diff --git a/README.md b/README.md index ead2984..986ae02 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,14 @@ layout: visible: true --- -# Wireless Penetration Test +# Wi-Fi Hacking Wireless Penetration Testing, often abbreviated as WPT, is an essential tool for maintaining the security of wireless networks. + + +{% @mailchimp/mailchimpSubscribe %} + It is a method that involves an authorized and managed attack on a network to identify potential security weaknesses and areas of vulnerability. Essentially, the purpose of a wireless penetration test is to identify all potential loopholes that could be exploited in a cyber attack. @@ -34,3 +38,15 @@ These tests are critical in helping organizations improve the security of their Gaining insight into how attackers could potentially exploit a network is pivotal to continuous security improvements. {% embed url="https://www.offensive-wireless.com/" %} + +### Wireless Penetration Test Attacks + +During a Wireless Penetration Test (WPT), various attack strategies are employed to evaluate the strength of a wireless network's security. These may include: + +* **Passive Attacks**: Where testers eavesdrop on wireless traffic to gather information without being detected. +* **Active Attacks**: Involving interacting with the network, such as attempting to break encryption, inject packets, or create fake access points. +* **Man-in-the-Middle (MitM) Attacks**: Where the tester positions themselves between two communicating hosts to intercept and potentially modify the data being exchanged. +* **Denial-of-Service (DoS) Attacks**: Designed to overwhelm the network's resources, effectively rendering the service unavailable to legitimate users. +* **Evil Twin Attacks**: A rogue access point is set up to mimic a legitimate network, tricking users into connecting to it to steal sensitive information. + +The outcomes from these attacks aid in identifying and patching vulnerabilities, enhancing overall network resilience against malicious actors. diff --git a/SUMMARY.md b/SUMMARY.md index c9fb42d..8258f38 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -1,10 +1,9 @@ # Table of contents -* [Wireless Penetration Test](README.md) +* [Wi-Fi Hacking](README.md) ## Offensive Wireless -* [Project](offensive-wireless/project.md) * [WebSite](https://www.offensive-wireless.com/) * [Discord](https://discord.gg/sEXM6W95gV) @@ -45,7 +44,7 @@ * [WPS Versions](attacking-wps/wps-versions.md) * [Pixie Dust](attacking-wps/pixie-dust.md) * [Pin Brute Force](attacking-wps/pin-brute-force.md) -* [Null Pin](attacking-wps/null-pin.md) +* [WPS Null Pin](attacking-wps/wps-null-pin.md) ## Cracking diff --git a/attacking-wireless-clients/de-authenticate-a-wireless-client.md b/attacking-wireless-clients/de-authenticate-a-wireless-client.md index 2473fc5..bf2741e 100644 --- a/attacking-wireless-clients/de-authenticate-a-wireless-client.md +++ b/attacking-wireless-clients/de-authenticate-a-wireless-client.md @@ -1,2 +1,25 @@ # De-authenticate a Wireless Client +#### De-authenticating a Wireless Client + +De-authenticating a client from a wireless network is a process used to forcibly disconnect the client from the network. This can be used by network administrators to manage network access or troubleshoot issues. Below are the steps to de-authenticate a wireless client: + +**Step 1: Identify the Client** + +First, you need to find the MAC address of the client you wish to de-authenticate. You can usually find this information from your router's admin interface. + +**Step 2: Use De-authentication Tools** + +Many tools exist that can send de-authentication packets to a client, such as `aireplay-ng` in Linux. Use the following command: + +```bash +sudo aireplay-ng -0 1 -a [AP MAC ADDRESS] -c [CLIENT MAC ADDRESS] wlan0 +``` + +Replace `[AP MAC ADDRESS]` with the MAC address of your access point and `[CLIENT MAC ADDRESS]` with the MAC address of the client. + +**Step 3: Verify the Client is De-authenticated** + +After sending the de-authentication packets, the client should be disconnected from the network. You can verify this by checking the client's network status or by looking at the connected devices list in your router's admin interface. + +_Note: Unauthorized de-authentication of clients is illegal and should only be performed on networks you own or have permission to manage._ diff --git a/attacking-wps/null-pin.md b/attacking-wps/null-pin.md deleted file mode 100644 index dafed1f..0000000 --- a/attacking-wps/null-pin.md +++ /dev/null @@ -1,2 +0,0 @@ -# Null Pin - diff --git a/attacking-wps/pin-brute-force.md b/attacking-wps/pin-brute-force.md index 05ad5c2..564d73c 100644 --- a/attacking-wps/pin-brute-force.md +++ b/attacking-wps/pin-brute-force.md @@ -1,2 +1,21 @@ # Pin Brute Force +### WPS Pin Brute Force Attack + +WPS (Wi-Fi Protected Setup) is a network security standard designed to simplify the process of connecting devices to a secure Wi-Fi network without the need to enter a complex password. It achieves this by using a PIN (Personal Identification Number), which is an eight-digit number that can be entered to connect a device to the network. + +### **How Brute Force Attack Works** + +A brute force attack on WPS PINs involves systematically trying every possible combination until the correct one is found. Considering the WPS PIN is an eight-digit number, the number of possible combinations is 10^8 (100,000,000). However, due to the way the WPS protocol is designed, the number of attempts needed may be significantly lower. + +The eight-digit PIN is split into two parts: the first seven digits and the last digit, which serves as a checksum for the previous seven. Because of this structure, the effective number of combinations to brute force is reduced to 10^7 (10,000,000). Additionally, after the first four digits are confirmed, the protocol confirms this, effectively splitting the brute force process and further reducing the complexity. + +### **Risks and Mitigations** + +Performing a WPS PIN brute force attack is considered a security risk, and using such methods to gain unauthorized access to networks is illegal and unethical. Network administrators need to understand this risk so they can take appropriate security measures: + +* Disable WPS on the router. +* Use a strong WPA2 or WPA3 security protocol for the Wi-Fi network. +* Regularly monitor network access for any unauthorized attempts. + +Please ensure you are authorized and it is legal before attempting any kind of security testing on networks that you do not own. diff --git a/attacking-wps/pixie-dust.md b/attacking-wps/pixie-dust.md index bf0c4ae..3778c9e 100644 --- a/attacking-wps/pixie-dust.md +++ b/attacking-wps/pixie-dust.md @@ -1,2 +1,36 @@ +--- +description: >- + Explore our comprehensive article on WPS Pixie Dust attack – a critical aspect + of cybersecurity. Get to know its implications, prevention tactics, and + mitigation strategies. Learn to secure your syste +--- + # Pixie Dust +#### WPS Pixie Dust Attack + +The WPS Pixie Dust attack is a type of cyberattack which targets the Wi-Fi Protected Setup (WPS) protocol, a network security standard to create a secure wireless home network. This attack takes advantage of a vulnerability in the WPS PIN method of connecting devices to a wireless network. + +**How it Works** + +When a device tries to connect to a WPS-enabled network, it can do so using a PIN which is an 8-digit number. This PIN is highly susceptible to brute-force attacks because it’s split into two parts; the first part contains 7-digits and the second part is a checksum of the first part, leaving the actual unknown digits to 7. The Pixie Dust attack exploits this by trying to retrieve the WPS PIN during the exchange known as the E-S1 and E-S2. + +**Vulnerability** + +The vulnerability comes from the fact that some WPS-enabled routers will transmit enough information during this exchange that allows attackers to deduce the PIN using advanced offline calculations. This usually happens within a matter of seconds to several hours, depending on the complexity of the PIN and the processing power available to the attacker. + +**Mitigation** + +To mitigate the risk of a Pixie Dust attack, it is recommended to: + +* Disable WPS on your router. +* Regularly update router firmware. +* Use a strong WPA2 encryption with a complex passphrase. + +Please note that not all routers are susceptible to a Pixie Dust attack, and security for wireless networks is continually evolving. It’s crucial to stay updated with the latest security practices to protect your network. + +Here are some resources that can help: + +* **National Institute of Standards and Technology (NIST):** [https://www.nist.gov/cyberframework](https://www.nist.gov/cyberframework) +* **Wi-Fi Alliance:** [https://www.wi-fi.org/](https://www.wi-fi.org/) +* **US-CERT:** [https://www.cisa.gov/sites/default/files/publications/infosheet\_US-CERT\_v2.pdf](https://www.cisa.gov/sites/default/files/publications/infosheet\_US-CERT\_v2.pdf) diff --git a/attacking-wps/wps-null-pin.md b/attacking-wps/wps-null-pin.md new file mode 100644 index 0000000..314cf0f --- /dev/null +++ b/attacking-wps/wps-null-pin.md @@ -0,0 +1,23 @@ +# WPS Null Pin + +### WPS Null Pin Attack + +WPS, or Wi-Fi Protected Setup, is a network security standard designed to simplify the process of connecting devices to a wireless network. However, it's vulnerable to several types of attacks, one of which is the WPS Null Pin attack. + +### **How WPS Null Pin Attack Works** + +The WPS Null Pin attack takes advantage of a flaw in the implementation of the WPS protocol where an empty or null PIN—essentially a PIN consisting of all zeroes—can be accepted by a router or access point as a valid means of authentication. + +Example of a command used in a WPS Null Pin attack with a tool like Reaver: + +``` +reaver -i wlan0mon -b 00:90:4C:C1:AC:21 -p "\x00\x00\x00\x00\x00\x00\x00\x00" +``` + +### **Preventing WPS Null Pin Attacks** + +To secure a network against WPS Null Pin attacks, it's advisable to: + +* Disable WPS on your router. +* Regularly update router firmware to ensure any security patches for WPS are applied. +* Monitor network authentication attempts to detect unusual patterns that may indicate an attack in progress. diff --git a/attacking-wps/wps-versions.md b/attacking-wps/wps-versions.md index e29aa1d..7140fe8 100644 --- a/attacking-wps/wps-versions.md +++ b/attacking-wps/wps-versions.md @@ -1,2 +1,9 @@ +--- +coverY: 0 +--- + # WPS Versions +#### Wi-Fi Protected Setup (WPS) Versions + +Wi-Fi Protected Setup (WPS) is a network security standard diff --git a/cracking/passwords.md b/cracking/passwords.md index 9caf5ac..9627a7e 100644 --- a/cracking/passwords.md +++ b/cracking/passwords.md @@ -1,2 +1,24 @@ # Passwords +#### Understanding the Basics of Wi-Fi Security + +**Types of Wi-Fi Encryption** + +* WEP (Wired Equivalent Privacy) +* WPA (Wi-Fi Protected Access) +* WPA2 (Wi-Fi Protected Access II) +* WPA3 (Wi-Fi Protected Access III) + +WEP is the oldest and most vulnerable to cracking due to its weak encryption mechanism. WPA improved on WEP's weaknesses, and WPA2 further enhanced security. WPA3 is the latest standard and offers the strongest security. + +**Methods Used for Cracking Wi-Fi Passwords** + +1. **Brute Force Attack**: Attempting all possible combinations until the correct password is found. +2. **Dictionary Attack**: Using a list of potential passwords (words from a dictionary) and trying them. +3. **Rainbow Table Attack**: Comparing the network's encrypted password against a precomputed table of possible values. +4. **Phishing**: Trick users into revealing their Wi-Fi password through a fake authentication page. +5. **Social Engineering**: Gaining password information through manipulation or deceit. + +**Legal and Ethical Considerations** + +Cracking Wi-Fi passwords without authorization is illegal and unethical. Conducting such activities can result in severe legal consequences. It is important to respect others' privacy and data security. Always ensure you have explicit permission before attempting to test the security of any Wi-Fi network. diff --git a/cracking/rainbow-tables.md b/cracking/rainbow-tables.md index 0ce7b5a..158095c 100644 --- a/cracking/rainbow-tables.md +++ b/cracking/rainbow-tables.md @@ -1,2 +1,39 @@ +--- +description: >- + Dive deep into our latest article about WPA Rainbow Tables. Discover in-depth + knowledge on how to enhance your network security using this powerful tool. + Revealing secrets about WPA Rainbow Tables +--- + # Rainbow Tables +WPA Rainbow Tables are pre-computed databases used to crack WPA/WPA2 passwords through a process called a rainbow table attack. + +These tables contain millions, even billions, of pre-calculated hashes for various combinations of characters, making it much faster to find the password associated with a particular hash compared to brute-forcing every possible password. + +### **WPA vs. WPA2 Rainbow Tables** + +There are separate rainbow tables for WPA and WPA2 due to differences in their hashing algorithms. WPA uses MD5, while WPA2 uses a stronger hashing algorithm called PBKDF2 (Password-Based Key Derivation Function 2). PBKDF2 makes it much more computationally expensive to generate and use rainbow tables for WPA2, offering better protection. + +### Understanding WPA Rainbow Tables + +WPA Rainbow Tables are exceptional tools designed for cracking Wi-Fi Protected Access (WPA and WPA2) passwords. These tables are essentially pre-computed collections of hash values that are used to streamline the process of password recovery. + +### **How Do Rainbow Tables Work?** + +Rainbow tables counteract the time-consuming method of brute-force attacks by providing a pre-calculated list of potential passwords and their corresponding hash values. The workflow involves: + +1. Capturing the handshake between a client and an access point. +2. Searching the rainbow table for a hash matching the handshake. +3. Once found, the corresponding password is revealed, thus breaking the encryption. + +### **Advantages of Using Rainbow Tables** + +* **Speed:** Pre-calculation of hashes saves considerable time during attack execution. +* **Efficiency:** Rainbow tables make it possible to crack complex passwords that would otherwise require immense computational resources. + +### **Limitations and Defense** + +Modern security measures, such as the implementation of salting and the use of stronger password hashing algorithms like bcrypt, make rainbow tables less effective. + +Furthermore, network administrators are encouraged to use strong, unique passwords and upgrade to advanced security protocols like WPA3 to mitigate the risk of such attacks. diff --git a/offensive-wireless/project.md b/offensive-wireless/project.md deleted file mode 100644 index ca5325b..0000000 --- a/offensive-wireless/project.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -cover: >- - https://images.unsplash.com/photo-1552664730-d307ca884978?ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&ixlib=rb-1.2.1&auto=format&fit=crop&w=2970&q=80 -coverY: 0 ---- - -# Project - -## Our Vision - -{% hint style="undefined" %} -**Good to know:** a good vision statement shows the long-term goals of the company without getting too deep into strategy, implementation, or product specifics. -{% endhint %} - -Our company vision is to **be the authoritative reference point for environmentally conscious buyers** and to **encourage more sustainable business practices** through curating beautiful, practical, consciously-produced products. - -## Our Values - -{% hint style="undefined" %} -**Good to know:** company values are statements about how you approach work; how you treat colleagues, customers and users; and what your company stands for. -{% endhint %} - -### Be Compassionate - -We treat everyone we encounter with compassion, seeing the humanity behind their problems and experiences. - -### Be Mindful - -We do not take advantage of our users' attention and adopt mindful working practices so that we can create safe spaces both in our working environment and in our products themselves. - -### Research First - -We challenge our own and others' assumptions through qualitative and quantitative research. Not sure about an idea? Test it. diff --git a/wep-attacks/koreks-chop-chop.md b/wep-attacks/koreks-chop-chop.md index 4b27b1d..d1f7eb4 100644 --- a/wep-attacks/koreks-chop-chop.md +++ b/wep-attacks/koreks-chop-chop.md @@ -1,5 +1,36 @@ +--- +description: >- + Explore our comprehensive article on KoreK's Chop Chop, the ultimate guide + providing insights into its distinct features. Join us for an engaging deep + dive into KoreK's Chop Chop. +--- + # KoreK's Chop Chop +### KoreK ChopChop Attack Explained + +The KoreK ChopChop attack is a sophisticated wireless network attack that targets WEP encryption. It's named after its creator, a hacker known as KoreK. This attack allows an unauthorized user to decrypt packets without knowing the encryption key. + +### **How ChopChop Attack Works** + +1. The attacker captures a packet from the wireless network. +2. The attacker modifies the encrypted packet slightly and tries to resend it to the network. If the modified packet is accepted, it means the last byte of the packet was correctly guessed. +3. The attacker uses this technique to confirm the value of the last byte of the packet. +4. Once the last byte is confirmed, the attacker shortens the packet by one byte and repeats the process, effectively "chopping" off one byte at a time. +5. Eventually, the attacker can determine the entire plaintext of the packet through this process of elimination. +6. With the plaintext revealed, the attacker can analyze the structure of the encrypted packet and extract the WEP key. + +### **Security Implications** + +* The ChopChop attack exploits weaknesses in the WEP protocol, making the use of WEP-protected WiFi networks extremely insecure. +* It is a form of active attack since it involves the injection of modified packets back into the network. + +### **Preventative Measures** + +* Upgrade to WPA or WPA2 encryption, which are more secure than WEP. +* Regularly monitor network traffic for unusual activities that might indicate the presence of an attacker. +* Employ additional security measures such as MAC address filtering, though this is not a foolproof solution. + ``` aireplay-ng -4 -h 00:09:5B:EC:EE:F2 -b 00:14:6C:7E:40:80 wlan0 ``` diff --git a/wifi-802.11/bands-and-channels.md b/wifi-802.11/bands-and-channels.md index 9937a01..ba96955 100644 --- a/wifi-802.11/bands-and-channels.md +++ b/wifi-802.11/bands-and-channels.md @@ -1,2 +1,19 @@ # Bands & Channels +Wi-Fi utilizes radio waves to transmit data wirelessly. These radio waves are divided into different bands, each with its own characteristics and advantages. The two most common Wi-Fi bands are 2.4 GHz and 5 GHz. + +* **2.4 GHz band:** This band is the older and more widely used of the two. It offers wider coverage and can better penetrate walls and other obstacles. However, it is also more crowded, as it is used by many other devices, such as Bluetooth devices, microwave ovens, and cordless phones. This can lead to interference and slower speeds. +* **5 GHz band:** This band is less crowded than the 2.4 GHz band and offers faster speeds. However, it has a shorter range and cannot penetrate walls and other obstacles as well. This means that you may need to have more access points if you have a large home or office. + +In addition to the 2.4 GHz and 5 GHz bands, there is also a new 6 GHz band that is starting to be used by some Wi-Fi devices. The 6 GHz band offers even faster speeds and less congestion than the other two bands. However, it is still too early to say how widely adopted it will be. + +The channels that your Wi-Fi router uses can also affect your speed and performance. Each band is divided into several channels, and it is important to choose a channel that is not being used by other Wi-Fi networks in your area. + +If you are using a 2.4 GHz router, you should choose a channel that is at least 5 channels away from any other Wi-Fi networks. For 5 GHz routers, you can choose any available channel. + +Here are some additional tips for choosing the right Wi-Fi band and channel: + +* If you have a small home or office and only need to connect a few devices, the 2.4 GHz band may be sufficient. +* If you have a large home or office and need to connect many devices, or if you need the fastest possible speeds, the 5 GHz band is a better choice. +* If you live in an apartment building or other crowded area, you may need to experiment with different channels to find one that is not being used by other networks. +* You can use a Wi-Fi analyzer tool to see which channels are being used in your area. diff --git a/wifi-802.11/history.md b/wifi-802.11/history.md index e0e57d3..ff645bd 100644 --- a/wifi-802.11/history.md +++ b/wifi-802.11/history.md @@ -1,2 +1,37 @@ # History +### The Journey of Wi-Fi: A Look Back at 802.11 History + +Wi-Fi, the ubiquitous wireless networking technology we rely on daily, has a fascinating history dating back to the 1980s. Here's a glimpse into its evolution: + +**Early Days (1980s):** + +* **1985:** The Federal Communications Commission (FCC) unlocks the 2.4 GHz band for unlicensed use, laying the groundwork for future wireless technologies. +* **1991:** In the Netherlands, NCR Corporation and AT\&T invent the precursor to 802.11, named WaveLAN, intended for cashier systems with speeds of 1 and 2 Mbps. + +**Standardization and Adoption (1990s):** + +* **1997:** The Institute of Electrical and Electronics Engineers (IEEE) releases the first version of the 802.11 standard, offering speeds up to 2 Mbps. +* **1999:** 802.11b emerges, popularizing Wi-Fi with speeds of up to 11 Mbps, boosting adoption in homes and businesses. +* **1999:** The Wi-Fi Alliance forms, promoting interoperability and branding Wi-Fi as a consumer product. + +**The Rise of Speed and Diversity (2000s):** + +* **2003:** 802.11g arrives, offering 54 Mbps speeds and compatibility with 802.11b devices. +* **2004:** 802.11a emerges, utilizing the 5 GHz band for faster speeds (up to 54 Mbps) but limited range compared to 2.4 GHz. +* **2009:** 802.11n revolutionizes Wi-Fi with MIMO technology, achieving speeds of up to 600 Mbps. + +**Continued Advancements and Innovation (2010s and beyond):** + +* **2013:** 802.11ac pushes the bar further with speeds exceeding 1 Gbps, using wider channels and more efficient modulation techniques. +* **2019:** 802.11ax (Wi-Fi 6) debuts, focusing on improved performance in congested environments with features like MU-MIMO and OFDMA. +* **2020:** 802.11ax expands into the 6 GHz band with Wi-Fi 6E, offering more channels and potentially even faster speeds. +* **Present and future:** Development continues, with 802.11be (Wi-Fi 7) expected to offer multi-gigabit speeds and further advancements in efficiency and capacity. + +**Key Takeaways:** + +* Wi-Fi has evolved from a niche technology to a global phenomenon, driven by continuous standardization, innovation, and increasing user demand for speed and reliability. +* Different generations of 802.11 standards cater to diverse needs, from basic connectivity to high-bandwidth applications. +* The future of Wi-Fi promises even higher speeds, better efficiency, and improved performance in crowded environments. + +I hope this provides a helpful overview of Wi-Fi's rich history! diff --git a/wifi-802.11/packet-types.md b/wifi-802.11/packet-types.md index 93ea293..4d9c8f2 100644 --- a/wifi-802.11/packet-types.md +++ b/wifi-802.11/packet-types.md @@ -1,7 +1,39 @@ # Packet Types -Management +### 802.11 Packet Types -Control +In the 802.11 Wi-Fi networking standard, packets are categorized into three main types, each serving a unique purpose in the communication process between wireless devices: -Data +#### **Management Frames** + +Management frames are responsible for the establishment and maintenance of communication. They help in associating and disassociating devices with the network. + +Examples of management frames include: + +* **Beacon frames**: These are broadcast by the access point to signal its presence and relay information such as SSID and supported rates. +* **Authentication frames**: These are used for authentication services between devices and the access point. +* **Association request/response frames**: These frames manage device association with an access point. + +#### **Control Frames** + +Control frames facilitate the delivery of data frames by helping to control the access to the medium and providing frame acknowledgment. + +Common control frames include: + +* **Acknowledgment (ACK) frames**: Sent to confirm the successful reception of a frame. +* **Request to Send (RTS) and Clear to Send (CTS) frames**: Used in an optional handshaking process to minimize collisions. + +#### **Data Frames** + +Data frames carry the actual payload, which is the user data from higher layers. These frames are protected by acknowledgment mechanisms to ensure reliable delivery. + +The structure of data frames includes: + +* **Frame Control field**: Contains information defining the type of frame. +* **Duration**: Specifies the time period required for the frame. +* **Address fields**: Define the transmitter, receiver, and the BSSID. +* **Sequence Control field**: Helps in ordering frame sequences. +* **Data Payload**: The encapsulated user information. +* **Frame Check Sequence (FCS)**: Used for error detection. + +Understanding the functions and structures of these packet types is crucial for diagnosing network issues and enhancing Wi-Fi performance.