Current or Future Password Phishing?

Chicken_shrimp · July 3, 2022, 7:49am

HELLO WORLD… (of flippers)
Total newb here and with absolutly no knowledge on code/software and most terminology, always had an interest in hacking, and pen testing. FLIPPER is my step in the door.
I just got my Flippy and played around with emulating remotes, so fun!

I have always wanted to know HOW people can access wifi for free internet and the process that they go through, I just ordered a wifi dev board in hopes I can learn, after watching the " Flipper Zero: How To Run Marauder on the WiFi Dev Board " video.

my question is is it possible to actually access locked wifi and get the pasword somehow?
sorry if the question sounds dumb but im hoping this community is kind and understanding of silly ol me.

I also have a Raspberry Pi 2 or 3 I think but never used it…

would love to hear more about some cool things to do.
Thanks for reading!

Astra · July 3, 2022, 3:08pm

It’s generally impossible to get access to a password-protected wifi AP unless you know the password, due to how WPA2/WPA3 are designed. So, the answer to your question is no, even with the WiFi-devboard and the marauder FW.

DouglasAWolff · July 4, 2022, 9:00pm

if you are interested in wifi authentication, you might want to look at this. It captures wifi handshakes which you can then decrypt the hash from to get password from later with something like this

Chicken_shrimp · July 5, 2022, 5:38pm

Legend! this is proper interesting, is this available on flipper? i dont know how it all works so totally interested in why and how

Astra · July 5, 2022, 5:45pm

No, it requires something with more computing power, like a Rapsberry Pi, to capture, and something really powerful (like a modern desktop PC) to decrypt them.

Skiddywinks · July 6, 2022, 7:21am

If you are looking to get in to WiFi hacking, all you need is a computer of some variety (laptop preferably) and a cheap WiFi card capable of packet injection. Something like an Alfa AWUS036NHA is cheap and will do the job.

Get yourself familiar with Virtualbox or VMWare, emulate kali, and follow some WiFi hacking walkthroughs.

Capturing handshakes is trivial (once you know how), but cracking the actual password can be infeasible, depending on your approach. Full on brute-forcing with hashcat is just not going to work in a reasonable amount of time for anything but the shortest passwords, but theoretically it will always work eventually. Wordlists are used way more often, but if the password isn’t in the list, it will run through the whole list and not find the correct password.

With the WiFi module in the linked video, you can no doubt capture handshakes, probably even deauth devices in order to stimulate getting the handshakes. But there is no way in hell the Flipper is powerful enough to even run wordlists, let alone brute force the password. For that you need some real processing power.

jmr · November 27, 2022, 4:35am

Smart money says you capture the handshake and brute force it using a word list on something with horsepower. If that doesn’t work you phish the password with an evil twin attack.

Gino · February 19, 2023, 6:35am

Hello,

Is there some implementatiom of evil twin attack on WiFi devboard firmware ?
Marauder doesn’t support this functionality…

Thanks

jmr · February 19, 2023, 8:14pm

The official dev board firmware doesn’t do Evil Twin last I looked. It only does debugging. I believe the WiFi nugget does Evil Twin. Someone got one of those working with the Flipper.