I am pretty new to the domain of wireless security and am trying to understand the various techniques used for compromising wireless networks. There are a few things that I am not able to co-relate and need help on the same. (I understand that WEP is no longer recommended but I am just trying to understand some underlying concepts here)
- Why do i need to bother to BREAK the WEP or WPA keys (maybe using a tool like aircrack-ng)?
Can't I just de-authenticate a client(using say aireplay-ng) and then present the client with a fake AP (impersonating a legitimate one) and then when the client tries to reconnect to the AP I can simply monitor mode capture packets and sniff the key out from there ?
Or in fact is the fake AP even required here? I mean even without hosting a fake AP I could still sniff the PSK just from a monitor mode capture (say using tools like Wireshark/Kismet/Cain etc.) right ?
- When we talk about PSK in case of WPA/WPA2, I understand that the PSK (the PMK and PTK finally) are used to encrypt all the data exchange. As per my understanding the PSK is not really transmitted over the network by either the client or the AP during a connection/authentication process. It's just the initial nonce that's exchanged and thereafter its the calculated PTK that's exchanged and it's the MIC that's used for verification. Is my understanding correct ?
- If my understanding of point 2 is correct, the 4 way hand-shake is not encrypted right ? And this 4 way handshake can still be eves dropped (may be through a monitor mode capture and again tools like Kismet/Wireshark/airodump-ng etc.) right ?
Please let me know if I am missing something and any pointers to references will also be helpful.
Aucun commentaire:
Enregistrer un commentaire