There was a time when people relied on broadband and mobile data packs for connecting to the internet. With the influx of IOT in our day to day life, the use of WiFi has increased many folds. Every house has almost five to six devices which require internet to work efficiently. Homes have now become more digitally connected with heavy usage of smart TV's, smart Ac's, smartphones, laptops, smart alarms etc. Three components related to WiFi have also gone to the next level along with all other advancements:
WiFi protocols: We are well aware that the use of WEP has depreciated due to security weaknesses. The protocol stack has developed over time from being highly insecure to the highest level of security possible.
Hardware technology: Both the endpoints that use the WiFi and the WiFi router have become advanced. Routers used to come with a single antenna having a small signal range. Now the routers have a bigger range, better signal strength and multiple antennas pointed in multiple directions so as to kill the blind spots.
Wireless attacks: Public WiFi, free WiFi and personal hotspots on the go have increased the wireless playgrounds that the attackers can target. Attackers can hack into the network and can monitor the traffic in that network or crack the password and use your network for free. Just check the wireless networks that the laptop catches and you can see an example right there!
Before we start digging deep into wireless hacking, let's get a few things straight:
Hacking/attacking unauthorized wireless networks is illegal. The article does not encourage the use of the aforementioned tools for the criminal purpose. These tools are to be used only for educational purpose and to try on your own devices or network. Things are not going to be straightforward; wireless hacking is not as easy as shown in hacking movies.
The increase in WiFi usage has led to increased wireless attacks. Any attack on wireless networks or access points which provides substantial information is referred to as wireless hacking. This information can be in the form of WiFi passwords, admin portal access, authentication attacks etc. To understand wireless hacking, one of the most important things to understand are the protocols involved in wireless networks. Attacks are mostly made on the internal steps of the protocol stack. IEEE 802.11 specifies the standards for wireless networks; let us discuss some algorithms that are used in WiFi networks:
WEP (Wired Equivalent Privacy): WEP uses a 40-bit key and a 24-bit initialization vector. It uses RC4 for confidentiality and CRC 32 for integrity. Since the initialization vector is of 24 bits, there is a high probability that the same key will be repeated after every 5000 packets. WEP is a depreciated algorithm due to the various vulnerabilities identified and the fact that it can be cracked very easily.
WPA and WPA2: WPA was introduced as a temporary solution for the devices that did not support WPA2. WPA has now been broken and depreciated. The WPA2 is considered to be the most secure to date. The tools discussed further in the article will also cover details on how to attack WPA and WPA2 but the success of an attack depends on the time and the computing power.
WEP cracking technique: WEP uses a 40-bit key which is 8 characters long. Once enough data packets are captured, breaking this key should not take more than a few minutes.
WPA/WPA2 cracking technique: Our devices have wireless passwords stored so that we do not enter the password on the same device again and again. The attackers take advantage of this by forcefully de-authenticating all the devices on the network. The devices will try to auto-connect to the access point by completing the 4-way handshake. This handshake is recorded and has the hashed password. The hashed password can be brute forced by using a rainbow table.
WPS cracking: This technology uses an 8 digit pin to connect to the wireless router. Brute forcing the 8 digit pin will give access to the router. Various tools use various optimization techniques to increase the speed of this attack and crack the key in a couple of hours.
Related reading: Brute Force Attacks: Prominent Tools to Tackle Such Attacks
Aircrack-ng is one of the most popular suites of tools that can be used to monitor, attack, test and crack WiFi networks. It is compatible with Windows, Linux, OS X and is a command line tool. It can be used for attacking and cracking WPA and WEP. The attaching mechanism is simple. It monitors and collects packets, once enough packets are captured; it tries to recover the password. Here is a tutorial on how to get started on this tool https://www.aircrack-ng.org/doku.php?id=getting_started
A few things to ponder upon before you start. You need a wireless card that can inject packets in the network or you won’t be able to crack. The tool can be downloaded at https://www.aircrack-ng.org/
AirSnort is free WiFi hacking software that captures the packets and tries to decrypt the keys. The monitoring is done in promiscuous mode and records enough packets to reliably decrypt the key. It is a simple tool and supports both Windows and Linux platforms. Further development and maintenance of this tool has been discontinued but the older version can be downloaded at https://sourceforge.net/p/airsnort/wiki/Home/
Kismet is a free software written in C++ that can be used to sniff TCP, UDP, DHCP and ARP packets. It is a passive tool and does not interact with the network. It has the ability to find hidden networks and is used in wardriving kind of activities. The captured packets can be exported to WireShark and can be further analyzed. It is available for Linux, Windows and a few other platforms. You can download the software from https://www.kismetwireless.net/
Cain & Abel is one of the most popular tools that is used for password cracking. The tool is able to sniff the network, crack encrypted passwords using various password cracking techniques and perform cryptanalysis attacks. It can also discover wireless keys by analyzing the wireless protocols. The tool can be downloaded at http://www.oxid.it/cain.html
The name CoWPAtty itself has WPA in uppercase and rest in small letters. It is a Linux based tool that can perform attacks in the pre-shared keys for WPA networks. The tool has a command line interface and is able to perform dictionary attacks on the wireless networks using a wordlist file. The execution is slow due to the usage of SHA 1 with a seed of SSID but you can still give it a try. The tool can be downloaded at https://sourceforge.net/p/cowpatty/wiki/Home/
OmniPeek is a packet sniffer and a protocol analyzer tool. Developed by Savvis organization, It is available only for the Windows platform. The tool has a lot to offer if you have the understanding of the protocols. The captured packets can be stored in the SQL database which can be further analyzed and decoded if required. The features can be enhanced by using API plugins. Some 40+ API's are readily available for the tool. You may also extend the tool capabilities by visiting the MyPeek community portal if you wish. The tool is commercially available and can be downloaded at https://www.savvius.com/product/omnipeek/
Learn more: Amazing Mobile Hacking Tools and Techniques
As the name suggests the tool is able to hijack the air i.e. wireless. The tool is able to receive and inject raw packets in the wireless network. It can be used by the developers to tweak the packets and inject it to develop the solution or by wireless hackers. A wireless hacker is able to perform denial of service attacks by flooding the network with dirty injected packets. You can get a taste of this tool at https://sourceforge.net/p/airjack/wiki/Home/
SSID mentioned in capital letters in the name itself suggests the features of this tool. It is a wireless scanner tool which supports both Windows and OS X. The tool was available as an open source software but not any longer. The tool is able to get information from wireless cards and helps you to choose the best channel available with maximum strength. The signal strength is available in graphical format plotted along time. Various versions of the tool are available and you can choose as per your requirement (you would need to hunt it though). The tool can be downloaded at https://www.metageek.com/products/inssider/
WepAttack can be used to crack 802.11 WEP Keys using a dictionary-based approach. The tool can capture the network dump file received from pcap or libpcap etc. The tool is open source and supports the Linux platform. One thing to be noted here is that the attack is active and not passive in nature. The tool will just test the dictionary words to get the working key. A key requirement is a working LAN card, the remaining requirements can be found at http://wepattack.sourceforge.net/
Reaver uses brute force techniques against WiFi protected setup registrar PINs to get WPA/WPA2 passphrases. One of the best things about this tool is the response time. You can get the passphrase in plaintext within just a couple of hours. If you are using kali, the reaver package is pre-bundled.
Fern WiFi Cracker is a python based tool that can be used for WEP/WPA/WPA2 cracking, session hijacking, ARP request replays and performing brute force attacks. It is able to save the key in the database on a successful attack. It supports automatic access point attacking feature and has an internal MITM engine as well. This too is also pre-bundled in kali.
In case you are interested to find out open WiFi networks, this windows tool can help you get this done. You can find rogue access points, network mis-configurations, poor connectivity areas etc., during wardriving and warwalking kind of activities. The tool is an old veteran and is not updated in a long time so you may face some compatibility issues. This tool interacts actively with the identified networks to gather as much information as possible and hence can be easily detected. Both NetStumbler and a trimmed down version called miniStumbler can be downloaded at http://www.netstumbler.com/downloads/
You may also like: Top 20 Trending Computer Forensics Tools of 2018
Wireshark is one of the most common network analyzers that are available in the market. It uses the packets captured by WinPcap and libpcap and lets you check the traffic that is flowing through your network. It is available for Linux, Mac, and Windows and is a GUI based tool. The tool captures and presents micro-level details of the packets captured. If you know what you are searching for, you may find this tool very helpful. Since the number of packets captured can be huge, the tool has the option for filtering the packets based on protocol type, strings etc. You can get this at https://www.wireshark.org/download.html
Cloudcracker is a cloud-based solution for cracking the passwords of various utilities. The tool uses dictionary based attacks to crack the passwords. The size of the dictionary ranges up to 10 digits. Just upload the handshake file along with a few other details and you are all set.
CommView for WiFi is a packet analyzer software. It is GUI based and can monitor wireless 802.11 a/b/g/n networks. Packets are captured and information like strength, access points, network connections can be identified. If you just want to analyze the traffic on your machine, you can prefer a non-wireless CommView edition. The software can be downloaded at https://www.tamos.com/download/main/ca.php
There are many wireless hacking tools available in the market, 15 of which we have discussed in this article. It is to be noted that the tools are discussed in random order and not in any form of priority or superiority over the other. The tools discussed here are not only designed for wireless hackers but are also used by WiFi admins and programmers working on WiFi based projects alike. These tools can either be used for monitoring the network or cracking the keys to getting access. You may need to use multiple tools to get the desired output as none of the tools would fulfil all the requirements. As a wireless hacker or security professional, you should have some of these tools in your arsenal readily available for quick analysis. Some of the tools perform brute force to crack the keys, make sure that you have an updated master key dump or make a customized list from your experience. A WiFi hacker will always have a customized list prepared by collecting various lists. The hacking program will only be as good as the wordlist itself. You now have enough knowledge about WiFi hacking software to start your journey towards becoming a wireless password hacker.
27 FEB 2019RACI Matrix: How does it help Project Managers?