The use of wireless networks has increased exponentially over the last decade or so. Wi-Fi is being
extensively used not only by corporate organizations but also by individuals and home users. If you walk
or drive through your city you may find tons of wireless networks.
The wireless hacking methodology consists of the following basic steps:
1. Discovering Wi-Fi networks :-
This is the first step in making an attempt to compromise a Wi-Fi network. In this step, various Wi-Fi discovery tools (like NetStumbler, NetSurveyor, and so on) are used to scan the available networks within range.
2. GPS mapping :-
Once a list of Wi-Fi networks is obtained, it can then be geographically visualized using maps. WiGLE is one such web-based service, which accepts feeds from Wi-Fi scanners and shows the listed networks on maps.
3. Wireless traffic analysis :-
Setting up the proper hardware and software for Wi-Fi hacking is required in this step. While some operating systems, like Windows, let you listen in on Wi-Fi communication but not inject it, others, like Linux, let you do both. Additionally, several essential programs used in Wi-Fi hacking, such as Aircrack-ng, only function with particular Wireless adapters. Tools like Wireshark can be used to examine wireless communications once the proper hardware and software configuration has been made.
4. Execute attacks :-
Once the initial reconnaissance has been done, it’s time to execute attacks on the target wireless network.
- Fragmentation attack :- By launching a successful fragmentation attack, we can obtain up to 1500 bytes of PRGA (Pseudo Random Generation Algorithm). This attack doesn’t reveal the WEP key but just fetches the PRGA. Once the PRGA is obtained, it can be used to generate packets that are then used for various wireless injection attacks.
- MAC-spoofing :- Many access points have MAC filtering enabled. This means only those devices whose MAC ID is in the access point’s whitelist can connect to the wireless network. To bypass this, MAC address spoofing can be used to change the MAC address of a wireless adapter to the one matching the access point’s MAC whitelist. SMAC is one such tool on Windows that helps change the MAC address of network adapters.
- De-authentication attack :- This type of attack is used to forcefully disconnect users who are actively connected on the target access point. This is a type of denial-of-service attack.
- Man-in-the-middle attack :- In this type of attack the attacker first deauthorizes a valid active user from the access point then forces the victim user to connect to a fake access point, and finally intercepts all the data that the victim sends and receives during the session.
- Evil twin attack :- In this type of attack the attacker sets up an access point that pretends to be legitimate by imitating another genuine access point within the area. Users connect to the rogue access point, which is exactly the twin of the original access point. Once the users are associated with the rogue access point, the attacker can then intercept and tamper all network traffic passing through it.
5. Break Wi-Fi encryption :-
Finding the encryption key used in the target wireless network is the next step. The encryption key can be successfully cracked using the Aircrack toolset, which includes instruments like airmon-ng, airodump-ng, airreplay-ng, and aircrack-ng.