1 wireless hacking joffrey czarny, src telindus [email protected] state of the art wireless...
TRANSCRIPT
1
Wireless Hacking
Joffrey Czarny, SRC TELiNDUS
State of the Art Wireless Hacking Workshop
2
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Agenda
> Wireless tools> LIVE Demos > Questions & Answers
3
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Wireless tools
> Wardriving tools
> Traffic analyzer
> WEP keys cracker
> WPA Pre-shared keys cracker
4
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Wireless tools
> Wardriving tools:
> Active Detection : Netstumbler
> Passive Detection : Kismet; Dstumbler; Airsnort…
> Traffic analyzer: Airtraf
> WEP keys cracker: Airsnort; Aircrack; wepcrack Dwepcrack…
> WPA Pre-shared keys cracker : cowpatty, Aircrack
5
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Wardriving tools
6
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Wardriving tools
> Passive detection: Listening to all wireless traffic and extract
information from packets obtained.
> Active detection: Sending wireless probe requests and
analyze the network answers.
7
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Network Stumbler
ACTIVE DETECTION
8
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Kismet
PASSIVE DETECTION
9
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Dstumbler BSD_airtools
PASSIVE DETECTION
10
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Traffic analyzer
11
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Traffic analyzer
> Airtraf is a Wireless traffic analyzer
> It is possible to:
> Detect Wireless networks
> Identify Access Points and clients
> Analyze TCP connections
> Generate statistics from protocol and users
> Bandwidth use
12
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Airtraf
13
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
WEP keys cracker
14
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
WEP keys cracker> Statistic attacks on weak initialization vector value (IV )
> Airsnort
> Aircrack
> Wepcrack ( perl script )
> Dwepdump & Dwepcrack bsd_airtools
15
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
WEP keys cracker> Bruteforce or dictionary attacks:
> weplab
> wepdecrypt
16
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
WPA Pre-shared keys cracker
17
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
WPA Pre-shared keys cracker
> Dictionary attacks
> Aircrack (release 2.2)
> Cowpatty
18
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
LIVE Demos
Wardriving
WEP keys cracker
WPA Pre-shared keys cracker
FakeAP & Bluetooth attack (if enough time)
>
<<
>>
19
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Questions & Answers
20
Sta
te o
f th
e A
rt
Wir
ele
ss
Ha
ck
ing
14
/15
.10
.20
05
Additional Resources> NetStumbler > www.netstumbler.com
> Kismet > www.kismetwireless.net
> Bsd_airtools > www.dachb0den.com/projects/bsd-airtools.html
> Airtraf > airtraf.sourceforge.net
> Airsnort > airsnort.shmoo.com
> Aircrack > www.cr0.net:8040/code/network/aircrack/
> Weplab > weplab.sourceforge.net
> Wepdecrypt > wepdecrypt.sourceforge.net
> Cowpatty > new.remote-exploit.org/index.php/Codes_main
> Void11 > www.wlsec.net/void11