Posts Tagged WLAN
Protect your Holiday! (part 2)
Posted by Mourad Ben Lakhoua in Pentesting, Tools on July 12, 2009
In this add we will go deeper in the WLAN pentesting. Not to test the performance of the Access points but to check the type of encryption and the level of encryption for this wireless network.
I picked Kismet for the fourth tool list. Kismet not only search for wireless network but also works as an Intrusion detection system and sniffer. The interesting feature in kismet which we do not find in Netstumbler or other tools is that it uses passive collecting packets, which make the operation undetectable. The method used helps in finding out some information about clients, even detecting the hidden network.
Kismet can automatically identify the user IP’s, capturing TCP, UDP, ARP and DHCP packets. Dumping information in format for wireshark / TCPDump and even identify the destination gateway (also supports GPS).
Aircrack-ng is a full package for cracking 802.11 WEP (Wired Equivalent Privacy) Encryption and WPA/WPA2-PSK keys for Wi-Fi Network.
The software package includes several tools airodump (network sniffer 802.11), aircrack (WEP and brute force WPA-PSK), airdecap( decoder for WEP/WPA files) .generally it is necessary for cracking WEP to have the exact number of packet capturing. As soon as you have the same number of network frame, aircrack will prepare a statistic attack on WEP key. Currently aircrack-ng includes three ways for recovering keys:
• First method with the PTW-attack , the main advantage of this technique is that you don’t need a big amount of packets to crack the WEP keys but the PTW-attack works only with the arp packets and this is the point of weakness , In a future version, aircrack-ptw could be extended to work with other packets too.
• The Second way with FMS/KoreK attack, in this method you will need a big amount of packets to crack WEP-keys and this work with the static influence (FMS,KoreK,Brut force).
• The third way with the dictionary attack (wordlist).
The full version of Aircrack-ng runs only under Linux system you can also find it in the BackTrack live CD. On the official website there is a windows version in which they warn that you need to develop your own DLLs to link aircrack-ng to your wireless card.
The final tool for this post will be Technitium, Technitium can help users change the Mac address of their machine. Network administrators are applying on the AP Mac restriction to not allow outsider get access to the network as a security measure this technique helps in providing network access only for machines that are listed by the administrator.
By using Airodump you can easily identify the clients Mac addresses on the network, but you will not be able to access the wireless network unless the client is connected.
On the next post of Protect your Holiday we will see how to ignore a user from a wireless network and take his place on the WLAN.
To be continued….
make sure you subscribe to my RSS feed!
(Picture from Scott Ableman)
Protect your Holiday!
Posted by Mourad Ben Lakhoua in Pentesting, Tools on July 11, 2009
Now a day we can find Wireless network everywhere in the airport, hotels, coffee shops and neighbors.
But if we search on these networks we rarely find secure ones that respect security issues for users, staff and also for home use, I wanted on this post to share some interesting tools at this time while summer is considered the season of holidays and leisure.
The first one is Netstumbler, this tool is considered as one of the best and most popular Wardriving tool. Network stumbler will search for the AP location and export info in a logfile which next can helps in converting the log in Google KML format and in a few seconds shows the location on Google Maps or Google Earth if you have it on your Pc.
For locating the active access points Netstumbler uses an active scanner so not just detecting the signal but in each second it sends a special frame (LC/SNAP frame) that helps to have a new IDS system.
Well the negative point in this tool that it runs just under windows XP and this scanner does not help in detecting the hidden access points and the information provided by this tool are not fantastic, for example it just indicates that the Wi-Fi are using encryption without providing information about the type of encryption used. So this tool we can start with to have some graphs and starting information about the network.
The second tool I have chosen is Vistumbler, Vistumbler supports Windows Vista and windows 7, supports GPS, and the funny point in this tool that it is developed using AutoIt Scripting Language.
Another utility for pentesting wireless network is inSSIDer the fact that Netstumbler do not support windows vista and even 64-bit XP Charle Pulney decided to make his own tool for searching wireless network that has been published in The Code Project. This application has a beautiful interface based on a Native Wi-Fi API and uses like Netstumbler the active method scan.
These tools can help in testing the performance of your WLAN but there still other to come.
To be continued….
make sure you subscribe to my RSS feed!
SUBSCRIBE
Latest Comments