This document discusses wireless hacking and security. It begins by explaining why wireless networks are popular due to convenience and cost but also introduces security issues. It then covers wireless standards, encryption types like WEP, WPA and WPA/PSK. The document details how to hack wireless networks by locating them, capturing packets to crack encryption keys using tools like Kismet, Aircrack and commands like ifconfig. Finally, it provides tips to prevent wireless hacking including not broadcasting SSIDs, changing default logins and using stronger encryption like WPA.

1. WIRELESS HACKING

2. CONTENTS
INTRODUCTION
 WHY?
 HOW?
 PREVENTION
 NUTS AND BOLTS


3. Introduction

Wireless networking technology is
becoming increasingly popular but at the
same time has introduced many security
issues.

The popularity in wireless technology is
driven by two primary factors convenience and cost.

It works on standard IEEE 802.11 group.

4. SSID
Service Set Identification
 Your router broadcasts the name of ur
n/w (SSID) n allows others to connect
wirelessly to ur n/w.
 This feature can also b disabled.
 If u choose to disable ur SSID
broadcasting u ll need to setup a profile
in ur wless n/w mgmt s/w on ur wless
clients using SSID u „ve chosen..


5. Wireless LAN standards of IEEE's
802.11 group
 802.11a
Frequency - 2.4000 GHz to 2.2835GHz
 802.11b
Frequency - 5.15-5.35GHz to 5.725-5.825GHz
 802.11g
Frequency - 2.4GHz

6. Wireless uses Radio Frequency

2.4 Ghz wifi spectrum

5 Ghz wifi spectrum

7. Types of Wireless Connection

WEP

WPA

WPA/PSK

8. WEP
Abbreviation for Wired Equivalent Privacy.
 IEEE chose to employ encryption at the
data link layer according to RC4
encryption algorithm.
 Breakable even when configured
correctly…
 Can b broken in as small as 3 min..


9. WPA





Stands for Wi-Fi Protected Access.
Hashing algorithm is used in WPA.
md4 for WPA I
md5 for WPA II
md6 for WPA III

10. WPA (contd.)
Created to provide stronger security
than WEP.
 Still able to be cracked if a short
password is used.
 If a long passphrase or password is
used, these protocol are virtually
uncrackable.
 Even with good passwords or phrases,
unless you really know what your doing,
wireless networks can be hacked…


11. WPA/PSK
Strongest now-a-days.
 Theoretically un-breakable.
 But yet is somehow possible to crack
it…


12. A little info…
When a user uses wireless internet they
generate what are called data “packets”.
 Packets are transmitted between the
transmitting medium and the wireless
access point via radio waves whenever
the device is connected with the access
point.


13. Some More…
Depending on how long the device is
connected, it can generate a certain
number of packets per day.
 The more users that are connected to
one access point, the more packets are
generated.


15. First…
You must locate the wireless signal
 This can be done by using your default
Windows tool “View Available Wireless
Network”
 More useful tools include NetStumbler
and Kismet. Kismet has an advantage
over the other because it can pick up
wireless signals that are not
broadcasting their SSID.


16. Second…
Once you located a wireless network
you can connect to it unless it is using
authentication or encryption.
 If it is using authentication or encryption
then the next step would be to use a tool
for sniffing out and cracking WEP keys.


17. Third…
Once any of the tools has recovered
enough packets it will then go to work on
reading the captured information
gathered from the packets and crack the
key giving you access.
 Other tools (such as CowPatty) can use
dictionary files to crack hard WPA keys.


18. Tools For WEP Hacking
 Kismet : War-driving with passive mode
scanning and sniffing 802.11a/b/g, site survey
tools

Airfart : Wireless Scanning and
monitoring
 BackTrack: Linux Base Os to crack WEP
 Airjack
: MITM Attack and DoS too
 WEPCrack : Cracking WEP

19. Hacking Through Router’s MAC
Address
Find Router MAC
Change Your MAC
Find User‟s MAC
Change MAC
according To User‟s
MAC

21. Commands Used

Using Following command we can get
password of WEP network
• ifconfig
• iwconfig
• macchanger
• airmon-ng
• airdump-ng
• airreplay-ng
• aircrack-ng

22. Description of Commands
ifconfig – interface configuration tool similar but more
powerful than ipconfig
iwconfig – interface wireless configuration tool
macchanger – allows you to change the mac address of the
card (Spoofing)
airmon-ng – puts the card into monitor mode (promiscuous
mode) allows the card to capture packets
airdump-ng – capturing and collecting packets
aireplay-ng – used to deauthenticate and generate traffic
aircrack-ng – used to crack WEP and WPA

23. Prevent Your Network from Getting
Hacked





Don‟t broadcast your SSID . This is usually
done during the setup of your wireless router.
Change the default router login to something
else.
If your equipment supports it, use WPA or
WPA/PSK because it offers better encryption
which is still able to be broken but much
harder.
Always check for updates to your router.
Turn off your router or access point when not
using it.

24. Prevent Your Network from Getting
Hacked

There is no such thing as 100% percent
security when using wireless networks
but at least with these few simple steps
you can make it harder for the average
person to break into your network.