The use of wireless networks has increased exponentially over the last decade or so. Wi-Fi is being
extensively used not only by corporate organizations but also by individuals and home users. If you walk
or drive through your city you may find tons of wireless networks.
The wireless hacking methodology consists of the following basic steps:
1. Discovering Wi-Fi networks :-
This is the first step in making an attempt to compromise a Wi-Fi network. In this step, various Wi-Fi discovery tools (like NetStumbler, NetSurveyor, and so on) are used to scan the available networks within range.
2. GPS mapping :-
Once a list of Wi-Fi networks is obtained, it can then be geographically visualized using maps. WiGLE is one such web-based service, which accepts feeds from Wi-Fi scanners and shows the listed networks on maps.
3. Wireless traffic analysis :-
This step involves setting up the correct hardware and software for Wi-Fi hacking. Some operating systems, like Windows, allow you to listen to traffic but don’t permit you to inject Wi-Fi traffic, while others, like Linux, allow both. Also, some important tools used in Wi-Fi hacking like Aircrack-ng work only with specific Wireless adapters. Once the right hardware and software has been set up, tools like Wireshark can be used to analyze wireless traffic.
4. Execute attacks :-
Once the initial reconnaissance has been done, it’s time to execute attacks on the target wireless network.
- Fragmentation attack :- By launching a successful fragmentation attack, we can obtain up to 1500 bytes of PRGA (Pseudo Random Generation Algorithm). This attack doesn’t reveal the WEP key but just fetches the PRGA. Once the PRGA is obtained, it can be used to generate packets that are then used for various wireless injection attacks.
- MAC-spoofing :- Many access points have MAC filtering enabled. This means only those devices whose MAC ID is in the access point’s whitelist can connect to the wireless network. To bypass this, MAC address spoofing can be used to change the MAC address of a wireless adapter to the one matching the access point’s MAC whitelist. SMAC is one such tool on Windows that helps change the MAC address of network adapters.
- De-authentication attack :- This type of attack is used to forcefully disconnect users who are actively connected on the target access point. This is a type of denial-of-service attack.
- Man-in-the-middle attack :- In this type of attack the attacker first deauthorizes a valid active user from the access point then forces the victim user to connect to a fake access point, and finally intercepts all the data that the victim sends and receives during the session.
- Evil twin attack :- In this type of attack the attacker sets up an access point that pretends to be legitimate by imitating another genuine access point within the area. Users connect to the rogue access point, which is exactly the twin of the original access point. Once the users are associated with the rogue access point, the attacker can then intercept and tamper all network traffic passing through it.
5. Break Wi-Fi encryption :-
The next step involves finding the encryption key used in the target wireless network. The Aircrack toolset, which includes tools like airmon-ng , airodump-ng , airreplay-ng and aircrack-ng , can be effectively used to crack the encryption key.
Also Read –