Wireless Network Pentestration

25th Jan 2017

WIRELESS Penetration Testing

Pich Phearun(Developer@Freelancer)

NEAKIT.COM

Peng Chhaileng(Developer@Freelancer)

http://NEAKIT.COM

Contents

https://facebook.com/groups/khnog/ http://khnog.net/

1. Introduction

2. Why do we have to do Wireless Penetration Testing?

3. Types of Wireless Penetration Testing

4. How easily hacking into wireless network

5. Demostation

What is Wireless Pen testing?


The process of activity evaluation information security measures implemented in a wireless network to analyze design weaknesses, technical flaws and vulnerabilities.

Wi-Fi Security and Pentesting

Why is Wireless Pen testing?


- To secure your network

- You resource are exposed to unknown to user - You network can be captured

- You network and connectivity maybe used for illegal activities

How to hack WiFi 😂


Hacking in to WiFi is included in Wireless Pentesting, so it’s will be an example today.

There are some possible ways to hack WiFi.

1. WPS (Dumpper, Reaver, WiFite, …)

2. Wireless Traffic Capture (Wireshark, …)

3. Phishing WiFi (…)

4. …

Hack via WPS Pin


You might not know it but you might know Dumpper and JumpStart LOL xD

Capturing Wireless Traffic


- Some wireless cards support Monitor mode, we can capture the wireless traffic.

- When someone tries to connect to a WiFi, the password sent to router will be captured.

- Some tools to do that are wireshark, aircrack, airodump, …



When a user connects to a wifi, the password sent to router is captured.



Passwords list will be required to decrypt the wifi password in wifi packet captured.

Hack via Phishing


Process of WiFi Phishing 1. Hacker creates a fake Access Point looks like the

real one with DHCP Server. 2. A fake login webpage is hosted with web server

installed on attacker’s PC. 3. Hacker sends deauthentication attack to the real

WiFi. 4. Real WiFi will no longer connectable, so the

victim will connect to the fake one. 5. By using DNS Spoofing, users will be redirect to

the fake login page when they browse to the Internet.

Hack via Phishing


Attacker Victim

One

Victim connects to a wifi

Hack via Phishing


Attacker Victim

Two

Victim will no longer connect to wifi, so it connect to a fake access point on attacker computer.

Deauthentication attack

Attacker disconnect victim from router by performing deaauthentication attack

Un-connectable

Hack via Phishing


Attacker Victim

Three

WiFi password will be required on a fake webpage hosted on attacker’s web server.

By performing a DNS Spoofing, every time the victim browses to the internet it will redirect to

attacker’s web server.

Un-connectable

192.168.2.1

192.168.2.100

Victim-MacBook-Pro:~ Bong$ ping facebook.com PING facebook.com (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: icmp_seq=0 ttl=50 time=89.260 ms 64 bytes from 192.168.2.1: icmp_seq=1 ttl=50 time=123.832 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=50 time=293.910 ms

Hack via Phishing


Sample

Demonstration


https://goo.gl/W333Ty

https://goo.gl/W333Ty

Conclusion


- Cracked password needs dictionary file to read.- If we mix the password with small letter, capital letter, number, and

some special characters; cracking time is long too.- Not all passwords are in dictionary file.- – Change default setting on your router- • When you install router modify id and pwd to something else rather

than default - – Disable SSID broadcast - • Hides network from beginner intruder. Ie. Windows Wireless Zero

config utility - • Will not keep you safe from more advance hackers - – Turn off network when not in use- • Impossible to hack a network that it is not running- – MAC address filtering - • AP grants access to certain MAC addresses • Not fully proof, but

good countermeasure - – Encryption • Use of WPA- • Use long and random WPA keys Maghan Das

Thank you 😘 😘

Technology

Wireless Network Pentestration