Cyber Lab Assignment‐5 - gobi098/Cyber-Lab GitHub Wiki

Basic workings of Wi-Fi and its types with various types of attacks on it.

The basic working of Wi-Fi

WiFi functions by sending data through radio waves, wherein devices interact via the exchange of radio signals within the network. Access Points (APs) play a central role, facilitating the reception and transmission of data among connected devices.

The distinct identification of WiFi networks is achieved through their Service Set Identifier (SSID), essentially acting as their exclusive network label. To ensure the secure transmission of data, authentication and encryption protocols such as WPA2 or WPA3 are utilized. These mechanisms authenticate device connections and protect against unauthorized access.

Types of WiFi

802.11 b/g/n:

These represent older WiFi protocols primarily functioning within the 2.4 GHz frequency band, providing speeds that are relatively slower in comparison to more recent standards.

802.11 ac:

Commonly referred to as WiFi 5, this standard functions across both the 2.4 GHz and 5 GHz frequency bands, delivering accelerated speeds and enhanced performance when contrasted with previous standards.

802.11 ax:

Known as WiFi 6, this represents the most recent WiFi standard, providing elevated speeds, reduced latency, and enhanced efficiency, particularly in densely populated environments.

Various types of WiFi attacks pose security risks

Eavesdropping (Passive Attacks)

The unauthorized interception of WiFi signals allows attackers to capture sensitive information such as passwords or financial data without directly engaging in the network.

Man-in-the-Middle (MITM) Attacks

Attackers intercept communication between two parties, potentially altering or eavesdropping on transmitted data.

Brute Force Attacks

By systematically trying all possible password combinations, attackers attempt to crack WiFi passwords.

Evil Twin Attacks

Rogue access points, which mimic the SSIDs of legitimate networks, trick users into connecting to them, potentially putting their data at risk of compromise.

Denial of Service (DoS) Attacks

Attackers flood WiFi networks with excessive traffic, rendering them inaccessible to legitimate users.

WPS Vulnerabilities

While simplifying device connections, WiFi Protected Setup (WPS) can introduce security flaws if improperly configured, allowing unauthorized access.

To capture wireless packets in monitor mode connect the wireless adapter

image

We need enable monitor mode in the adapter

image

Perform Wi-Fi fingerprinting

Wifite

After switching to the sudo user, we launched Wifite and conducted a scan of the Wi-Fi networks in the surrounding area.

image

Create an Access point with any Wi-Fi encryption standard and start testing the security of that connection using any Wi-Fi security testing tools, which should include (Aircrack-Ng, Wifite, not limited). Try to capture the 4-way handshake using these methods.

image

Our objective is to attack the Target network, which is utilizing the WPA-P security protocol.

image

It initiates de-authentication of clients connected to the target network in an attempt to capture the handshake.

image

It stores the captured handshake as a pcap file and attempts to crack the password using the provided wordlist. Once cracked, such as into "12345678", we can view the key. We proceed to analyze the Wireshark pcap file saved, confirming the capture of the four-handshake.

Also you have to create your dictionary file for cracking the passwords.

To generate a wordlist, we can use the crunch command.

crunch 8 12 012345678abcdefghijklmnopqrstuvwxyz -o wordlist.txt

image

Use Rouge AP (WifiPhisher) to create an Evil twin, perform a basic phishing attack using this rouge AP, and document the difference between the two attacks you have performed.

We have to install WifiPhisher. sudo apt install WifiPhisher

When running WifiPhisher, we need to choose which fake WiFi network to create.

image

We need to specify the type of phishing attack to execute; in this case, we've opted for "auth login."

image

So with the help of WifiPhisher, we created a fake Amrita Wi-Fi.

Learn the protocol level working of WPA3 and how it differs from WPA2.

Wi-Fi Protected Access 3 (WPA3) serves as the successor to WPA2, bolstering security measures and addressing vulnerabilities found in its predecessor.

Key Establishment and Authentication:

WPA3 brings forth Simultaneous Authentication of Equals (SAE), a handshake protocol derived from the DragonFly Key Exchange Protocol. This mechanism addresses vulnerabilities found in WPA2's four-way handshake, making WPA3 resistant to offline dictionary attacks and password guessing.

Encryption:

WPA3 now includes Galois Counter Mode (GCMP) support, providing security comparable to Chaining Message Authentication Code Protocol (CCMP) but with greater processing efficiency. This efficiency enhancement has the potential to extend device battery life.

Protection against Brute Force Attacks:

WPA3 incorporates more robust defenses against brute force attacks by integrating a hash-to-group feature within the Dragonfly handshake protocol. This substantially increases the challenge for attackers trying to guess passphrases through repetitive brute force attempts.

Forward Secrecy:

WPA3 offers perfect forward secrecy, guaranteeing that even if a network's security key is compromised in the future, attackers cannot decrypt previously transmitted data within the network.