قالب وردپرس درنا توس
Home / Tips and Tricks / The Beginner's Guide to Wi-Fi Hacking «Null Byte :: WonderHowTo

The Beginner's Guide to Wi-Fi Hacking «Null Byte :: WonderHowTo

Hacking Wi-Fi is much easier than most people think, but the paths to it are grouped around a few common techniques that most hackers use. With a few simple actions, the average user can go a long way in defense against the five most common methods of Wi-Fi hacking, including password cracking, social engineering, WPS attacks, remote access, and rogue access points.

Our video covers everything you need to know, but you can also read the following article for more details on each method. And of course, it's always here if you want to follow the written instructions more than video tutorials.

Method 1: Password Cracking

Password cracking is a tried and tested method of breaking into a Wi-Fi network, relying on the user choosing an incorrect password. While this attack can unfold in many ways, there are generally two ways in which a user can become a victim of this attack.

The first is to lock a target using an insecure encryption type called WEP, rather than the more modern WPA, which is standard on most networks. By using a WEP key, even a sophisticated password can be broken in minutes, which does not make it very effective.

There are many tools to hack WEP networks, but simple command-line tools such as Besside-ng can locate and split WEP networks with Kali-compatible wireless network adapters

  Aircrack-ng 1.2 rc4

[00:00:02] Tested 14115 Keys (got 20198 IVs)

KB depth byte (vote)
0 0/1 61 (30208) 68 (26112) DC (26112) E3 (24832) 5D (24576) 6E (24576) ED (24320) 08 (24064) 43 (24064)
1 1/16 4C (26368) BD (26112) 6F (25600) AE (25088) 00 (25088) A5 (24832) A6 (24576) A4 (24320) EF (24320)
2 0/36 46 (25856) CE (25600) D1 (25088) DE (24832) E1 (24832) 89 (24832) C7 (24576) C8 (24320) E3 (24320)
3 1/4 79 (26880) 10 (25088) 25 (25008) 51 (24832) 6F (24832) D2 (24832) 45 (24576) 6C (24576) 70 (24576)
4 1/8 4F (27648) 64 (26368) E4 (25600) 5D (25600) 97 (25344) FD (25088) 05 (25088) AC (24576) 59 (24320)

KEY FOUND! [ 61:4C:46:32:4F ] (ASCII: aLF20)
Decrypted correctly: 100%

root @ skickar: ~ # _ 

The second way of cracking passwords attacks the more secure WPA method of encryption and includes brute forcing the password. If a hacker hurls devices out of the target network for a few seconds, he can force devices to connect to the network and exchange a sequence of packets called a four-way handshake.

This handshake is enough for a hacker Try to guess a huge list of passwords against the detected handshake. Using the computer's computing power, a hacker can quickly test millions of passwords, breaking bad passwords in minutes or hours. WPA cracking tools are increasingly mature and include Airgeddon, Besside-ng and Aircrack-ng. These tools can be used to capture and crack network passwords from the intercepted handshake.

For the end user, this means that you have to assume that every user can take a four-way handshake from your network. If your password is weak or you use it elsewhere, it could be a cause for concern, depending on how much time an attacker has to spend to brutally force it.

Solution: Better Passwords

Hackers rely on a few common habits to be effective with password cracking. Using stolen passwords collected from real user accounts is a common tactic that exploits users' tendency to reuse their preferred passwords and increases the likelihood that passwords from a service you've signed up for get lost. Typically, do not reuse passwords because this forces you to trust each service that you will never lose your password.

The use of password managers such as LastPass and KeePassX may make it easier to use unique passwords such as passwords, phone numbers, addresses, or anything particularly obvious. Instead, choose longer passwords that are unique and not based on information or interests that you have published.

You can also use tools to determine if someone has joined your network that is not authorized. By downloading the free, cross-platform Fing application to your smartphone, you can scan and take stock of all the networks you're connected to. If a device is attached that should not be, you have the evidence that an unauthorized user is connected and can take action to disable it by changing the password or resetting the router.

Image of SADMIN / Null Byte

Method 2: Social Engineering Attacks

Social engineering attacks can look very different, and that makes them sometimes so hard to recognize. In general, a social engineering attack will be based on tricking the user instead of using a technical exploit, so a victim may not realize that something has happened.

There are many reasons why you should not give anyone your work or home Wi-Fi password, and very few reasons why you should if you do not trust them. It's important to remember a few facts about Wi-Fi:

  • Wi-Fi allows you to communicate directly with devices on your network, such as the Internet. Webcams, desktop computers and other devices that may be wired. If you use the Wi-Fi password, you can try to log in or attack these devices.
  • The Wi-Fi password allows an attacker to change the information that you or others see on your network when you visit web pages or use the Internet
  • Once someone is on your network, they can access the router and build a persistent remote backdoor that prevents you from shooting it out, even if you change the password.

Solution: Always Be Suspicious

When you spot a social engineering attack, you can generally discover a few things that could prevent you from having access to something that you do not want. If someone presents a story in which the solution is to hand over your Wi-Fi credentials, try seeing an alternate solution, such as "I can see it for you," and see if they focus on the password. [19659005] Many networks provide the ability to create a guest network that does not allow communication with other devices on the network so that users do not log on to the router or attempt to force passwords. These systems should also be isolated from all major components, and guest networks should limit all users to their own subnets to minimize the risk of sharing a password. It is also recommended that you change your Wi-Fi password at regular intervals, at least every six months, and keep track of who has access.

Finally, you should apply the principle of least rights, ie, only indicate your password in case of an emergency. If someone has a burning desire to receive the Wi-Fi password, ask yourself why, and treat it as seriously as issuing a PIN for a bank account. If you do not have the time to secure your network beyond what the average person does, you do not risk letting someone in whom you do not trust.

Method 3: WPS PIN Attacks

WPS setup PIN attacks have been widely used since their discovery, allowing for brute-forcing attacks such as Reaver to potentially setup PIN guesswork to chew and break into each affected router in about seven hours. This is due to the poor password password selection, and the attack completely bypasses the password set by the user. Even with the world's most secure, secret password, a Reaver-prone router can be broken by anyone within reach and completely crushed by it.

The WPS setup PIN can not be changed, unlike a password. image from audioreservoir / flickr

While Reaver was scary enough, the development of WPS Pixie-Dust brought a new generation of vulnerabilities. This attack exploited errors in the way many routers set random values, and dramatically changed the way hackers used WPS setup PINs. With WPS Pixie-Dust, a compromised router could be compromised in minutes or seconds, not hours.

Once an attacker has your WPS Setup PIN, they can always put their router's password aside, no matter how many times you change it. Since many routers can not change the PIN, this means that the router will be permanently compromised as long as the setting remains enabled. This will often give them administrative access to the router, and will be a big hole in the security of a network that otherwise provides strong security.

Solution: Disabling WPS & Testing with Testing

While many routers provide the convenience of WPS setup PINs, most can be disabled to prevent Reaver or Pixie dust attacks from succeeding. To do this, you must log in to your router's settings and look for the part of the page that points to the "WPS Setup" or "WPS Access" settings. Once you are there, disable the WPS setup PIN. Restart the router and verify that the setting is still disabled.

While this may be sufficient for some routers, older models may say that they have disabled the WPS setup PIN, although in reality they are still responding to WPS and Pixie Dust attacks. If you suspect this is the case, it would be wise to run a tool like Wash that finds any network near where the WPS PIN is enabled. If your router appears in this list even though you've changed the setting, it's probably time to buy a new router.

Under Kali Linux, you can run the Wash command if you have wireless network adapter. If you do, put it in monitor mode and type the following to show nearby vulnerable networks:

  wash -i {monitor-interface} 

You should see something like the output below. Here we see a network called TRENDnet on channel 9 with WPS version 1.0. This means that the device has either enabled the setting or it is not possible to disable the setting for this particular model of the router.

  root @ kali: ~ / reaver-wps-fork-t6x / src # wash -i mon0

Wash v1.5.2 Wireless Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner 
Mod from t6_x  & DataHead & Soxrok2212 & Wiire & kib0rg

BSSID channel RSSI WPS Verison WPS-locked ESSID
-------------------------------------------------- ------------------------------------

D8: EB: 97: 13: BF: D9 9 00 1.0 No TRENDnet 

Method 4: Remote Access Attacks

Although remote access can be a handy feature, enabling this feature by default is a terrible idea. The reason why this is not advisable is due to the way in which devices are discovered and indexed on services such as Shodan. This search engine indexes all devices with ports that are directly exposed to the Internet, such as: IP cameras, routers and IoT devices. Although this should not be enabled by default, this setting is enabled on many devices for convenience and comes with easy-to-guess standard credentials.

Picture of OccupyTheWeb / Null Byte

The risk of remote access comes from two different sources, external and internal. Once a device has been discovered by Shodan, it is only It's still a matter of time before someone, be it a hacker or a bot, logs on. An external attacker usually relies on a list of default passwords. Then they can turn to other devices in the network. This is especially bad if the router is exposed because an attacker who compromises the router can take over the entire network.

The internal risk of this attack is that someone with temporary access over LAN or the Wi-Fi password can enable remote management, then just go and wait their time. Each time you want to remotely connect to the network, you can simply sign in with the credentials that you have set up for it. Oftentimes, routers have this feature and are easily activated so that an attacker can use the current access to install a permanent backdoor.

Solution: Disabling Remote Access & Port Forwarding

The first step you can take Make sure that your devices do not expose ports directly to the Internet by logging into the Administration Portal and looking for a tab that contains the Contains rules or settings for port forwarding. This is the section of the router where you can add port forwarding rules, and it may be under the Advanced tab on some devices. If you find the page, you should expect to see no port forwarding rules there, as shown in the screenshot below.

Takhion / Null Bytes 19659025] However, if rules have already been entered on the port forwarding page of your router, you should immediately determine whether they are from an authorized or necessary reason were activated. If not, you should disable these settings immediately. While these rules allow things like accessing webcams from an external network or app, it's usually not worth the risk if you do not recognize them.

Method 5: Rogue Access Points

A rogue access point is a W-Fi network that causes users to connect. After that, it will be able to steal passwords, control your Internet experience and spy on connected devices. Hackers using rouge access points do not need an expensive setup, as there are tools like the Wi-Fi Pumpkin running on simple, low-cost hardware like the Raspberry Pi.

A simple setup like this can force a user off his normal network with a series of de-authentication attacks. Once the frustrated user determines that he can not use his normal network, a similarly named network is provided without a password to lure the user.

Image of SADMIN / Null Byte

After connecting, this fake network often behaves as if the router were installing an update or otherwise restarting it, and asks for a password to reboot. While this may seem suspicious, the average user focused on their work simply wants to deal with the distraction quickly and easily enter their Wi-Fi password.

Tools such as Airgeddon give hackers tremendous flexibility in creating fake APs, and the Evil Twin Attack module uses a customizable phishing page to help hackers automatically generate phishing pages in multiple languages. While these attacks are impressive, they do work by getting a user to connect to a network other than the one he trusts.

The way your laptop and your phone look for Wi-Fi may also be enough to connect if you use many free Wi-Fi networks that do not require a password. If your phone or laptop sends sounding frames that ask if recently connected networks are available, attackers can create a spoofed Wi-Fi network with the same name as the device your device is looking for. If the network does not have a password, your device connects seamlessly without warning you.

Movie Stars Solution: Spot Sign of a Rogue AP

If you use Wi-Fi, you should always know which network you have connected to your computer. It's easy to test this by turning on your personal hotspot on your phone and giving the network the name of a café where you've been using Wi-Fi lately and no password. If your computer automatically connects, it's likely that you would not even know if an attacker will take over your Internet connection.

The way computers store connected wireless networks is not very intelligent, and most computers will automatically join any network with the same name as a network they have previously joined. The exception to this rule is when the network has different security settings than the one previously visited, such as the sudden requirement of a password.

On Windows, you can set the automatic connection setting within range.

You should access your computer's Wi-Fi settings and delete any networks that you no longer want to connect to. Above, you can see the wireless settings for a network on a Windows system. In the following, a macOS system provides options for prioritizing or deleting previously connected networks.

If you do not want your computer's connection to be taken over by a random network, forget you were connected weeks ago, make sure you delete it and test to make sure your computer does not connect to networks with the same name.

Next, it is advisable to connect to unknown networks if possible to establish your phone's hotspot or a trusted network. If possible, make sure you use a VPN to ensure that even if your connection is intercepted, it's not so easy to embed content in web pages to steal your credentials. When using a VPN, make sure that you contact your nearest café to a Google Starbucks Wi-Fi network that is conveniently available, or only use a new one if your trusted network does not work. [19659011] Stay safe outside!

Wi-Fi hacking can take many forms, but by tightening your defense mechanisms and making sure there are no easy routes into your network, you can make it much harder for someone who wants to break into your network. There are two areas where you need to be sure when it comes to Wi-Fi to secure your personal Wi-Fi network and to make sure you are cautious and skeptical when using a network that you do not check.

In general, VPN services are helpful because they allow you to create an encrypted traffic tunnel that prevents the traffic owner from seeing what you are doing, but this does not protect you from the other risks of connecting to unknown ones Networks. Stay safe, and if you're using Wi-Fi and the only option is a network that you do not trust, you should use your phone's hotspot instead.

I hope you liked this guide to warding off Wi-Fi hacking! If you have questions about this guide or the hacking instructions for Wi-Fi, you can leave a comment or contact me on Twitter @KodyKinzie .

Do not miss: How to protect yourself from Facebook Password Crackers

Cover image and screenshots of Kody / Null Byte (unless otherwise stated)

Source link