Wireless Hacking
◾
293
Once we have connected to the appropriate access point and executed “iwconfig”, we will see
that the wlan0 interface contains information regarding ESSID,
MAC address, etc.
Introducing Aircrack-ng
Aircrack-ng is the heart of this chapter; it is a set of tools widely used to crack/recover WEP/WPA/
WPA2-PSK. It supports various attacks such as PTW, which can
be used to decrypt WEP key
with a less number of initialization vectors, and dictionary/brute force attacks, which can be used
against WPA/WPA2-PSK. It includes a wide variety of tools such as
packet sniffer and packet
injector. The most common ones are airodump-ng, aireply-ng, and airmon-ng.
Uncovering Hidden SSIDs
It’s common practice for network administrators to disable broadcasting SSID. Normally,
the SSIDs are sent in the form of beacon frames, but this does not happen when a network
294
◾
Ethical Hacking and Penetration Testing Guide
administrator disables an SSID. This is said to be a good security practice according to many
network administrators; however, this terribly fails in real-world situations.
The reason being that
anytime a client reassociates with the access point, it will send the SSID parameter in plain text,
which will reveal the real SSID.
Now, we have two methods to do this: the first one is that we keep
analyzing beacon frames
and wait for the client to disconnect and reconnect to the access point; the second option is that
we send disassociation packets by using
a deauthentication attack, which will force everyone on
the network to disconnect and then reconnect to the access point revealing to us the SSID. So let’s
see this in action.
Dostları ilə paylaş: 
