wireless-hacking

What is Wireless Network and how to Hack It

A wireless network is a set of two or more devices connected with each other via radio waves within a limited space range. These networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks.

A commonly used wireless LAN is a Wi-Fi network. Wireless LANs have inherent security weaknesses from which wired networks are exempt. Not only do the wireless security protocols prevent unwanted parties from connecting to your wireless network, but also encrypt your private data sent over the airwaves.

Wireless network comes with excellent advantages connectivity beyond walls, wireless connection, easy to access the internet even in are advantages, the major issue being- the questionable security. Wireless networks are widely used and it is quite easy to set them up.

They use IEEE 802.11 standards. A wireless router is the most important device in a wireless network that connects the users with the Internet.

How to access a wireless network?

You will need a wireless network-enabled device such as a laptop, tablet, smartphones, etc. You will also need to be within the transmission radius of a wireless network access point.

Most devices (if the wireless network option is turned on) will provide you with a list of available networks. If the network is not password protected, then you just have to click on connect. If it is password protected, then you will need the password to gain access.

Penetration of a wireless network

There are two basic types of vulnerabilities associated with WLANs those caused by poor configuration and those caused by poor encryption. Poor configuration causes many vulnerabilities.

Wireless networks are often put into use with no or insufficient security settings. With no security settings – the default configuration – access is obtained simply by association. Without sufficient security settings, networks can easily be defeated by cloaking and/or MAC address filtering.

Poor encryption causes the remaining vulnerabilities. Wired Equivalent Privacy (WEP) is defective and can be defeated in several ways. Wi-Fi Protected Access (WPA) and Cisco’s Lightweight Extensible Authentication Protocol (LEAP) are vulnerable to dictionary attacks.

WLAN Authentication Methods

  • It is important to understand that there is a distinction between being authenticated onto a wireless network and then having the traffic passed be encrypted. It is possible to be authenticated onto a network and pass open unencrypted traffic; this section looks at the commonly used methods of authentication. There are three main methods of authentication that are used on today’s wireless LANs:
  • Open authentication – The open authentication method is the simplest of the methods used and only requires that the end device be aware of the Service-Set Identifier (SSID) used on the network, as long as the SSID is known then the device will be allowed onto the network. The problem with this method is that the SSID is typically broadcast and if it is not, it can be easy to figure out with passive capturing techniques.
  • shared authentication- The shared authentication method is commonly used on individual and small business wireless LAN implementations; this method uses a shared key (Pre-Shared Key – PSK) that is given to both sides of the connection; if they match then the device is allowed onto the network.
  • EAP (Extensible Authentication Protocol) authentication-The third method uses the Extensible Authentication Protocol (EAP) and is the most common method used by enterprises. The EAP method utilizes an authentication server that is queried for authentication using a variety of credential options.

Wireless Network Authentication

Since the network is easily accessible to everyone with a wireless network-enabled device, most networks are password protected. Let’s look at some of the most commonly used authentication techniques.

Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) is the most widely used Wi-Fi security protocol in the world. This is a function of age, backward compatibility, and the fact that it appears first in the protocol selection menus in many router control panels. Read more

Wi-Fi Protected Access (WPA) – Wi-Fi Protected Access was the Wi-Fi Alliance’s direct response and replacement to the increasingly apparent vulnerabilities of the WEP standard. WPA was formally adopted in 2003, a year before WEP was officially retired. The most common WPA configuration is WPA-PSK (Pre-Shared Key). The keys used by WPA are 256-bit, a significant increase over the 64-bit and 128-bit keys used in the WEP system.

Wi-Fi Protected Access II (WPA2)- WPA has, as of 2006, been officially superseded by WPA2. One of the most significant changes between WPA and WPA2 is the mandatory use of AES algorithms and the introduction of CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol) as a replacement for TKIP. However, TKIP is still preserved in WPA2 as a fallback system and for interoperability with WPA.

Pre-Shared Key Mode (PSK) – In PSK mode, there is a common key/password shared between all wireless hosts. The user must enter this key to connect to the wireless network (or if the computer remembered the key, it can provide it on its own). All of the above encryption methods support this mode of operation.

Enterprise Mode – In Enterprise mode, clients must authenticate to the wireless network with a username and password. This authentication is handled by a process running on WirelessTrakker that can talk to one of several different databases: a built-in user database in WirelessTrakker, a remote SecureSchool user database, or a Microsoft Windows Active Directory. Additionally, the login can be checked by WirelessTrakker for permissions, similar to how Filter Sets work on SecureSchool. For example, for a user to get access to the “MySchool” SSID, there can be a requirement stating the user must be in the “WT_MySchool” group in Active Directory. This method provides more security then PSK mode because each user uses their own username and password and nothing is shared between users.

How to Hack Wireless Networks

Although wireless networks offer great flexibility, they have their security problems. A hacker can sniff the network packets without having to be in the same building where the network is located. As wireless networks communicate through radio waves, a hacker can easily sniff the network from a nearby location.

Most attackers use network sniffing to find the SSID and hack a wireless network. When our wireless cards are converted in sniffing modes, they are called monitor mode.

We will provide you with basic information that can help you get started. Backtrack is a Linux-based security operating system. It is developed on top of Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities and perform exploits among other things.

Some of the popular tools that backtrack have included;

  • Metasploit
  • Wireshark
  • Aircrack-ng
  • Nmap
  • Ophcrack