SlideShare a Scribd company logo

Hacking wireless networks

Sahil Rai
Sahil Rai

The document discusses wireless network penetration testing techniques. It demonstrates automated cracking of WEP and WPA networks using tools like aircrack-ng. It also covers bypassing MAC address filtering and cracking WPA2 networks using Reaver by exploiting WPS. The document provides information on wireless standards like 802.11a/b/g/n and their characteristics. It describes common wireless encryption and authentication methods including WEP, WPA, WPA2 etc. Finally, it includes checklists for wireless vulnerability assessments and requirements for wireless cracking labs.

1 of 16
Wireless Network Penetration Testing • Wep Cracking Live Demonstration  Automated WEP Cracking With CLI (ECSA)  Automated WEP Cracking with Gerix (CEHV8) • Wpa Cracking Live Demonstration  Automated Wpa Cracking With CLI (ECSA)  Automated Wpa Cracking with Gerix (CEHV8) • Bypass Mac Filtering Live Demonstration (ECSA) • WPA 2 Cracking using Reaver (WPS Brute force) (ECSA) • Wi-Fi Security Assessment Live Demonstration (ECSA) © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
List of WLAN channels Amendments Freq-(GHz) Speed (Mbps) Range (Ft) 802.11a 5 54 24-75 802.11b 2.4 11 150-150 802.11g 2.4 54 150-150 802.11i Define WPA Enterprise /WPA Personal for Wi-Fi 802.11n 2.4,5 54 100 802.11( Wimax) 10-66 70-100 30 miles Bluetooth 2.4 1-3 25  Each ranges divided into multiple channels  Every Country has allowed channels, users and maximum Frequency levels. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
IEEE 802.11b/g/n Channel © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
Encryption & Authentication used in IEEE 802.11 Environment:  Wired Equivalent Privacy (WEP) – WEP uses RC4 encryption algorithm which has several weaknesses. WEP relies on secret key “shared” between a wireless device and the AP  Wi-Fi Protected Access (WPA) – WPA protocol implements majority of IEE 802.11i standard requirements. WPA makes use of Temporal Key Integrity Protocol (TKIP) instead of RC4 used in its predecessor WEP. To offer greater security  WPA Personal – Commonly referred as WPA – Pre shared key (PSK). The clients authenticate with the AP’s using the 256 bit keys.  WPA Enterprise – Mainly designed for Enterprise networks and requires authentication using RADIUS server. Extensible Authentication Protocol (EAP) is used for authentication, which comes in different flavors (EAP-TLS, EAP-TTLS).  RADIUS protocol inherently only allows for password based authentication i.e. the password is sent as MD5 Hash or response to a challenge, (EAP) is an authentication framework included in Windows Client and Windows Server operating systems
Wi-Fi authentication mode Probe Request Probe Response ( Security Parameters ) Open System Authentication Request Open System Authentication Response Association Request ( Security Parameters ) Association Response Handshake Completed open system authentication (ssid beaconing)
Wi-Fi authentication mode Authentication Request sent to AP AP Sends Challenge txt Client encrypt challenge txt and sends it back to AP AP decrypts challenge text , and if correct authenticates client Handshake Completed Shared key authentication process
1. Authentication Request ( Encrypted Challenge ) 2. Authentication Response ( Challenge ) 0 0 0 Sniffing packets (packet capture) Sniffing packets (packet capture) © HaCkHiPp0-TeaM R0oTx:Sahil_Rai
Wi-Fi vulnerability assessment checklist • Vulnerability assessments can help you find and fix WLAN weaknesses before attackers take advantage of them  Wireless Sniffing • Wireless Card can be only on one channel at a time • Can not sniff on all channels and band at the same time • Wireless card needs to be capable of operate a/b/g/n/h ?  For each discovered 802.11 access point, document:  Media Access Control (MAC) address (BSSID)  Extended service set identifier (ESSID)  Channel Number  Average/Peak signal-to-noise ratio (SNR)  Beaconed security parameters (i.e., WEP, Wpa, wpa2 security)
Wep Cracking: Lab Test Requirement • • • • Airmon-ng Airodump-ng Aireplay-ng Aircrack-ng • Tp-link wlan card supporting only Seamlessly compatible with 802.11b/g . © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
Wpa Cracking: Lab Test Requirement • • • • • Airmon-ng Airodump-ng Aireplay-ng Aircrack-ng Dictionary File • Tp-link wlan card supporting only Seamlessly compatible with 802.11b/g. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
WPA 2 Cracking Using Reaver (WPS Brute force) Penetration-Testing Tool (Reaver) Cracking WPA/Wpa2 using reaver, it uses a brute force attack on the access point's WPS (Wi-Fi Protected Setup) and may be able to recover the WPA/WPA2 passphrase in 4-10 hours but it also depends on the AP. there is no need to get a handshake. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
Bypass Mac address binding
Wi-Fi Security Assessment  Wi-Fi authentication process using centralized authentication server Client Request Connection AP send the EAP request to determine identity EAP response with identity Forward the identity to the radius . Send a request to the wireless client via AP specifying the authentication mechanism to be used The wireless client responds to the RADIUS server with its credential via the Ap Sends an encrypted authentication key Global authentications key to the AP if the credentials are encrypted with per station unicast acceptable session key
Wi-Fi cracking commands details Where: Wep/ Wpa Cracking           -c 5 is the channel for the wireless network --bssid 00:14:6C:7E:40:80 is the access point MAC address. This eliminate extraneous traffic. -w capture is file name prefix for the file which will contain the IVs. wlan0 is the interface name. -1 means fake authentication 0 reassociation timing in seconds -e teddy is the wireless network name -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is our card MAC address wlan0 is the wireless interface name Where: Wep/ Wpa Cracking       -1 means fake authentication 0 reassociation timing in seconds -e hhippo is the wireless network name -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:0F:B5:88:AC:82 is our card MAC address Wlan0 is the wireless interface name
Where:    -5 means the fragmentation attack -b 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is the MAC address of our card and must match the MAC used in the fake authentication  wlan0is the wireless interface name Where:    -2 means use interactive frame selection -r arp-request defines the file name from which to read the arp packet wlan0 defines the interface to use Where:       -0 means generate an arp packet -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is MAC address of our card -k 255.255.255.255 is the destination IP (most APs respond to 255.255.255.255) -l 255.255.255.255 is the source IP (most APs respond to 255.255.255.255) -y fragment-0203-180343.xor is file to read the PRGA from (NOTE: Change the file name to the actual file name out in step 4 above)  -w arp-request is name of file to write the arp packet to
Thank You © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai http://hackhippo.blogspot.com

Recommended

Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 

Recommended

Cracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary AttacksCracking WPA/WPA2 with Non-Dictionary Attacks
Cracking WPA/WPA2 with Non-Dictionary Attacks
n|u - The Open Security Community
 
Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)Hacking Wireless Networks : Null Delhi (November)
Hacking Wireless Networks : Null Delhi (November)
Mandeep Jadon
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Securityamiable_indian
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hackingHarshit Varshney
 
Pentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network SecurityPentesting Wireless Networks and Wireless Network Security
Pentesting Wireless Networks and Wireless Network Security
Ayoma Wijethunga
 
Wireless Device and Network level security
Wireless Device and Network level securityWireless Device and Network level security
Wireless Device and Network level security
Chetan Kumar S
 
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security PresentationSuper Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
Super Barcode Training Camp - Motorola AirDefense Wireless Security Presentation
System ID Warehouse
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Agris Ameriks
 
Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
primeteacher32
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture
Martyn Price
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
Adel Zalok
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
edwardo
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
Wlan security
Wlan securityWlan security
Wlan security
Upasona Roy
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
 

More Related Content

What's hot

Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
AirTight Networks
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_kRama Krishna M
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
Syed Ubaid Ali Jafri
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
Open Knowledge Nepal
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
primeteacher32
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture
Martyn Price
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
Adel Zalok
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
edwardo
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
Suraj Bohara
 
Wpa3
Wpa3Wpa3
Wpa3
Bhavya Dashora
 
Wlan security
Wlan securityWlan security
Wlan security
Upasona Roy
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkSecurityTube.Net
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 

What's hot (20)

Understanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and SolutionsUnderstanding WiFi Security Vulnerabilities and Solutions
Understanding WiFi Security Vulnerabilities and Solutions
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Securing wireless network
Securing wireless networkSecuring wireless network
Securing wireless network
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
How to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ngHow to hack wireless internet connections using aircrack-ng
How to hack wireless internet connections using aircrack-ng
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture802.11 Wireless, WEP, WPA lecture
802.11 Wireless, WEP, WPA lecture
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 
Wireless hacking and security
Wireless hacking and securityWireless hacking and security
Wireless hacking and security
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!A tutorial showing you how to crack wifi passwords using kali linux!
A tutorial showing you how to crack wifi passwords using kali linux!
 
WIFI Hacking
WIFI HackingWIFI Hacking
WIFI Hacking
 
Wpa3
Wpa3Wpa3
Wpa3
 
Wlan security
Wlan securityWlan security
Wlan security
 
Wifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and DrinkWifi Security, or Descending into Depression and Drink
Wifi Security, or Descending into Depression and Drink
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 

Viewers also liked

The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
 
Wi-Fi Technology
Wi-Fi TechnologyWi-Fi Technology
Wi-Fi Technology
Naveen Kumar
 
Virtualization
VirtualizationVirtualization
Virtualization
VIKAS SINGH BHADOURIA
 
How to crack a router for username and password
How to crack a router for username and passwordHow to crack a router for username and password
How to crack a router for username and passwordComp-Info Tech
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
P1Security
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
Rob Gillen
 
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
Priyanka Aash
 
Signaling system 7 (ss7)
Signaling system 7 (ss7)Signaling system 7 (ss7)
Signaling system 7 (ss7)
usman zulfqar
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
Issar Kapadia
 
Wifi Password Hack 2013 - free internet connection from anywhere
Wifi Password Hack 2013 - free internet connection from anywhereWifi Password Hack 2013 - free internet connection from anywhere
Wifi Password Hack 2013 - free internet connection from anywhere
Home
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
P1Security
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
Sahil Rai
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Wardriving
WardrivingWardriving
Wardriving
Sumit Kumar
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
Viren Rao
 

Viewers also liked (20)

The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
The Hacker News: Hacking Wireless DSL routers via Admin Panel Password Reset ...
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
 
Wi-Fi Technology
Wi-Fi TechnologyWi-Fi Technology
Wi-Fi Technology
 
Virtualization
VirtualizationVirtualization
Virtualization
 
How to crack a router for username and password
How to crack a router for username and passwordHow to crack a router for username and password
How to crack a router for username and password
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
Hacking tools
Hacking toolsHacking tools
Hacking tools
 
DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?DevLink - WiFu: You think your wireless is secure?
DevLink - WiFu: You think your wireless is secure?
 
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
What IT Professionals Need to Know about Sniffing Wireless Traffic in 2016
 
Ss7 tutorial
Ss7 tutorialSs7 tutorial
Ss7 tutorial
 
Signaling system 7 (ss7)
Signaling system 7 (ss7)Signaling system 7 (ss7)
Signaling system 7 (ss7)
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
SS7
SS7SS7
SS7
 
Wifi Password Hack 2013 - free internet connection from anywhere
Wifi Password Hack 2013 - free internet connection from anywhereWifi Password Hack 2013 - free internet connection from anywhere
Wifi Password Hack 2013 - free internet connection from anywhere
 
Worldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN networkWorldwide attacks on SS7/SIGTRAN network
Worldwide attacks on SS7/SIGTRAN network
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
man in the middle
man in the middleman in the middle
man in the middle
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Wardriving
WardrivingWardriving
Wardriving
 
Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning Packet sniffing & ARP Poisoning
Packet sniffing & ARP Poisoning
 

Similar to Hacking wireless networks

Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008ClubHack
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
Aircrack
AircrackAircrack
Aircrack
Nithin Sathees
 
Wifi cracking
Wifi crackingWifi cracking
Wifi cracking
AbhashKumarJha
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN Hacking
John Rhoton
 
Wireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way HandshakeWireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way Handshake
data68
 
Wireless security837
Wireless security837Wireless security837
Wireless security837mark scott
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
Mohsen Sarakbi
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014TOM LIU
 
HP HPE6-A85 Practice Test Questions
HP HPE6-A85 Practice Test QuestionsHP HPE6-A85 Practice Test Questions
HP HPE6-A85 Practice Test Questions
PassquestionExamTrai
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
Tom Isaacson
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
Aram Mohammed
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
SubashiniRathinavel
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
MD SAQUIB KHAN
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
Virendra Thakur
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
Chaitanya Tata, PMP
 
802 11 3
802 11 3802 11 3
802 11 3rphelps
 
Wi Fi Technology - What you don't see you don't care...
Wi Fi Technology - What you don't see you don't care...Wi Fi Technology - What you don't see you don't care...
Wi Fi Technology - What you don't see you don't care...
Rogelio Gomez
 

Similar to Hacking wireless networks (20)

Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Aircrack
AircrackAircrack
Aircrack
 
Wifi cracking
Wifi crackingWifi cracking
Wifi cracking
 
RSA - WLAN Hacking
RSA - WLAN HackingRSA - WLAN Hacking
RSA - WLAN Hacking
 
Wireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way HandshakeWireless Pentest & Capturing a WPA2 Four-Way Handshake
Wireless Pentest & Capturing a WPA2 Four-Way Handshake
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
 
Ap&ac system development 2014
Ap&ac system development 2014Ap&ac system development 2014
Ap&ac system development 2014
 
HP HPE6-A85 Practice Test Questions
HP HPE6-A85 Practice Test QuestionsHP HPE6-A85 Practice Test Questions
HP HPE6-A85 Practice Test Questions
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
net work iTM3
net work iTM3net work iTM3
net work iTM3
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Networking Fundamentals
Networking FundamentalsNetworking Fundamentals
Networking Fundamentals
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
802 11 3
802 11 3802 11 3
802 11 3
 
Wi Fi Technology - What you don't see you don't care...
Wi Fi Technology - What you don't see you don't care...Wi Fi Technology - What you don't see you don't care...
Wi Fi Technology - What you don't see you don't care...
 

Recently uploaded

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
Thiyagu K
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 

Recently uploaded (20)

Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Unit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdfUnit 8 - Information and Communication Technology (Paper I).pdf
Unit 8 - Information and Communication Technology (Paper I).pdf
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 

Hacking wireless networks

  • 1. Wireless Network Penetration Testing • Wep Cracking Live Demonstration  Automated WEP Cracking With CLI (ECSA)  Automated WEP Cracking with Gerix (CEHV8) • Wpa Cracking Live Demonstration  Automated Wpa Cracking With CLI (ECSA)  Automated Wpa Cracking with Gerix (CEHV8) • Bypass Mac Filtering Live Demonstration (ECSA) • WPA 2 Cracking using Reaver (WPS Brute force) (ECSA) • Wi-Fi Security Assessment Live Demonstration (ECSA) © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 2. List of WLAN channels Amendments Freq-(GHz) Speed (Mbps) Range (Ft) 802.11a 5 54 24-75 802.11b 2.4 11 150-150 802.11g 2.4 54 150-150 802.11i Define WPA Enterprise /WPA Personal for Wi-Fi 802.11n 2.4,5 54 100 802.11( Wimax) 10-66 70-100 30 miles Bluetooth 2.4 1-3 25  Each ranges divided into multiple channels  Every Country has allowed channels, users and maximum Frequency levels. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 3. IEEE 802.11b/g/n Channel © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 4. Encryption & Authentication used in IEEE 802.11 Environment:  Wired Equivalent Privacy (WEP) – WEP uses RC4 encryption algorithm which has several weaknesses. WEP relies on secret key “shared” between a wireless device and the AP  Wi-Fi Protected Access (WPA) – WPA protocol implements majority of IEE 802.11i standard requirements. WPA makes use of Temporal Key Integrity Protocol (TKIP) instead of RC4 used in its predecessor WEP. To offer greater security  WPA Personal – Commonly referred as WPA – Pre shared key (PSK). The clients authenticate with the AP’s using the 256 bit keys.  WPA Enterprise – Mainly designed for Enterprise networks and requires authentication using RADIUS server. Extensible Authentication Protocol (EAP) is used for authentication, which comes in different flavors (EAP-TLS, EAP-TTLS).  RADIUS protocol inherently only allows for password based authentication i.e. the password is sent as MD5 Hash or response to a challenge, (EAP) is an authentication framework included in Windows Client and Windows Server operating systems
  • 5. Wi-Fi authentication mode Probe Request Probe Response ( Security Parameters ) Open System Authentication Request Open System Authentication Response Association Request ( Security Parameters ) Association Response Handshake Completed open system authentication (ssid beaconing)
  • 6. Wi-Fi authentication mode Authentication Request sent to AP AP Sends Challenge txt Client encrypt challenge txt and sends it back to AP AP decrypts challenge text , and if correct authenticates client Handshake Completed Shared key authentication process
  • 7. 1. Authentication Request ( Encrypted Challenge ) 2. Authentication Response ( Challenge ) 0 0 0 Sniffing packets (packet capture) Sniffing packets (packet capture) © HaCkHiPp0-TeaM R0oTx:Sahil_Rai
  • 8. Wi-Fi vulnerability assessment checklist • Vulnerability assessments can help you find and fix WLAN weaknesses before attackers take advantage of them  Wireless Sniffing • Wireless Card can be only on one channel at a time • Can not sniff on all channels and band at the same time • Wireless card needs to be capable of operate a/b/g/n/h ?  For each discovered 802.11 access point, document:  Media Access Control (MAC) address (BSSID)  Extended service set identifier (ESSID)  Channel Number  Average/Peak signal-to-noise ratio (SNR)  Beaconed security parameters (i.e., WEP, Wpa, wpa2 security)
  • 9. Wep Cracking: Lab Test Requirement • • • • Airmon-ng Airodump-ng Aireplay-ng Aircrack-ng • Tp-link wlan card supporting only Seamlessly compatible with 802.11b/g . © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 10. Wpa Cracking: Lab Test Requirement • • • • • Airmon-ng Airodump-ng Aireplay-ng Aircrack-ng Dictionary File • Tp-link wlan card supporting only Seamlessly compatible with 802.11b/g. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 11. WPA 2 Cracking Using Reaver (WPS Brute force) Penetration-Testing Tool (Reaver) Cracking WPA/Wpa2 using reaver, it uses a brute force attack on the access point's WPS (Wi-Fi Protected Setup) and may be able to recover the WPA/WPA2 passphrase in 4-10 hours but it also depends on the AP. there is no need to get a handshake. © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai
  • 13. Wi-Fi Security Assessment  Wi-Fi authentication process using centralized authentication server Client Request Connection AP send the EAP request to determine identity EAP response with identity Forward the identity to the radius . Send a request to the wireless client via AP specifying the authentication mechanism to be used The wireless client responds to the RADIUS server with its credential via the Ap Sends an encrypted authentication key Global authentications key to the AP if the credentials are encrypted with per station unicast acceptable session key
  • 14. Wi-Fi cracking commands details Where: Wep/ Wpa Cracking           -c 5 is the channel for the wireless network --bssid 00:14:6C:7E:40:80 is the access point MAC address. This eliminate extraneous traffic. -w capture is file name prefix for the file which will contain the IVs. wlan0 is the interface name. -1 means fake authentication 0 reassociation timing in seconds -e teddy is the wireless network name -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is our card MAC address wlan0 is the wireless interface name Where: Wep/ Wpa Cracking       -1 means fake authentication 0 reassociation timing in seconds -e hhippo is the wireless network name -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:0F:B5:88:AC:82 is our card MAC address Wlan0 is the wireless interface name
  • 15. Where:    -5 means the fragmentation attack -b 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is the MAC address of our card and must match the MAC used in the fake authentication  wlan0is the wireless interface name Where:    -2 means use interactive frame selection -r arp-request defines the file name from which to read the arp packet wlan0 defines the interface to use Where:       -0 means generate an arp packet -a 00:14:6C:7E:40:80 is the access point MAC address -h 00:09:5B:EC:EE:F2 is MAC address of our card -k 255.255.255.255 is the destination IP (most APs respond to 255.255.255.255) -l 255.255.255.255 is the source IP (most APs respond to 255.255.255.255) -y fragment-0203-180343.xor is file to read the PRGA from (NOTE: Change the file name to the actual file name out in step 4 above)  -w arp-request is name of file to write the arp packet to
  • 16. Thank You © HaCkHiPp0-TeaM ! 2013 R0oTx:Sahil_Rai http://hackhippo.blogspot.com

Editor's Notes

  1. RC4 was designed by Ron Rivest of RSA Security in 1987  Transport Layer Security (TLS)