It is painstaking analysis and attention to detail like this that helps make networking (and so much other technology) safe and convenient for the average user.
Hello, je passais par là pour voir un peu les tuto existants et potentiellement me donner des idées, et franchement ta vidéo est plutôt cool :) Perso je me suis lancé le défi de faire un format court : des tutos en 1 minute ! C'est pas toujours facile ^^ Bonne continuation, et merci pour la vidéo ! :)
You can start a simple DNS server on your machine and set the IP address of attacked webpage to your machine. You can create a fraud webpage there and wait for the victim. The trick is in the changing of DNS server address by injected packets.
Can the DNS not just be set by the FakeAP without the injection just by using the whole DHCP process or whatever? FakeAP/Evil Twin attacks aren't particularly new, but the injection for stuff like Windows 7 attack is pretty cool
The attacker isn't creating a traditional "rouge AP". The attacker is copying all frames from the real AP to a different Wi-Fi channel, and this is used to reliably block and modify encrypted frames. Technically it's called multi-channel MitM, see for more details papers.mathyvanhoef.com/wisec2018.pdf It's only possible to inject frames towards the victim by using the new design flaw.
The security updates won't reduce the throughput of your network. If you disable Wi-Fi 6 as a temporary mitigation that might of course reduce the throughput.
So hold on, based on this video, the flaws aren’t in WiFi design but in: IPv6 insecure RA design Lack of security in IoT devices Bugs/design flaws in unpatched windows 7. … but obviously, WiFi is to blame.
No, normally in a protected Wi-Fi network you cannot inject packets. This means none of these attacks, in the situation described in the video, are possible under normal circumstances. The discovered vulnerabilities allow you to (simply stated) "remove" Wi-Fi protection. See the website and paper for details: papers.mathyvanhoef.com/usenix2021.pdf
@@vanhoefm true, and I understand you are simply using these as demos for the underlying flaws in WiFi, but these demos would also apply to wired networks. You could spoof a MAC and if it’s not protected at the switch you could easily trick the MAC bridging table and use the same exploits. So the root exploit in these demos is actually the lack of security on the upper layers.
@@Leftplayer1 Wi-Fi security is supposed to prevent an outsider from getting internal access to your network. The demo shows that this isn't the case. The equivalent and better comparison is a wired network that uses port-based access control, in which case these demos wouldn't be possible.
Too many variables. Knowing what site to clone and hoping it doesn't use SSL. Knowing who to send the email to and hoping they they don't use SPF, Dmarc and dkim. Also, eap - peap enabled WiFi would pose a problem. Good for home WiFi, corporate not so much. Otherwise, good POC 👍
I still dont understand this. Why isnt this super important? I've read several times now, that this is kinda impossible to abuse. Why? I have several APs and devices which don't get updates anymore. Am I at risk if I use WPA2? Or do attackers need to be "inside my Wifi" and have the WPA2 key to attack?
@@bestonyoutube I am also facing this thing,that you said before......also I am experiencing unwanted sudden kick out form my network.....So does my internal network got hacked?...... Also facing Internet outrage
Unless you update ur APs and WiFi devices against these new vulnerabilities, they are suseptable to different types of aggregation and fragmentation attacks mentioned. It's a widely affected implentation flaw in the 802.11 std. Unfortunately, many devices can't be patched especially iot
Trying to use the test tool and run the main script ./fragattack.py wlan0 [--ap] ping I am getting Test name '[--ap]' not recognized. Specify a valid test case. as an error... is ap a placeholder for something else I need to be using?
![Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack using Airgeddon [Tutorial]](http://i.ytimg.com/vi/SY0WMHTCCOM/mqdefault.jpg)
Awesome!
It is painstaking analysis and attention to detail like this that helps make networking (and so much other technology) safe and convenient for the average user.
Brilliant, amazing work Mathy!
Great work, as always Mathy. Congratulations to you and the team around you! I now have a few questions for my R&D colleagues.
Wow, nice work and very well explained.
Great demon. You explained everything so well. Thank you
Really great demo. Thank you!
Espectacular!!! Excelente Trabajo!!
Great demo! thanks!
It's really interesting research. Thank you!
Amazing. Good job!
Good job man !
Hello, je passais par là pour voir un peu les tuto existants et potentiellement me donner des idées, et franchement ta vidéo est plutôt cool :)
Perso je me suis lancé le défi de faire un format court : des tutos en 1 minute ! C'est pas toujours facile ^^
Bonne continuation, et merci pour la vidéo ! :)
great work and presentation!
very detailed explanation!
Superb presentation bro.
Man That Was Amazing! Also A request Could You tell us about malicious Dns and How to creat it? That would be Great!
You can start a simple DNS server on your machine and set the IP address of attacked webpage to your machine. You can create a fraud webpage there and wait for the victim.
The trick is in the changing of DNS server address by injected packets.
it s a dns forwarder , or bridged 🤫
Good work, now share the POC scripts so that we don't waste time on writing one ourselves.
Can the DNS not just be set by the FakeAP without the injection just by using the whole DHCP process or whatever? FakeAP/Evil Twin attacks aren't particularly new, but the injection for stuff like Windows 7 attack is pretty cool
The attacker isn't creating a traditional "rouge AP". The attacker is copying all frames from the real AP to a different Wi-Fi channel, and this is used to reliably block and modify encrypted frames. Technically it's called multi-channel MitM, see for more details papers.mathyvanhoef.com/wisec2018.pdf It's only possible to inject frames towards the victim by using the new design flaw.
Would mitigations in access points reduce the throughput bandwidth performance of Wifi? Especially for Wifi6?
The security updates won't reduce the throughput of your network. If you disable Wi-Fi 6 as a temporary mitigation that might of course reduce the throughput.
This is brilliant thank you
Mathy you are awesome
Excellent Job 👍
Holy crap. Thanks.
awesome demo!
So hold on, based on this video, the flaws aren’t in WiFi design but in:
IPv6 insecure RA design
Lack of security in IoT devices
Bugs/design flaws in unpatched windows 7.
… but obviously, WiFi is to blame.
No, normally in a protected Wi-Fi network you cannot inject packets. This means none of these attacks, in the situation described in the video, are possible under normal circumstances. The discovered vulnerabilities allow you to (simply stated) "remove" Wi-Fi protection.
See the website and paper for details: papers.mathyvanhoef.com/usenix2021.pdf
@@vanhoefm true, and I understand you are simply using these as demos for the underlying flaws in WiFi, but these demos would also apply to wired networks. You could spoof a MAC and if it’s not protected at the switch you could easily trick the MAC bridging table and use the same exploits. So the root exploit in these demos is actually the lack of security on the upper layers.
@@Leftplayer1 Wi-Fi security is supposed to prevent an outsider from getting internal access to your network. The demo shows that this isn't the case. The equivalent and better comparison is a wired network that uses port-based access control, in which case these demos wouldn't be possible.
Too many variables. Knowing what site to clone and hoping it doesn't use SSL.
Knowing who to send the email to and hoping they they don't use SPF, Dmarc and dkim. Also, eap - peap enabled WiFi would pose a problem. Good for home WiFi, corporate not so much. Otherwise, good POC 👍
Well... you can still try a breach attack since you are mitm
awesome work
Thanks so much 👌🏼
I still dont understand this. Why isnt this super important? I've read several times now, that this is kinda impossible to abuse. Why? I have several APs and devices which don't get updates anymore. Am I at risk if I use WPA2? Or do attackers need to be "inside my Wifi" and have the WPA2 key to attack?
I am confused as you are....
@@wildyato37 Yeah. All my APs still dont have an update for this and wont ever get one. I am not sure how risky it is or if Im safe.
@@bestonyoutube I am also facing this thing,that you said before......also I am experiencing unwanted sudden kick out form my network.....So does my internal network got hacked?......
Also facing Internet outrage
Unless you update ur APs and WiFi devices against these new vulnerabilities, they are suseptable to different types of aggregation and fragmentation attacks mentioned. It's a widely affected implentation flaw in the 802.11 std. Unfortunately, many devices can't be patched especially iot
And, to abuse these flaws, you must set up multi channel mitm setup.
Awesome 👍
Time to run to the mountains
Great!
And here I was thinking Windows 7 was safe ;)
It is more safe, if you disable Windows Remote Desktop service.
But I don’t get what’s so impressive about this? Windows 7 isn’t supported anymore that’s why it’s vulnerable for attacks
parabéns
interesting attack
Edziu też mówi, że nie pije :D
How da fuck does all this work without knowing the darn password howwwww ?????
OMG
Drop source code no balls
Trying to use the test tool and run the main script
./fragattack.py wlan0 [--ap] ping
I am getting
Test name '[--ap]' not recognized. Specify a valid test case.
as an error... is ap a placeholder for something else I need to be using?
Mathy sir can you give me the code of nat_punch_tcpsyn.py
Awesome Job!!!