INTRODUCTION
Over time, many homes and organizations have moved toward wireless networks. One of the reasons people are switching to wireless networks is to overcome physical limitations. From a hacker’s perspective, wireless networks are an easy target; when compared with wired networks, they are easy to sniff and attack.
In this chapter, we will cover a wide variety of attacks that can be performed against a wireless network. We will start by discussing how to bypass a low-level security that a network administrator often implements, such as hiding SSID and enabling MAC filtering. After that, we will dive into the essence of this chapter, where I will demonstrate how easy it is to crack WEP/WPA/WPA preshared keys. Finally, we will talk about a client side attack, where I will demonstrate how to set up a fake access point and compromise anyone connecting to your fake access point.
In this chapter, we will cover a wide variety of attacks that can be performed against a wireless network. We will start by discussing how to bypass a low-level security that a network administrator often implements, such as hiding SSID and enabling MAC filtering. After that, we will dive into the essence of this chapter, where I will demonstrate how easy it is to crack WEP/WPA/WPA preshared keys. Finally, we will talk about a client side attack, where I will demonstrate how to set up a fake access point and compromise anyone connecting to your fake access point.
REQUIREMENTS
◾ Wireless access point
◾ Wireless adapter supporting packet injection
◾ Wireless adapter supporting packet injection
These two things are all we require for replicating what’s being discussed in this chapter. The access point is required because we don’t want to attack the neighbor’s access point, because it would be unethical, and as a penetration tester or an ethical hacker, you should make sure that you follow ethics.
The second and the most important requirement is a wireless adapter that supports packet
injection and is also able to sniff in the monitor mode. Personally, I use the Alfa AWUS036H
wireless adapter; it not only supports packet injection, but also BackTrack has preinstalled drivers of it, so we don’t have to do the tedious job of downloading and installing them.
The second and the most important requirement is a wireless adapter that supports packet
injection and is also able to sniff in the monitor mode. Personally, I use the Alfa AWUS036H
wireless adapter; it not only supports packet injection, but also BackTrack has preinstalled drivers of it, so we don’t have to do the tedious job of downloading and installing them.
Once you have an Alfa network adapter that supports packet injection and has all drivers
installed, you can connect the adapter to your computer, and since we are running BackTrack from our virtual machine, we need to attach the network adapter to our BackTrack machine. This can be done by going into Vm → Removable Devices → Realtek RTL8187_Wireless and clicking the “Connect(Disconnect from HOST)” option.
installed, you can connect the adapter to your computer, and since we are running BackTrack from our virtual machine, we need to attach the network adapter to our BackTrack machine. This can be done by going into Vm → Removable Devices → Realtek RTL8187_Wireless and clicking the “Connect(Disconnect from HOST)” option.
Next, we will execute “iwconfig” command to confirm that our BackTrack machine has
been able to detect our network adapter.
been able to detect our network adapter.
Our BackTrack machine has managed to detect our wireless network adapter; however, as we can see, it is not associated with any access point. We could use WICD network manager from Application → Internet → Wicd Network Manager to check available wireless networks.
Once we have connected to the appropriate access point and executed “iwconfig”, we will see that the wlan0 interface contains information regarding ESSID, MAC address, etc.
No comments:
Post a Comment