Week 14: Jack the Ripper, Cain and Able, and Ettercap

Cybersecurity researchers has found an high-severity hardware vulnerability in the widely-used Wi-Fi chip manufactured by Broadcom and Cypress. The vulnerability is called Kr00k an has CVE number CVE-2019-15126. It allows an attacker to remote intercept and decrypt some of the wireless network packets. The attacker doesn’t have to be connected to the same network as the victim. Attacker can communicate to the victims device through the vulnerability within the Wi-Fi chip  using WPA 2-Personal or WPA2-Enterprise protocols. Researchers at ESET has said that devices such as “Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k”.

 

References:

Kumar, M. 2020. New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices. Retrieved from: https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html

Intro-to-Ethical-Hacking-Week-14 new

In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system in scrambled form One of the most popular password cracker tools is John the Ripper. John the Ripper (JtR) is a password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks.

Here is a link to the virtual machine we will look at in week 14.

https://www.parrotsec.org/download/

Grab the one labeled:

Parrot Security MATE ISO (default)