In this add we will go deeper in the WLAN pentesting. Not to test the performance of the Access points but to check the type of encryption and the level of encryption for this wireless network.
I picked Kismet for the fourth tool list. Kismet not only search for wireless network but also works as an Intrusion detection system and sniffer. The interesting feature in kismet which we do not find in Netstumbler or other tools is that it uses passive collecting packets, which make the operation undetectable. The method used helps in finding out some information about clients, even detecting the hidden network.
Kismet can automatically identify the user IP’s, capturing TCP, UDP, ARP and DHCP packets. Dumping information in format for wireshark / TCPDump and even identify the destination gateway (also supports GPS).
Aircrack-ng is a full package for cracking 802.11 WEP (Wired Equivalent Privacy) Encryption and WPA/WPA2-PSK keys for Wi-Fi Network.
The software package includes several tools airodump (network sniffer 802.11), aircrack (WEP and brute force WPA-PSK), airdecap( decoder for WEP/WPA files) .generally it is necessary for cracking WEP to have the exact number of packet capturing. As soon as you have the same number of network frame, aircrack will prepare a statistic attack on WEP key. Currently aircrack-ng includes three ways for recovering keys:
• First method with the PTW-attack , the main advantage of this technique is that you don’t need a big amount of packets to crack the WEP keys but the PTW-attack works only with the arp packets and this is the point of weakness , In a future version, aircrack-ptw could be extended to work with other packets too.
• The Second way with FMS/KoreK attack, in this method you will need a big amount of packets to crack WEP-keys and this work with the static influence (FMS,KoreK,Brut force).
• The third way with the dictionary attack (wordlist).
The full version of Aircrack-ng runs only under Linux system you can also find it in the BackTrack live CD. On the official website there is a windows version in which they warn that you need to develop your own DLLs to link aircrack-ng to your wireless card.
The final tool for this post will be Technitium, Technitium can help users change the Mac address of their machine. Network administrators are applying on the AP Mac restriction to not allow outsider get access to the network as a security measure this technique helps in providing network access only for machines that are listed by the administrator.
By using Airodump you can easily identify the clients Mac addresses on the network, but you will not be able to access the wireless network unless the client is connected.
On the next post of Protect your Holiday we will see how to ignore a user from a wireless network and take his place on the WLAN.
To be continued….
make sure you subscribe to my RSS feed!
(Picture from Scott Ableman)