Description: Welcome to Part 10 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at how to compromise isolated wireless clients. Most operating systems have utilities which will cache the SSID and security credentials (if applicable) and use it the next time the network is available in the vicinity. This is a major security problem. A hacker could very easily setup a tool which monitors the air for Probe Request packets. Once a Probe Request packet is seen over the air, the tool automatically responds to it and establishes a communication with the client. This now gives the hacker IP level access to it. From here on, he can run tools like Metasploit to break into the computer.
Tags: 802.11 , wireless , security , probe request , isolated , client , honeypot , airbase-ng ,
thank you Vivek
Brilliant, thanks so much Vivek for taking your time to produce this world class series of videos.
Having worked in IT for years, I never really considered WIFI security but I've been able to have a beautiful holiday weekend because of your videos. Let me tell you why:
My neighbour likes to sit in his garden with his laptop, playing music from the internet. You know how awful and tinny that sounds? It hurts the ears! Thanks to the power of a de-auth based attack, I've been able to silence his laptop to suit my needs and get some splendid peace and quite LOL :-)
Vivek, thank you for promoting peace and quite along with excellent tutoring and knowledge sharing!
Interesting probe response:
DONT Auto-Reconnect to ANY SSID
Well, Well.... I always religiously delete these essid entries from my laptop and Android phone, as I pick up a lot at airports and hotels. Funny thing is that I delete them just because I don't like having them on my systems... and NOT because I know they are a security risk :)... sometimes we do the correct thing without even knowing it.
Tks Vivek.
Thanks again Vivek, checking it right away.
wil you cover Caffe Latte attack,which you discovered it would be gr8 to learn from inventor himself.. i had chance to listen you @ Miel e-Security PRISM course seminar but that time Caffe Latte wasn't demonstrated by you.
Thank you vivek.. gr8 work..
@behrouz, m0ei, Thanks Guys!
@Blackmarketeer With great power, comes great responsibility :) Well DoS'ing an irritating neighbor is for the greater good :) So, I guess its ok :) I also had those guys who play loud music more to show off to others they are listening to music, rather than wanting to enjoy the music itself.
@Fitzroy Your good luck :) Well now you know why you should delete them.
@Mac2vj Yes, of course, the Caffe Latte attack :) It should be online in the next 4-5 videos i guess.
Thank you Vivek , you are awesome as always buddy , waiting for more
thanks again Vivek. love the series. Learning lots and going to be trying some of these attacks out myself.
I have this bad thing that happens when i watch a good tvshow, and i like it so much that i have to watch episode after episode...
That happened again when i started to watch your Security videos... i dont know whether to say thank you or damm you, i cant stop now. bb
Excellent!!! Love this dance......
Awesome! I'd like to see the process behind spoonWEP in Backtrack3. Wish you could do a video explaining how that process works behind the scenes. =)
Awesome video Vivek i like using airdrop-ng for Dos keep up the good work
Great stuff, Vivek, thanks! Knew quite a bit about WLAN security coming into this MegaPrimer, but learned a lot on Airbase-ng. Keep up the good work! :)
Man I have automatic connection setup , only because my password way too big . I just hope no one will try to exploit it . But it's better to install some kind of protection. Thanks Vivek !!!
Vivek you are the Man!
Hi Vivek, I just wanted to pop in again and say that I am still devouring your videos. I even created a vimeo account so I can download them all and re-watch them whenever I want.
Thanks Vivek. Great series of videos and you are a gifted teacher mate. Things always click in to place when watching your vids. Keep up the good work :-)
Yet another great video! Thanks Vivek!
Thanx a ton :)
Love the videos man, makes me more excited about experimenting! There's so much to play with!
These videos are very interesting. I have done much of the experiments myself and learned alot. One of the things I noticed was that your phone and my ipod touch were dancing from one insecure access point to another and not on any secured access points. Considering this is the latest video in this series that I watched, I guess I will figure it out in subsequent videos.
Big thx to you :) i really like your tutorials (even if i was not able to watch the dvd-megaprimer -> the m4v-files were corrupt :/)
but.. if understood you right, there is a mistake in your slide near 10:05 min:
Probe-Request with captial T in Tube and Probe-Response mit non captial t in tube :)
maybe you should fix it, cauz its kind of disturbing if you say it is case-sensitive at the same time :D
but anyway -> keep it up <3
My notes on this part are here: http://41j.com/blog/2011/10/securitytube-wireless-lan-security-megaprimer-notes-part-10-hacking-isolated-clients/
thank you very much sir, i am little bit late to find you and your videos sir ,i am upcoming security consultant undergoing training in hyd .
sir can u suggest any counter measures for the attacks of PNL and to how to defend such type of attacks.
thank you very much for all these series. you put it together so well. I am basically getting a university education 1 on 1. alot of questions to be asked. but thats where I my self have to mess around wit the basic tools you show..
thanks again for everything
Jeff
This is just an amzing piece of work !
You're teaching what I always wanted to learn !
I can only thank you a lot ! But I mean it !
Keep doing this ! You are bring light to obscure subjects clarifying them !
Amazing Video man. Enjoying the jokes that keep the video lively :D . One thing, please don't consider this as nitpicking,but in the challenge response slide, the ESSID for the attacker network has Securitytube instead of SecurityTube. So yeah, if you want to correct it.. or anyways its fine. People get it.
Hats off to you :)
Vivek, Marry me. These video's are amazing most of the videos you see online just show some skiddy tool and don't cover the topic properly. I'm getting through all you primers. I've all ready watched the Metaspoit, format string and assembly vids. This one just blew me away, I ran airbase-ng with the -P -C options and got about a dozen people connecting in 30 seconds, scary. Even more so when all the ISP's here give out stations with account numbers in the SSID, it gives you a log of where the person has been.
Anyway thank you, amazing work.
Vivek, I just wanted to express my gratitude... I normally don't commentate on most plattforms but I just had to make an account and thank you for this series! since I discovered them a few days ago I am pretty hooked on watching these videos. I really appreciate the extensive explanations from the very basics with an perfect learning curve. It has been a true pleasure to recreate every step of your tutorials so far... really looking forward to the rest of this megaprimer!
Thank you Vivek.
From minute 18:30 in this video, this is exactly why I love Security, Hacking, Computers.
This encuraged me to buy me an Alfa Wireless card (AWUS036NH).
I'm also planning on doing all this with a Raspberry Pi.
I'd like to cover the whole WLAN security subject (in German - on my Blog), but I don't think I can do any better than you. Thanks for this awesome megaprimer!
Thank you Vivek!
Thanks for the video! Great information on an exciting subject!
wow this was super cool. thanks so much for uploading this!
i only get Null Probe Request from my iphone when i use wireshark to see packet & when i use airodump-ng i didn't get any probe appear near my client ???
after finish the video and try every thing you say i can't see probe :( .... when try to make airbase to respond to all packet some of my network show up but i can't connect to it ... what is the problem ??
any way your video are awesome & thanks for make it :D
great video vivek!!!!!!
I, too, also get all Null Probe Requests in Wireshark and airodump-ng displays nothing in the Probe column. I used Android and iPhone clients with the same results. Have the clients gotten smarter in 2013, or am I doing something wrong?
Thanks for a great series. Very informative.
NooB here, Vivek. Just want to show my appreciation for these videos. I'm learning lots and have found myself waking at 4am just to go over your tutorials before the kids wake up and need me to take them to school. Awesome stuff, really!
I created the fakeAPs but my iPhone doesn't connect (It does not get the check mark) Althrought I do receive an association packet.
Why is that?
Excellent walk through and dancing Vivek, thanks! :D
It's really cool what is possible to do with wifi! thank you for your videos, they are really practical!