How to Hack WiFi (Wireless) Network |Ethical hacking





Wireless networks are accessible to everyone within the router’s transmission radius. This makes them susceptible to attacks. Hotspots are available publicly in places like airports, restaurants, parks, etc.

In this article, we’ll introduce you to common techniques wont to exploit weaknesses in wireless network security implementations. we’ll also check out a number of the countermeasures you’ll put in situ to guard against such attacks.

What is a wireless network?

A wireless network may be a network that uses radio waves to link computers and other devices together. The implementation is completed at Layer 1 (physical layer) of the OSI model.

How to access a wireless network?

You will need a wireless network-enabled device like a laptop, tablet, smartphones, etc. you’ll also get to be within the transmission radius of a wireless network access point. Most devices (if the wireless network option is turned on) will provide you with an inventory of obtainable networks. If the network isn’t password-protected, then you only need to click on connect. If it’s password-protected, then you’ll need the password to realize access.

Wireless Network Authentication:

Since the network is surely accessible to anyone with a wireless network-enabled device, most networks are password protected. Let’s check out a number of the foremost commonly used authentication techniques.



WEP:

WEP is the acronym for Wired Equivalent Privacy. it had been developed for IEEE 802.11 WLAN standards. Its goal was to supply privacy like that provided by wired networks. WEP works by encrypting the info been transmitted over the network to stay safe from eavesdropping.

WEP Authentication:

Open System Authentication (OSA) – This method grants access to station authentication requested supported the configured access policy.

Shared Key Authentication (SKA) – This technique sends to an encrypted challenge to the station requesting access. The station encrypts the provocation with its key then responds. If the encrypted provocation matches the AP value, then access is granted.

WEP Weakness:

WEP has significant design flaws and vulnerabilities.

  • The integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity checks are often compromised by capturing a minimum of two packets. The bits within the encrypted stream and therefore the checksum are often modified by the attacker in order that the packet is accepted by the authentication system. This results in unauthorized access to the network.
  • WEP uses the RC4 encryption algorithm to make stream ciphers. The stream cipher input is established from an initial value (IV) and a secret key. The extent of the initial value (IV) is 24 bits long while the key can either be 40 bits or 104 bits long. the entire length of both the initial value and secret can either be 64 bits or 128 bits long. The lower possible value of the key makes it easy to crack it.
  •  Weak Initial values combinations don’t encrypt sufficiently. This makes them susceptible to attacks.
  •  WEP is predicated on passwords; this makes it susceptible to dictionary attacks.
  •  Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP doesn’t provide a centralized key management system.
  •  The initial values are often reused.

Because of these security defects, WEP has been deprecated in favor of WPA

WPA:

WPA is an abbreviation for Wi-Fi Protected Access. it’s a security protocol developed by the Wi-Fi Alliance in response to the weaknesses found in WEP. it’s wont to encrypt data on 802.11 WLANs. It utilizes higher Initial Values 48 bits rather than the 24 bits that WEP uses. It uses temporal keys to encrypt packets.

WPA Weaknesses:

* The collision avoidance implementation are often broken
* it’s susceptible to denial of service attacks
* Pre-shared keys use passphrases. Weak passphrases are susceptible to dictionary attacks.

How to Crack Wireless Networks

WEP cracking:

Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to use on networks that use WEP to implement security controls. There are basically two sorts of cracks namely;

a)Passive cracking–

This sort of cracking has no effect on the network traffic until the WEP security has been cracked. it’s difficult to detect.

b)Active cracking–

This sort of attack has an increased load effect on network traffic. it’s easy to detect compared to passive cracking. it’s simpler compared to passive cracking.




WEP Cracking Tools

a)Aircrack–

Network sniffer and WEP cracker. are often downloaded from http://www.aircrack-ng.org/

b)WEPCrack–

This is often an open program for breaking 802.11 WEP secret keys. it’s an implementation of the FMS attack. http://wepcrack.sourceforge.net/

c)Kismet-

This will include detector wireless networks both visible and hidden, sniffer packets, and detect intrusions. https://www.kismetwireless.net/

d)WebDecrypt–

This tool uses active dictionary attacks to crack the WEP keys. it’s its own key generator and implements packet filters. http://wepdecrypt.sourceforge.net/

WPA Cracking

WPA utilizes a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks which will be wont to crack passwords. the following tools are often wont to crack WPA keys.

a)CowPatty–

This tool is employed to crack pre-shared keys (PSK) using a brute force attack. http://wirelessdefence.org/Contents/coWPAttyMain.html

b)Cain & Abel–

This tool is often wont to decode capture files from other sniffing programs like Wireshark. The capture files may contain WEP or WPA-PSK encoded frames. http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml

General Attack types:

a)Sniffing–

This involves intercepting packets as they’re transmitted over a network. The captured data can then be decoded using tools like Cain & Abel.

b)Man within the center (MITM) Attack–

This involves eavesdropping on a network and capturing sensitive information.

c)Denial of Service Attack–

The foremost intent of this attack is to deny legitimate users network resources. FataJack is often used to perform this type of attack. More on this in article

Cracking Wireless network WEP/WPA keys

It is feasible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so needs software and hardware resources, and patience. The victory of such attacks can also depend on how active and inactive the users of the target network are.

We will provide you with basic information that can assist you to begin. Backtrack could also be a Linux-based security OS. it’s developed on top of Ubuntu. Backtrack comes with a sort of security tools. Backtrack is often used to gather information, assess vulnerabilities, and perform exploits among other things.

Some of the favored tools that backtrack has included;

  • Metasploit
  • Wireshark
  • Aircrack-ng
  • Nmap
  • Ophcrack
  • Cracking wireless network keys needs the patience and resources mentioned above. At a minimum, you will need the next tools

A wireless network adapter with the potential to inject packets (Hardware)

  • Kali OS. you’ll download it from here https://www.kali.org/downloads/
  •  Be within the target network’s radius. If the users of the select network are actively using and connecting thereto, then your chances of cracking it’ll be significantly improved.
  • Sufficient knowledge of Linux based operating systems and dealing with knowledge of Aircrack and its various scripts.
  •  Patience, cracking the keys may take slightly of sometimes relying on sort of things variety of which may be beyond your control. Elements beyond your control include users of the target network using it actively as you sniff data packets.

How to Secure wireless networks

In minimizing wireless network attacks; an organization can adopt the next policies

  •  Changing default passwords that accompany the hardware.
  •  Enabling the authentication mechanism.
  • Access to the network is frequently restricted by allowing only registered MAC addresses.
  •  Utilize powerful WEP and WPA-PSK keys, a blend of symbols, number, and characters reduces the prospect of the keys been cracking using a dictionary and brute force attacks.
  •  Firewall Software can also assist reduce unauthorized access.

Hacking Activity: Crack Wireless Password

In this practical scheme, we are going to use Cain and Abel to decode the stored wireless network passwords in Windows. we’ll also provide useful information that can be used to crack the WEP and WPA keys of wireless networks.

Decoding Wireless network passwords stored in Windows:
  • Download Cain & Abel from the link presented above.
  • Open Cain and Abel

  • Confirm that the Decoders tab is chosen then click on Wireless Passwords from the navigation menu on the left-hand side.
  • Click on the button with a symbol.

  • Assuming you’ve connected to a secured wireless network before, you will get results almost like those shown below.

  •  The decoder will show you the encryption type, SSID, and thus the password that was used.