-PSK. Either way, knowing the difference will help you alot and save you hours of frustration.
You can just simply google "how to use reaver", "how to use aircrack-ng" and a bunch of other shit and follow some guy do it on Youtube or something. This I personally wont recommend from personal experience as most of the time their router configuration is very different. If you were to ensure that you knew some of the topics I have discussed, you could possibly open one of these very tools and crack a router without following a single guide.
I don't mean to sound like I'm patronizing you since plenty of people on evilzone do tend to patronize. I have no idea who you are or your skills, so I'll make the assumption that you need help. If you are still struggling with cracking this router then just PM me and I'll walk you through everything you need to do.
Best of luck!
-
Thanks again I will definitely be looking into these topics and yea I did watch a few videos and did what they did but was not able to crack it because of WPS lock. I had hopped to set the delay between attempts to 30 seconds and try again but after 2 days it is still locked so I think it is obvious I have to go another route.
-
i find it that most router still maintain their defaults so before all the wardrive techniques you might want to consider looking it up on shodan.. you can find most routers,phones, default page and deafult logs , i found most in my area to maintain their default.. give a try
-
In addition to what Ech0x7 said I will add:
WPS brute-forcing isn't the only vulnerability in WPA. Some routers have poor implementation of the algorithm, also there are other vulnerabilities like WPA/TKIP. http://dl.aircrack-ng.org/breakingwepandwpa.pdf (http://dl.aircrack-ng.org/breakingwepandwpa.pdfthis) this document will be useful to you(it's old but still good introduction). But as others had mentioned you will need some networking background(at least the theory). If you want for future to research vulnerabilities in crypto algorithms, I would recommend you to get with math and cryptography.
P.S.
Sorry for my bad grammer.
-
Again thanks for the responses. I have decided to not only study these topics more but have also decided to specialize my degree to information security. I feel this will get me where I want to be.
-
Again thanks for the responses. I have decided to not only study these topics more but have also decided to specialize my degree to information security. I feel this will get me where I want to be.
+1
-
I had access to my marks email and facebook via stored password and cookies. even after changing the password, i was still able to access the email through my browser history (via the cookie right?). the facebook password has now been changed too.
last week i uninstalled chrome and reininstalled becuase of a bad virus i couldnt shake. history gone, damn it !chrome told me it was all stored in the cloud, sigh. i tried sytem restore, and several recovery methods but have come up with nothing.
I KNOW this info is still in my system somewhere. Please point me in the right direction ! I have been studying so hard but i feel like im getting nowhere...
Also, the password to the router (internet access whatever, the proper ter mis slipping me right now, so much floating around) is stored in my network places...i just go the house and i'm connected....how can i find this stored password? how can i use this access to install keyloggers, rat, etc?
i dont want you to do it for me, i have learned this is not what you do...I WANT TO LEARN...just tell me what and where PLEASE, refer me to websites, threads posted, etc thanks
-
I had access to my marks email and facebook via stored password and cookies. even after changing the password, i was still able to access the email through my browser history (via the cookie right?). the facebook password has now been changed too.
last week i uninstalled chrome and reininstalled becuase of a bad virus i couldnt shake. history gone, damn it !chrome told me it was all stored in the cloud, sigh. i tried sytem restore, and several recovery methods but have come up with nothing.
I KNOW this info is still in my system somewhere. Please point me in the right direction ! I have been studying so hard but i feel like im getting nowhere...
Also, the password to the router (internet access whatever, the proper ter mis slipping me right now, so much floating around) is stored in my network places...i just go the house and i'm connected....how can i find this stored password? how can i use this access to install keyloggers, rat, etc?
i dont want you to do it for me, i have learned this is not what you do...I WANT TO LEARN...just tell me what and where PLEASE, refer me to websites, threads posted, etc thanks
The question you are asking is unrelated to the thread. Please make a new thread rather than changing the topic of another thread.
-
Sorry I didnt mean to; what is your opinion for where I should post this?
-
Sorry I didnt mean to; what is your opinion for where I should post this?
My suggestion is either 'Hacking and Security' or 'General Vices'.