Ethical Hacking and Penetration Testing Guide

Wireless Hacking
◾ 
293
Once we have connected to the appropriate access point and executed “iwconfig”, we will see 
that the wlan0 interface contains information regarding ESSID, MAC address, etc.
Introducing Aircrack-ng
Aircrack-ng is the heart of this chapter; it is a set of tools widely used to crack/recover WEP/WPA/
WPA2-PSK. It supports various attacks such as PTW, which can be used to decrypt WEP key 
with a less number of initialization vectors, and dictionary/brute force attacks, which can be used 
against WPA/WPA2-PSK. It includes a wide variety of tools such as packet sniffer and packet 
injector. The most common ones are airodump-ng, aireply-ng, and airmon-ng.
Uncovering Hidden SSIDs
It’s common practice for network administrators to disable broadcasting SSID. Normally, 
the SSIDs are sent in the form of beacon frames, but this does not happen when a network 

294
◾ 
Ethical Hacking and Penetration Testing Guide
administrator disables an SSID. This is said to be a good security practice according to many 
network administrators; however, this terribly fails in real-world situations. The reason being that 
anytime a client reassociates with the access point, it will send the SSID parameter in plain text, 
which will reveal the real SSID.
Now, we have two methods to do this: the first one is that we keep analyzing beacon frames 
and wait for the client to disconnect and reconnect to the access point; the second option is that 
we send disassociation packets by using a deauthentication attack, which will force everyone on 
the network to disconnect and then reconnect to the access point revealing to us the SSID. So let’s 
see this in action.

Yüklə 22,44 Mb.

Dostları ilə paylaş: