• WiFi Attacks and Testing Tools | 217
    		•

    | Chapter 7: Wireless Security Testing




    Download 22,59 Mb.
    Pdf ko'rish
    bet197/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   193   194   195   196   197   198   199   200   ...   225
    Bog'liq
    learningkalilinux

    216 | Chapter 7: Wireless Security Testing

    Figure 7-5. wifite attempting Pixie Dust attacks
    Injection Attacks
    A common approach to attacking WiFi networks is to inject frames into the network.
    This can be in order to elicit a response from the AP. One of the tools available in Kali
    to enable injection is 
    wifitap
    . This program creates a tunnel interface that can be used
    to inject traffic through to the wireless network. 
    Example 7-4
    shows the use of 
    wifitap
    to create a tunnel interface. The BSSID is provided for the AP associated with the
    SSID. You’ll also see that the interface for inbound and outbound are specified. Once
    wifitap
    is run, you will see that there is a new interface. You will then need to config‐
    ure the new interface, 
    wj0
    , in order to use it.
    Example 7-4. Using wifitap to create a tunnel
    yazpistachio:root~# wifitap -b 50:C7:BF:82:86:2C -i wlan0 -o wlan0
    Psyco optimizer not installed, running anyway...
    IN_IFACE: wlan0
    OUT_IFACE: wlan0
    BSSID: 50:c7:bf:82:86:2c
    Interface wj0 created. Configure it and use it
    Once you have the interface up, you will be able to set an IP address for the target
    network on the interface and then set routes for the target network through your new
    interface. This program will allow you to inject packets into the network without
    using any other library. Any application can use this new interface without needing to
    know anything about interacting with wireless networks. Along with 
    wifitap
    comes a
    WiFi Attacks and Testing Tools | 217

    few other tools that can be used to answer protocols like ARP and DNS. The tools
    wifiarp
    and 
    wifidns
    can be used to listen for and respond to those protocols on the
    network.
    Not all wireless interfaces support packet injection. Packet injection is something that
    will be important not only for dumping traffic onto the wireless network but also for
    trying to crack passwords that will allow us to get authentication credentials for that
    wireless network. 
    Example 7-5
    shows the use of the tool 
    aireplay-ng
    to determine
    whether injection works on your system with your interface. You can see from the
    result that injection is successful.
    Example 7-5. Using aireplay-ng to test packet injection
    yazpistachio:root~# aireplay-ng -9 -e TP-Link_862C -a 50:C7:BF:82:86:2C wlan0
    21:07:37 Waiting 
    for
    beacon frame 
    (
    BSSID: 50:C7:BF:82:86:2C
    )
    on channel 5
    21:07:37 Trying broadcast probe requests...
    21:07:38 Injection is working!
    21:07:39 Found 
    1
    AP
    21:07:39 Trying directed probe requests...
    21:07:39 50:C7:BF:82:86:2C - channel: 
    5

    'TP-Link_862C'
    21:07:40 Ping 
    (
    min/avg/max
    )
    : 1.290ms/14.872ms/48.013ms Power: -44.97
    21:07:40 29/30: 96%
    aireplay-ng
    comes with the 
    aircrack-ng
    package and is also capable of running other
    attacks, such as fake authentication, ARP replay, and other attacks against authentica‐
    tion. All of these attacks are performed using packet injection techniques on the wire‐
    less network. This is a key element of running password attacks.

    Download 22,59 Mb.
    1   ...   193   194   195   196   197   198   199   200   ...   225




    Download 22,59 Mb.
    Pdf ko'rish