Hacking Wireless Networks - Wireless Hacking Methodology

What are the following steps to perform wireless hacking?

Wi-Fi discovery ▪ Wireless traffic analysis ▪ Launch of wireless attacks ▪ Wi-Fi encryption cracking ▪ Wi-Fi network compromising

What does an attack on a wireless network begin with?

Discovery and Footprinting

What method allows an attacker to detect the existence of an AP by sniffing the packets from airwaves?

Passive Footprinting Method

What method involves the attacker’s wireless device sends a probe request with the SSID to an AP and waits for a response. the attacker’s wireless device sends a probe request with the SSID to an AP and waits for a response?

Active Footprinting Method

If the wireless device does not have the SSID in advance, it can send a probe request with an empty SSID. In the case of a probe request with an empty SSID, most APs respond with their own SSID in a probe response packet. Consequently, empty SSIDs are useful in learning the SSIDs of APs.

What tool is used to discover active wireless networks?

inSSIDer

What technique does an attacker walk around with Wi-Fi-enabled laptops installed with a wireless discovery tool to map out open wireless networks?

WarWalking

What technique does an attacker draw symbols in public places to advertise open Wi-Fi networks?

WarChalking

What technique does an attacker use drones to detect open wireless networks?

WarFlying

What technique does an attacker drive around with Wi-Fi-enabled laptops installed with a wireless discovery tool to map out open wireless networks?

WarDriving

What tools do attackers use to discover Wi-Fi networks for launching attacks?

Laptop with a Wi-Fi card ▪ External Wi-Fi antenna ▪ Network discovery software

What tools are used to discover Wi-Fi networks in range to attack?

inSSIDer, NetSurveyor, Wi-Fi Scanner, and Acrylic WiFi Heatmaps

What tool is a Wi-Fi optimization and troubleshooting tool that scans for wireless networks with the user’s Wi-Fi adapter so that the user can visualize their signal strengths and the channels they are using?

Features include - Inspects WLAN and surrounding networks to troubleshoot competing APs o Tracks the strength of a received signal in terms of dBm over time and filters APs o Highlights APs for areas with high Wi-Fi concentration o Exports Wi-Fi and GPS data to a KML file to view in Google Earth o Shows overlapping Wi-Fi network channels

inSSIDer

What tool is a GUI-based comprehensive 2.4 GHz and 5 GHz Wi-Fi spectral awareness tool that allows attackers to integrate software-defined radio (HackRF), advanced Bluetooth tools (Ubertooth), traditional GPS (via gpsd), and drone/rover GPS (via mavlink) to discover Wi-Fi access points, identify SSIDs, perform source hunting, and conduct spectrum analysis. It offers import/export capabilities for CSV and JSON, and can produce Google Maps for the discovered devices?

Sparrow-wifi

What tool is a Wi-Fi network optimization tool used to examine surrounding Wi-Fi networks, measure their signal strengths, and identify crowded channels? Used to detect nearby APs, graph the signal strengths of channels, estimate distances to APs, etc.

WiFi Analyzer

What Wi-Fi packet sniffing tools do attackers use to capture and analyze the traffic of a target wireless network?

AirMagnetTM G3 Pro, Wireshark, Riverbed Packet Analyzer, OmniPeek, and CommView

Name some addition Wi-Fi packet sniffers

Omnipeek® Network Protocol Analyzer

Name some addition Wi-Fi packet sniffers

Kismet

Name some addition Wi-Fi packet sniffers

SolarWinds Network Performance Monitor

Name some addition Wi-Fi packet sniffers

Acrylic Wi-Fi Analyzer

Name some addition Wi-Fi packet sniffers

airgeddon

What does an attacker use to discover the presence of wireless networks? Also used to employ statistical analysis to plot spectrum usage, quantify "air quality," and isolate transmission sources.

Spectrum Analyzers

What automated tool is used by attackers for the spectrum analysis of a target wireless network that can operate as a standalone, handheld RF spectrum analyzer or interface with a PC running more sophisticated data analysis software?

RF Explorer

Name an RF monitoring and spectrum analyzing tool

Chanalyzer

Name an RF monitoring and spectrum analyzing tool

AirCheck G3 Pro

Name an RF monitoring and spectrum analyzing tool

Spectraware S1000

Name an RF monitoring and spectrum analyzing tool

RSA306B USB Spectrum Analyzer

Name an RF monitoring and spectrum analyzing tool

RF Explorer 6G

Name an RF monitoring and spectrum analyzing tool

RFXpert

Name an RF monitoring and spectrum analyzing tool

Monics® 200

Name an RF monitoring and spectrum analyzing tool

Monics® satID

Name an RF monitoring and spectrum analyzing tool

Signal Hound

Name an RF monitoring and spectrum analyzing tool

FieldSENSE

What tool captures the WPA/WPA2 handshake and can act as an ad-hoc AP?

Airbase-ng

What tool is the de facto WEP and WPA/WPA2 PSK cracking tool?

Aircrack-ng

What tool decrypts WEP/WPA/WPA2 and can be used to strip wireless headers from Wi-Fi packets?

Airdecap-ng

What tool is used for the targeted, rule-based de-authentication of users?

Airdrop-ng

What tool is especially effective for gathering initialization vectors (WEP IVs) and WPA handshakes, which can then be utilized with aircrack-ng for further analysis and potential network security testing?

Aireplay-ng

What tool creates a client–AP relationship and common probe graph from an airodump file?

Airgraph-ng

What tool is used to switch from the managed mode to the monitor mode on wireless interfaces and vice versa?

Airmon-ng

What tool is used to capture packets of raw 802.11 frames and collect WEP IVs?

Airodump-ng

What tool stores and manages ESSID and password lists used in WPA/ WPA2 cracking?

Airolib-ng

What tool creates a virtual tunnel interface to monitor encrypted traffic and inject arbitrary traffic into a network?

Airtun-ng

What tool is used to identify the MAC addresses of the clients and routers for performing various attacks such as ARP poisoning, sniffing, and MITM attacks? Using this tool, an attacker can obtain all the information about the network traffic of the victim.

Ettercap

What tools can reveal hidden SSIDs?

aircrack-ng suite and mdk3

What tool is used to perform a MITM attack?

aircrack-ng

What tool is used to change (spoof) the MAC Address of your Network Interface Card (NIC) instantly?

Technitium MAC Address Changer

What MAC spoofing tools are used to change a MAC address?

Technitium MAC Address Changer and LizardSystems Change MAC Address tool

What tool is used by attackers for creating rogue APs and perform sniffing attacks and MITM attack?

MANA Toolkit

What does an attacker use to monitors station probes to create an evil twin?

KARMA

What exploits the flaws in the implementation of the four-way handshake process in the WPA2 authentication protocol, which is used to establish a connection between a device and an AP?

Key Reinstallation Attack (KRACK)

What involves an attacker installing a virtual (fake) communication tower between two authentic endpoints intending to mislead the victim. This virtual tower is used to interrupt the data transmission between the user and real tower attempting to hijack the active session? This attack is usually performed on LTE devices.

aLTEr Attack

What attack is used to gain access to an enormous number of wireless networks? In this attack, the Wi-Fi information of the nearest victims can be retrieved without using any cracking mechanisms. This attack can be used when credentials are saved in the victim’s browser, when the victim accesses the same website multiple times, and when the router uses an unencrypted HTTP connection to access the router configuration interface in the browser.

Wi-Jacking Attack

What attack is used to lure a victim to connect to the malicious Wi-Fi network using hostapd-wpe?

KARMA attack

What tool is used to inject a malicious URL and force the victim’s browser to load a malicious URL?

dnsmasq and Python scripts

What is used to login to the router to extract the victim’s WPA2 PSK and further perform any other malicious changes as necessary?

XMLHttpRequest

What involves capturing the data from a legitimate RFID tag and then creating its clone using a new chip?

RFID Cloning Attack

What is a portable RFID cloning device that can be used by attackers to clone RFID tags?

iCopy-X

What tool(s) do attackers use to clone RFID tags?

iCopy-X

What tool(s) do attackers use to clone RFID tags?

RFIDlerto

What tool(s) do attackers use to clone RFID tags?

RFIDler

What tool(s) do attackers use to clone RFID tags?

RFID Mifare Cloner

What tool(s) do attackers use to clone RFID tags?

Flipper Zero

What uses a user-defined password to initialize the TKIP, which is not crackable as it is a per-packet key, but the keys can be brute-forced using dictionary attacks?

WPA PSK

What forces the connected client to disconnect. Then, capture the re-connect and authentication packets using tools, such as aireplay; you should be able to re-authenticate in a few seconds. Then attempt to dictionary brute-force the PMK?

De-authentication Attack

What involves an attacker needing to be near the AP for a few seconds to capture the WPA/WPA2 authentication handshake?

Offline attack

What attack can an attacker perform on WPA encryption keys using a dictionary or using tools such as aircrack and aireplay?

Brute forcing of WPA keys

What tool is used to brute-force WPA keys?

aircrack

What tool is used to brute-force WPA keys?

aireplay

Which of the following is used to crack WPA/WPA2 encryption?

hashcat

Which of the following is used to crack WPA/WPA2 encryption?

EAPHammer

Which of the following is used to crack WPA/WPA2 encryption?

Portable Penetrator

Which of the following is used to crack WPA/WPA2 encryption?

WepCrackGui

Which of the following is used to crack WPA/WPA2 encryption?

Wifite

What tool is a wireless security auditing and attack software written using the Python programming language and the Python Qt graphical user interface (GUI) library that can crack and recover WPA/WPS keys and execute other network-based attacks on wireless or Ethernet-based networks?

Wifi Cracker

What is a set of vulnerabilities in the WPA3 security standard that allows attackers to recover keys, downgrade security mechanisms, and launch various information-theft attacks?

Dragonblood

What tool is used to exploit vulnerabilities and launch attacks on WPA3-enabled networks?

Dragonslayer

What tool is used to exploit vulnerabilities and launch attacks on WPA3-enabled networks?

Dragonforce

What tool is used to exploit vulnerabilities and launch attacks on WPA3-enabled networks?

Dragondrain

What tool is used to exploit vulnerabilities and launch attacks on WPA3-enabled networks?

Dragontime

What handshake method is used in WPA3?

Dragonfly (also known as SAE)

What tool is used to crack WPA3 encryption?

Aircrack-ng

What tool is used to crack WPA3 encryption?

hashcat

What is designed to be a robust and practical attack tool against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, and it has been tested against a wide variety of APs and WPS implementations?

Reaver