Wireless Penetration Testing
- Wireless Penetration Testing Tools
- Wireless Penetration Testing
- Wireless Penetration - Vulnerabilities and Resources
- Scope/Results of Wireless Assessment
|
|
Wireless Penetration - WLAN discovery
- Unencrypted WLAN
- WEP encrypted WLAN - Clients are typically configured to associate with the access point with the strongest signal. An attacker can simply spoof the SSID (the name) of an access point and clients will automatically associate with it and pass frames back and forth. Than an attacker can capture traffic and, with time, determine the WEP key used to authenticate and encrypt traffic on the wireless network. To encrypt the data, WEP uses a seed that takes a shared secret key (the "WEP key") and combines it with a 24-bit piece of data called the initialization vector, or IV. Using the IV with the WEP key increases the life of the WEP key because the IV can be changed upon each transmission, whereas logistically the WEP key itself is much more difficult to change. WEP uses the seed with a random number generator that creates the keystream. On the receiving end, the access point recalculates the bits used to create the keystream and compares it against the received data to make sure its integrity was preserved. WEP also specifies a shared secret 40 or 64-bit key to encrypt and decrypt the data, and most vendors nowadays are allowing 128-bit WEP keys as well.
Using WEP is problematic, however, and lulls you into a false sense of security because of the short IVs used and the fact that WEP keys are static. Since WEP only uses 24 bits for its IV value range, eventually the same IV will be used for different data packets-if you have a large network with lots of traffic, this duplication can conceivably occur within an hour. Keystreams, therefore, are similar, and all an attacker has to do is collect data frames for about an extended period and then run a Linux utility created specifically to break WEP encryption, called WEPCrack.
- Visible SSID
WEPattackwepattack -f [dumpfile] -m [mode] -w [wordlist] -n [network]
Capture / Inject packets
Break WEP
Aircrack-ptw
aircrack-ptw [pcap file]
Aircrack-ng aircrack -q -n [WEP key length] -b [BSSID] [pcap file]
Airsnort you can passively monitor transmissions across a wireless network and, from that monitoring, derive the encryption key for a WEP-protected network once you have an adequate base of packets. The number of packets required is somewhere between 5 and 10 million packets, but once this foundation of packets for reference has been gathered, it takes less than one second to identify the key. It's important to note that all 802.11b networks with 40/128 bit WEP encryption are vulnerable. Further, since using AirSnort constitutes a passive attack, nothing can be done to detect the program being run, either.
AirSnort requires a network card which supports RF monitor mode, and it must have the ability to pass these RF-monitor mode packets to the PF_PACKAGE interface.
The suggested cards from the developers of the product include Cisco Aironet cards, any Prism-based cards using wlan-ng drivers, and Orinoco-based cards using the newer, patched set of orinoco_cs drivers. You will also need an up-to-date version of libpcap and gtk+-2.2 and gtk+-devel, since the AirSnort interface runs inside a graphical user interface (GUI).
tar -xzf airsnort-0.2.3a.tar.gz
cd airsnort-0.2.3a
./autogen.sh
make
WEPcrack requires a lot more manual intervention, sniffing packets out of the air (perl WEPCrack.pl ) and then logging them to a file in a specific format so that a Perl script can be run to glean weak IVs from the packets. (./pcap-getIV.pl -b 13 -i wlan0) Another Perl script is then run to generate the WEP key from that list of IVs
- Hidden SSID
Deauth client
Aireplay-ng aireplay -0 1 -a [Access Point MAC] -c [Client MAC]
[interface]
Commview Tools > Node reassociation
Void11
void11_penetration [interface] -D -s [type of attack] -s [station MAC] -S [SSID] -B [BSSID]
- WPA / WPA2 encrypted WLAN- A foundation of WPA is the Temporal Key Integrity Protocol, or TKIP. In short, TKIP does what WEP doesn't: the TKIP algorithm is stronger than the WEP encryption mechanism but can be done on existing wireless hardware. TKIP verifies the security configuration after encryption keys are determined and synchronizes by changing the unicast encryption key for each frame--this means no more static keys to break.
To be completely honest, that's actually not exactly true. Consider one variation of WPA, called WPA Pre-Shared Key (WPA-PSK). WPA-PSK is a simplified but still powerful form of WPA most suitable for small business and home office networking. To use WPA-PSK, a person does set a static key initially, like with WEP, but WPA uses TKIP and automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them. So while there is still a static key, it's much more difficult to break and find.
Another variation of WPA is known as WPA-Enterprise, which requires the TKIP encryption as described above plus a back-end authentication server or device of some sort, and the use of EAP, or the Extensible Authentication Protocol. In EAP, RADIUS packets are wrapped in EAP messages and sent to a RADIUS server on the back end. The RADIUS server then decrypts that message and looks at the RADIUS packet contained therein; it finally communicates with other devices to determine if that access should be granted, wraps the result into another EAP message, and then communicates with its client. This type of communication is known as EAP-over-RADIUS.
All of this isn't to say that WPA and its associated mechanisms don't have problems. Robert Moskowitz of ICSA Labs has found that WPA passphrases containing dictionary words less than 20 characters long could possibly be cracked. This is made possible partly because a cracker can make an access point regenerate the key exchange with the client in less than 60 seconds. Even though the key exchange is indeed secured, it can be extracted and cracked offline. Choose your passphrases carefully.
Another concern is the fact that EAP itself transmits information in clear text; it doesn't do any sort of encryption, and because of the sensitive nature of the data it transmits, this is a genuine issue. Transport Layer Security, or TLS, was initially used to encrypt EAP sessions, but this requires the placement of certificates on all possible clients. TTLS was then seen as a fix to this problem, but Microsoft and Cisco also released Protected EAP, or PEAP, which addresses the same problem in a different way. Most experts familiar with the battle between the proposed standards say PEAP is a given winner.
Of course, of the two solutions, WPA-Enterprise is the safest and most secure, but what if you don't want to invest in an expensive RADIUS server backend? Linksys senses this need and has "Wireless Guard," which works like an outsourced RADIUS environment, integrated into the latest motels of their Wireless-G access point products. Here's how it works, in a nutshell: when a user connects to the wireless network, he is prompted for a username and password as usual. The access point takes these credentials and establishes a secure link over the Internet to Linksys' RADIUS servers in their datacenter and attempts to match the given credentials to a list of authorized users, configured by your organization's administrator. Access is granted if the credentials are valid; if not, access is denied, and the administrator is sent a note about the attempted intrusion. Meanwhile, all data and traffic on the wireless network is completely encrypted as described above. The Wireless Guard technology is an easy way to implement WPA-Enterprise in smaller organizations.
Deauth client
Capture EAPOL handshake
WPA / WPA 2 dictionary attack
coWPAtty ./cowpatty -r [pcap file] -f [wordlist] -s [SSID]
./genpmk -f dictionary_file -d hashfile_name -s ssid
./cowpatty -r cature_file.cap -d hashfile_name -s ssid
Aircrack-ng
aircrack-ng -a 2 -w [wordlist] [pcap file]
- LEAP encrypted WLAN
Deauth client
Break LEAP
asleap ./asleap -r data/libpcap_packet_capture_file.dump -f
output_pass+hash file.dat -n output_index_filename.idx
./genkeys -r dictionary_file -f output_pass+hash file.dat
-n output_index_filename.idx
THC-LEAPcracker leap-cracker -f [wordlist] -t [NT challenge response] -c [challenge]
- 802.1x WLAN - Using 802.1x authentications, clients have several defined roles, and the roles applied to them dictate the network access allowed to the client until his identity is approved by some back-end authentication server, like RADIUS as described earlier. EAP is used to funnel messages back and forth. This mechanism can also be used to either provide new keys to everyone on a regular basis (which isn't required) and to provide unique master keys to each individual client, further reducing the risk of key interception and ensuring someone gaining access to one key can't access traffic encrypted using other keys from other clients.
Create Rogue Access Point
Airsnarf
Deauth client
Associate client
Compromise client
Acquire passphrase / certificate
wzcook
Obtain user's certificate
fake ap
perl fakeap.pl --interface wlan0
perl fakeap.pl --interface wlan0 --channel 11 --essid fake_name --wep 1 --key [WEP KEY]
Hotspotter
Deauth client
Associate client
Compromise client
Acquire passphrase / certificate
wzcook
Obtain user's certificate
Karma
Deauth client
Associate client
Compromise client
Acquire passphrase / certificate
wzcook
Obtain user's certificate ./bin/karma etc/karma-lan.xml
Linux rogue IP
Deauth client
Associate client
Compromise client
Acquire passphrase / certificate
wzcook
Obtain user's certificate
To receive your Wireless Penetration Test , please submit your payment of $499.00 If more than 100 miles of travel will be required, the additional cost will be billed separatelly.
|