WIRELESS HACKING

INTRODUCTION WHY? HOW? PREVENTION

CONTENTS

Wireless networking technology is becoming increasingly popular but at the same time has introduced many security issues.

The popularity in wireless technology is driven by two primary factors - convenience and cost.

It works on standard IEEE 802.11 group.

Introduction

Service Set Identification Your router broadcasts the name of your network(SSID)

and allows others to connect wirelessly to your network. This feature can also b disabled. If you choose to disable your SSID broadcasting you will

need to setup a profile in your wireless n/w management s/w on your wireless clients using SSID you have

chosen..

SSID

802.11a Frequency - 2.4000 GHz to 2.2835GHz

802.11b Frequency - 5.15-5.35GHz to 5.725-5.825GHz

802.11g Frequency - 2.4GHz

Wireless LAN standards of IEEE's 802.11 group

2.4 Ghz wifi spectrum

5 Ghz wifi spectrum

Wireless uses Radio Frequency

WEP

WPA

WPA/PSK

Types of Wireless Connection

Abbreviation for Wired Equivalent Privacy. IEEE chose to employ encryption at the data link

layer according to RC4 encryption algorithm. Breakable even when configured correctly… Can b broken in as small as 3 min..

WEP

Stands for Wi-Fi Protected Access. Hashing algorithm is used in WPA. Created to provide stronger security than WEP. Still able to be cracked if a short password is

used.

WPA

If a long password is used, these protocol are virtually uncrackable.

Even with good passwords , unless you really know what your doing, wireless networks can be hacked…

WPA

Strongest now-a-days. Theoretically un-breakable. But yet is somehow possible to crack it…

WPA/PSK

When a user uses wireless internet they generate data called “packets”.

Packets are transmitted between the transmitting medium and the wireless access point via radio waves whenever the device is connected with the access point.

A little information

Depending on how long the device is connected, it can generate a certain number of packets per day.

The more users that are connected to one access point, the more packets are generated.

Some More…

HOW TO CRACK??

And this is my

“FAKE AP”

I am “CLIENT”

Hi! I am “HACKER”

Send “DEAUTH” packet to attack the client

Client associates to the FAKE AP.

YES!!!

MAN IN THE MIDDLE ATTACK

You must locate the wireless signal This can be done by using your default Windows

tool “View Available Wireless Network” More useful tools include NetStumbler and

Kismet. Kismet has an advantage over the other because it can pick up wireless signals that are not broadcasting their SSID.

First…

Once you located a wireless network you can connect to it unless it is using authentication or encryption.

If it is using authentication or encryption then the next step would be to use a tool for sniffing out and cracking WEP keys.

Second…

Once any of the tools has recovered enough packets it will then go to work on reading the captured information gathered from the packets and crack the key giving you access.

Other tools (such as CowPatty) can use dictionary files to crack hard WPA keys.

Third…

Kismet : War-driving with passive mode scanning and sniffing 802.11a/b/g, site survey tools

Airfart : Wireless Scanning and monitoring BackTrack: Linux Base Os to crack WEP Airjack : MITM Attack and DoS too WEPCrack : Cracking WEP

Tools For WEP Hacking

Hacking Through Router’s MAC Address

Find Router MAC

Change Your MAC

Find User’s MAC

Change MAC according To User’s

MAC

Using Following command we can get password of WEP network

• ifconfig• iwconfig• macchanger• airmon-ng• airdump-ng• airreplay-ng• aircrack-ng

Commands Used

Description of Commands

ifconfig – interface configuration tool similar but more powerful than ipconfig

iwconfig – interface wireless configuration tool

macchanger – allows you to change the mac address of the card (Spoofing)

airmon-ng – puts the card into monitor mode (promiscuous mode) allows the card to capture packets

airdump-ng – capturing and collecting packets

aireplay-ng – used to deauthenticate and generate traffic

aircrack-ng – used to crack WEP and WPA

This case study presents an overview of wireless setups identified between November 22 2010 and October 3 2011. The study covers 2,133 wireless networks of both consumer and corporate customers.

Case study

Don’t broadcast your SSID . This is usually done during the setup of your wireless router.

Change the default router login to something else.

If your equipment supports it, use WPA or WPA/PSK because it offers better encryption which is still able to be broken but much harder.

Always check for updates to your router. Turn off your router or access point when not

using it.

Prevent Your Network from Getting Hacked

There is no such thing as 100% percent security when using wireless networks but at least with these few simple steps you can make it harder for the average person to break into your network.

Prevent Your Network from Getting Hacked

THANK YOUANY QUERIES?