CEH.V6.-.Module.20.Hacking.Wireless.Networks

Reproduction is strictly prohibited wepdecrypt

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ication Executing WEPCrack.pl at the Windows Command Prompt EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Wepdecrypt Wepdecrypt is a Wireless LAN Tool It guesses the WEP keys based on the active dictionary attack, key generator, and distributed network attack It implements packet filters It starts cracking with only one crypted packet It has its own key generator A dumpfile can be cracked over a network It can act as both server and client EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Wepdecrypt: Screenshot EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WPA-PSK Cracking Tool: CowPatty CowPatty CowPatty tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP for WEP” for home Wireless Security This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 802.11 Specific Vulnerabilities Default SSIDs • Many people fail to change the default SSID set by manufactures • Hackers recognize it and can assume that administrator has not given much time for securing wireless network Beacon Broadcast • Base stations regularly broadcast its existence for end users to listen and negotiate a session • Signals can be captured by anyone • Wireless network SSID are known while connecting to the station EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Evil Twin: Attack Evil Evil twin is a home-made wireless access point which masquerades as a legitimate one to gather personal or corporate information without the end-user's knowledge Attacker positions himself in the vicinity of a legitimate Wi-Fi access point and lets his computer discover what name and radio frequency the legitimate access point uses Attacker then sends out his own radio signal, using the same name EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Rogue Access Points A rogue/unauthorized access point is one that is not authorized for operation by a particular firm or network Tools that can detect rogue/unauthorized access points include NetStumbler and MiniStumbler The two basic methods for locating rogue access points are: • Beaconing/requesting a beacon • Network sniffing: Looking for packets in the air EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tools to Generate Rogue Access Points: Fake AP Fake AP provides the means of hiding in plain sight, making it unlikely for an organization to be discovered It confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables Black Alchemy's Fake AP generates thousands of counterfeit 802.11b 802.11b access points It is a proof of concept released under the GPL It runs on Linux and BSD versions Source: http://www.blackalchemy.to/ EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Fake AP: Screenshot EC-Council Copyright © by EC-Cou...
View Full Document

Ask a homework question - tutors are online