SlideShare une entreprise Scribd logo

WiFi Pentesting with aircrack-ng.pdf

S
SalihuSalisu

The document provides an overview of using Aircrack-ng to perform Wi-Fi pentesting. It discusses setting up Kali Linux and a USB Wi-Fi card, identifying nearby Wi-Fi networks, cracking WEP encryption through packet injection and capturing packets with airodump-ng and aircrack-ng. The presentation also includes a disclaimer about unauthorized access and encourages practicing penetration testing skills legally and ethically.

Logiciels
1  sur  36
Télécharger pour lire hors ligne
Wi-Fi Pentesting with Aircrack-ng @H4CKT3R_bot
About Me • Hi there! • I'm Keya Lea Horiuchi – Engineer at AppliedTrust – I like to play with stuff. – I like the mountains, desert and the beach. @H4CKT3R_bot
• What we'll cover – Demos! • Using basic tools in Kali, introduction – Learning by doing – Wi-Fi basics – Getting things up and running • Challenges • We're at a conference, others may be using the conference Wi-Fi. Respect! @H4CKT3R_bot
What you need • Kali Linux • USB Wi-Fi card capable of injection – Alfa Networks 802.11 b/g Wireless USB Adapter • AWUS036H • Set up to allow USB device access from the client to guest VirtualBox @H4CKT3R_bot
• Challenges • How many Wi-Fi SSIDs? • Name the SSIDs, use the MAC to ID the manufacturer and the type of encryption – They may not all be broadcasting – Identify open ports and any web interfaces • Why is this handy? @H4CKT3R_bot
• SSIDs you can play on • Unfortunately not connected to Internet – Test_lab – wep-crack – open_jk • See what ports/interfaces are reachable • Modify packets, send deauths only to these – What could be keeping you off? • Crack WEP • Aircrack-ng @H4CKT3R_bot
Let's take a moment to think about Wi-Fi Wireless data transfer A radio frequency traveling through time and space Through the air! @H4CKT3R_bot
@H4CKT3R_bot
@H4CKT3R_bot
@H4CKT3R_bot
@H4CKT3R_bot
• Three types of WLAN frames • Management – Maintains communication between APs and clients, used to join and leave APs (Auth, deauth, association, beacons) • Control – Property exchange of data (RTS, CTS, ACK) • Data – Data from the higher protocols @H4CKT3R_bot
@H4CKT3R_bot
@H4CKT3R_bot
Disclaimer • Use your better judgement. • Unauthorized access to data is against the law. • Don't go to the dark side! – Set up a lab environment – Ask your friends! @H4CKT3R_bot
Let's capture some packets! @H4CKT3R_bot
• Look at the Wi-Fi environment – Gather evidence / information – Many different tools • Basic config tools • Airmon-ng • wireshark • Target a specific device and crack some stuff! – Airmon-ng, aireplay-ng and aircrack-ng @H4CKT3R_bot
• What interfaces are available to Kali? – # ifconfig and iwconfig • Attach the USB Wi-Fi card. • Check out the environment. • # iwlist wlan0 scanning @H4CKT3R_bot
Demo @H4CKT3R_bot
• Important note – The headers in the frames are in plain text and not encrypted. Anyone sniffing can see these headers. – Any header can be spoofed and transmitted. – Do not have to be connected or authenticated to do this. @H4CKT3R_bot
• Can do one of two demos, or just sniff traffic with different tools. • Have an SSID with not broadcasting, but have a client connecting. • SSID that is open and has a name, but using mac filtering. A client needs to connect. • Use its mac address and connect. @H4CKT3R_bot
@H4CKT3R_bot
Cracking WEP • Put the wlan interface into monitor mode with – # airmon-ng start wlan0 – # airodump-ng wlan0mon @H4CKT3R_bot
Demo @H4CKT3R_bot
Cracking WEP @H4CKT3R_bot
• After determining the target, focus listening on that one device. • • • • • After identifying the station • # airodump-ng - - bssid <00:32:d8...> - - channel 6 - - write <WEPCracking> wlan0mon @H4CKT3R_bot
• Use airodump-ng to write all the packets to a traffic dump file • Need a large number of data packets encrypted with the same key. – In order to make this happen, will used aireplay- ng to inject packets into network to force the WAP into interacting with us. – Do not yet know the WEP key, but can ID ARP packets by the size of the fixed header. @H4CKT3R_bot
• Packet injection – open another terminal • # aireplay-ng -3 -b <BSSID> -h <client- spoofing> wlan0mon – 3 specifies ARP packets @H4CKT3R_bot
-3, --arpreplay The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably. The program listens for an ARP packet then retransmits it back to the access point. This, in turn, causes the access point to repeat the ARP packet with a new IV. The program retransmits the same ARP packet over and over. However, each ARP packet repeated by the access point has a new IVs. It is all these new IVs which allow you to determine the WEP key. @H4CKT3R_bot
• In order to crack the key, aircrack looks at the collected data packets in the file • # aircrack-ng <WEPCrack*.cap> – Aircrack is a 802.11 WEP / WPA-PSK key cracker @H4CKT3R_bot
@H4CKT3R_bot
• The amount of time it takes to crack a key depends on the amount of traffic in the network because a large sample needs to be collected to compare and identify a collision. • The weakness in WEP stems from needing to reuse initialization vectors (IVs). Once they are reused, which is pretty often, the key can be cracked. @H4CKT3R_bot
@H4CKT3R_bot
• Clean up • Take it out of monitor mode – # airmon-ng stop <wlan0mon> – # service network-manager start @H4CKT3R_bot
• Hopefully the demo worked and you don't see this slide. @H4CKT3R_bot
Thanks! That was good fun! Questions? @H4CKT3R_bot

Recommandé

Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
Dan Kaminsky
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
Rob Gillen
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentesting
Mihir Shah
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
Michele Chubirka
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
Mihir Shah
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Find the Hacker
Find the HackerFind the Hacker
Find the Hacker
Sysdig
 

Recommandé

Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
Dan Kaminsky
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
Rob Gillen
 
Wi fi pentesting
Wi fi pentestingWi fi pentesting
Wi fi pentesting
Mihir Shah
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
Michele Chubirka
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
Mihir Shah
 
Making and breaking security in embedded devices
Making and breaking security in embedded devicesMaking and breaking security in embedded devices
Making and breaking security in embedded devices
Yashin Mehaboobe
 
Find the Hacker
Find the HackerFind the Hacker
Find the Hacker
Sysdig
 
BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheels
infodox
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
Mohammed Adam
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
guestf2e41
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
sl2square
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
WiFi security
WiFi security WiFi security
WiFi security
Ihor Uzhvenko
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
Hammam Samara
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
Tom Isaacson
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Aruba, a Hewlett Packard Enterprise company
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
ImXaib
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptx
Mairajuddeen
 
Aircrack
AircrackAircrack
Aircrack
Nithin Sathees
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
keyalea
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
PROIDEA
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
Aleksandr Timorin
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
Dusan Klinec
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
 

Contenu connexe

Similaire à WiFi Pentesting with aircrack-ng.pdf

Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
guestf2e41
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
Hammam Samara
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
ImXaib
 

Similaire à WiFi Pentesting with aircrack-ng.pdf (20)

BSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on WheelsBSides Hannover 2015 - Shell on Wheels
BSides Hannover 2015 - Shell on Wheels
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc groupNtxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
Ntxissacsc5 red 1 &amp; 2 basic hacking tools ncc group
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
#startathon2.0 - Spark Core
#startathon2.0 - Spark Core#startathon2.0 - Spark Core
#startathon2.0 - Spark Core
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
WiFi security
WiFi security WiFi security
WiFi security
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
AleksandrDoroninSlides.ppt
AleksandrDoroninSlides.pptAleksandrDoroninSlides.ppt
AleksandrDoroninSlides.ppt
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptx
 
Aircrack
AircrackAircrack
Aircrack
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
CONFidence 2014: Alexander Timorin: SCADA deep inside: protocols and security...
 
SCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanismsSCADA deep inside: protocols and security mechanisms
SCADA deep inside: protocols and security mechanisms
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 

Dernier

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Dernier (20)

Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 

WiFi Pentesting with aircrack-ng.pdf

  • 2. About Me • Hi there! • I'm Keya Lea Horiuchi – Engineer at AppliedTrust – I like to play with stuff. – I like the mountains, desert and the beach. @H4CKT3R_bot
  • 3. • What we'll cover – Demos! • Using basic tools in Kali, introduction – Learning by doing – Wi-Fi basics – Getting things up and running • Challenges • We're at a conference, others may be using the conference Wi-Fi. Respect! @H4CKT3R_bot
  • 4. What you need • Kali Linux • USB Wi-Fi card capable of injection – Alfa Networks 802.11 b/g Wireless USB Adapter • AWUS036H • Set up to allow USB device access from the client to guest VirtualBox @H4CKT3R_bot
  • 5. • Challenges • How many Wi-Fi SSIDs? • Name the SSIDs, use the MAC to ID the manufacturer and the type of encryption – They may not all be broadcasting – Identify open ports and any web interfaces • Why is this handy? @H4CKT3R_bot
  • 6. • SSIDs you can play on • Unfortunately not connected to Internet – Test_lab – wep-crack – open_jk • See what ports/interfaces are reachable • Modify packets, send deauths only to these – What could be keeping you off? • Crack WEP • Aircrack-ng @H4CKT3R_bot
  • 7. Let's take a moment to think about Wi-Fi Wireless data transfer A radio frequency traveling through time and space Through the air! @H4CKT3R_bot
  • 12. • Three types of WLAN frames • Management – Maintains communication between APs and clients, used to join and leave APs (Auth, deauth, association, beacons) • Control – Property exchange of data (RTS, CTS, ACK) • Data – Data from the higher protocols @H4CKT3R_bot
  • 15. Disclaimer • Use your better judgement. • Unauthorized access to data is against the law. • Don't go to the dark side! – Set up a lab environment – Ask your friends! @H4CKT3R_bot
  • 16. Let's capture some packets! @H4CKT3R_bot
  • 17. • Look at the Wi-Fi environment – Gather evidence / information – Many different tools • Basic config tools • Airmon-ng • wireshark • Target a specific device and crack some stuff! – Airmon-ng, aireplay-ng and aircrack-ng @H4CKT3R_bot
  • 18. • What interfaces are available to Kali? – # ifconfig and iwconfig • Attach the USB Wi-Fi card. • Check out the environment. • # iwlist wlan0 scanning @H4CKT3R_bot
  • 20. • Important note – The headers in the frames are in plain text and not encrypted. Anyone sniffing can see these headers. – Any header can be spoofed and transmitted. – Do not have to be connected or authenticated to do this. @H4CKT3R_bot
  • 21. • Can do one of two demos, or just sniff traffic with different tools. • Have an SSID with not broadcasting, but have a client connecting. • SSID that is open and has a name, but using mac filtering. A client needs to connect. • Use its mac address and connect. @H4CKT3R_bot
  • 23. Cracking WEP • Put the wlan interface into monitor mode with – # airmon-ng start wlan0 – # airodump-ng wlan0mon @H4CKT3R_bot
  • 26. • After determining the target, focus listening on that one device. • • • • • After identifying the station • # airodump-ng - - bssid <00:32:d8...> - - channel 6 - - write <WEPCracking> wlan0mon @H4CKT3R_bot
  • 27. • Use airodump-ng to write all the packets to a traffic dump file • Need a large number of data packets encrypted with the same key. – In order to make this happen, will used aireplay- ng to inject packets into network to force the WAP into interacting with us. – Do not yet know the WEP key, but can ID ARP packets by the size of the fixed header. @H4CKT3R_bot
  • 28. • Packet injection – open another terminal • # aireplay-ng -3 -b <BSSID> -h <client- spoofing> wlan0mon – 3 specifies ARP packets @H4CKT3R_bot
  • 29. -3, --arpreplay The classic ARP request replay attack is the most effective way to generate new initialization vectors (IVs), and works very reliably. The program listens for an ARP packet then retransmits it back to the access point. This, in turn, causes the access point to repeat the ARP packet with a new IV. The program retransmits the same ARP packet over and over. However, each ARP packet repeated by the access point has a new IVs. It is all these new IVs which allow you to determine the WEP key. @H4CKT3R_bot
  • 30. • In order to crack the key, aircrack looks at the collected data packets in the file • # aircrack-ng <WEPCrack*.cap> – Aircrack is a 802.11 WEP / WPA-PSK key cracker @H4CKT3R_bot
  • 32. • The amount of time it takes to crack a key depends on the amount of traffic in the network because a large sample needs to be collected to compare and identify a collision. • The weakness in WEP stems from needing to reuse initialization vectors (IVs). Once they are reused, which is pretty often, the key can be cracked. @H4CKT3R_bot
  • 34. • Clean up • Take it out of monitor mode – # airmon-ng stop <wlan0mon> – # service network-manager start @H4CKT3R_bot
  • 35. • Hopefully the demo worked and you don't see this slide. @H4CKT3R_bot
  • 36. Thanks! That was good fun! Questions? @H4CKT3R_bot