0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
# Exploit Title: Sky Broadband Router Weak algorithm used to generate WPA-PSK Key # Google Dork: # Date: 08/08/2014 # Author: Matt O'Connor / Planit Computing # Advisory Link: http://www.planitcomputing.ie/sky-wifi-attack.pdf # Version: # Category: Remote # Tested on: Sky SR101 Router The SR101 routers supplied by Sky Broadband are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: Random A to Z Uppercase only 8 characters long 208,827,064,576 possible combinations ( AAAAAAAA ZZZZZZZZ ) 26^8 We notified Sky Broadband about the problem in January 2014 yet Sky Broadband are still supplying customers with routers / modems that use this weak algorithm. At the time, graphics cards were expensive and clustering several machines was not financially viable to the average hacker. We purchased a used rig in December 2013, comprising off: Windows 7 I3 Processor 4GB RAM 2TB Drive Radeon HD 5850 We generated 26 dictionary files using mask processor by ATOM, piping each letter out to its own file, for example: A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA AZZZZZZZ B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA BZZZZZZZ etc Each .txt file weighed in at around 60GBs each. The 26 files took up about 1.6TB of storage. We now had the complete key space, partitioned into 26 different files. This allowed us to distribute the brute force attack amongst multiple computers. There are other ways with ocl-hashcat but this was the simplest. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown below: 26^8 = 208,827,064,576 ( 208 billion possible combinations ) 26^8 / 80,000 keys per second = 2,610,338 seconds 2,610,338 / 60 seconds = 43,505 minutes 43,505 / 60 minutes = 725 hours 725 hours / 24 hours = 30 Days For 185, we had built a computer that could crack the default Sky Broadband wireless password within 30 days. The WPA-PSK handshake we used started with the letter S and was cracked within 96 hours. We ended up getting a second machine for the same price which resulted in our maximum cracking time being reduced to 15 days. If youre using the default password on your Sky Broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols. # 0day.today [2024-12-24] #