HackThebox - Wifinetic

Published: 16 September 2023
on channel: IppSec

18,157

474

00:00 - Introduction
01:00 - Start of nmap
02:00 - Using wget to download all files from FTP then examining files, taking notes of the usernames
05:00 - Taking a look at the backup, discovering a password in the wireless config
06:45 - Using CrackMapExec to spray SSH with our password and getting a success with netadmin
09:15 - Running LinPeas to discover Reaver has the capability cap_net_raw
13:15 - Explaining why Reaver has this capability is interesting
14:40 - Running Reaver to attempt to brute force the WPS Pin and getting the WPA PSK which is also the root password
15:30 - Start of building a bash script to spray a single password across valid users with su
22:00 - Converting our script into a Bash Function so its easier to run without touching disk
24:55 - Talking about WPS and how this exploit worked
25:30 - The first vulnerability in the WPS Pin, the eighth digit is just a checksum
28:30 - The second flaw in WPS, the PIN is broken in half if the first four digits are wrong the responses tell you. Making the possibilities of hashes from 10^7 to 10^4 + 10^3.
30:00 - Showing the WSC Nack gets sent after Message 4 if the first four of the pin is wrong
31:15 - Changing the PIN and playing more with reaver to showcase how reaver works.

Watch video HackThebox - Wifinetic online, duration hours minute second in high quality that is uploaded to the channel IppSec 16 September 2023. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 18,157 times and liked it 474 visitors.

443