SlideShare a Scribd company logo

Fundamentals of network hacking

P
Pranshu Pareek

Session on cyber security

Technology
1 of 38
Download to read offline
We will start the session soon...
Cyber Security & Ethical Hacking Pratiyush Kumar Ray Technical Team Cyber Security @DSC UIET KUK How to Secure & Hack the Internet Platforms.
This session is being recorded
Disclaimer :- Please note: This session and the ones following it are purely being organized for educational and informational purposes. Any student found misusing the concepts taught in the sessions will himself/herself be held responsible for it. Pratiyush Ray and all the other members of the Developer Student Club, UIET are not liable for any damage being inflicted by any of the students who were taught under DSC, UIET. Students willing to learn Cyber Security will have to sign a declaration form accepting the above-mentioned conditions. Only after signing the declaration form will the student get access to DSC UIET's Cyber Security Slack channel and link to the remaining google meet sessions.
Kali Linux Q) Why Kali Linux? ● Kali Linux is used by hackers because it is a free OS. ● It has over 600 tools for Penetration Testing & Security Analytics. ● Kali follows an open-source model and all the code is available on Git and allowed for tweaking. ● Kali has multi-language support that allows users to operate in their native language. ● Kali Linux is completely customizable according to their comfort all the way down the kernel. https://www.kali.org/
Network Hacking Q) What is Network Hacking? ● Network Hacking is gathering an information from network and computers over the internet. Methods of Network Hacking:- ● Pre-connection Attacks ● Gaining Access ● Post-connection Attacks
Network Basics Client 1 Client 2 Client 3 Access Point Internet
Connect Wireless Adapter to Kali Problems with Built-in Wireless cards ● Can’t be used in Virtual Machines ● Most built-in cards are not good for hacking. Monitor Mode & Packet Injection 5Ghz Support Example Alfa AWUS036NHA Alfa AWUS036ACH Atheros AR9271 Realtek AR8812AU
IPV4 vs IPV6 1. 198.162.1.1 IPV4 - Internet Protocol Version 4 A:B:C:D It lies between 0-255 2. 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPV6 - Internet Protocol Version 6 A:B:C:D:E:F:G:H It lies between 0-9 , a-f, A-F Due to this limit of 255 only 4.2 Billion IP Address can connect internet but population is 7.8 Billion. IPV6 solved this issue of IPV4 but there is a problem that IPV6 cannot support old devices. Also, NAT (Network Address Translation)
MAC Address ● Media Access Control 1. Permanent 2. Physical 3. Unique ● Assigned by Manufacturer. Client 1 Client 2 Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source Mac: 00:11:11:11:11:11 Destination Mac: 00:22:22:22:22:22 Why change the MAC Address? 1. Increase Anonymity. 2. Impersonate other devices. 3. Bypass filters.
Network Hacking- Pre-connection Attacks Packet Sniffing Using Airodump-ng 1. Part of the aircrack-ng suit. 2. Airodump-ng is a packet sniffer. 3. Used to capture all packets within range. 4. Display detailed info about networks around us. 5. Connected clients...etc Use: airodump-ng[MonitorModeInterface]
Wifi Bands ● Decides the frequency range that can be used. ● Determines the channels that can be used. ● Clients need to support band used by router to communicate with it. ● Data can be sniffed from a certain band if the wireless adapter used supports that band. ● Most common WiFi Bands are: 1. a uses 5 Ghz frequency only. 2. b,g both use 2.4 Ghz frequency only. 3. n uses 5 and 2.4 Ghz. 4. ac uses frequencies lower than 6 Ghz.
Deauthentication Attack → Disconnect any client from any network. ● Works on encrypted networks(WEP,WPA,WPA2). ● No need to know the network key. ● No need to connect to the network. Use: Aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]
Process Deauth Attack Hacker Client Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source MAC: 00:11:22:33:44:55 Destination MAC: 00:22:22:22:22:22 Message: I want to disconnect
Process Deauth Attack Hacker Client Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source MAC: 00:22:22:22:22:22 Destination MAC: 00:11:22:33:44:55 Message: Ok! You are going to be disconnected.
Gaining Access WEP Cracking ● Wired Equivalent Privacy. ● Old encryption. ● Uses an algorithm called RC4. ● Still used in some networks. ● Can be cracked easily.
Gaining Access WEP Cracking ● Client encrypts data using a key. ● Encrypted packet sent in the air. ● Router decrypts packet using the key. Client Access Point Internet Data to send to the router
Gaining Access WEP Cracking ● Each packet is encrypted using a unique key stream. ● Random initialization vector(IV) is used to generate the keys streams. ● The initialization vector is only 24 bits! ● IV+Key(password)=Key stream Client Access Point Internet Data to send to the router
Gaining Access WEP Cracking ● (Initialization Vector) IV is too small(only 24 bits) ● IV is sent in plain text. Result: ● IV’s will repeat on busy networks. ● This makes WEP vulnerable to statistical attacks. ● Repeated IVs can be used to determine the key stream; ● And break the encryption. Conclusion: To Crack WEP we need to: ● Capture a large number of packets/IVs → Using airodump-ng ● Analyse the captured IVs and crack the key. → Using aircrack-ng
Gaining Access WPA/WPA2 Cracking ● Wi-Fi Protected Access (WPA) ● WPA based on TKIP (Temporal Key Integrity Protocol). ● WPA 2 based on CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). ● Both can be cracked using the same methods. ● Made to address the issues in WEP. ● Much more secure. ● Each packet is encrypted using a unique temporary key. → Packets contain no useful information.
Gaining Access WPS Crack ● WPS is a feature that can be used with WPA/WPA2. ● Allows clients to connect without the password. ● Authentication is done using an 8 digit pin. 1. 8 Digits is very small. 2. We can try all possible pins in relatively short time. 3. Then the WPS pin can be used to compute the actual password. PS: This only works if the router is configured not to use PBC (Push Button Authentication).
Capturing the Handshakes ● Fixed all weaknesses in WEP. ● Packets contain no useful data. ● Only packets that can aid with the cracking process are the handshake packets. ○ These are 4 packets sent when a client connects to the network.
Creating A Wordlist Crunch can be used to create a wordlist. Syntax: > crunch [min] [max] [characters] -t[pattern] -o[FileName] Example: > crunch 6 8 123abc$ -o wordlist -t a@@@@b Some Wordlists: 1. http://wordlist.sourceforge.net/ 2. http://www.openwall.com/mirrors/ 3. https://github.com/danielmiessler/SecLists Now, You have WPA handshake & Wordlist… Now you can hack WPA/WPA2
Securing Your Network From Hackers We know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks:- 1.Do not use WEP encryption, as we seen how easy it is to crack it regardless of the complexity of the password and even if there is nobody connected to the network. 2. Use WPA2 with a complex password, make sure the password contains small letters, capital letters, symbols and numbers. 3. Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.
Post-connection Attacks → Work against WiFi & Ethernet. → Gather more info. → Intercept data (usernames, passwords ...etc) → Modify data on the fly The Lab- Installing Windows(For Target Machine/Victim Machine) https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Post-connection Attacks Network Mapping NMAP/ZENMAP ● HUGE security scanner. ● From an IP/IP range it can discover. ○ MAC Address ○ Open ports. ○ Running services. ○ Operating system. ○ Connected clients.
Post-connection Attacks MITM ATTACKS Victim Internet Victim Internet MITM Man in the Middle
ARP Spoofing Victim Internet MITM Access Point Requests Requests Responses Responses ADDRESS RESOLUTION PROTOCOL (ARP) → Simple protocol used to map IP Address of a machine to its MAC Address.
A D CB C to A:- I have 10.0.2.6 My MAC is 00:11:22:33:44:66 ARP Spoofing IP: 10.0.2.1 MAC: 00:11:22:33:44:20 IP: 10.0.2.7 MAC: 00:11:22:33:44:55 IP: 10.0.2.6 MAC: 00:11:22:33:44:66 IP: 10.0.2.5 MAC: 00:11:22:33:44:77
ARP Spoofing Internet Hacker Access Point Victim I am at 10.0.2.1 I am at 10.0.2.7 IP: 10.0.2.7 IP: 10.0.2.1 Why ARP Spoofing is possible: 1. Clients accept responses even if they did not send a request. 2. Clients trust response without any form of verification.
ARP Spoofing USING ARPSPOOF ● Arpspoof tool to run arp spoofing attacks. ● Simple and reliable. ● Ported to most operating systems including Android and iOS. ● Usage is always the same. USE: airspoof -i [interface] -t [clientIP] [gatewayIP] airspoof -i [interface] -t [gatewayIP] [clientIP]
ARP Spoofing USING BETTERCAP ● Framework to run network attacks. ● Can be used to: ○ ARP Spoof targets (redirect the flow of packets). ○ Sniff data (urls, username, passwords). ○ Bypass HTTPs. ○ Redirect domain requests (DNS Spoofing). ○ Inject code in loaded pages. ○ And more! USE: Bettercap -iface [interface]
Understanding HTTPS HTTPS Problem: ● Data in HTTP is sent as plain text. ● A MITM can read and edit requests and responses. → not secure Solution: ● Use HTTPS. ● HTTPS is an adaptation of HTTP. ● Encrypt HTTP using TLS (Transport Layer Security) or SSL (Secure Sockets Layer).
BYPASSING HTTPS Problem: ● Most websites use HTTPS → Sniffed data will be encrypted. Solution: ● Downgrade HTTPS to HTTP
Preventing MITM Attacks Detection: 1. Analysing arp tables. 2. Using tools such as Xarp. 3. Using Wireshark. Problems: 1. Detection is not the same as prevention. 2. Only works for ARP Spoofing. Solution: 1. HTTPS everywhere plugin. 2. Using a VPN
Preventing MITM Attacks Pros Cons HTTPS Everywhere Free - Only works with HTTPs websites. - Visited domains still visible. - DNS spoofing still possible. VPN (Virtual Private Network) - Encrypts everything. - Protects from all MITM attacks. - Not Free - VPN Providers can see data. HTTPS Everywhere + VPN - Encrypts everything. - Protects from all MITM attacks. - Not free
For next Workshop Network Hacking:- 1. Burp Suite 2. Wireshark 3. Creating Fake Access Point 4. Injecting Javascript Codes 5. ARP Poisoning Attacks 6. Server Side Attacks 7. Post Exploitation Website Hacking:- 1. Information Gathering 2. File Upload Vulnerabilities 3. SQL Injection Vulnerabilities 4. Cross Site Scripting Vulnerabilities. 5. So on ...
Thank You

Recommended

New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
vanhoefm
 
Practical Verification of TKIP Vulnerabilities
Practical Verification of TKIP VulnerabilitiesPractical Verification of TKIP Vulnerabilities
Practical Verification of TKIP Vulnerabilities
vanhoefm
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Positive Hack Days
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
APNIC
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
Priyanka Aash
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
Positive Hack Days
 

Recommended

New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
vanhoefm
 
Practical Verification of TKIP Vulnerabilities
Practical Verification of TKIP VulnerabilitiesPractical Verification of TKIP Vulnerabilities
Practical Verification of TKIP Vulnerabilities
vanhoefm
 
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Критически опасные уязвимости в популярных 3G- и 4G-модемах или как построить...
Positive Hack Days
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
APNIC
 
The New Landscape of Airborne Cyberattacks
The New Landscape of Airborne CyberattacksThe New Landscape of Airborne Cyberattacks
The New Landscape of Airborne Cyberattacks
Priyanka Aash
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Строим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атакиСтроим ханипот и выявляем DDoS-атаки
Строим ханипот и выявляем DDoS-атаки
Positive Hack Days
 
G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
Nahidul Kibria
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
Joshua Johnston
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS Technologies
Salvatore Lentini
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
BlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an emailBlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat Security Conference
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Diogo Mónica
 
Aircrack
AircrackAircrack
Aircrack
Nithin Sathees
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Adventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable FunAdventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable Fun
arbitrarycode
 
WPA 3
WPA 3WPA 3
WPA 3
diggu22
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
Sahil Rai
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
Progreso Training
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
Tom Isaacson
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
amiable_indian
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
barcamp.my
 
Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
Hammam Samara
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
idsecconf
 

More Related Content

What's hot

Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
Northeast Ohio Information Security Forum
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
BlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an emailBlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat Security Conference
 
Adventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable FunAdventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable Fun
arbitrarycode
 

What's hot (20)

G3t R00t at IUT
G3t R00t at IUTG3t R00t at IUT
G3t R00t at IUT
 
Attacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise NetworksAttacking and Securing WPA Enterprise Networks
Attacking and Securing WPA Enterprise Networks
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS Technologies
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
BlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an emailBlueHat v18 || A turla gift - popping calc.exe by sending an email
BlueHat v18 || A turla gift - popping calc.exe by sending an email
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of BotnetsLeveraging Honest Users: Stealth Command-and-Control of Botnets
Leveraging Honest Users: Stealth Command-and-Control of Botnets
 
Aircrack
AircrackAircrack
Aircrack
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
 
Adventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable FunAdventures in Femtoland: 350 Yuan for Invaluable Fun
Adventures in Femtoland: 350 Yuan for Invaluable Fun
 
WPA 3
WPA 3WPA 3
WPA 3
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
 
IPv6 Security
IPv6 SecurityIPv6 Security
IPv6 Security
 
Wpa3
Wpa3Wpa3
Wpa3
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu ExploitationAhmad Siddiq Wi-Fi Ninjutsu Exploitation
Ahmad Siddiq Wi-Fi Ninjutsu Exploitation
 

Similar to Fundamentals of network hacking

Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
Hammam Samara
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
Priyanka Aash
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
Slawomir Jasek
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
ClubHack
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
Jakub Kałużny
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
EC-Council
 

Similar to Fundamentals of network hacking (20)

Cracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless NetworksCracking WEP Secured Wireless Networks
Cracking WEP Secured Wireless Networks
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu Exploitation
 
How to Hack WiFi on Windows
How to Hack WiFi on Windows How to Hack WiFi on Windows
How to Hack WiFi on Windows
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 
Challenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of viewChallenges and experiences with IPTV from a network point of view
Challenges and experiences with IPTV from a network point of view
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
DevCon 5 (July 2013) - WebSockets
DevCon 5 (July 2013) - WebSocketsDevCon 5 (July 2013) - WebSockets
DevCon 5 (July 2013) - WebSockets
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 

Recently uploaded (20)

AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Fundamentals of network hacking

  • 1. We will start the session soon...
  • 2. Cyber Security & Ethical Hacking Pratiyush Kumar Ray Technical Team Cyber Security @DSC UIET KUK How to Secure & Hack the Internet Platforms.
  • 3. This session is being recorded
  • 4. Disclaimer :- Please note: This session and the ones following it are purely being organized for educational and informational purposes. Any student found misusing the concepts taught in the sessions will himself/herself be held responsible for it. Pratiyush Ray and all the other members of the Developer Student Club, UIET are not liable for any damage being inflicted by any of the students who were taught under DSC, UIET. Students willing to learn Cyber Security will have to sign a declaration form accepting the above-mentioned conditions. Only after signing the declaration form will the student get access to DSC UIET's Cyber Security Slack channel and link to the remaining google meet sessions.
  • 5. Kali Linux Q) Why Kali Linux? ● Kali Linux is used by hackers because it is a free OS. ● It has over 600 tools for Penetration Testing & Security Analytics. ● Kali follows an open-source model and all the code is available on Git and allowed for tweaking. ● Kali has multi-language support that allows users to operate in their native language. ● Kali Linux is completely customizable according to their comfort all the way down the kernel. https://www.kali.org/
  • 6. Network Hacking Q) What is Network Hacking? ● Network Hacking is gathering an information from network and computers over the internet. Methods of Network Hacking:- ● Pre-connection Attacks ● Gaining Access ● Post-connection Attacks
  • 7. Network Basics Client 1 Client 2 Client 3 Access Point Internet
  • 8. Connect Wireless Adapter to Kali Problems with Built-in Wireless cards ● Can’t be used in Virtual Machines ● Most built-in cards are not good for hacking. Monitor Mode & Packet Injection 5Ghz Support Example Alfa AWUS036NHA Alfa AWUS036ACH Atheros AR9271 Realtek AR8812AU
  • 9. IPV4 vs IPV6 1. 198.162.1.1 IPV4 - Internet Protocol Version 4 A:B:C:D It lies between 0-255 2. 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPV6 - Internet Protocol Version 6 A:B:C:D:E:F:G:H It lies between 0-9 , a-f, A-F Due to this limit of 255 only 4.2 Billion IP Address can connect internet but population is 7.8 Billion. IPV6 solved this issue of IPV4 but there is a problem that IPV6 cannot support old devices. Also, NAT (Network Address Translation)
  • 10. MAC Address ● Media Access Control 1. Permanent 2. Physical 3. Unique ● Assigned by Manufacturer. Client 1 Client 2 Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source Mac: 00:11:11:11:11:11 Destination Mac: 00:22:22:22:22:22 Why change the MAC Address? 1. Increase Anonymity. 2. Impersonate other devices. 3. Bypass filters.
  • 11. Network Hacking- Pre-connection Attacks Packet Sniffing Using Airodump-ng 1. Part of the aircrack-ng suit. 2. Airodump-ng is a packet sniffer. 3. Used to capture all packets within range. 4. Display detailed info about networks around us. 5. Connected clients...etc Use: airodump-ng[MonitorModeInterface]
  • 12. Wifi Bands ● Decides the frequency range that can be used. ● Determines the channels that can be used. ● Clients need to support band used by router to communicate with it. ● Data can be sniffed from a certain band if the wireless adapter used supports that band. ● Most common WiFi Bands are: 1. a uses 5 Ghz frequency only. 2. b,g both use 2.4 Ghz frequency only. 3. n uses 5 and 2.4 Ghz. 4. ac uses frequencies lower than 6 Ghz.
  • 13. Deauthentication Attack → Disconnect any client from any network. ● Works on encrypted networks(WEP,WPA,WPA2). ● No need to know the network key. ● No need to connect to the network. Use: Aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]
  • 14. Process Deauth Attack Hacker Client Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source MAC: 00:11:22:33:44:55 Destination MAC: 00:22:22:22:22:22 Message: I want to disconnect
  • 15. Process Deauth Attack Hacker Client Access Point Internet Mac= 00:11:11:11:11:11 Mac= 00:11:22:33:44:55 Mac= 00:22:22:22:22:22 Source MAC: 00:22:22:22:22:22 Destination MAC: 00:11:22:33:44:55 Message: Ok! You are going to be disconnected.
  • 16. Gaining Access WEP Cracking ● Wired Equivalent Privacy. ● Old encryption. ● Uses an algorithm called RC4. ● Still used in some networks. ● Can be cracked easily.
  • 17. Gaining Access WEP Cracking ● Client encrypts data using a key. ● Encrypted packet sent in the air. ● Router decrypts packet using the key. Client Access Point Internet Data to send to the router
  • 18. Gaining Access WEP Cracking ● Each packet is encrypted using a unique key stream. ● Random initialization vector(IV) is used to generate the keys streams. ● The initialization vector is only 24 bits! ● IV+Key(password)=Key stream Client Access Point Internet Data to send to the router
  • 19. Gaining Access WEP Cracking ● (Initialization Vector) IV is too small(only 24 bits) ● IV is sent in plain text. Result: ● IV’s will repeat on busy networks. ● This makes WEP vulnerable to statistical attacks. ● Repeated IVs can be used to determine the key stream; ● And break the encryption. Conclusion: To Crack WEP we need to: ● Capture a large number of packets/IVs → Using airodump-ng ● Analyse the captured IVs and crack the key. → Using aircrack-ng
  • 20. Gaining Access WPA/WPA2 Cracking ● Wi-Fi Protected Access (WPA) ● WPA based on TKIP (Temporal Key Integrity Protocol). ● WPA 2 based on CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol). ● Both can be cracked using the same methods. ● Made to address the issues in WEP. ● Much more secure. ● Each packet is encrypted using a unique temporary key. → Packets contain no useful information.
  • 21. Gaining Access WPS Crack ● WPS is a feature that can be used with WPA/WPA2. ● Allows clients to connect without the password. ● Authentication is done using an 8 digit pin. 1. 8 Digits is very small. 2. We can try all possible pins in relatively short time. 3. Then the WPS pin can be used to compute the actual password. PS: This only works if the router is configured not to use PBC (Push Button Authentication).
  • 22. Capturing the Handshakes ● Fixed all weaknesses in WEP. ● Packets contain no useful data. ● Only packets that can aid with the cracking process are the handshake packets. ○ These are 4 packets sent when a client connects to the network.
  • 23. Creating A Wordlist Crunch can be used to create a wordlist. Syntax: > crunch [min] [max] [characters] -t[pattern] -o[FileName] Example: > crunch 6 8 123abc$ -o wordlist -t a@@@@b Some Wordlists: 1. http://wordlist.sourceforge.net/ 2. http://www.openwall.com/mirrors/ 3. https://github.com/danielmiessler/SecLists Now, You have WPA handshake & Wordlist… Now you can hack WPA/WPA2
  • 24. Securing Your Network From Hackers We know how to test the security of all known wireless encryptions (WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks:- 1.Do not use WEP encryption, as we seen how easy it is to crack it regardless of the complexity of the password and even if there is nobody connected to the network. 2. Use WPA2 with a complex password, make sure the password contains small letters, capital letters, symbols and numbers. 3. Ensure that the WPS feature is disabled as it can be used to crack your complex WPA2 key by brute-forcing the easy WPS pin.
  • 25. Post-connection Attacks → Work against WiFi & Ethernet. → Gather more info. → Intercept data (usernames, passwords ...etc) → Modify data on the fly The Lab- Installing Windows(For Target Machine/Victim Machine) https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
  • 26. Post-connection Attacks Network Mapping NMAP/ZENMAP ● HUGE security scanner. ● From an IP/IP range it can discover. ○ MAC Address ○ Open ports. ○ Running services. ○ Operating system. ○ Connected clients.
  • 28. ARP Spoofing Victim Internet MITM Access Point Requests Requests Responses Responses ADDRESS RESOLUTION PROTOCOL (ARP) → Simple protocol used to map IP Address of a machine to its MAC Address.
  • 29. A D CB C to A:- I have 10.0.2.6 My MAC is 00:11:22:33:44:66 ARP Spoofing IP: 10.0.2.1 MAC: 00:11:22:33:44:20 IP: 10.0.2.7 MAC: 00:11:22:33:44:55 IP: 10.0.2.6 MAC: 00:11:22:33:44:66 IP: 10.0.2.5 MAC: 00:11:22:33:44:77
  • 30. ARP Spoofing Internet Hacker Access Point Victim I am at 10.0.2.1 I am at 10.0.2.7 IP: 10.0.2.7 IP: 10.0.2.1 Why ARP Spoofing is possible: 1. Clients accept responses even if they did not send a request. 2. Clients trust response without any form of verification.
  • 31. ARP Spoofing USING ARPSPOOF ● Arpspoof tool to run arp spoofing attacks. ● Simple and reliable. ● Ported to most operating systems including Android and iOS. ● Usage is always the same. USE: airspoof -i [interface] -t [clientIP] [gatewayIP] airspoof -i [interface] -t [gatewayIP] [clientIP]
  • 32. ARP Spoofing USING BETTERCAP ● Framework to run network attacks. ● Can be used to: ○ ARP Spoof targets (redirect the flow of packets). ○ Sniff data (urls, username, passwords). ○ Bypass HTTPs. ○ Redirect domain requests (DNS Spoofing). ○ Inject code in loaded pages. ○ And more! USE: Bettercap -iface [interface]
  • 33. Understanding HTTPS HTTPS Problem: ● Data in HTTP is sent as plain text. ● A MITM can read and edit requests and responses. → not secure Solution: ● Use HTTPS. ● HTTPS is an adaptation of HTTP. ● Encrypt HTTP using TLS (Transport Layer Security) or SSL (Secure Sockets Layer).
  • 34. BYPASSING HTTPS Problem: ● Most websites use HTTPS → Sniffed data will be encrypted. Solution: ● Downgrade HTTPS to HTTP
  • 35. Preventing MITM Attacks Detection: 1. Analysing arp tables. 2. Using tools such as Xarp. 3. Using Wireshark. Problems: 1. Detection is not the same as prevention. 2. Only works for ARP Spoofing. Solution: 1. HTTPS everywhere plugin. 2. Using a VPN
  • 36. Preventing MITM Attacks Pros Cons HTTPS Everywhere Free - Only works with HTTPs websites. - Visited domains still visible. - DNS spoofing still possible. VPN (Virtual Private Network) - Encrypts everything. - Protects from all MITM attacks. - Not Free - VPN Providers can see data. HTTPS Everywhere + VPN - Encrypts everything. - Protects from all MITM attacks. - Not free
  • 37. For next Workshop Network Hacking:- 1. Burp Suite 2. Wireshark 3. Creating Fake Access Point 4. Injecting Javascript Codes 5. ARP Poisoning Attacks 6. Server Side Attacks 7. Post Exploitation Website Hacking:- 1. Information Gathering 2. File Upload Vulnerabilities 3. SQL Injection Vulnerabilities 4. Cross Site Scripting Vulnerabilities. 5. So on ...