Embed Size (px)
Citation preview
AICT Assignment
Feb 2011 HOW TO HACK A WiFi?
Below is a list of five different tools which are used for wi-fi hacking. It explains their working and salient features in brief.
1) NetStumbler
NetStumbler, a wireless networking tool created by Marius Milner, is used to locate open Wireless LANs (802.11b, 802.11a and 802.11g WLAN standards most preferably). It is compatible with Windows 2000, Windows XP and above.
Features:
NetStumbler is able to report accurate noise and signal strength levels. NetStumbler can be used for wardriving i.e. driving around looking for wireless
networks. NetStumbler is helpful in verifying network configurations NetStumbler detects unauthorized ("rogue") access points. Being an “active scanner”,
NetStumbler emits a "probe request frame" and listens for a "probe response frame".
2) Kismet
Kismet is a software used to analyze wireless network traffic, sniff packets and detect intrusion for an 802.11 wireless LAN. Kismet comfortably works with raw monitoring mode supported wireless cards. It is compatible with various operating systems such as Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X.
1 MUHAMMAD SAAD ACB 11 AICT B
AICT Assignment
Feb 2011 HOW TO HACK A WiFi?
Features:
Kismet is a “passive sniffer” i.e. it does not send any packets at all. Instead, it puts wireless client adapter into RF monitor mode and listens to all wireless traffic. Consequently, wireless card cannot maintain a functional network connection while under Kismet control.
Kismet also includes basic wireless IDS(intrusion detection system) features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.
Kismet has the ability to log all sniffed packets and save them in a Wireshark or Airsnort compatible fileformat.
Kismet detects more Access Points than NetStumbler. Kismet will detect the presence of those hidden APs as well as “not configured networks” which do not respond to NetStumbler’s probe request because Kismet sees all network management traffic
3) Airsnort
Airsnort is a tool which is used to recover encryption keys in case if a “Wired Equivalent Privacy” (WEP) standard is providing security for an 802.11b network. It is compatible with Linux and Microsoft Windows. Though it is free but is not being maintained anymore. Therefore Aircrack-NG is gaining more popularity as an alternative.
2 MUHAMMAD SAAD ACB 11 AICT B
AICT Assignment
Feb 2011 HOW TO HACK A WiFi?Features:
To crack a WEP password, Airsnort needs a certain number of packets with weak keys. Out of the sixteen million keys which can be generated by WEP cards, about nine thousand are weak (for 128 bit encryption.) Airsnort can guess most passwords after about two thousand packets containing weak keys.
Airsnort recovers encryption keys by passively monitoring transmissions and computing the encryption key when enough packets (approximately 5-10 million) have been collected.
Once enough packets have been gathered, Airsnort is capable of guessing the encryption password in under a second.
4) Cowpatty
Cowpatty, a brute-force cracking tool, is used to crack the WPA(Wi-Fi Protected Access)-PSK(Pre-shared Key) protection by testing several passwords one by one. Cowpatty needs a dictionary file for the purpose which it searches for different options and tries to match them with the PSK. It is compatible with Microsoft Windows.
Features:
Cowpatty has a fairly simple working. After being provided with a password list, a capture file with a complete EAP(Extensible Authentication Protocol)four-way handshake, as well as the SSID(service set identifier)for the target network, Cowpatty works out the password by searching for different options and tries to match them with the PSK.
Cowpatty can try a maximum of 30–60 words per second which makes it a slow tool. By the end of day a cracker would have tested only 3,888,000 words which when compared with the fact that there are 208,827,064,576 possible ways to create the minimum eight-
3 MUHAMMAD SAAD ACB 11 AICT B
AICT Assignment
Feb 2011 HOW TO HACK A WiFi?letter password, reveals that it would take more than 53710 days to crack. Normally all WPA-PSK passwords are greater than eight characters.
However, Cowpatty can quickly rule out the standard weak passwords, which is a plus point.
“The Church of Wifi” has produced some lookup tables for 1000 SSID's computed against a 170,000 word password file. The resultant table are approximately 7 Gigabytes in size and can be downloaded via Torrent.
5) Wireshark
Wireshark is a free network protocol analyzer created by Gerald Combs. It browses the traffic running on a number of types of network, including Ethernet, IEEE 802.11, PPP, and loopback. It is used for network troubleshooting, analysis and software and communication protocol development. It is compatible with Linux, Mac OS X, BSD, Solaris and Microsoft Windows.
Features:
Wireshark makes dissecting network traffic an easier task. This program is extremely powerful and highly customizable.
Wireshark can also detect VOIP calls in the captured traffic and, if encoded properly, can also play the media flow.
Wireshark can also capture raw USB traffic
4 MUHAMMAD SAAD ACB 11 AICT B
AICT Assignment
Feb 2011 HOW TO HACK A WiFi? Wireshark can be used in the network forensics process though it does not work well with
large network capture files
5 MUHAMMAD SAAD ACB 11 AICT B
