In this lab session, we were introduced to the methods of hacking wireless networks. The weakest of the encrypted wireless networks is the Wireless Equivalence Privacy (WEP).
Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks. When introduced in 1997,[1] WEP was intended to provide confidentiality comparable to that of a traditional wired network.
In this lab session, we have used a Backtrack version 2 to crack a router's passphrase which is set up with a 64-bit encryption. For my own, I've used a Backtrack version 3 because previously I was exploring on how to hack WEP networks myself.
For the information of you readers out there, Backtrack is a Linux distribution designed to do penetration tests.
Tools included that are necessary for our lab session are:
Kismet - a wireless network detector and packet sniffer
airmon - a tool that can help you set your wireless adapter into monitor mode(rfmon)
airodump - a tool for capturing packets from a wireless router(otherwise known asan AP)
aireplay - a tool for forging ARP requests
aircrack - a tool for decrypting WEP keys
iwconfig - a tool for configuring wireless adapters. You can use this to ensure that your wireless adapter is in "monitor" mode which is essential to sending fake ARP requests to the target router
macchanger - a tool to view and/or spoof MAC address
We firstly used Kismet to monirot wirelss traffic.
Data is collected with Airodump to collect ARP replies from the target AP.
The third step is to associate the wireless card with the AP by using aireplay.
The fourth step is to start injecting packets with aireplay.
Lastly, we decrypt the WEP key using Aircrack.
0 comments:
Post a Comment