Last updated Feb. 3, 2018
This is the second chapter of the Rootsh3ll Wireless Security and Pentesting Series. In the previous chapter we covered :
- Installing Kali Linux in VMWare
- Setting up the Wireless card
- Configuring the wireless card
- Installing Kali Linux on a PC
- Removing Kali Linux
Moving on to the second chapter of the series, we will go through the basics of Wi-Fi networks. This chapter will cover the topics listed below:
- What is Wi-Fi and its need ?
- Types of encryption and their need ?
- Understanding Public and Private IP
- Possible attacks on a Wi-Fi Access Point (AP)
- Future of Wi-Fi
Before getting into the specified topics, I would like to tell you that this chapter will be completely theoretical and solely being written for the better understanding of the Wi-Fi and its security mechanism. I am writing this chapter, keeping a Beginner, an intermediate security person in mind, who might or might not have Hacked/Pentested a WiFi yet and never went into the slight details of what is actually happening behind that is making the stuff work.
This chapter will take you through the beginning of the WiFi, How Wireless interfaces works, How WiFi is different and better from Bluetooth(not only in terms of Transfer Speed), You will also learn similarity between all the Wireless devices.
So, I would like you to read this chapter thoroughly, because this is going to be the strong base throughout the series and will be very helpful in your life, and especially your Security related career.
Lets get started,
Wireless networks(Wi-Fi) and its need
What is Wi-Fi ?
What is the need for Wi-Fi ?
A. World has always been moving towards the better.and according to the statistics it is clear that in next 5 years a large population will be using wireless devices for the purpose like storing data, listening music, Accessing Internet etc.
Wireless technology not only saves the element used to manufacture the wires but also provide us way much lesser cost for installation of the devices, since there are no wire for the installation but just some information to be registered. Which is perhaps matter of a few minutes.
As we can see today wireless devices have become a basic need for one’s life. In the coming time it is going to expand to as much people as it can.
Hence, more wireless device, more the vulnerabilities and more the need for WiFi Security Experts.
Types of encryption and their need
What are the types of encryption ?
WLAN [Wireless Local Area Network] can be secured using 3 security protocols
- WEP – Wired Equivalent Privacy
- WPA – Wi-Fi Protected Access
- WPA2 – Wi-Fi Protected Access II
All the 3 protocols have their own encryption methods better than the previous.
- WEP – Uses RC4 algorithm for encrypting data packets
- WPA – Uses TKIP encryption, based on WEP
- WPA2 – Uses AES, most secured and unbroken at this point
What is the need ?
In 1997, WiFi Alliance released the first security standard for the wireless networks i.e WEP, but sooner in 2001 WEP was broken twice leading to the password recovery/hacking of the wireless network. Then again in 2002 A security researcher discovered a security flaw in WEP. WEP was broken beyond repair at this point.
This was the time IEEE committee said that they need a quick patch for WEP.
In 2003 WPA, an intermediate solution for WEP was released.
WPA was supposed to run on the same hardware supported by WEP. All what one needed to do is a firmware update.
Some key things to note:
- WPA uses TKIP encryption, which wraps up over the WEP packets to clean some vulnerabilities discovered earlier and provide a better security. So it was basically based on WEP.
- Hardware changes were not mandatory for WPA, as it was supposed to fix the vulnerability of the router that had already been shipped.
- At the same time WiFi alliance started working on the much secured protocol of Wi-Fi which was named WPA2.
A year later, in September 2004 WiFi Alliance released the most secured version of the Wireless security i.e WPA2
How WPA2 is different from WPA ?
A. There are some basic differences between the two :
- WPA2 uses AES for packet encryption, it is perhaps most secured encryption method available and unbroken at this point.
- Hardware changes are mandatory for running WPA2.
- Released as the new standard for Wireless devices and from march 2006 WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark.
Understanding Public and Private IP
As the heading suggests, there are 2 types of IP addresses for a computer connected to a network.
Public IP – A computer on the Internet is identified by its Public IP. IP addresses are publicly registered with Network Information Centre (NIC) to avoid IP conflicts. Computer on private LANs need not to be accessed by the public, for this reason NIC has reserved certain addresses that can never be registered publicly. Those addresses are called
Private IP – IP address of a computer inside a W/LAN. example, 192.168.1.101
Certain addresses reserved by the NIC are divided into 3 classes of Private IPs :
- Class A – Ranges from 10.0.0.0 to 10.255.255.255 [Total 16,777,216 addresses ]. For large networks basically, spread across cities
- Class B – Ranges from 172.16.0.0 to 172.31.255.255 [Total 1,048,576 addresses ]. For networks like Universities.
- Class C – Ranges from 192.168.0.0 to 192.168.255.255 [Total 65,536 addresses]. Perfect for home routers!
Private IP addresses are assigned to the devices connected to that Router. Device can be your Laptop, Mobile, Tablet…anything that is capable to connect to a Wireless network or in technical terms you can call it a Subnet (Sub Network)
How to Check Public IP ?
Just google: “ip”. It will show your Public IP address.
P.S: It is a Pool IP. Will change after I disconnect 😀
Uses of Public IP:
Apart from just locating the device over the Internet, Public IP play a significant role in :
Reverse IP lookup
It is often called Reverse IP domain check. What happens is, We enter a domain name, say google.com and the Reverse IP tool will check the IP address of google.com [126.96.36.199] and then will check other sites known to be hosted on the same web server.
Websites like who.is allows us to check the nameserver of a website and other interesting stuff with that. This is by far the best and most useful website for the hackers!
Find IP location or IP geolocation
Simple just google “find ip location” or go to this website: iplocation.net.
It will show all the details related to your public IP. You can see you location on google maps also. Keep looking! you’ll find much interesting stuff.
Stuff with Private IPs ? We will be performing them along the series. Stay tuned!
Possible attacks on a Wi-Fi Access Point (AP)
Even if you are not connected to the network as you don’t have the key, you can still perform attacks on the WLAN or the connected clients(Devices).
A few information that always remains unencrypted are:
- ESSID, or AP name. “rootsh3ll” in our case.
- BSSID, Client’s MAC address
- Router’s MAC address
- Channel, on which the Access point is operating.
- Encryption type, WEP, WPA/WPA2 or WPS
An attacker can leverage these info to perform possible attacks to
- Jam the network
- Disconnect legitimate client
- Connecting the client to hacker created Access point, or create a Honeypot
We will learn to perform and defend these attacks in Chapter-6 of the series.
Future of Wi-Fi
As the world is moving from the Wired to wireless(better) devices and also the wireless devices are exponentially becoming faster, better, cheaper theFuture of Wi-Fi is very much high.
As you might have seen Apple’s New MacBook(2015). It has just a single port(USB-C) for charging, as Wireless charging is not available at this moment. Any kind of data transfer to/through the MacBook has to be wireless. It can be:
- Listening to music
- Storing data on Hard drive
- Accessing Internet etc.
Crucial part is, Storing data on Hard drive wirelessly might be slower than Storing with wires(USB 3.0). But the good news is MacBook and many new routers are now capable of 802.11ac type networking. Which is way faster than the type-n networking. So storing data wirelessly is going to be amazingly easier not only on MacBook but on every future device that will support type-ac networking.
This is all for this chapter. Hope you liked it.
High Gain Antenna:
USB Drive (32 GB):
SanDisk Ultra Fit USB 3.0 32GB Pen Drive (International)
SanDisk Ultra USB 3.0 32 GB Pen Drive (India Only)
You can comment to let me know your views about chapter 2 of the rootsh3ll Wi-Fi Security and Pentesting series.