"We first run airodump-ng to find a roaming client and a SSID it has stored in the preferred network list and it is probing for. We find an iPhone probing for a "Wireless Lab" network. We immediately setup an Open/WEP/WPA/WPA2 network with the same SSID on the same channel. Its not long before our victim connects to our network. Unfortunately, as we do not know the WPA2-PSK passphrase for
Ce script automatise ce processus :
"the "Wireless Lab" network, the client sends a De-authentication packet and disconnects. However, this does not happen before it exchanges the first 2 packets in the WPA-Handshake. From previous videos, we know that with just packet 1 and 2, we can launch a Dictionary attack on PSK. We do just this and within minutes the WPA2-PSK key is revealed."
Demo vidéo : http://www.securitytube.net/video/1921
DOC : http://digi.ninja/projects/wifi_honey.php
à tester en ajoutant un brouillage avec mdk3... ou le script le fait? Bonne question^^ Intéressant... car c'est une attaque sur un client et non sur un hotspot...
Je vais tester!