Upload
khnog
View
37
Download
0
Embed Size (px)
Citation preview
25th Jan 2017
WIRELESS Penetration Testing
Pich Phearun(Developer@Freelancer)
NEAKIT.COM
Peng Chhaileng(Developer@Freelancer)
Contents
https://facebook.com/groups/khnog/ http://khnog.net/
1. Introduction
2. Why do we have to do Wireless Penetration Testing?
3. Types of Wireless Penetration Testing
4. How easily hacking into wireless network
5. Demostation
What is Wireless Pen testing?
https://facebook.com/groups/khnog/ http://khnog.net/
The process of activity evaluation information security measures implemented in a wireless network to analyze design weaknesses, technical flaws and vulnerabilities.
Wi-Fi Security and Pentesting
Why is Wireless Pen testing?
https://facebook.com/groups/khnog/ http://khnog.net/
- To secure your network
- You resource are exposed to unknown to user - You network can be captured
- You network and connectivity maybe used for illegal activities
How to hack WiFi 😂
https://facebook.com/groups/khnog/ http://khnog.net/
Hacking in to WiFi is included in Wireless Pentesting, so it’s will be an example today.
There are some possible ways to hack WiFi.
1. WPS (Dumpper, Reaver, WiFite, …)
2. Wireless Traffic Capture (Wireshark, …)
3. Phishing WiFi (…)
4. …
Hack via WPS Pin
https://facebook.com/groups/khnog/ http://khnog.net/
You might not know it but you might know Dumpper and JumpStart LOL xD
Capturing Wireless Traffic
https://facebook.com/groups/khnog/ http://khnog.net/
- Some wireless cards support Monitor mode, we can capture the wireless traffic.
- When someone tries to connect to a WiFi, the password sent to router will be captured.
- Some tools to do that are wireshark, aircrack, airodump, …
https://facebook.com/groups/khnog/ http://khnog.net/
Capturing Wireless Traffic
When a user connects to a wifi, the password sent to router is captured.
https://facebook.com/groups/khnog/ http://khnog.net/
Capturing Wireless Traffic
Passwords list will be required to decrypt the wifi password in wifi packet captured.
Hack via Phishing
https://facebook.com/groups/khnog/ http://khnog.net/
Process of WiFi Phishing 1. Hacker creates a fake Access Point looks like the
real one with DHCP Server. 2. A fake login webpage is hosted with web server
installed on attacker’s PC. 3. Hacker sends deauthentication attack to the real
WiFi. 4. Real WiFi will no longer connectable, so the
victim will connect to the fake one. 5. By using DNS Spoofing, users will be redirect to
the fake login page when they browse to the Internet.
Hack via Phishing
https://facebook.com/groups/khnog/ http://khnog.net/
Attacker Victim
One
Victim connects to a wifi
Hack via Phishing
https://facebook.com/groups/khnog/ http://khnog.net/
Attacker Victim
Two
Victim will no longer connect to wifi, so it connect to a fake access point on attacker computer.
Deauthentication attack
Attacker disconnect victim from router by performing deaauthentication attack
Un-connectable
Hack via Phishing
https://facebook.com/groups/khnog/ http://khnog.net/
Attacker Victim
Three
WiFi password will be required on a fake webpage hosted on attacker’s web server.
By performing a DNS Spoofing, every time the victim browses to the internet it will redirect to
attacker’s web server.
Un-connectable
192.168.2.1
192.168.2.100
Victim-MacBook-Pro:~ Bong$ ping facebook.com PING facebook.com (192.168.2.1): 56 data bytes 64 bytes from 192.168.2.1: icmp_seq=0 ttl=50 time=89.260 ms 64 bytes from 192.168.2.1: icmp_seq=1 ttl=50 time=123.832 ms 64 bytes from 192.168.2.1: icmp_seq=2 ttl=50 time=293.910 ms
Demonstration
https://facebook.com/groups/khnog/ http://khnog.net/
https://goo.gl/W333Ty
Conclusion
https://facebook.com/groups/khnog/ http://khnog.net/
- Cracked password needs dictionary file to read.- If we mix the password with small letter, capital letter, number, and
some special characters; cracking time is long too.- Not all passwords are in dictionary file.- – Change default setting on your router- • When you install router modify id and pwd to something else rather
than default - – Disable SSID broadcast - • Hides network from beginner intruder. Ie. Windows Wireless Zero
config utility - • Will not keep you safe from more advance hackers - – Turn off network when not in use- • Impossible to hack a network that it is not running- – MAC address filtering - • AP grants access to certain MAC addresses • Not fully proof, but
good countermeasure - – Encryption • Use of WPA- • Use long and random WPA keys Maghan Das