xkcd

[jacob1618]

I ordered an Acer Aspire One netbook on Amazon over the weekend. (side note: it actually came really fast, considering if was from california. amazon said 5-7 days and it only took two. One thing I am planning on using it for is a program called Backtrack. Its a program that lets you analyze wifi networks. I found a tutorial online on how to get the wifi pasword of a network if its WEP or WPA/WPA2 encrypted. There are two ways to use backtrack. Either you download a Virtual Machine image or you download an ISO image and then burn it to a Live DVD/CD. I can't decide if I should go ahead and buy an external optical drive on amazon because I'l probably need one anyway for future projects...(by the way, the reason I got a netbook was portability, its not that I didn't think about the fact that I wouldn't have certain features like this...)...or If I should try to use a virtual machine on my netbook and run backtrack from that. Will my netbook crash? Is a netbook even capable of this ? If so, what OS should I use? Also, what OS do you suggest for a netbook anyway? I've never had one. My dad has a copy of Windows 7 that he says I can use but I'm not sure if it would make the netbook too slow...

Also, does an external optical drive cost too much to be worth it? One I found was 50 dollars but I'm not sure if it was good quality...

Thanks for any advice!

P.S. I am trying to get the password for the school's wifi network. Another question/problem that I have with that is that if I get the password and then want to sell it to people at school then the first person I sell it to will give it away to his friends and then they will give it away and so on...and I might get caught as the person who found it. Anyway, is therea a way that I could give the password to people and not let them give away the password to others? Maybe I could change the password of the network after each time I sell it to someone...can you do that? Or do you have to be a kind of "netowrk admin"...sorry I have so many questions!

Thanks again!

[wellingtonsteve]

There's a third option. Something like Daemon Tools*:

http://www.daemon-tools.cc/eng/downloads

It creates a virtual drive on the netbook - you can then mount an ISO file on it and it will appear as a real drive.


* Daemon Tools has occasionally been bundled with Adware IIRC, nothing too shady but be careful which options you choose in the installer

[Bhelliom]

P.S. I am trying to get the password for the school's wifi network. Another question/problem that I have with that is that if I get the password and then want to sell it to people at school then the first person I sell it to will give it away to his friends and then they will give it away and so on...and I might get caught as the person who found it. Anyway, is therea a way that I could give the password to people and not let them give away the password to others? Maybe I could change the password of the network after each time I sell it to someone...can you do that? Or do you have to be a kind of "netowrk admin"...sorry I have so many questions!

Thanks again!

The hell?
If you were meant to have the WiFi password for your school you would have been given it. It is possible to use software tools to crack wireless passwords, but think twice about doing this at your school. If you change the password, all current users would be kicked off of the WiFi and that is sure to attract Admin attention. If (When) you do get caught, you could be facing a black mark on your record if you ever want to get into computers later in your education. I know it sounds ridiculous, but some schools get really weird/paranoid about anything that can be construed as "hacking." How much fun would the rest of the year be with no computer access at school?

EDIT: Also, Mods, this probably belongs in Help Desk

[userxp]

OK, first, Backtrack is not a program, it's a Linux distribution that includes "penetration testing" (which you might argue is a nicer way to say "hacking") programs. Second, you can't crack WPA/WPA2 passwords unless they're really weak (and noone should be using WEP anymore, for nothing, ever). Third, Daemon tools won't do anything since it's just a Windows program and you need to use the CD to boot.

Fourth, and most important, you shouldn't "get the password for the school's wifi network and sell it". It's not nice, especially the "selling" part. I know schools tend to have computer security problems (we actually have a long thread with about that), but that's not an excuse to do whatever you want with them. I myself, along with two friends, had access to many important files for quite some time in high school (not because of hacking, the teachers just trusted us enough that they would let us use their computers for various stuff), but we didn't go any further than snooping around a bit. And I don't think people in this forum will particularly want to help a schoolboy break the school rules. Think about it: the teachers will notice people in your class using the Internet and soon realize they have the wifi key. They will interrogate a few ones and I'm 90% sure they will tell them you gave it to them. And then as they said you might get temporarily expelled or punished in some way. And that's not good.

[Carnildo]

I ordered an Acer Aspire One netbook on Amazon over the weekend. (side note: it actually came really fast, considering if was from california. amazon said 5-7 days and it only took two. One thing I am planning on using it for is a program called Backtrack. Its a program that lets you analyze wifi networks. I found a tutorial online on how to get the wifi pasword of a network if its WEP or WPA/WPA2 encrypted. There are two ways to use backtrack. Either you download a Virtual Machine image or you download an ISO image and then burn it to a Live DVD/CD. I can't decide if I should go ahead and buy an external optical drive on amazon because I'l probably need one anyway for future projects...(by the way, the reason I got a netbook was portability, its not that I didn't think about the fact that I wouldn't have certain features like this...)...or If I should try to use a virtual machine on my netbook and run backtrack from that. Will my netbook crash? Is a netbook even capable of this ? If so, what OS should I use? Also, what OS do you suggest for a netbook anyway? I've never had one. My dad has a copy of Windows 7 that he says I can use but I'm not sure if it would make the netbook too slow...

Also, does an external optical drive cost too much to be worth it? One I found was 50 dollars but I'm not sure if it was good quality...

Thanks for any advice!

P.S. I am trying to get the password for the school's wifi network. Another question/problem that I have with that is that if I get the password and then want to sell it to people at school then the first person I sell it to will give it away to his friends and then they will give it away and so on...and I might get caught as the person who found it. Anyway, is therea a way that I could give the password to people and not let them give away the password to others? Maybe I could change the password of the network after each time I sell it to someone...can you do that? Or do you have to be a kind of "netowrk admin"...sorry I have so many questions!

Thanks again!

It sounds like you know just enough to get yourself into a heck of a lot of trouble. I recommend shelving your plans until you 1) know what you're doing, 2) know what the likely consequences are if you get caught, and 3) know how likely it is that you'll be caught.

[markop2003]

Unless you have a bunch of CUDA enabled GPUs or Beowulf cluster you won't be able to crack a network built by a competent admin (ie JTR proof or atleast simple dictionary proof).

[jacob1618]

http://lifehacker.com/5873407/how-to-cr ... ith-reaver

[userxp]

In December 2011 researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to perform on WPS-enabled Wi-Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network. The only effective workaround is to disable WPS.[5]

The vulnerability centers around the acknowledgement messages sent between the registrar and enrollee when attempting to validate a PIN. The PIN, which is printed on the side of each WPS-enabled Wi-Fi router, is an eight digit number. Since the last digit is a checksum of the previous digits,[7] there are seven unknown digits in each PIN, yielding 107 = 10,000,000 possible combinations.

When an enrollee attempts to gain access using a PIN, the registrar reports the validity of the first and second halves of the PIN separately. Since the first half of the pin consists of four digits (10,000 possibilities) and second half has only three active digits (1000 possibilities), at most only 11,000 guesses are needed before the PIN is recovered. This is a reduction of three orders of magnitude from the number PINs that would have to be tested absent the design flaw. As a result, a practical attack can be completed in just a few hours. The ease or difficulty of exploiting this flaw is implementation dependent, as Wi-Fi router manufacturers could defend against such attacks by slowing or disabling the WPS feature after several failed PIN validation attempts.[4]

So it is true. There is a huge security flaw on >90% of wireless routers .
I read the paper and honestly, the entire "WPS" standard seems horribly designed. How is an 8-digit pin code different from a password? And how didn't they see the obvious vulnerability in sending the two halves separately ?

[Carnildo]

I read the paper and honestly, the entire "WPS" standard seems horribly designed. How is an 8-digit pin code different from a password? And how didn't they see the obvious vulnerability in sending the two halves separately ?

The theory is sound: an eight-digit passcode that requires a non-trivial amount of computation to verify is fairly secure. A theoretical "ideal WPS" would take an average of five to ten years to brute-force, even if the router designer didn't incorporate any active rate-limiting measures.

The problem lies entirely in the implementation. First, the use of a check digit reduces it to a seven-digit code, and the brute-force time becomes six to twelve months. Then, verifying in two parts and returning "success" or "failure" after the first part turns it into a 4.04-digit code, and the brute-force time becomes a matter of minutes.

[userxp]

The problem lies entirely in the implementation. First, the use of a check digit reduces it to a seven-digit code, and the brute-force time becomes six to twelve months. Then, verifying in two parts and returning "success" or "failure" after the first part turns it into a 4.04-digit code, and the brute-force time becomes a matter of minutes.

I thought that was part of the standard. "Ask for the second half of the PIN after the client has sent the first part". If it's just a bad implementation, doesn't that mean that a firmware update (or a new router) could fix it?

[Carnildo]

The problem lies entirely in the implementation. First, the use of a check digit reduces it to a seven-digit code, and the brute-force time becomes six to twelve months. Then, verifying in two parts and returning "success" or "failure" after the first part turns it into a 4.04-digit code, and the brute-force time becomes a matter of minutes.

I thought that was part of the standard. "Ask for the second half of the PIN after the client has sent the first part". If it's just a bad implementation, doesn't that mean that a firmware update (or a new router) could fix it?

A firmware update could fix one of the flaws, by always returning "correct" after a client submits the first half of the PIN. It violates the standard, but does so in a way that probably won't break anything. Unfortunately, the flaw of using a check digit can't be fixed in firmware, because it's entirely possible that client software will reject PINs with an apparently-incorrect value.

[troyp]

Wait...wtf?
Are you saying they have an 8-digit pin but they...tell you when you've guessed the first 4 digits correctly???

Maybe they could extend this technology and make it emit an audible click when you get each digit right...