Wireless Hacking

Wireless Hacking.

By Lisa Christian.

Many networks have no security configured at all. If so they may improperly configured.

- So most can be hacked within a few seconds.

- ITU International Telecommunications Union, carried out research to find this.

Ec-council states that there are 5 types of attacks:

1. Access control attacks.

2. Integrity attacks.

3. Confidentiality attacks.

4. Availability attacks.

5. Authentication attacks.

WIGLE (wigle.net) can help to find wireless networks to look into someone's phone.

War driving is when the attacker is in a car.

War walking is when the attacker is on foot.

WifiExplorer, is a similar tool. Wififofum, similar.

AirPCap dongles help to capture data with wifi.

A wireless card may assist, eg. ubiquity cards.

Netstumbler is a GPS tool, it can help to find the areas of a location that are weak or strong.

- These are all easy to use and compatibe with 802.11a, b and g.

Kismet works silently. The log files it produces are read by Wireshark or Tcpdump.

Netsurveyor, a similar tool, but works with all adapters.

Wefi and skyhook are also used for network discovery.

Taking control of someone's DHCP server and address, is called an 'evil twin' attack.

It is easy to do but easy to see and get caught.

Cisco has tools for access point discovery.

A rediculous type of attack is an 'ad hoc connection' attack.

A group of rogue APs (evil twins) grouped together is called a honeyspot. eg mcdonalds or starbucks, free wifi.

This is where honeyspot attacks are done.

Denial of Service (DoS) wireless attacks areachieved with a jamming device + a high end antenna/amplifier.

Playing with jammers can get people in trouble and sent to jail quick.

It is a federal offense to sell or market jammers, but there are still places where they can be purchased online. (http://jammers.store)

So a small jammer, the size of a mobile phone, could shut down a meeting room.

A little larger could shut down a whole organisation and its building.

As small as a briefcase for about $650 US, can shut down a whole city.

SMAC and TMAC are tools for mac spoofing.

Wireless Encryption Attacks.

Cracking WEP is very easy.

Aircrack-ng provides a sniffer, wireless network detector, a password cracker and a traffic analysis tool. (Win or Linux.)

This tool uses algorithms to crack called dictory techniques, such as algorithms called PTW, FMS and Korek.

KisMac does this in MacOS.

They can be used to brute force WEP and WPA passwords.

Other tools include:

- WepAttack

- WEPcrack

- Portable penetrator

- Elcomsoft's wireless security auditor tool.

Aircrack is an offline cracker that does brute force attacks.

The Key Reinstallation Attack (KRACK) is a replay attack, that cracks WPA2.

Wireless Sniffing.

Wireshark can be used to sniff data, passwords and other info.

Some more tools include:

- OmniPeek, Air Magnet Analizer Pro & Wifi Pilot.

Thank you for reading. All of these tools would assist in cyber security penetraton testing.

Reference:

Walker, Matt. 2019. CEH: Certified Ethical Hacker.

McGraw-Hill Education.