Contents

CEH-Module16 - Hacking Wireless Networks

Website Visitors:

Wireless Terminology

  • GSM: A universal system used for mobile transportation for wireless networks worldwide.
  • Bandwidth: Describes the amount of information that may be broadcast over a connection.
  • Access point (AP): Used to connect wireless devices to a wireless/wired network.
  • BSSID: The MAC address of an AP that has set up a Basic Service Set (BSS) identifier.
  • ISM band: A set of frequencies for the international industrial, scientific, and medical communities.
  • Hotspot: A place where a wireless network is available for public use.
  • Association: The process of connecting a wireless device to an AP .
  • Service Set Identifier (SSID): A unique identifier of 32 alphanumeric characters given to a wireless local area network (WLAN).
  • Orthogonal Frequency-division Multiplexing (OFDM): Method of encoding digital data on multiple carrier frequencies.
  • Multiple input, multiple output orthogonal frequency- division multiplexing (MIMO-OFDM): An air interface for 4G and 5G broadband wireless communications.
  • Direct-sequence Spread Spectrum (DSSS): An original data signal multiplied with a pseudo-random noise spreading the code.
  • Frequency-hopping Spread Spectrum (FHSS): A method of transmitting radio signals by rapidly switching a carrier among many frequency channels.

IEEE 802.11

IEEE stands for Institute of Electrical and Electronics Engineers. It is a professional association for electronic engineering and electrical engineering.

IEEE sets standards for a wide variety of technologies, including computers, telecommunications, networking and many other fields. Their standards are important because they ensure compatibility and interoperability between different devices and systems.

  • IEEE 802 is a working group within IEEE th    at develops standards for local area networks (LANs) and metropolitan area networks (MANs). Some of the most well-known IEEE 802 standards include Ethernet, Wi-Fi, and Bluetooth.

  • IEEE 802.11 is the specific standard that defines Wi-Fi networks. It sets the specifications for the physical layer and media access control of wireless LANs.

  • Some key IEEE 802.11 standards include:

    • 802.11b - Defines the original Wi-Fi networks and has a maximum throughput of 11 Mbps.
    • 802.11a - Operates in the 5 GHz band with a max speed of 54 Mbps.
    • 802.11g - Improved 802.11b, operates in 2.4 GHz band at 54 Mbps.
    • 802.11n - Enhanced throughput up to 600 Mbps using multiple antennas and wider channels.
    • 802.11ac - Faster speeds of 1-3 Gbps using more efficient 5 GHz signals and antenna technology.

So in summary, IEEE develops standards, IEEE 802 focuses on networking standards, and IEEE 802.11 specifically defines the specifications for Wi-Fi wireless networking that we commonly use today. The standards help ensure compatibility and interoperability of devices using these wireless technologies.

Types of Wireless Antenna

Antennas play a crucial role in the transmission and reception of electromagnetic signals in various communication systems. Here are brief descriptions of different types of antennas:

  1. Omnidirectional Antenna: An omnidirectional antenna radiates and receives radio waves uniformly in all directions. It is commonly used in applications where signals need to be transmitted or received from multiple directions, such as in Wi-Fi routers and mobile phones.

  2. Directional Antenna: A directional antenna focuses its radiation pattern in a specific direction, providing increased signal strength and range in that direction. These antennas are often used for point-to-point communication over long distances, such as in satellite communication or long-range Wi-Fi links.

  3. Parabolic Grid Antenna: A parabolic grid antenna consists of a grid reflector with a parabolic shape that focuses radio waves onto a central feed point. These antennas are highly directional and are commonly used for long-distance communication, such as in microwave links and satellite communication.

  4. Yagi Antenna: A Yagi antenna, also known as a Yagi-Uda antenna, is a directional antenna consisting of multiple elements arranged in a specific configuration. It is widely used in applications like TV antennas, ham radios, and point-to-point communication due to its high gain and directivity.

  5. Dipole Antenna: A dipole antenna is a simple antenna consisting of two conductive elements that are fed at the center. It is one of the most basic antenna designs and is commonly used in applications like FM radio antennas and amateur radio.

  6. Reflector Antenna: A reflector antenna uses a reflective surface to focus radio waves onto the active element of the antenna. This design helps increase the antenna’s gain and directivity. Reflectors are commonly used in satellite dishes and radar systems.

Each type of antenna has its own advantages and is chosen based on the specific requirements of the communication system, such as range, directionality, and signal strength.

Wireless Equivalent Privacy (WEP) Encryption

Wired Equivalent Privacy (WEP) is a security protocol designed to secure wireless networks. It was introduced as part of the original IEEE 802.11 standard to provide confidentiality and data integrity for wireless communication. WEP operates by encrypting data transmitted over a wireless network to prevent unauthorized access.

Here are some key points about Wired Equivalent Privacy (WEP):

  1. Encryption: WEP uses the RC4 encryption algorithm to encrypt data before transmission over the wireless network. This encryption is intended to prevent eavesdropping and unauthorized access to the data being transmitted.

  2. Key Management: WEP requires the use of a shared key for both encryption and decryption of data. This key is shared among all devices on the wireless network and is used to authenticate and secure communication.

  3. Vulnerabilities: Despite its initial intent, WEP has several known vulnerabilities that make it insecure and easily exploitable. These vulnerabilities include weak key management, easily crackable encryption, and susceptibility to various attacks, such as the IV attack and the chop-chop attack.

  4. Deprecated: Due to its security weaknesses, WEP has been deprecated and is no longer considered a secure option for protecting wireless networks. It is highly recommended to use more secure protocols like WPA (Wi-Fi Protected Access) or WPA2 to secure wireless communications.

  5. Legacy Support: While WEP is no longer recommended for securing wireless networks, some older devices may still support it. In such cases, it is crucial to upgrade to a more secure protocol to ensure the confidentiality and integrity of data transmitted over the network.

In summary, Wired Equivalent Privacy (WEP) was an early attempt to secure wireless networks but is now considered insecure due to its vulnerabilities. It is essential for users and organizations to use modern and secure encryption protocols to protect their wireless communications effectively.

Wired Protected Access (WPA) Encryption

WPA (Wi-Fi Protected Access) and WPA2 are security protocols designed to secure wireless networks. WPA was introduced as an improvement over the less secure WEP (Wired Equivalent Privacy) protocol. WPA uses TKIP (Temporal Key Integrity Protocol) for encryption, which dynamically changes keys as data is transmitted, enhancing security compared to WEP. There were vulnerabilities identified in TKIP. So, WPA2 was introducted.

WPA2, an enhanced version of WPA, offers even stronger security measures. It uses the AES (Advanced Encryption Standard) protocol for encryption, which is considered more secure than TKIP. AES uses symmetric encryption algorithm that it can resist brute force attack. WPA2 is currently the recommended protocol for securing Wi-Fi networks due to its robust encryption standards.

WPA3 is the latest iteration of the Wi-Fi Protected Access protocol, offering even more robust security features, including stronger encryption, protection against offline dictionary attacks, and improved security for IoT devices.

Wifi Protected Setup VS Wifi Protected Access - Are they same?

While they sound similar, Wi-Fi Protected Setup (WPS) and Wi-Fi Protected Access (WPA) are not the same thing. Here’s a brief explanation of each:

  1. Wi-Fi Protected Setup (WPS): WPS is a feature designed to simplify the process of connecting devices to a secure wireless network. It typically involves a push-button configuration or a PIN entry method to establish a secure connection between a device and a Wi-Fi network. While WPS was intended to make it easier for users to set up secure connections, it has been found to have security vulnerabilities that can potentially be exploited by attackers. Due to these vulnerabilities, security experts recommend disabling WPS on routers to enhance network security.

    When WPS is enabled, you select the wifi name in your device (which supports WPS) and press WPS button on the router. You will be connected to the wifi network without needing to enter a password.

  2. Wi-Fi Protected Access (WPA): WPA is a security protocol designed to secure wireless networks by encrypting data transmitted over the network and implementing authentication mechanisms to prevent unauthorized access. WPA was developed as an improvement over the earlier Wired Equivalent Privacy (WEP) protocol, which had significant security weaknesses. WPA and its successor, WPA2, use stronger encryption algorithms and key management mechanisms to enhance the security of wireless communications.

In summary, Wi-Fi Protected Setup (WPS) and Wi-Fi Protected Access (WPA) are distinct features in the realm of wireless networking. WPS focuses on simplifying the process of connecting devices to a Wi-Fi network, while WPA is a security protocol aimed at securing wireless communications by encrypting data and implementing authentication mechanisms.

Should you disable WPS on your router?

Disabling Wi-Fi Protected Setup (WPS) on your home router is generally recommended by security experts to enhance the security of your wireless network. While WPS was designed to simplify the process of connecting devices to a Wi-Fi network, it has been found to have significant security vulnerabilities that can be exploited by attackers.

Here are some reasons why disabling WPS on your home router is advisable:

  1. Vulnerabilities: WPS has known security vulnerabilities that can potentially allow attackers to brute-force the WPS PIN and gain unauthorized access to your Wi-Fi network. This can lead to unauthorized users accessing your network and potentially compromising your data security.

  2. Security Risks: By exploiting WPS vulnerabilities, attackers can bypass the security measures of your Wi-Fi network and gain access to sensitive information, such as personal data, financial information, and login credentials.

  3. Enhanced Security: Disabling WPS eliminates the potential security risks associated with the feature, thereby enhancing the overall security of your wireless network. It is a proactive step to protect your network from potential attacks and unauthorized access.

  4. Alternative Connection Methods: While disabling WPS may require you to manually enter the Wi-Fi password on devices for initial setup, it is a small inconvenience compared to the security risks posed by leaving WPS enabled. Most devices support alternative connection methods that do not rely on WPS for secure network access.

In conclusion, disabling WPS on your home router is a recommended security measure to protect your wireless network from potential vulnerabilities and unauthorized access. By taking this proactive step, you can enhance the security of your Wi-Fi network and reduce the risk of security breaches and data compromises.

Rogue AP Attacks

A Rogue Access Point (AP) attack is a type of cybersecurity threat where an unauthorized or malicious wireless access point is deployed within a network infrastructure without the network administrator’s knowledge or consent. This rogue AP appears to be a legitimate access point, tricking users into connecting to it and potentially exposing sensitive information to attackers.

Here are some key points about Rogue AP attacks:

  1. Unauthorized Access: Rogue APs can be set up by attackers in public places, corporate environments, or other locations where users expect to find a legitimate Wi-Fi network. Once connected to the rogue AP, users may unknowingly expose their data to attackers.

  2. Man-in-the-Middle Attacks: Rogue APs can be used to conduct man-in-the-middle attacks, where attackers intercept and potentially alter the communication between a user’s device and the network. This can lead to data interception, eavesdropping, and unauthorized access to sensitive information.

  3. Data Theft: Attackers can use rogue APs to steal sensitive data, such as login credentials, financial information, or personal data, from unsuspecting users who connect to the malicious access point.

  4. Network Compromise: Rogue APs can also be used to compromise the security of the entire network by providing attackers with a foothold to launch further attacks, such as network reconnaissance, malware distribution, or unauthorized access to network resources.

  5. Detection and Prevention: To mitigate the risk of Rogue AP attacks, network administrators can implement security measures such as wireless intrusion detection systems (WIDS), regular network scanning for unauthorized devices, and strong authentication mechanisms to prevent unauthorized access to the network.

Few other wifi attacks:

  1. Client Mis-association: This occurs when a client device mistakenly connects to a rogue access point (AP) instead of the legitimate one. This can happen due to weak security settings or the client being tricked into connecting to a malicious network, leading to potential data interception or attacks.

  2. Misconfigured AP Attack: This attack exploits access points that are improperly configured, allowing attackers to gain unauthorized access to the network. For example, if an AP has weak encryption or default credentials, an attacker can exploit these vulnerabilities to intercept traffic or launch further attacks.

  3. Unauthorized Association: This refers to a situation where a client device connects to an access point without proper authorization. This can happen if the AP does not have adequate security measures in place, allowing unauthorized users to access the network and potentially compromise sensitive information.

  4. Ad-Hoc Connection Attack: In this type of attack, a malicious user sets up an ad-hoc network to lure unsuspecting clients to connect. Once connected, the attacker can intercept data, perform man-in-the-middle attacks, or spread malware, as the clients are directly communicating with the attacker’s device instead of a secure access point.

In conclusion, Rogue AP attacks pose a significant threat to network security by exploiting users’ trust in wireless networks. It is essential for organizations and individuals to be vigilant, implement security best practices, and regularly monitor their network for unauthorized access points to prevent potential data breaches and security incidents.

Honeypot AP Attack

A Honeypot AP attack is a cybersecurity tactic where attackers set up a fake wireless access point (AP) known as a “honeypot” to lure unsuspecting users into connecting to it. The purpose of a Honeypot AP is to attract potential attackers, gather information about their tactics, and monitor their activities to better understand and defend against cyber threats. They look like they are APs from legitimate companies like verizon, AT&T or starbucks.

Here are some key points about Honeypot AP attacks:

  1. Deceptive Nature: Honeypot APs are designed to mimic legitimate wireless networks to entice users to connect to them. Once connected, attackers can intercept network traffic, capture sensitive information, and potentially launch further attacks against the connected devices.

  2. Information Gathering: Honeypot APs are used by cybersecurity professionals and researchers to gather valuable insights into attackers’ techniques, tools, and motivations. By monitoring the activities of attackers who connect to the honeypot, security experts can analyze their behavior and improve defenses against similar attacks.

  3. Detection of Threats: Honeypot APs can help organizations detect and identify potential threats within their network environment. By analyzing the traffic and interactions with the honeypot, security teams can identify malicious activities, unauthorized access attempts, and vulnerabilities that need to be addressed.

  4. Research and Analysis: Honeypot APs are valuable tools for conducting research on emerging cyber threats, understanding attacker behavior, and developing effective countermeasures to protect networks and data from malicious activities.

  5. Risk Mitigation: To defend against Honeypot AP attacks, organizations should implement strong security measures, such as network segmentation, intrusion detection systems, encryption protocols, and regular security audits to detect and prevent unauthorized access to their networks.

In conclusion, Honeypot AP attacks are a cybersecurity strategy used to attract and monitor potential attackers, gather threat intelligence, and enhance network security defenses. By leveraging honeypot technology, organizations can gain valuable insights into cyber threats, improve incident response capabilities, and strengthen their overall cybersecurity posture.

Access Point MAC Spoofing

Access Point (AP) MAC spoofing is a technique used by attackers to impersonate a legitimate wireless access point by falsifying the Media Access Control (MAC) address of the AP. By spoofing the MAC address of a known and trusted AP, attackers can deceive users into connecting to a malicious AP, allowing them to intercept network traffic, steal sensitive information, or launch further attacks.

Here are some key points about AP MAC spoofing:

  1. MAC Address: A MAC address is a unique identifier assigned to network interfaces for communication on a network. Each network device, including wireless access points, has a unique MAC address that is used to identify and differentiate devices on the network.

  2. Spoofing Technique: AP MAC spoofing involves changing the MAC address of a rogue access point to match the MAC address of a legitimate AP. This allows the attacker to create a fake AP that appears to be part of the trusted network, tricking users into connecting to it.

  3. Man-in-the-Middle Attacks: Once users connect to the spoofed AP, attackers can intercept and manipulate network traffic passing through the rogue AP. This can enable man-in-the-middle attacks, where attackers eavesdrop on communications, steal sensitive data, or inject malicious content into the network traffic.

  4. Data Interception: By spoofing the MAC address of a legitimate AP, attackers can capture sensitive information transmitted over the network, such as login credentials, financial data, or personal information. This information can be used for identity theft, financial fraud, or other malicious purposes.

  5. Detection and Prevention: To mitigate the risk of AP MAC spoofing attacks, organizations can implement security measures such as network monitoring, intrusion detection systems, MAC address filtering, and strong encryption protocols like WPA2 or WPA3 to protect against unauthorized access and data interception.

In conclusion, AP MAC spoofing is a deceptive technique used by attackers to impersonate legitimate wireless access points and compromise network security. It is essential for organizations and individuals to be aware of this threat and implement robust security measures to detect and prevent AP MAC spoofing attacks, safeguarding their networks and data from potential security breaches.

Wifi Denial of Service Attack

A Wi-Fi Denial of Service (DoS) attack is a type of cyber attack that targets wireless networks to disrupt or disa    ble their normal operation, rendering them inaccessible to legitimate users. Wi-Fi DoS attacks can impact the availability of wireless networks, causing service interruptions, network downtime, and potential financial losses for organizations relying on Wi-Fi connectivity.

Here are some key points about Wi-Fi Denial of Service (DoS) attacks:

Types of Wi-Fi DoS Attacks:

  • Deauthentication Attack: In a deauthentication attack, the attacker sends deauthentication packets to disconnect legitimate devices from the Wi-Fi network, preventing them from accessing network services.
  • Disassociation Attack: Similar to deauthentication attacks, disassociation attacks target the disassociation process between devices and the access point, disrupting the connection and causing devices to disconnect from the network.
  • Jamming Attack: Jamming attacks flood the Wi-Fi frequency with interference, disrupting wireless communication and preventing devices from connecting to the network.

Impact of Wi-Fi DoS Attacks:

  • Network Downtime: Wi-Fi DoS attacks can lead to network downtime, making it impossible for users to connect to the network or access network resources.
  • Service Disruptions: Organizations relying on Wi-Fi for critical operations may experience service disruptions, affecting productivity and business continuity.
  • Security Risks: Wi-Fi DoS attacks can create security vulnerabilities, allowing attackers to exploit the chaos caused by the attack to launch further malicious activities.

In conclusion, Wi-Fi Denial of Service (DoS) attacks pose a significant threat to the availability and security of wireless networks. By implementing robust security measures, monitoring network activity, and staying informed about emerging threats, organizations can better protect their Wi-Fi networks from potential DoS attacks and ensure uninterrupted connectivity for legitimate users.

Jamming Signal Attack

A jamming signal attack in Wi-Fi is a type of cyber attack where an attacker deliberately floods the wireless frequency spectrum with interference, disrupting the normal operation of Wi-Fi networks and preventing legitimate users from accessing network services. By overwhelming the Wi-Fi frequency with noise or interference, the attacker can effectively jam communication signals, causing network downtime, service disruptions, and potential security risks for organizations relying on Wi-Fi connectivity.

Here are some key points about jamming signal attacks in Wi-Fi:

How Jamming Signal Attacks Work:

  • Frequency Interference: Jamming signal attacks involve transmitting interference signals on the same frequency bands used by Wi-Fi networks, disrupting the communication between wireless devices and access points.
  • Continuous Transmission: Attackers may use specialized equipment to continuously transmit noise or signals that interfere with Wi-Fi signals, creating a hostile environment for wireless communication.
  • Impact on Wi-Fi Networks: Jamming attacks can disrupt Wi-Fi networks by causing packet loss, signal degradation, and connectivity issues for legitimate users trying to access network services.

Types of Jamming Signal Attacks:

  • Partial Jamming: In partial jamming attacks, the attacker targets specific Wi-Fi channels or frequencies to disrupt communication on those channels while leaving other channels unaffected.
  • Selective Jamming: Selective jamming attacks target specific devices or network services by jamming signals directed at those devices, causing targeted disruptions in communication.
  • Continuous Jamming: Continuous jamming attacks involve the constant transmission of interference signals to disrupt all Wi-Fi communication within the affected area.

In conclusion, jamming signal attacks in Wi-Fi pose a significant threat to the availability and reliability of wireless networks. By understanding the nature of these attacks, implementing robust security measures, and staying vigilant against potential threats, organizations can better protect their Wi-Fi networks from jamming attacks and ensure uninterrupted connectivity for legitimate users.

Wireless Network Footprinting

Wireless network footprinting is a crucial aspect of cybersecurity that involves gathering information about a wireless network to assess its security posture and identify potential vulnerabilities. By conducting wireless network footprinting, cybersecurity professionals can gain insights into the network’s configuration, devices connected to it, and potential entry points for unauthorized access.

There are several techniques used in wireless network footprinting, including passive and active methods. Passive footprinting involves monitoring wireless network traffic to gather information without directly interacting with the network. This can include capturing data packets, analyzing network protocols, and identifying connected devices.

On the other hand, active footprinting involves actively probing the wireless network to gather information. This can include scanning for open ports, identifying network services, and conducting wireless network surveys to map out the network infrastructure.

Wireless network footprinting is essential for cybersecurity professionals to understand the security risks associated with a wireless network and take appropriate measures to secure it. By identifying vulnerabilities and potential entry points, organizations can implement security controls to protect their wireless networks from unauthorized access, data breaches, and other cyber threats.

Sniffing Wireless Traffic

Sniffing wireless traffic is a technique used in cybersecurity to monitor and capture data packets transmitted over a wireless network. This method is often employed in passive wireless network footprinting to gather information about network activity, connected devices, and potential security vulnerabilities.

Wireless traffic sniffing involves using specialized tools or software to capture data packets as they are transmitted between devices on a wireless network. By analyzing these packets, cybersecurity professionals can gain insights into the network’s configuration, protocols used, types of devices connected to the network, and potentially sensitive information being transmitted.

Attackers use tools, such as Wireshark with Npcap, SteelCentral Packet Analyzer, OmniPeek Enterprise, CommView for Wi-Fi, and Kismet, to sniff the wireless network.

MAC Spoofing Attack

In a wireless network, devices connect to an access point using an association process. The connection is maintained through periodic authentication.

A disassociation packet is sent by an access point to instruct a connected device to disconnect from the network. A de-authentication packet asks the device to stop authenticating its connection. In a disassociation or de-authentication attack, the attacker spoofs disassociation/de-authentication packets that appear to come from the legitimate access point.

These spoofed packets are broadcasted repeatedly to all devices connected to the target access point. On receiving the packets, the devices disconnect and have to re-associate/re-authenticate to regain network access.

The constant disconnection and reconnection process overwhelms the devices and access point. They are unable to maintain stable connections due to the excessive disassociation/de-authentication traffic. This results in a denial of service as legitimate users lose network connectivity. Services dependent on the wireless connection also get disrupted. Tools like WiFiJammer and Airgeddon can generate spoofed disassociation/de-authentication frames at a large scale for such attacks.

Countermeasures include wireless intrusion prevention systems to detect anomalous disassociation/de-authentication traffic, encryption of management frames, disabling broadcast SSID, and limiting client connectivity. These types of DoS attacks exploit vulnerabilities in the wireless protocol design and management frame processing. Strong authentication is needed to prevent unauthorized disconnection attempts.

Evil Twin

An evil twin attack involves setting up a rogue wireless access point with the same SSID (network name) as a legitimate one. This fake access point acts as an impersonator.

When users connect to the network, they are unwittingly connected to the attacker’s evil twin network rather than the real one.

The attacker can then intercept and monitor all wireless traffic passing between the connected devices and websites/services being accessed. Sensitive data like passwords, usernames, messages etc. can be stolen.

The evil twin may also distribute malware to connected devices. Users think they are securely connected to a trusted network but are actually exposed.

Setting up an evil twin is easy as attackers can broadcast the SSID of popular public/private networks and trick users into connecting. Lack of encryption on public networks increases risks.

Proper encryption, authentication and monitoring can help detect evil twins. Users should also be cautious about unsecured public networks and verify legitimate network names.

In summary, an evil twin attack deceives users into connecting an impersonating rogue access point, compromising their security and privacy on the fake network.

Wi-Fi Packet Analysis using Wireshark

Protocol with 802.11 in wireshark captures is wifi traffic. Apart from wireshark, you can also use other wireless traffic analyzers such as AirMagnet WiFi Analyzer PRO (https://www.netally.com), SteelCentral Packet Analyzer (https://www.riverbed.com), Omnipeek Network Protocol Analyzer (https://www.liveaction.com), CommView for Wi-Fi (https://www.tamos.com), and Capsa Portable Network Analyzer (https://www.colasoft.com) to analyze Wi-Fi traffic.

Wireless Attacks

There are several different types of Wi-Fi attacks that attackers use to eavesdrop on wireless network connections in order to obtain sensitive information such as passwords, banking credentials, and medical records, as well as to spread malware. Some of them include:

  • Fragmentation attack: When successful, such attacks can obtain 1,500 bytes of PRGA (pseudo random generation algorithm)

  • MAC spoofing attack: The attacker changes their MAC address to that of an authenticated user in order to bypass the access point’s MAC-filtering configuration

  • Disassociation attack: The attacker makes the victim unavailable to other wireless devices by destroying the connectivity between the access point and client

  • Deauthentication attack: The attacker floods station(s) with forged deauthentication packets to disconnect users from an access point

  • Man-in-the-middle attack: An active Internet attack in which the attacker attempts to intercept, read, or alter information between two computers

  • Wireless ARP poisoning attack: An attack technique that exploits the lack of a verification mechanism in the ARP protocol by corrupting the ARP cache maintained by the OS in order to associate the attacker’s MAC address with the target host

  • Rogue access points: Wireless access points that an attacker installs on a network without authorization and that are not under the management of the network administrator

  • Evil twin: A fraudulent wireless access point that pretends to be a legitimate access point by imitating another network name

  • Wi-Jacking attack: A method used by attackers to gain access to an enormous number of wireless networks

Crack a WEP network using Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP, and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless networks. The program runs on both Linux and Windows.

Capture wireless data using wireshark. In parrot os, run below command:

1
aircrack-ng 'Desktop/WEPcrack.cap'

This will decrypt the key and display on the screen.

Crack a WPA2 Network using Aircrack-ng

WPA2 is an upgrade to WPA; it includes mandatory support for Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), an AES-based encryption protocol with strong security. WPA2 has two modes of operation: WPA2-Personal and WPA2-Enterprise. Despite being stronger than both WEP and WPA, the WPA2 encryption method can also be cracked using various techniques and tools.

1
aircrack-ng -a2 -b [Target BSSID] -w Desktop/Wordlist/password.txt Desktop/WPA2crack-01.cap
  • -a is the technique used to crack the handshake, 2=WPA technique.

  • -b refers to bssid; replace with the BSSID of the target router.

  • -w stands for wordlist; provide the path to a wordlist.

Your inbox needs more DevOps articles.

Subscribe to get our latest content by email.