This article introduces practical techniques used by hackers to break
the wireless security. I recommend that the readers should have basic
knowledge of wireless operation and Backtrack 5: a Linux distribution.
Backtrack, as most of you may already be aware, is the world's most
popular penetration testing distribution. It contains hundreds of
security and hacking tools, some of which we will use in the article.
Introduction
Wireless Networks have become ubiquitous in today's world. Millions of people use them worldwide every day at their home, offices, and public hotspots to log on to the Internet and do both personal and professional work. Every educational institutions and business organisation has got some sort of Wi-Fi connection in there perimeter transmitting confidential data through wireless signals. This makes it a target for hackers.
What you need for perform a Wi-Fi hacking attack?
• Backtrack 5 a Linux distribution: Can be downloaded from their official website http://www.backtrack-linux.org
• Two laptops with internal Wi-Fi cards: One of the laptops as the victim and the other as the penetration tester's laptop.
• Wireless card: A USB Wi-Fi card that can support packet injection and packet sniffing, and is supported by Backtrack
• Access point: Any access point which supports WEP/WPA/WPA2 encryption standards
• Internet connect: Will come in handy to perform research, download software
WEP is the original security standard for wireless network but it is cracked easily. WPA and WPA2 are offered to increase wireless security and solve the vulnerabilities in WEP. WPA and WPA2 still also divide to Pre-shared Key and 802.1x which are used for personal and enterprise respectively. In addition to these standards, there are other mechanisms to enhance wireless security such as, hidden SSID, MAC filtering. We will talk about hacking these security standards and mechanisms in this tutorial and also provide other attacking methods which hacker can do with wireless network.
Creating a monitor mode interface in Backtrack
Boot into Backtrack with your USB Wi-Fi card connected. Once you are within the console, enter iwconfig to confirm that your card has been detected and the driver has been loaded properly. Use the ifconfig wlan0 up command to bring the card up. Verify the card is up by running ifconfig wlan0. You should see the word UP in the second line of the output. To put our card into monitor mode, we will use the airmon-ng utility which is available by default on Backtrack. First run airmon-ng to verify it detects the available cards. You should see the wlan0 interface listed in the output. Now enter airmon-ng start wlan0 to create a monitor mode interface corresponding to the wlan0 device. This new monitor mode interface will be named mon0. You can verify it has been created by running airmon-ng without arguments again. Also, running ifconfig should now display a new interface called mon0. It is possible to create multiple monitor mode interfaces using the same physical card. Use the airmon-ng utility to see how you can do this.
Breaking the simple defenses
Bypassing Mac Filtering
This is a basic security method by storing legitimate client MAC address in the access point. When there is authentication request to the access point, the access point compares the requesting MAC address with MAC address stored in its memory. If the result is match, the authentication is success otherwise it is failed. However, this method is easy to bypass, the attacker is only needs to change the MAC address by using a few commands.
In order to beat MAC filters, we can use airodump-ng mon0 to find the MAC addresses of the clients connected to the access point. Once you have achieved this you want to set airodump-ng to the fixed channel and MAC address of access point to improve efficiency of airodump-ng. We can do this by issuing the commands airodump-ng -c 11 -a --bbsid 00:11:22:33:44:55 mon0. By specifying the --bssid, we will only monitor the access point which is of interest to us. The -c 11 sets the channel to 11 where the access point is. The -a ensures that client section of the airodump-ng output, only client associated and connected to an access point are shown. Once we find a white-listed client's MAC address, we can spoof the MAC address of the client using the macchanger utility which ships with Backtrack. Before this can be done you must put down the wlan0 interface and stop the airmon-ng mon0 interface using the command airmon-ng stop mon0 & ifconfig wlan0 down. Then you can use the command macchanger -m 00:11:22:33:44:55 wlan0 to get this done. The MAC address you specify with the -m option is the new spoofed MAC address for the wlan0 interface.
Discovering Hidden SSIDs
Hidden SSIDs is a configuration where the access point does not broadcast its SSID in the Beacon frames. Thus only clients which know the SSID of the access point can connect to it. There are two techniques of discovering hidden SSIDs. The first is a passive technique of waiting for a legitimate client to connect to the access point. This will generate Probe Request and Probe response packets which will contain the SSID of the network but the drawback of this technique is the waiting game and consent capture or viewing of packets. Alternatively, you can use aireplay-ng to send De-authentication packets to all stations on behalf of the targeted access point by typing aireplay-ng -0 10 -a 00:11:22:33:44:55 -c 00:11:22:33:44:55 mon0. The -0 option is for choosing a Deauthentication attack, and 10 is the number of Deauthentication packets to send, -a specifies the MAC address of the access point -c specifies the MAC address of the client associated to your are targeting AP. The preceding Deauthentication packets will force all legitimate clients to disconnect and reconnect. The Probe Response from the access point will end up revealing its hidden SSID. Once the legitimate clients connect back, we can see the Hidden SSID using the Probe Request and Probe Response frames.
Introduction
Wireless Networks have become ubiquitous in today's world. Millions of people use them worldwide every day at their home, offices, and public hotspots to log on to the Internet and do both personal and professional work. Every educational institutions and business organisation has got some sort of Wi-Fi connection in there perimeter transmitting confidential data through wireless signals. This makes it a target for hackers.
What you need for perform a Wi-Fi hacking attack?
• Backtrack 5 a Linux distribution: Can be downloaded from their official website http://www.backtrack-linux.org
• Two laptops with internal Wi-Fi cards: One of the laptops as the victim and the other as the penetration tester's laptop.
• Wireless card: A USB Wi-Fi card that can support packet injection and packet sniffing, and is supported by Backtrack
• Access point: Any access point which supports WEP/WPA/WPA2 encryption standards
• Internet connect: Will come in handy to perform research, download software
WEP is the original security standard for wireless network but it is cracked easily. WPA and WPA2 are offered to increase wireless security and solve the vulnerabilities in WEP. WPA and WPA2 still also divide to Pre-shared Key and 802.1x which are used for personal and enterprise respectively. In addition to these standards, there are other mechanisms to enhance wireless security such as, hidden SSID, MAC filtering. We will talk about hacking these security standards and mechanisms in this tutorial and also provide other attacking methods which hacker can do with wireless network.
Creating a monitor mode interface in Backtrack
Boot into Backtrack with your USB Wi-Fi card connected. Once you are within the console, enter iwconfig to confirm that your card has been detected and the driver has been loaded properly. Use the ifconfig wlan0 up command to bring the card up. Verify the card is up by running ifconfig wlan0. You should see the word UP in the second line of the output. To put our card into monitor mode, we will use the airmon-ng utility which is available by default on Backtrack. First run airmon-ng to verify it detects the available cards. You should see the wlan0 interface listed in the output. Now enter airmon-ng start wlan0 to create a monitor mode interface corresponding to the wlan0 device. This new monitor mode interface will be named mon0. You can verify it has been created by running airmon-ng without arguments again. Also, running ifconfig should now display a new interface called mon0. It is possible to create multiple monitor mode interfaces using the same physical card. Use the airmon-ng utility to see how you can do this.
Bypassing Mac Filtering
This is a basic security method by storing legitimate client MAC address in the access point. When there is authentication request to the access point, the access point compares the requesting MAC address with MAC address stored in its memory. If the result is match, the authentication is success otherwise it is failed. However, this method is easy to bypass, the attacker is only needs to change the MAC address by using a few commands.
In order to beat MAC filters, we can use airodump-ng mon0 to find the MAC addresses of the clients connected to the access point. Once you have achieved this you want to set airodump-ng to the fixed channel and MAC address of access point to improve efficiency of airodump-ng. We can do this by issuing the commands airodump-ng -c 11 -a --bbsid 00:11:22:33:44:55 mon0. By specifying the --bssid, we will only monitor the access point which is of interest to us. The -c 11 sets the channel to 11 where the access point is. The -a ensures that client section of the airodump-ng output, only client associated and connected to an access point are shown. Once we find a white-listed client's MAC address, we can spoof the MAC address of the client using the macchanger utility which ships with Backtrack. Before this can be done you must put down the wlan0 interface and stop the airmon-ng mon0 interface using the command airmon-ng stop mon0 & ifconfig wlan0 down. Then you can use the command macchanger -m 00:11:22:33:44:55 wlan0 to get this done. The MAC address you specify with the -m option is the new spoofed MAC address for the wlan0 interface.
Hidden SSIDs is a configuration where the access point does not broadcast its SSID in the Beacon frames. Thus only clients which know the SSID of the access point can connect to it. There are two techniques of discovering hidden SSIDs. The first is a passive technique of waiting for a legitimate client to connect to the access point. This will generate Probe Request and Probe response packets which will contain the SSID of the network but the drawback of this technique is the waiting game and consent capture or viewing of packets. Alternatively, you can use aireplay-ng to send De-authentication packets to all stations on behalf of the targeted access point by typing aireplay-ng -0 10 -a 00:11:22:33:44:55 -c 00:11:22:33:44:55 mon0. The -0 option is for choosing a Deauthentication attack, and 10 is the number of Deauthentication packets to send, -a specifies the MAC address of the access point -c specifies the MAC address of the client associated to your are targeting AP. The preceding Deauthentication packets will force all legitimate clients to disconnect and reconnect. The Probe Response from the access point will end up revealing its hidden SSID. Once the legitimate clients connect back, we can see the Hidden SSID using the Probe Request and Probe Response frames.
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com