Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Setting Up a Fake Access Point
|
311
Scanning the Neighbors We used the “airodump-ng mon0” command to scan for all the wireless networks. Let’s suppose our target access point is “$oulhunter”, which has a BSSID 20:10:7A:C6:49:DF and is on channel 11. Spoofing the MAC The next task would be to spoof our MAC address with the MAC address (BSSID) of the vic- tim’s access point. We can easily do this by using the macchanger, for which we would need to bring wlan0 interface down and then use the –m parameter to set our MAC address and then bring it up. This is discussed in more detail in the “Bypassing MAC filtering” section in this chapter. Commands : ifconfig wlan0 down - - Bringing the interfaces down so we can spoof the mac. macchanger –m 20:10:74:c6:49:df mon0 – Changing with our desired mac addresses. ifconfig mon0 up Setting Up a Fake Access Point The next step would be to set up a fake access point with the exact name “$oulhunter”. We have already learned how to do this, so I won’t go into the details now. Causing Denial of Service on the Original AP Our final step would be to cause a denial of service attack on the original ap, we could use aireplay to perform a deauthentication attack on the access point; however, here I will introduce you to a new tool called “mkd3”, which is specifically meant for causing denial of service to wireless access points. It supports a wide variety of flood attacks such as authentication flood and beacon flood. In this particular scenario, we will use mkd3 to launch a deauthentication attack to forcefully disconnect every client from the access point so they can connect to ours. 312 ◾ Ethical Hacking and Penetration Testing Guide Step 1 —We would create a text file with the name “target” where we will specify the bssid of our target. The –d parameter would be used to specify a deauthentication attack; the –c parameter is used to specify the channel, which in this case would be 11 since my access point is on channel 11. Command : mkd3 mon0 d –b target –c 11 Since the signal strength of our access point would be strong, our victim would connect to us and we can launch attacks against them. Conclusion In order to overcome physical limitations, more and more home and corporate users are moving toward wireless networks, without any concern for the issues that wireless networks can bring. Even though access points can be completely secure and the pre-shared keys complex enough that they can’t be cracked, there is still room for possible attacks on clients—the weakest links. |