[Silica] SILICA v7.32
Oren Isacson
oren at immunityinc.com
Wed Jan 17 18:36:43 UTC 2018
Immunity is proud to announce the release of SILICA v7.32!
* KRACK attack: bypassing WPA2 encryption
SILICA can now perform a man-in-the-middle attack between a target
access point and the target devices that try to connect to the network.
When a vulnerable device tries to connect, SILICA will intercept the
packets and replay them in a way that will cause the device to install
an all-zero encryption key. SILICA will then carry-on with ssl-stripping
and ssl-spoofing attacks against the target device.
This module supported targets are wpa_supplicant 2.4 and 2.5, and was
tested on a stock Ubuntu 16.04.1 target.
Also included in this release:
Updated certificates for Fake AP in radius mode.
Compatibility fixes to the DHCP server.
Important Note: To make the KRACK attack work, SILICA requires two
wireless cards, as the fake access point needs to be on a different
channel than the real Access Point. The additional card could be any
wireless card that supports packet injection, however, Immunity will
*only* support the Alfa AWUS052NH 802.11n Dual Band 2.4/5 GHz Wi-Fi USB
Adapter which can be obtained here:
https://store.rokland.com/products/alfa-awus052nh-802-11n-dual-band-2-4-5-ghz-wi-fi-usb-adapter
https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00V5KSIZS
To view a demonstration of the new features visit:
https://vimeo.com/251369829
Videos can be found at:
SILICA 7.31: Samba Server Exploitation - https://vimeo.com/230656937
D-link and Microsoft WSUS Exploits -
https://vimeo.com/209259981
Fake Captive Portal Demo -
https://vimeo.com/198045435
Malicious Access Point Detection -
https://vimeo.com/177231337
Karma attack filtering and background WPA handshake sniffer -
https://vimeo.com/165882825
Access Point Mapping - https://vimeo.com/157178038
Full Karma Attack - https://vimeo.com/155393829
SMB proxy and group policy exploit - https://vimeo.com/136964755
SSL attacks using SSL stripping and self signed certificates -
https://vimeo.com/122117823
Exploiting Android WebView.addJavaScriptInterface -
http://vimeo.com/109831748
Pixie Dust WPS Attack - https://vimeo.com/130883860
More WPS attacks - https://vimeo.com/album/3385057/video/115337910
General overview -
http://www.immunityinc.com/movies/SILICA_7.5_New_Features.mov
Wireless Window -
http://www.immunityinc.com/movies/SILICA_Wireless_Window.mp4
SILICA Team
More information about the SILICA
mailing list