SlideShare a Scribd company logo

Hacking Wireless Networks : Null Delhi (November)

Download as PPTX, PDF
Mandeep Jadon
Mandeep Jadon

Hey guys Find my presentation of "Hacking Wireless Network" that i dilivered in Null Delhi Meet . Give your reviews regarding it . Thanks Mandeep

Internet
1 of 41
HACKING WIRELESS NETWORKS THE IN DEPTH STORY OF WHAT ARE WE HACKING BY : MANDEEP SINGH JADON ( InfoSec enthusiastic)
WHO AM I ?  Mandeep Singh jadon  Unfortunate things about me :  Doing a unique thing called “BTECH”  From UPTU  Fortunate things about me  I troll   Founder at Ultimate 1337 trolls (https://www.facebook.com/1337trolls/)  Am into the Infosec field  Part time bug bounty hunter  Eager to learn new stuff  I am passionate about singing   I am a Facebook Addict 
What this session will cover  What is WLAN .  Basic Terminologies .  Wireless Sniffing  Details Of Wlan from a networking perspective  Security Measures Like Mac SSID Hiding and Mac Filters  Bypassing them  WLAN Authentication  WEP And WPA in detail  Cracking Them  Introduction to WPS Attack  New trends in Wireless Attacks (Takeaways)  Security tips  And Trolls …. Lot Of Trolls ……
What is WLAN ??  A Wireless local area network (WLAN) links two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider Internet .  Most modern WLANs are based on IEEE 802.11 standards, marketed under the Wi-Fi brand name.
Terminologies in WLAN Access Point (AP) - A network device that serves as a communications "hub" for wireless clients. (basically known as router) . Basic service set (BSS) - It is a set of all stations that can communicate with each other. Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS. SSID (Service Set Identity) - It is also known as the "wireless network name", the SSID is a 32 character, case sensitive name given to a Basic Service Set established by an access point.
Continued … WEP (Wireless Encryption Protocol) - WEP is a mechanism for authenticating WLAN clients and for end data encryption in 802.11wireless LANs. WPA (Wi-Fi Protected Access) – It is introduced during 2006 by the Wi- Fi Alliance, WPA employs techniques developed by Cisco and others, namely TKIP and MIC, to generate unique and dynamic keys for WEP's RC4-based encryption. Beacon frame - It is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically to announce the presence of a wireless LAN. Beacon frames are transmitted by the Access Point (AP) in an infrastructure BSS.
Continued ..  IEEE 802.11 – It is a set of media access control (MAC) and physical layer (PHY) specifications for implementing wireless local area network (WLAN)  4 Way Handshake – It’s a cryptographic message exchange between the AP and The client which authenticates the client to connect to the AP
SO WHY WIRELESS SECURITY???? • Everyday we’ve been using wifi for our day to day work such as Social media , banking , development, research , education and endless other things. • Sensitive information is literally flowing in air inviting hackers to intrude them .
The awful challenges in wireless !!  You can’t see it , so how will you protect it :p  With the arrival of wireless cards , the malicious guy can break into the network miles away !!! (Passive)  Very difficult to locate the attacker .  (Directional Antennae )
Wireless Sniffing  Exactly same as wired sniffing .  “The promiscuous mode”   Listens all the traffic whether it is destined to that or not . HOW DO WE DO ??? AIRMON-NG  DEMO !!
The Band and Channel theory  WLAN Operate following bands  2.4 GHz (802.11b/g/n)  3.6 GHz (802.11y)  4.9 GHz (802.11y) Public Safety WLAN  5 GHz (802.11a/h/j/n/ac)  Each band is divided to various channels .  AT ANY TIME YOUR WIRELESS INTERFACE CAN BE ONY AT ONE CHANNEL  Problem ??? Lets Hop with airodump-ng 
Channel Ranges for the Bands
DEMO TIME
WLAN PACKET TYPES  3 Types i. Management ii. Control iii. Data  Read more : http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_pa cket_types  In case you’re thirsty http://standards.ieee.org/about/get/802/802.11.html
Beacon frame  Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically to announce the presence of a wireless LAN. Beacon frames are transmitted by the Access Point (AP) in an infrastructure Basic service set (BSS). (wikipedia)  YES . . . . EVERYTHING IS IN PLAINTEXT
Demo time !! ANALYSIS Of Beacon Frames Analysis of Beacon Frames Injecting Arbitrary Beacon frames in the network (MDK)
AP AND CLIENT COMMUNICATION The behind the scenes of whats happening . Courtesy : IEEE docs
Don’t believe until you see ….
Now we HACK !!!!!!!!!   Security measure : Hidden SSID  Blocking the SSID broadcasting in the beacon frames  But is it a security measure ? ? ?  Really ??  I mean really ?? :p  Lets see a DEMO
Where is the actual problem ?  The “probe request ” and “Probe response” contains the SSID  Whenever a legitimate client connects to the AP it has previously connected to , it will send these probe request packets .  Airodump would see these packets and would figure out the things for us   ATTACK SENARIO a. Non violence type b. Violence type AGAIN DEMO 
Security Measure : Mac Filters  In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. (wiki)  How does it work in wireless ?  Whitelisting the allowed mac in the AP . but …………… Are they really secure ….. Really ?? :p
The Problem  Mac address cannot be changed , but can be spoofed very easily  Since Mac will be the only auth mechanism in the current case , so once it is spoofed we can enter the network .  Mac addresses are visible in the WLAN Header so the attacker can easily get the legitimate MAC .  In the wireless world it simply does not make sense :p  TWO ATTTACK scenarios a) Gandhi Attack b) Bhagat singh Attack
WLAN AUTHENTICATION  Two types : i. Open Auth ii. Shared Auth  OPEN AUTH No auth at all Simple 2 packet exchange between the client and the AP 
Shared Authentication
WEP ? Why care for it ?
WEP Algorithm !! Two processes are applied to the plaintext data. One encrypts the plaintext; the other protects the data from being modified by unauthorized personnel. The 40-bit secret key is connected with a 24-bit Initialization Vector (IV) resulting in a 64- bit total key size The PRNG ( RC4 ) outputs a pseudo random key sequence based on the input key. The resulting sequence is used to encrypt the data by doing a bitwise XOR. To prevent unauthorized data modification, an integrity algorithm , CRC-32 operates on the plaintext to produce the ICV 1. WEP ENCRYPTION
The IV, plaintext, and ICV triplet forms the actual data sent in the data frame.
2. WEP Decryption The IV of the incoming message is used to generate the key sequence necessary to decrypt the incoming message. Combining the ciphertext with the proper key sequence will give the original plaintext and ICV . The decryption is verified by performing the Integrity check algorithm on the recovered plaintext and comparing the output of the ICV' to the ICV submitted with the message. If the ICV' is not equal to the ICV, the received message is in error, and an error indication is sent to the MAC management and back to the sending station
WEP CRACKING  The IVS are not all strong . Some are “Weak IV” (cryptographically) .  So to crack WEP collect a large no. of these weak IVS (not uniformly distributed) .  DEMO TIME !!
WPA/WPA2 (The Current Trend)
Prerequisite ….  PBKDF2 (Used to generate PSKs Dynamically each time the supplicant connects to the authenticator )  key = PBKDF2(passphrase, SSID, 4096, 256)  It uses the HMAC algorithm to create a digest of the input. http://www.ietf.org/rfc/rfc2898.txt :)
Yeah !!!! The 4 way handshake
Don’t believe until you see !!! Lets see the 4 way handshake with the eyes of wireshark !!
WPA PSK Cracking Things we know :  SNONCE   ANONCE   AP MAC   CLIENT MAC  Things we don’t know  The Damn Passphrase  We’ll capture the handshake and generate our own PTK and match with the PTK of the current session . That’s it .
DEMO TIME (Cracking WPA/WPA2 PSK) STEPS : 1. Start up the monitor mode . 2. Capture the air . 3. Get the handshake 4. Use aircrack to do the dictionary attack against the handshake 
IF you are lucky : WPS enabled AP  WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal or WPA2 Personal security .  How WPS Works o Every router that supports WPS has a an eight-digit device pin printed on the back. When you try to connect a wireless laptop or wireless printer to your wireless network, it will ask you for that 8 digit pin o They Split the 8 digits into 2 sets of 4. All that has to happen now is the first 4 have to be found first. 4 digits only have a 10,000 possible number combination. Once the first 4 numbers are found, the router proclaims “ You've found the first four “  o Short Demo ……
Advanced Attacks … (Takeaways)  The most recent one . PIXIEWPS (https://github.com/wiire/pixiewps) .  Evil Twin attack .  Rogue AP Attack .  Jamming  Cloud Cracking (eg using Amazon EC2 engine)
Safety Techniques . Keep in mind you can be hacked Anytime …… :p  Always use WPA2 PSK encryption accompanied by Mac Filtering .  Turn off WPS .  Do keep an eye on the network in which you are currently connected to .  Keep a check on the connected clients .  Periodically change the SSID as well as the Key .  Change the Default Router Password .  Laptop physical security should be maintained  Use VPN in public WIFI .  Disable DHCP if you can . (My personal tip  )
Acknowledgements .  standards.ieee.org  www.securitytube.net  Wikipedia.org
Ways to reach me  https://www.facebook.com/mandeep.jadon.5  https://twitter.com/1337tr0lls  https://www.linkedin.com/in/mandeepjadon  https://github.com/mandeepjadon (I do a bit coding too  ) Feedbacks are always a motivational force 
THANKS 

Recommended

Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6Adeel Rasheed
 
IP Addressing and subnetting
IP Addressing and subnettingIP Addressing and subnetting
IP Addressing and subnettingAli Nezhad
 
Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 

Recommended

Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffersKunal Thakur
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6Adeel Rasheed
 
IP Addressing and subnetting
IP Addressing and subnettingIP Addressing and subnetting
IP Addressing and subnettingAli Nezhad
 
Ip addressing
Ip addressingIp addressing
Ip addressingOnline
 
Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacksn|u - The Open Security Community
 
A very good introduction to IPv6
A very good introduction to IPv6A very good introduction to IPv6
A very good introduction to IPv6Syed Arshad
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile HackingNovizul Evendi
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Forti web
Forti webForti web
Forti webLan & Wan Solutions
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddressSayak Sarkar
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w TutorialAirTight Networks
 
Subnet questions with ans(networking)
Subnet questions with ans(networking)Subnet questions with ans(networking)
Subnet questions with ans(networking)welcometofacebook
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless HackingVIKAS SINGH BHADOURIA
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp ForensicAnimesh Shaw
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level securityChetan Kumar S
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSAShafaan Khaliq Bhatti
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
TCP IP Addressing
TCP IP AddressingTCP IP Addressing
TCP IP AddressingRitul Sonania
 
Subnet Masks
Subnet MasksSubnet Masks
Subnet Masksswascher
 
Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI HackingSuraj Bohara
 

More Related Content

What's hot

Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddressSayak Sarkar
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityAhmad Yar
 
Subnet questions with ans(networking)
Subnet questions with ans(networking)Subnet questions with ans(networking)
Subnet questions with ans(networking)welcometofacebook
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level securityChetan Kumar S
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Subnet Masks
Subnet MasksSubnet Masks
Subnet Masksswascher
 

What's hot (20)

Ch03
Ch03Ch03
Ch03
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
Mobile Hacking
Mobile HackingMobile Hacking
Mobile Hacking
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Forti web
Forti webForti web
Forti web
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Java API: java.net.InetAddress
Java API: java.net.InetAddressJava API: java.net.InetAddress
Java API: java.net.InetAddress
 
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber SecurityHow Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
How Hack WiFi through Aircrack-ng in Kali Linux Cyber Security
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofing
 
802.11w Tutorial
802.11w Tutorial802.11w Tutorial
802.11w Tutorial
 
Subnet questions with ans(networking)
Subnet questions with ans(networking)Subnet questions with ans(networking)
Subnet questions with ans(networking)
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
WhatsApp Forensic
WhatsApp ForensicWhatsApp Forensic
WhatsApp Forensic
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Public key cryptography and RSA
Public key cryptography and RSAPublic key cryptography and RSA
Public key cryptography and RSA
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
TCP IP Addressing
TCP IP AddressingTCP IP Addressing
TCP IP Addressing
 
Subnet Masks
Subnet MasksSubnet Masks
Subnet Masks
 

Viewers also liked

Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networksSahil Rai
 
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016Priyanka Aash
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?Rob Gillen
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSystem ID Warehouse
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linuxHelder Oliveira
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Viren Rao
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connectionsguest85e156e
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Phl 458 week 1 dq 1
Phl 458 week 1 dq 1Phl 458 week 1 dq 1
Phl 458 week 1 dq 1haihrtta
 

Viewers also liked (16)

Hacking wireless networks
Hacking wireless networksHacking wireless networks
Hacking wireless networks
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
 
Hacking tools
Hacking toolsHacking tools
Hacking tools
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
 
How To Hack Wireless Internet Connections
How To Hack Wireless Internet ConnectionsHow To Hack Wireless Internet Connections
How To Hack Wireless Internet Connections
 
Alphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 IIIAlphorm.com Formation CEHV9 III
Alphorm.com Formation CEHV9 III
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - Falconer
 
Phl 458 week 1 dq 1
Phl 458 week 1 dq 1Phl 458 week 1 dq 1
Phl 458 week 1 dq 1
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 

Similar to Hacking Wireless Networks : Null Delhi (November)

Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11bguestd7b627
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSreekanth GS
 
Wireless network security
Wireless network securityWireless network security
Wireless network securityVishal Agarwal
 
4 wifi security
4 wifi security4 wifi security
4 wifi securityal-sari7
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and securityAdel Zalok
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Wireless Security
Wireless SecurityWireless Security
Wireless SecuritysiDz
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxAmanuelZewdie4
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentationMuhammad Zia
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hackingMihir Shah
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security Hariraj Rathod
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!edwardo
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedIRJET Journal
 

Similar to Hacking Wireless Networks : Null Delhi (November) (20)

Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Wireless Security
Wireless SecurityWireless Security
Wireless Security
 
Comprehensive Guide On Network Security
Comprehensive Guide On Network SecurityComprehensive Guide On Network Security
Comprehensive Guide On Network Security
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Wireless security
Wireless securityWireless security
Wireless security
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
Viable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be JeopardizedViable means using which Wireless Network Security can be Jeopardized
Viable means using which Wireless Network Security can be Jeopardized
 

Recently uploaded

How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

Hacking Wireless Networks : Null Delhi (November)

  • 1. HACKING WIRELESS NETWORKS THE IN DEPTH STORY OF WHAT ARE WE HACKING BY : MANDEEP SINGH JADON ( InfoSec enthusiastic)
  • 2. WHO AM I ?  Mandeep Singh jadon  Unfortunate things about me :  Doing a unique thing called “BTECH”  From UPTU  Fortunate things about me  I troll   Founder at Ultimate 1337 trolls (https://www.facebook.com/1337trolls/)  Am into the Infosec field  Part time bug bounty hunter  Eager to learn new stuff  I am passionate about singing   I am a Facebook Addict 
  • 3. What this session will cover  What is WLAN .  Basic Terminologies .  Wireless Sniffing  Details Of Wlan from a networking perspective  Security Measures Like Mac SSID Hiding and Mac Filters  Bypassing them  WLAN Authentication  WEP And WPA in detail  Cracking Them  Introduction to WPS Attack  New trends in Wireless Attacks (Takeaways)  Security tips  And Trolls …. Lot Of Trolls ……
  • 4. What is WLAN ??  A Wireless local area network (WLAN) links two or more devices using some wireless distribution method and usually providing a connection through an access point to the wider Internet .  Most modern WLANs are based on IEEE 802.11 standards, marketed under the Wi-Fi brand name.
  • 5. Terminologies in WLAN Access Point (AP) - A network device that serves as a communications "hub" for wireless clients. (basically known as router) . Basic service set (BSS) - It is a set of all stations that can communicate with each other. Every BSS has an identification (ID) called the BSSID, which is the MAC address of the access point servicing the BSS. SSID (Service Set Identity) - It is also known as the "wireless network name", the SSID is a 32 character, case sensitive name given to a Basic Service Set established by an access point.
  • 6. Continued … WEP (Wireless Encryption Protocol) - WEP is a mechanism for authenticating WLAN clients and for end data encryption in 802.11wireless LANs. WPA (Wi-Fi Protected Access) – It is introduced during 2006 by the Wi- Fi Alliance, WPA employs techniques developed by Cisco and others, namely TKIP and MIC, to generate unique and dynamic keys for WEP's RC4-based encryption. Beacon frame - It is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically to announce the presence of a wireless LAN. Beacon frames are transmitted by the Access Point (AP) in an infrastructure BSS.
  • 7. Continued ..  IEEE 802.11 – It is a set of media access control (MAC) and physical layer (PHY) specifications for implementing wireless local area network (WLAN)  4 Way Handshake – It’s a cryptographic message exchange between the AP and The client which authenticates the client to connect to the AP
  • 8. SO WHY WIRELESS SECURITY???? • Everyday we’ve been using wifi for our day to day work such as Social media , banking , development, research , education and endless other things. • Sensitive information is literally flowing in air inviting hackers to intrude them .
  • 9. The awful challenges in wireless !!  You can’t see it , so how will you protect it :p  With the arrival of wireless cards , the malicious guy can break into the network miles away !!! (Passive)  Very difficult to locate the attacker .  (Directional Antennae )
  • 10. Wireless Sniffing  Exactly same as wired sniffing .  “The promiscuous mode”   Listens all the traffic whether it is destined to that or not . HOW DO WE DO ??? AIRMON-NG  DEMO !!
  • 11. The Band and Channel theory  WLAN Operate following bands  2.4 GHz (802.11b/g/n)  3.6 GHz (802.11y)  4.9 GHz (802.11y) Public Safety WLAN  5 GHz (802.11a/h/j/n/ac)  Each band is divided to various channels .  AT ANY TIME YOUR WIRELESS INTERFACE CAN BE ONY AT ONE CHANNEL  Problem ??? Lets Hop with airodump-ng 
  • 12. Channel Ranges for the Bands
  • 14. WLAN PACKET TYPES  3 Types i. Management ii. Control iii. Data  Read more : http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_pa cket_types  In case you’re thirsty http://standards.ieee.org/about/get/802/802.11.html
  • 15. Beacon frame  Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically to announce the presence of a wireless LAN. Beacon frames are transmitted by the Access Point (AP) in an infrastructure Basic service set (BSS). (wikipedia)  YES . . . . EVERYTHING IS IN PLAINTEXT
  • 16. Demo time !! ANALYSIS Of Beacon Frames Analysis of Beacon Frames Injecting Arbitrary Beacon frames in the network (MDK)
  • 17. AP AND CLIENT COMMUNICATION The behind the scenes of whats happening . Courtesy : IEEE docs
  • 18. Don’t believe until you see ….
  • 19. Now we HACK !!!!!!!!!   Security measure : Hidden SSID  Blocking the SSID broadcasting in the beacon frames  But is it a security measure ? ? ?  Really ??  I mean really ?? :p  Lets see a DEMO
  • 20. Where is the actual problem ?  The “probe request ” and “Probe response” contains the SSID  Whenever a legitimate client connects to the AP it has previously connected to , it will send these probe request packets .  Airodump would see these packets and would figure out the things for us   ATTACK SENARIO a. Non violence type b. Violence type AGAIN DEMO 
  • 21. Security Measure : Mac Filters  In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. (wiki)  How does it work in wireless ?  Whitelisting the allowed mac in the AP . but …………… Are they really secure ….. Really ?? :p
  • 22. The Problem  Mac address cannot be changed , but can be spoofed very easily  Since Mac will be the only auth mechanism in the current case , so once it is spoofed we can enter the network .  Mac addresses are visible in the WLAN Header so the attacker can easily get the legitimate MAC .  In the wireless world it simply does not make sense :p  TWO ATTTACK scenarios a) Gandhi Attack b) Bhagat singh Attack
  • 23. WLAN AUTHENTICATION  Two types : i. Open Auth ii. Shared Auth  OPEN AUTH No auth at all Simple 2 packet exchange between the client and the AP 
  • 25. WEP ? Why care for it ?
  • 26. WEP Algorithm !! Two processes are applied to the plaintext data. One encrypts the plaintext; the other protects the data from being modified by unauthorized personnel. The 40-bit secret key is connected with a 24-bit Initialization Vector (IV) resulting in a 64- bit total key size The PRNG ( RC4 ) outputs a pseudo random key sequence based on the input key. The resulting sequence is used to encrypt the data by doing a bitwise XOR. To prevent unauthorized data modification, an integrity algorithm , CRC-32 operates on the plaintext to produce the ICV 1. WEP ENCRYPTION
  • 27. The IV, plaintext, and ICV triplet forms the actual data sent in the data frame.
  • 28. 2. WEP Decryption The IV of the incoming message is used to generate the key sequence necessary to decrypt the incoming message. Combining the ciphertext with the proper key sequence will give the original plaintext and ICV . The decryption is verified by performing the Integrity check algorithm on the recovered plaintext and comparing the output of the ICV' to the ICV submitted with the message. If the ICV' is not equal to the ICV, the received message is in error, and an error indication is sent to the MAC management and back to the sending station
  • 29. WEP CRACKING  The IVS are not all strong . Some are “Weak IV” (cryptographically) .  So to crack WEP collect a large no. of these weak IVS (not uniformly distributed) .  DEMO TIME !!
  • 31. Prerequisite ….  PBKDF2 (Used to generate PSKs Dynamically each time the supplicant connects to the authenticator )  key = PBKDF2(passphrase, SSID, 4096, 256)  It uses the HMAC algorithm to create a digest of the input. http://www.ietf.org/rfc/rfc2898.txt :)
  • 32. Yeah !!!! The 4 way handshake
  • 33. Don’t believe until you see !!! Lets see the 4 way handshake with the eyes of wireshark !!
  • 34. WPA PSK Cracking Things we know :  SNONCE   ANONCE   AP MAC   CLIENT MAC  Things we don’t know  The Damn Passphrase  We’ll capture the handshake and generate our own PTK and match with the PTK of the current session . That’s it .
  • 35. DEMO TIME (Cracking WPA/WPA2 PSK) STEPS : 1. Start up the monitor mode . 2. Capture the air . 3. Get the handshake 4. Use aircrack to do the dictionary attack against the handshake 
  • 36. IF you are lucky : WPS enabled AP  WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal or WPA2 Personal security .  How WPS Works o Every router that supports WPS has a an eight-digit device pin printed on the back. When you try to connect a wireless laptop or wireless printer to your wireless network, it will ask you for that 8 digit pin o They Split the 8 digits into 2 sets of 4. All that has to happen now is the first 4 have to be found first. 4 digits only have a 10,000 possible number combination. Once the first 4 numbers are found, the router proclaims “ You've found the first four “  o Short Demo ……
  • 37. Advanced Attacks … (Takeaways)  The most recent one . PIXIEWPS (https://github.com/wiire/pixiewps) .  Evil Twin attack .  Rogue AP Attack .  Jamming  Cloud Cracking (eg using Amazon EC2 engine)
  • 38. Safety Techniques . Keep in mind you can be hacked Anytime …… :p  Always use WPA2 PSK encryption accompanied by Mac Filtering .  Turn off WPS .  Do keep an eye on the network in which you are currently connected to .  Keep a check on the connected clients .  Periodically change the SSID as well as the Key .  Change the Default Router Password .  Laptop physical security should be maintained  Use VPN in public WIFI .  Disable DHCP if you can . (My personal tip  )
  • 39. Acknowledgements .  standards.ieee.org  www.securitytube.net  Wikipedia.org
  • 40. Ways to reach me  https://www.facebook.com/mandeep.jadon.5  https://twitter.com/1337tr0lls  https://www.linkedin.com/in/mandeepjadon  https://github.com/mandeepjadon (I do a bit coding too  ) Feedbacks are always a motivational force 