SlideShare a Scribd company logo

Wireless Security null seminar

Download as PPTX, PDF
Nilesh Sapariya
Nilesh Sapariya

Wireless Security 1) Introduction to WLAN Security 2) Wardriving 3) WPA / WPA2 PSK (Personal) Cracking ​

1 of 51
Wireless Security Nilesh Sapariya CEH v8 , CCNA Security Engineer About me :
Agenda 1) Introduction to WLAN Security 2) WLAN Architectures 3) WPA / WPA2 PSK (Personal) Cracking
WLAN 1 ) In computing, Wireless LAN or Wireless Local Area Network is a term to refer to a Local Area Network that does not need cables to connect the different devices. 2) Instead, radio wave are used to communicate
From Fixed Device to Mobile Device
These Device’s don’t have LAN Port
Only and Best Mode of Connectivity
With Wi-Fi Ports Can Be Easily Cut In Half Representative 12-person Workgroup 6 Conference room & public area ports 5 Other devices (printer, copier, fax, etc.) 12 Ports (reserved for future use) V C O Existing Wired Network Edge (1:1 ratio of ports to devices) O O F F F F F F “Right-sized” Edge (One port supports multiple users and devices simultaneously) V V V V V V V V V V V V D D D D O O D D D O O AP O Wireless is a more efficient, many-to-one access method 7 L 12 VOIP phones 7 Desktop PC’s 5 Laptop PCs 1 Wireless AP (mobile devices, guests, etc.) D F AP V V V V V V V V V V V V D D D D D D D AP O O F F F F F F L L L L L O C C C C C C
Wi-Fi Comes Problem Challenging Wi-Fi Environment Client Density And Diversity Challenges Security against Uncontrolled Wireless Devices and Infrastructure attacks RF Noise Metal Objects with Wheels Building Materials
Security Risk Uncontrolled Wireless Devices • Rogue APs • Laptops acting as bridges • Misconfigured WLAN Settings on laptops • Ad-Hoc networks Attacks against WLAN infrastructure • Denial of Service/flooding • Man-in-the-Middle • WEP (Wired Equivalent Privacy ) cracking (aircrack-ng – famous tool) • WPA/WPA2 ( Wireless protected access ) cracking (aircrack-ng – famous tool)
Security Risk Ad Hoc ? Access Point MAC Spoofing Server Rogue User Mis-configured Access Point Office And More such kind of Attacks
Wireless Standards - 802.11a, 802.11b/g/n, and 802.11ac • 1997 IEEE ( Institute of Electrical and Electronics Engineering ) created First WLAN • Called as 802.11 • 802.11 only supports max network BW = 2 Mbps (to slow for most of application )
WLAN Operation • Wireless LAN (WLAN) Can operate in 2 different frequency ranges • 2.4GHz (802.11 b/g/n ) • 4.9 or 5GHz (802.11 a/h/j/n) • Note : your wireless card can only be on one channel ( it has single radio ) • Every country has allowed channel ,users and maximum power levels
• Fair distribution of clients across channels • eg. Channel 1, 6, 11 • Fair distribution of clients across bands • eg. 2.4-GHz and 5-GHz Channel 1 Channel 6 Channel 11
WLAN Setup “Fat” Access Point” Management Policy Mobility Forwarding Encryption Authentication 802.11a/b/g/n Antennas “Thin” Access Points Management Policy Mobility Forwarding Encryption Authentication 802.11a/b/g/n Antennas  Centralized Management  Centralized Security  Many devices to manage  Many entry points to secure Centralized Mobility Controller
Wardriving • How to find SSID in your area • How to find hidden SSID • Tools used :- i. inSSIDer ii. Common view for wifi
Understanding WPA / WPA2 (Wi-Fi Protected Access )
Wireless Encryption • The main source of vulnerability associated with wireless networks are the methods of encryption. There are a few different type of wireless encryption including: • WEP • WPA • WPA2
WEP • Stands for Wired Equivalent Privacy. • WEP is recognizable by the key of 10 or 26 hexadecimal digits.
WPA or WPA2 • Stands for Wi-Fi Protected Access • Created to provide stronger security • Still able to be cracked if a short password is used. • If a long passphrase or password is used, these protocol are virtually not crackable. • WPA-PSK and TKIP or AES use a Pre-Shared Key (PSK) that is more than 7 and less than 64 characters in length.
Why WPA ? WEP (Wired Equivalent Privacy )broken beyond repair if you are using 64 bit or 128 bit key WEP will be broken
Weaknesses of WEP 1. Poor key management • WEP uses same key for authentication/encryption • Provides no mechanism for session key refreshing • Static Key encryption used 2. One-way authentication
WEP Replacement  WPA  WPA2  Long Term Solution  Use CCMP ( Counter Mode Cipher Block Chaining Message Authentication Code Protocol )  Based on AES  Hardware Change Require  Intermediate solution by Wifi- Alliance  Use TKIP (Temporal Key Integrity Protocol )  Based on WEP  Hardware change not required  Firmware update Personal Enterprise Personal Enterprise PSK 802.1x + Radius PSK 802.1x + Radius
Difference between WPA-Personal & WPA-Enterprise  Wireless Architecture  How to create profile for WPA-Personal and WPA-Enterprise
WEP :Static Key Encryption Static WEP Key Static WEP Key Probe Request-Response Authentication RR , Association RR Data Encrypted with Key
WPA :Non Static Key Static WEP Key Static WEP Key Probe request response Authentication , Association Dynamic Key Generated First Data Encrypted with Dynamic Key How are dynamic keys Created ?
WPA / WPA2 PSK(Personal) Cracking
WPA Pre-shared Key Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 ) Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 )
PBKDF2 • Password Based Key Derivation Function • RFC 2898 • PBKDF2 (Passphrase, SSID,ssidLen,4096,256 ) • 4096 - Number of times the passphrase is hashed • 256 - Intended Key Length of PSK
How does the Client know ? • Beacon Frames ? • Probe Response Packets from the AP ? • Can be used to create a WPA/WPA2 Honeypot as well!
How WEP Works 1) We try to collect large number of data packets 2) Bunch of large data packet contains weak IV 3) We Run it with the algorithm or aircrak-ng and get the key Then how to crack WPA-PSK ?
Lets “ Shake the hand” #4-way Handshake Probe Request Response Supplicant Authenticator Authentication RR, Association RR Pre-Shared Key 256 bit Pre-Shared Key 256 bit ANounce PTK SNounce Message 2 Snounce PTK Key Installed + MIC Message 4 Key Install Acknowledgement Key Installed
Pairwise Transient Key • PTK = Function (PTK ,ANounce, SNounce, Authenticator MAC ,Supplicant MAC )  PMK= Pre-Shared Key (Pairwise master Key)  ANounce = Random by AP  SNounce = Random by Client  Authentication MAC = AP MAC  Supplicant MAC = Client MAC  MIC – Message Integrity Check ( Signature Algorithm )
WPA Working: Block Diagram Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 ) 4 Way Handshake SNonce Anonce AP MAC Client MAC PTK
WPA-PSK Susceptible to Dictionary Attack
DEMO WPA / WPA2 PSK(Personal) Cracking
External Wireless Card • Alfa Networks AWUS036H USB based card • Already integrated with Backtrack and Kali • Allows for packet sniffing • Allows for packet injection • We will use this in our Demo session
Software Setup • Run Kali Linux on VM machine • Connecting Alfa Adapter
Understanding Wireless Sniffing • Wireless : Monitor mode • When you put card in monitor mode then it will accept all the packet it is seeing in the current channel • Inbuilt tool in Kali which helps in quickly put card into monitoring mode and sniff the packets • Will use Tool name : airmon-ng to put card in to monitor mode ( part of aircrack sweet of tools )
Some Basic Terms • MAC address or physical address is a unique identifier assigned to network interfaces for communications • Access point >> Wireless router • SSID (service set identifier) >> Network Name • BSSID (basic service set identification ) >> MAC address of the access point
Using KaliLinux or BT • Some Basic Backtrack Terms >> • Wlan0 – wireless interface • Mon0 – monitor mode • Handshake :-refers to the negotiation process between the computer and a WiFi server using WPA encryption. Needed to crack WPA/WPA2. • Dictionary - consisting the list of common passowords. • .cap file – used to store packets.
Tools Used • Airmon-ng >> Placing different cards in monitor mode Airodump-ng (Packet snniffer ) >> Tool used to listen to wireless routers in the area. Aireplay-ng ( Packet injector ) >> Aireplay-ng is used to inject frames. – The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. • Aircrack-ng >> Cracks WEP and WPA (Dictionary attack) keys.
Lets Hack 
Lets Start This will list all of the wireless cards that support monitor (not injection) mode. The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mine is mon0.
• Airodump will now list all of the wireless networks in your area.
• airodump-ng –c [channel] – bssid [bssid] –w /root/Desktop/ [monitor interface] Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
• Airodump with now monitor only the target network, allowing us to capture more specific information about it. NOTE : • What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0
Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!
Final Step • aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap • -a is the method aircrack will use to crack the handshake, 2=WPA method. -b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5. -w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder. /root/Desktop/*.cap is the path to the .cap file containing the password
If the phrase is in the wordlist, then aircrack-ng will show it too you like this
Thank you Email: nilesh.s.sapariya@gmail.com Twitter : @nilesh_loganx Contact : 8898813662

More Related Content

What's hot

802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
akruthi k
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
Napier University
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
Fábio Afonso
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
Paul Gillingwater, MBA
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
Anshuman Biswal
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
AmanuelZewdie4
 
Wlan security
Wlan securityWlan security
Wlan security
Upasona Roy
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
802.1x
802.1x802.1x
802.1x
akruthi k
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
Ajay Gupta
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Shahid Beheshti University
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
dkaya
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
PositiveTechnologies
 
Wireless Local Area Networks
Wireless Local Area NetworksWireless Local Area Networks
Wireless Local Area Networks
Don Norwood
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
Cloud Distribution
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
Shital Kat
 

What's hot (20)

802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
WPA-3: SEA and Dragonfly
WPA-3: SEA and DragonflyWPA-3: SEA and Dragonfly
WPA-3: SEA and Dragonfly
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi Hacking
 
Wireless Networking Security
Wireless Networking SecurityWireless Networking Security
Wireless Networking Security
 
Chapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptxChapter 7 - Wireless Network Security.pptx
Chapter 7 - Wireless Network Security.pptx
 
Wlan security
Wlan securityWlan security
Wlan security
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
802.1x
802.1x802.1x
802.1x
 
WiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & DefenceWiFi Secuiry: Attack & Defence
WiFi Secuiry: Attack & Defence
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem... 5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
 
Wireless Local Area Networks
Wireless Local Area NetworksWireless Local Area Networks
Wireless Local Area Networks
 
Meraki Overview
Meraki OverviewMeraki Overview
Meraki Overview
 
Wifi Security
Wifi SecurityWifi Security
Wifi Security
 

Viewers also liked

Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
Muhammad Zia
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
CODE BLUE
 
WiFi technology Writeup
WiFi technology WriteupWiFi technology Writeup
WiFi technology Writeup
Shital Kat
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
Ravi Ranjan
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
Nzava Luwawa
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit Bhatia
Arpit Bhatia
 
Colubris Basic Customer Presentation
Colubris Basic Customer PresentationColubris Basic Customer Presentation
Colubris Basic Customer Presentation
daten
 
Wireless security
Wireless securityWireless security
Wireless security
Aurobindo Nayak
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modification
iaemedu
 
Wifi direct technology a technical report
Wifi direct technology a technical reportWifi direct technology a technical report
Wifi direct technology a technical report
Angelos Alevizopoulos
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
Kirubaburi R
 
WIFI TECHNOLOGY
WIFI TECHNOLOGYWIFI TECHNOLOGY
WIFI TECHNOLOGY
Ajnish Rana
 
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
Sunghun Kim
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Dr Shashikant Athawale
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
Chandrak Trivedi
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
Gyana Ranjana
 

Viewers also liked (19)

Wireless security presentation
Wireless security presentationWireless security presentation
Wireless security presentation
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
Wireless security testing with attack by Keiichi Horiai - CODE BLUE 2015
 
WiFi technology Writeup
WiFi technology WriteupWiFi technology Writeup
WiFi technology Writeup
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
Wpa vs Wpa2
Wpa vs Wpa2Wpa vs Wpa2
Wpa vs Wpa2
 
Wireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit BhatiaWireless LAN Security by Arpit Bhatia
Wireless LAN Security by Arpit Bhatia
 
Colubris Basic Customer Presentation
Colubris Basic Customer PresentationColubris Basic Customer Presentation
Colubris Basic Customer Presentation
 
Wireless security
Wireless securityWireless security
Wireless security
 
Revisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modificationRevisiting the experiment on detecting of replay and message modification
Revisiting the experiment on detecting of replay and message modification
 
Wifi direct technology a technical report
Wifi direct technology a technical reportWifi direct technology a technical report
Wifi direct technology a technical report
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
WIFI TECHNOLOGY
WIFI TECHNOLOGYWIFI TECHNOLOGY
WIFI TECHNOLOGY
 
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
802.11 Wireless LAN Vulnerability Assessment (ITSPSR-21A)
 
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LANBasic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and Protection
 
Wireless Network Security
Wireless Network SecurityWireless Network Security
Wireless Network Security
 

Similar to Wireless Security null seminar

Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
Hariraj Rathod
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
al-sari7
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
Mihir Shah
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
Harshit Varshney
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
Virendra Thakur
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
Wireless LAN Deployment Best Practices
Wireless LAN Deployment Best PracticesWireless LAN Deployment Best Practices
Wireless LAN Deployment Best Practices
Michael Boman
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
Shashank Srivastava
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
Tom Isaacson
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
ClubHack
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
Information Technology
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
SubashiniRathinavel
 
Wireless hacking septafiansyah
Wireless hacking septafiansyahWireless hacking septafiansyah
Wireless hacking septafiansyah
Septafiansyah P
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
Alok Pandey (AP)
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
Aleph Tav Technologies Private Limited
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.ppt
SagarBedarkar3
 
謝續平
謝續平謝續平
謝續平
9577601
 

Similar to Wireless Security null seminar (20)

Exploiting WiFi Security
Exploiting WiFi Security Exploiting WiFi Security
Exploiting WiFi Security
 
4 wifi security
4 wifi security4 wifi security
4 wifi security
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Wifi hacking
Wifi hackingWifi hacking
Wifi hacking
 
Wi fi security
Wi fi securityWi fi security
Wi fi security
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Wireless LAN Deployment Best Practices
Wireless LAN Deployment Best PracticesWireless LAN Deployment Best Practices
Wireless LAN Deployment Best Practices
 
Shashank wireless lans security
Shashank wireless lans securityShashank wireless lans security
Shashank wireless lans security
 
WPA3 - What is it good for?
WPA3 - What is it good for?WPA3 - What is it good for?
WPA3 - What is it good for?
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008Sheetal - Wirelesss Hacking - ClubHack2008
Sheetal - Wirelesss Hacking - ClubHack2008
 
Ch06 Wireless Network Security
Ch06 Wireless Network SecurityCh06 Wireless Network Security
Ch06 Wireless Network Security
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Wireless lan security(10.8)
Wireless lan security(10.8)Wireless lan security(10.8)
Wireless lan security(10.8)
 
Wireless hacking septafiansyah
Wireless hacking septafiansyahWireless hacking septafiansyah
Wireless hacking septafiansyah
 
Wi Fi Technology
Wi Fi TechnologyWi Fi Technology
Wi Fi Technology
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
wireless lan security.ppt
wireless lan security.pptwireless lan security.ppt
wireless lan security.ppt
 
謝續平
謝續平謝續平
謝續平
 

Recently uploaded

Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
Kamal Acharya
 
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdfGUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
ProexportColombia1
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
itssurajthakur06
 
Software Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project ManagementSoftware Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project Management
Prakhyath Rai
 
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-IDUNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
GOWSIKRAJA PALANISAMY
 
Press Tool and It's Primary Components.pdf
Press Tool and It's Primary Components.pdfPress Tool and It's Primary Components.pdf
Press Tool and It's Primary Components.pdf
Tool and Die Tech
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
Rafael Santos
 
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model SafeRohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
binna singh$A17
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
sanabts249
 
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
IJAEMSJORNAL
 
Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.
Tool and Die Tech
 
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen FramesUnblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Sinan KOZAK
 
LeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdfLeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdf
pavanaroshni1977
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
Mani Krishna Sarkar
 
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
sharvaridhokte
 
Conservation of Taksar through Economic Regeneration
Conservation of Taksar through Economic RegenerationConservation of Taksar through Economic Regeneration
Conservation of Taksar through Economic Regeneration
PriyankaKarn3
 
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE DonatoCONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
Servizi a rete
 
Net Zero Case Study: SRK House and SRK Empire
Net Zero Case Study: SRK House and SRK EmpireNet Zero Case Study: SRK House and SRK Empire
Net Zero Case Study: SRK House and SRK Empire
Global Network for Zero
 
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
VICTOR MAESTRE RAMIREZ
 
How to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POSHow to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POS
Celine George
 

Recently uploaded (20)

Social media management system project report.pdf
Social media management system project report.pdfSocial media management system project report.pdf
Social media management system project report.pdf
 
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdfGUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
GUIA_LEGAL_CHAPTER_4_FOREIGN TRADE CUSTOMS.pdf
 
PMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOCPMSM-Motor-Control : A research about FOC
PMSM-Motor-Control : A research about FOC
 
Software Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project ManagementSoftware Engineering and Project Management - Introduction to Project Management
Software Engineering and Project Management - Introduction to Project Management
 
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-IDUNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
UNIT I INCEPTION OF INFORMATION DESIGN 20CDE09-ID
 
Press Tool and It's Primary Components.pdf
Press Tool and It's Primary Components.pdfPress Tool and It's Primary Components.pdf
Press Tool and It's Primary Components.pdf
 
Evento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recapEvento anual Splunk .conf24 Highlights recap
Evento anual Splunk .conf24 Highlights recap
 
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model SafeRohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
Rohini @ℂall @Girls ꧁❤ 9873777170 ❤꧂VIP Yogita Mehra Top Model Safe
 
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
21CV61- Module 3 (CONSTRUCTION MANAGEMENT AND ENTREPRENEURSHIP.pptx
 
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
Profiling of Cafe Business in Talavera, Nueva Ecija: A Basis for Development ...
 
Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.Trends in Computer Aided Design and MFG.
Trends in Computer Aided Design and MFG.
 
Unblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen FramesUnblocking The Main Thread - Solving ANRs and Frozen Frames
Unblocking The Main Thread - Solving ANRs and Frozen Frames
 
LeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdfLeetCode Database problems solved using PySpark.pdf
LeetCode Database problems solved using PySpark.pdf
 
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
1239_2.pdf IS CODE FOR GI PIPE FOR PROCUREMENT
 
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
22519 - Client-Side Scripting Language (CSS) chapter 1 notes .pdf
 
Conservation of Taksar through Economic Regeneration
Conservation of Taksar through Economic RegenerationConservation of Taksar through Economic Regeneration
Conservation of Taksar through Economic Regeneration
 
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE DonatoCONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
CONVEGNO DA IRETI 18 giugno 2024 | PASQUALE Donato
 
Net Zero Case Study: SRK House and SRK Empire
Net Zero Case Study: SRK House and SRK EmpireNet Zero Case Study: SRK House and SRK Empire
Net Zero Case Study: SRK House and SRK Empire
 
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
Advances in Detect and Avoid for Unmanned Aircraft Systems and Advanced Air M...
 
How to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POSHow to Manage Internal Notes in Odoo 17 POS
How to Manage Internal Notes in Odoo 17 POS
 

Wireless Security null seminar

  • 1. Wireless Security Nilesh Sapariya CEH v8 , CCNA Security Engineer About me :
  • 2. Agenda 1) Introduction to WLAN Security 2) WLAN Architectures 3) WPA / WPA2 PSK (Personal) Cracking
  • 3. WLAN 1 ) In computing, Wireless LAN or Wireless Local Area Network is a term to refer to a Local Area Network that does not need cables to connect the different devices. 2) Instead, radio wave are used to communicate
  • 4. From Fixed Device to Mobile Device
  • 5. These Device’s don’t have LAN Port
  • 6. Only and Best Mode of Connectivity
  • 7. With Wi-Fi Ports Can Be Easily Cut In Half Representative 12-person Workgroup 6 Conference room & public area ports 5 Other devices (printer, copier, fax, etc.) 12 Ports (reserved for future use) V C O Existing Wired Network Edge (1:1 ratio of ports to devices) O O F F F F F F “Right-sized” Edge (One port supports multiple users and devices simultaneously) V V V V V V V V V V V V D D D D O O D D D O O AP O Wireless is a more efficient, many-to-one access method 7 L 12 VOIP phones 7 Desktop PC’s 5 Laptop PCs 1 Wireless AP (mobile devices, guests, etc.) D F AP V V V V V V V V V V V V D D D D D D D AP O O F F F F F F L L L L L O C C C C C C
  • 8. Wi-Fi Comes Problem Challenging Wi-Fi Environment Client Density And Diversity Challenges Security against Uncontrolled Wireless Devices and Infrastructure attacks RF Noise Metal Objects with Wheels Building Materials
  • 9. Security Risk Uncontrolled Wireless Devices • Rogue APs • Laptops acting as bridges • Misconfigured WLAN Settings on laptops • Ad-Hoc networks Attacks against WLAN infrastructure • Denial of Service/flooding • Man-in-the-Middle • WEP (Wired Equivalent Privacy ) cracking (aircrack-ng – famous tool) • WPA/WPA2 ( Wireless protected access ) cracking (aircrack-ng – famous tool)
  • 10. Security Risk Ad Hoc ? Access Point MAC Spoofing Server Rogue User Mis-configured Access Point Office And More such kind of Attacks
  • 11. Wireless Standards - 802.11a, 802.11b/g/n, and 802.11ac • 1997 IEEE ( Institute of Electrical and Electronics Engineering ) created First WLAN • Called as 802.11 • 802.11 only supports max network BW = 2 Mbps (to slow for most of application )
  • 12. WLAN Operation • Wireless LAN (WLAN) Can operate in 2 different frequency ranges • 2.4GHz (802.11 b/g/n ) • 4.9 or 5GHz (802.11 a/h/j/n) • Note : your wireless card can only be on one channel ( it has single radio ) • Every country has allowed channel ,users and maximum power levels
  • 13. • Fair distribution of clients across channels • eg. Channel 1, 6, 11 • Fair distribution of clients across bands • eg. 2.4-GHz and 5-GHz Channel 1 Channel 6 Channel 11
  • 14. WLAN Setup “Fat” Access Point” Management Policy Mobility Forwarding Encryption Authentication 802.11a/b/g/n Antennas “Thin” Access Points Management Policy Mobility Forwarding Encryption Authentication 802.11a/b/g/n Antennas  Centralized Management  Centralized Security  Many devices to manage  Many entry points to secure Centralized Mobility Controller
  • 15. Wardriving • How to find SSID in your area • How to find hidden SSID • Tools used :- i. inSSIDer ii. Common view for wifi
  • 16. Understanding WPA / WPA2 (Wi-Fi Protected Access )
  • 17. Wireless Encryption • The main source of vulnerability associated with wireless networks are the methods of encryption. There are a few different type of wireless encryption including: • WEP • WPA • WPA2
  • 18. WEP • Stands for Wired Equivalent Privacy. • WEP is recognizable by the key of 10 or 26 hexadecimal digits.
  • 19. WPA or WPA2 • Stands for Wi-Fi Protected Access • Created to provide stronger security • Still able to be cracked if a short password is used. • If a long passphrase or password is used, these protocol are virtually not crackable. • WPA-PSK and TKIP or AES use a Pre-Shared Key (PSK) that is more than 7 and less than 64 characters in length.
  • 20. Why WPA ? WEP (Wired Equivalent Privacy )broken beyond repair if you are using 64 bit or 128 bit key WEP will be broken
  • 21. Weaknesses of WEP 1. Poor key management • WEP uses same key for authentication/encryption • Provides no mechanism for session key refreshing • Static Key encryption used 2. One-way authentication
  • 22. WEP Replacement  WPA  WPA2  Long Term Solution  Use CCMP ( Counter Mode Cipher Block Chaining Message Authentication Code Protocol )  Based on AES  Hardware Change Require  Intermediate solution by Wifi- Alliance  Use TKIP (Temporal Key Integrity Protocol )  Based on WEP  Hardware change not required  Firmware update Personal Enterprise Personal Enterprise PSK 802.1x + Radius PSK 802.1x + Radius
  • 23. Difference between WPA-Personal & WPA-Enterprise  Wireless Architecture  How to create profile for WPA-Personal and WPA-Enterprise
  • 24. WEP :Static Key Encryption Static WEP Key Static WEP Key Probe Request-Response Authentication RR , Association RR Data Encrypted with Key
  • 25. WPA :Non Static Key Static WEP Key Static WEP Key Probe request response Authentication , Association Dynamic Key Generated First Data Encrypted with Dynamic Key How are dynamic keys Created ?
  • 26. WPA / WPA2 PSK(Personal) Cracking
  • 27. WPA Pre-shared Key Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 ) Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 )
  • 28. PBKDF2 • Password Based Key Derivation Function • RFC 2898 • PBKDF2 (Passphrase, SSID,ssidLen,4096,256 ) • 4096 - Number of times the passphrase is hashed • 256 - Intended Key Length of PSK
  • 29. How does the Client know ? • Beacon Frames ? • Probe Response Packets from the AP ? • Can be used to create a WPA/WPA2 Honeypot as well!
  • 30. How WEP Works 1) We try to collect large number of data packets 2) Bunch of large data packet contains weak IV 3) We Run it with the algorithm or aircrak-ng and get the key Then how to crack WPA-PSK ?
  • 31. Lets “ Shake the hand” #4-way Handshake Probe Request Response Supplicant Authenticator Authentication RR, Association RR Pre-Shared Key 256 bit Pre-Shared Key 256 bit ANounce PTK SNounce Message 2 Snounce PTK Key Installed + MIC Message 4 Key Install Acknowledgement Key Installed
  • 32. Pairwise Transient Key • PTK = Function (PTK ,ANounce, SNounce, Authenticator MAC ,Supplicant MAC )  PMK= Pre-Shared Key (Pairwise master Key)  ANounce = Random by AP  SNounce = Random by Client  Authentication MAC = AP MAC  Supplicant MAC = Client MAC  MIC – Message Integrity Check ( Signature Algorithm )
  • 33. WPA Working: Block Diagram Pre-Shared Key 256 bit PBKDF2 Passphrase (8-63 ) 4 Way Handshake SNonce Anonce AP MAC Client MAC PTK
  • 34. WPA-PSK Susceptible to Dictionary Attack
  • 35. DEMO WPA / WPA2 PSK(Personal) Cracking
  • 36. External Wireless Card • Alfa Networks AWUS036H USB based card • Already integrated with Backtrack and Kali • Allows for packet sniffing • Allows for packet injection • We will use this in our Demo session
  • 37. Software Setup • Run Kali Linux on VM machine • Connecting Alfa Adapter
  • 38. Understanding Wireless Sniffing • Wireless : Monitor mode • When you put card in monitor mode then it will accept all the packet it is seeing in the current channel • Inbuilt tool in Kali which helps in quickly put card into monitoring mode and sniff the packets • Will use Tool name : airmon-ng to put card in to monitor mode ( part of aircrack sweet of tools )
  • 39. Some Basic Terms • MAC address or physical address is a unique identifier assigned to network interfaces for communications • Access point >> Wireless router • SSID (service set identifier) >> Network Name • BSSID (basic service set identification ) >> MAC address of the access point
  • 40. Using KaliLinux or BT • Some Basic Backtrack Terms >> • Wlan0 – wireless interface • Mon0 – monitor mode • Handshake :-refers to the negotiation process between the computer and a WiFi server using WPA encryption. Needed to crack WPA/WPA2. • Dictionary - consisting the list of common passowords. • .cap file – used to store packets.
  • 41. Tools Used • Airmon-ng >> Placing different cards in monitor mode Airodump-ng (Packet snniffer ) >> Tool used to listen to wireless routers in the area. Aireplay-ng ( Packet injector ) >> Aireplay-ng is used to inject frames. – The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. • Aircrack-ng >> Cracks WEP and WPA (Dictionary attack) keys.
  • 43. Lets Start This will list all of the wireless cards that support monitor (not injection) mode. The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mine is mon0.
  • 44. • Airodump will now list all of the wireless networks in your area.
  • 45. • airodump-ng –c [channel] – bssid [bssid] –w /root/Desktop/ [monitor interface] Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).
  • 46. • Airodump with now monitor only the target network, allowing us to capture more specific information about it. NOTE : • What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
  • 47. aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0
  • 48. Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!
  • 49. Final Step • aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap • -a is the method aircrack will use to crack the handshake, 2=WPA method. -b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5. -w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder. /root/Desktop/*.cap is the path to the .cap file containing the password
  • 50. If the phrase is in the wordlist, then aircrack-ng will show it too you like this
  • 51. Thank you Email: nilesh.s.sapariya@gmail.com Twitter : @nilesh_loganx Contact : 8898813662

Editor's Notes

  1. ANounce & SNounce – A large random number / How Dynamic key generated / PTK = Pair wise transient key / MIC = Message integrity check