Monday, August 11, 2008

WiFi / WLAN / 802.11 Spying Instructions

The following information is available to the public at blackhatlibrary.com. Excerpts reprinted below highlight the need for adding WLAN Security Audits to corporate TSCM inspection programs.


"Wireless Network Hacking and Spying Made Simple"


Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!

Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available....
If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.

For Linux users I recommend:
AirJack- A lightweight program.

Kismet- Unquestionably the most powerful wireless program.

For Windows users I recommend:
AirSnort

AirMagnet


Bypassing WEP or WPA

Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets.
Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK.

Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network.
If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router.

Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. (more)