15 - Hacking Wireless Networks

A wireless network refers to any type of computer network that is wireless and is commonly associated with a telecommunications network whose interconnections between nodes are implemented without the use of wires. Wireless telecommunications networks are generally implemented with some type of remote information transmission system that uses electromagnetic waves such as radio waves for the carrier. The implementation usually takes place at the physical level or layer of the network.

Module Objective

The objective of this lab is to protect the wireless network from attackers.

In this lab, you will learn how to:

  • Crack WEP using various tools
  • Capture network traffic
  • Analyze and detect wireless traffic

Scenario

Wireless network technology is becoming increasingly popular but, at the same time, it has many security issues. A wireless local area network (WLAN) allows workers to access digital resources without being tethered to their desks. However, the convenience of WLANs also introduces security concerns that do not exist in a wired world. Connecting to a network no longer requires an Ethernet cable. Instead, data packets are airborne and available to anyone with the ability to intercept and decode them. Several reports have explained weaknesses in the Wired Equivalent Privacy (WEP) algorithm by the 802.11x standard to encrypt wireless data.

To be an expert ethical hacker and penetration tester, you must have sound knowledge of wireless concepts, wireless encryption, and their related threats. As a security administrator for your company, you must protect the wireless network from hacking.

I. Cracking a WEP Network with Aircrack-ng for Windows

Network administrators can take steps to help protect their wireless network from outside threats and attacks. Most hackers will post details of any loops or exploits online, and if they find a security hole, they will come in droves to test your wireless network with it. WEP is used for wireless networks. Always change your SSID from the default, before you actually connect the wireless router to the access point. If an SSID broadcast is not disabled on an access point, the use of a DHCP server to automatically assign an IP address to wireless clients should not be used because war driving tools can easily detect your internal IP addressing if the SSID broadcasts are enabled and the DHCP is being used.

As an ethical hacker and penetration tester of an organization, your IT director will assign you the task of testing wireless security, exploiting the flaws in WEP, and cracking the keys present in WEP of an organization. In this lab, we discuss how WPA key is cracked using standard attacks such as korek attacks and PTW attacks.

Lab Objectives

The objective of this lab is to protect wireless network from attackers. In this lab, you will learn how to:

  • Crack WEP using various tools
  • Capture network traffic
  • Analyze and detect wireless traffic

Lab Analysis

In this lab you have learnt how to crack WEP using various tools, capture network traffic and analyze and detect wireless traffic. Document the BSSID of the target wireless network connected clients and recovered WEP key. Analyze various Airecrack-ng attacks and their respective data packet generation rate.

II. Sniffing the Network Using the OmniPeek Network Analyzer

Packet sniffing is a form of wire-tapping applied to computer networks. It came into vogue with Ethernet; this means that traffic on a segment passes by all hosts attached to that segment. Ethernet cards have a filter that prevents the host machine from seeing traffic address to other stations. Sniffing programs turn off the filter, and thus see everyone traffic. Most of the hubs/switches allow the inducer to sniff remotely using SNMP, which has weak authentication. Using POP, IMAP, HTTP Basic, and talent authentication, an intruder reads the password off the wire in cleartext.

To be an expert ethical hacker and penetration tester, you must have sound knowledge of sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning. OmniPeek network analysis performs deep packet inspection, network forensics, troubleshooting, and packet and protocol analysis of wired and wireless networks. In this lab, we discuss wireless packet analysis of captured packets.

Lab Objectives

The objective of this lab is to reinforce concepts of network security policy, policy enforcement, and policy audits.

Lab Analysis

In this lab, you have learnt how to reinforce concepts of network security policy, policy enforcement, and policy audits. Document the BSSID of the target wireless network connected clients and recovered WEP key. Analyze various Airecrack-ng attacks and their respective data packet generation rate.

Module Syllabus

  • Wireless Networks
  • Wi-Fi Usage Statistics in the US
  • Wi-Fi Hotspots at Public Places
  • Wi-Fi Networks at Home
  • Types of Wireless Networks
  • Wireless Standards
  • Service Set Identifier (SSID)
  • Wi-Fi Authentication Modes
    • Wi-Fi Authentication Process Using a Centralized Authentication Server
    • Wi-Fi Authentication Process
  • Wireless Terminologies
  • Wi-Fi Chalking
    • Wi-Fi Chalking Symbols
  • Wi-Fi Hotspot Finder: jiwire.com
  • Wi-Fi Hotspot Finder: WeFi.com
  • Types of Wireless Antenna
  • Parabolic Grid Antenna
  • Types of Wireless Encryption
  • WEP Encryption
    • How WEP Works?
  • What is WPA?
    • How WPA Works?
  • Temporal Keys
  • What is WPA2?
    • How WPA2 Works?
  • WEP vs. WPA vs. WPA2
  • WEP Issues
  • Weak Initialization Vectors (IV)
  • How to Break WEP Encryption?
  • How to Break WPA/WPA2 Encryption?
  • How to Defend Against WPA Cracking?
  • Wireless Threats: Access Control Attacks
  • Wireless Threats: Integrity Attacks
  • Wireless Threats: Confidentiality Attacks
  • Wireless Threats: Availability Attacks
  • Wireless Threats: Authentication Attacks
  • Rogue Access Point Attack
  • Client Mis-association
  • Misconfigured Access Point Attack
  • Unauthorized Association
  • Ad Hoc Connection Attack
  • HoneySpot Access Point Attack
  • AP MAC Spoofing
  • Denial-of-Service Attack
  • Jamming Signal Attack
  • Wi-Fi Jamming Devices
  • Wireless Hacking Methodology
  • Find Wi-Fi Networks to Attack
  • Attackers Scanning for Wi-Fi Networks
  • Footprint the Wireless Network
  • Wi-Fi Discovery Tool: inSSIDer
  • Wi-Fi Discovery Tool: NetSurveyor
  • Wi-Fi Discovery Tool: NetStumbler
  • Wi-Fi Discovery Tool: Vistumbler
  • Wi-Fi Discovery Tool: WirelessMon
  • Wi-Fi Discovery Tools
  • GPS Mapping
    • GPS Mapping Tool: WIGLE
    • GPS Mapping Tool: Skyhook
  • How to Discover Wi-Fi Network Using Wardriving?
  • Wireless Traffic Analysis
  • Wireless Cards and Chipsets
  • Wi-Fi USB Dongle: AirPcap
  • Wi-Fi Packet Sniffer: Wireshark with AirPcap
  • Wi-Fi Packet Sniffer: Wi-Fi Pilot
  • Wi-Fi Packet Sniffer: OmniPeek
  • Wi-Fi Packet Sniffer: CommView for Wi-Fi
  • What is Spectrum Analysis?
  • Wireless Sniffers
  • Aircrack-ng Suite
  • How to Reveal Hidden SSIDs
  • Fragmentation Attack
  • How to Launch MAC Spoofing Attack?
  • Denial of Service: Deauthentication and Disassociation Attacks
  • Man-in-the-Middle Attack
  • MITM Attack Using Aircrack-ng
  • Wireless ARP Poisoning Attack
  • Rogue Access Point
  • Evil Twin
    • How to Set Up a Fake Hotspot (Evil Twin)?
  • How to Crack WEP Using Aircrack?
  • How to Crack WEP Using Aircrack? Screenshot 1/2
  • How to Crack WEP Using Aircrack? Screenshot 2/2
  • How to Crack WPA-PSK Using Aircrack?
  • WPA Cracking Tool: KisMAC
  • WEP Cracking Using Cain & Abel
  • WPA Brute Forcing Using Cain & Abel
  • WPA Cracking Tool: Elcomsoft Wireless Security Auditor
  • WEP/WPA Cracking Tools
  • Wi-Fi Sniffer: Kismet
  • Wardriving Tools
  • RF Monitoring Tools
  • Wi-Fi Connection Manager Tools
  • Wi-Fi Traffic Analyzer Tools
  • Wi-Fi Raw Packet Capturing Tools
  • Wi-Fi Spectrum Analyzing Tools
  • Bluetooth Hacking
    • Bluetooth Stack
    • Bluetooth Threats
  • How to BlueJack a Victim?
  • Bluetooth Hacking Tool: Super Bluetooth Hack
  • Bluetooth Hacking Tool: PhoneSnoop
  • Bluetooth Hacking Tool: BlueScanner
    • Bluetooth Hacking Tools
  • How to Defend Against Bluetooth Hacking?
  • How to Detect and Block Rogue AP?
  • Wireless Security Layers
  • How to Defend Against Wireless Attacks?
  • Wireless Intrusion Prevention Systems
  • Wireless IPS Deployment
  • Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer
  • Wi-Fi Security Auditing Tool: AirDefense
  • Wi-Fi Security Auditing Tool: Adaptive Wireless IPS
  • Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS
  • Wi-Fi Intrusion Prevention System
  • Wi-Fi Predictive Planning Tools
  • Wi-Fi Vulnerability Scanning Tools
  • Wireless Penetration Testing
    • Wireless Penetration Testing Framework
    • Wi-Fi Pen Testing Framework
    • Pen Testing LEAP Encrypted WLAN
    • Pen Testing WPA/WPA2 Encrypted WLAN
    • Pen Testing WEP Encrypted WLAN
    • Pen Testing Unencrypted WLAN