wireless hacking
TRANSCRIPT
Introduction Wireless networking technology is
becoming increasingly popular but at the same time has introduced many security issues.
The popularity in wireless technology is driven by two primary factors - convenience and cost.
It works on standard IEEE 802.11 group.
SSID
Service Set Identification Your router broadcasts the name of ur
n/w (SSID) n allows others to connect wirelessly to ur n/w.
This feature can also b disabled. If u choose to disable ur SSID
broadcasting u ll need to setup a profile in ur wless n/w mgmt s/w on ur wless clients using SSID u ‘ve chosen..
Wireless LAN standards of IEEE's 802.11 group 802.11a Frequency - 2.4000 GHz to 2.2835GHz
802.11b Frequency - 5.15-5.35GHz to 5.725-5.825GHz
802.11g Frequency - 2.4GHz
WEP
Abbreviation for Wired Equivalent Privacy. IEEE chose to employ encryption at the
data link layer according to RC4 encryption algorithm.
Breakable even when configured correctly…
Can b broken in as small as 3 min..
WPA Stands for Wi-Fi Protected Access. Hashing algorithm is used in WPA. md4 for WPA I md5 for WPA II md6 for WPA III
WPA (contd.)
Created to provide stronger security than WEP.
Still able to be cracked if a short password is used.
If a long passphrase or password is used, these protocol are virtually uncrackable.
Even with good passwords or phrases, unless you really know what your doing, wireless networks can be hacked…
A little info…
When a user uses wireless internet they generate what are called data “packets”.
Packets are transmitted between the transmitting medium and the wireless access point via radio waves whenever the device is connected with the access point.
Some More…
Depending on how long the device is connected, it can generate a certain number of packets per day.
The more users that are connected to one access point, the more packets are generated.
First… You must locate the wireless signal This can be done by using your default
Windows tool “View Available Wireless Network”
More useful tools include NetStumbler and Kismet. Kismet has an advantage over the other because it can pick up wireless signals that are not broadcasting their SSID.
Second…
Once you located a wireless network you can connect to it unless it is using authentication or encryption.
If it is using authentication or encryption then the next step would be to use a tool for sniffing out and cracking WEP keys.
Third…
Once any of the tools has recovered enough packets it will then go to work on reading the captured information gathered from the packets and crack the key giving you access.
Other tools (such as CowPatty) can use dictionary files to crack hard WPA keys.
Tools For WEP Hacking
Kismet : War-driving with passive mode scanning and sniffing 802.11a/b/g, site survey tools
Airfart : Wireless Scanning and monitoring
BackTrack: Linux Base Os to crack WEP
Airjack : MITM Attack and DoS too
WEPCrack : Cracking WEP
Hacking Through Router’s MAC Address
Find Router MAC
Change Your MAC
Find User’s MAC
Change MAC according To User’s
MAC
Commands Used
Using Following command we can get password of WEP network
• ifconfig• iwconfig• macchanger• airmon-ng• airdump-ng• airreplay-ng• aircrack-ng
Description of Commandsifconfig – interface configuration tool similar but more powerful than ipconfig
iwconfig – interface wireless configuration tool
macchanger – allows you to change the mac address of the card (Spoofing)
airmon-ng – puts the card into monitor mode (promiscuous mode) allows the card to capture packets
airdump-ng – capturing and collecting packets
aireplay-ng – used to deauthenticate and generate traffic
aircrack-ng – used to crack WEP and WPA
Prevent Your Network from Getting Hacked Don’t broadcast your SSID . This is usually
done during the setup of your wireless router. Change the default router login to something
else. If your equipment supports it, use WPA or
WPA/PSK because it offers better encryption which is still able to be broken but much harder.
Always check for updates to your router. Turn off your router or access point when not
using it.
Prevent Your Network from Getting Hacked There is no such thing as 100% percent
security when using wireless networks but at least with these few simple steps you can make it harder for the average person to break into your network.