changing several characteristics of the wireless card
play

Changing several characteristics of the wireless card Basic tools - PDF document

Sep 29, 2022 •484 likes •608 views

1 Changing several characteristics of the wireless card Basic tools To retrieve a list of interfaces (even the inactive ones) ifconfig a Typically, wireless interfaces are represented as wlanXX If the wireless interface is on the DOWN state

  1. 1 Changing several characteristics of the wireless card Basic tools To retrieve a list of interfaces (even the inactive ones) ifconfig –a Typically, wireless interfaces are represented as wlanXX If the wireless interface is on the DOWN state (disabled), then we should enable it before doing anything meaningful with it ifconfig <interface> up To see the characteristics of the wireless extensions of the interfaces on our system iwconfig 802.11 Pen Testing Notes v2.0.2017

  2. 2 In the case of our example the only wireless interface is the wlan1 Changing the channel To change the channel of the card iwconfig <interface> channel <channel number> After doing so, if you run the iwconfig command again you will notice that the card is set to 2.412 GHz which corresponds to the frequency of the first channel. 802.11 Pen Testing Notes v2.0.2017

  3. 3 Changing the transmission power The region of the device is an important setting which indirectly dictates the strength of the signal in which the card transmits. Different countries have different legislations regarding the maximum strength of the signal of a wireless card. For pen testing purposes it is to the best benefit to have a card set to the maximum supporting power. To get the current region iw reg get 802.11 Pen Testing Notes v2.0.2017

  4. 4 To change the region thus, the transmission power of the card ifconfig <interface> down iw reg set <region code> ifconfig <interface> up iw reg get 802.11 Pen Testing Notes v2.0.2017

  5. 5 A comprehensive list of region codes can be retrieved here: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 Changing the operation mode Typically, wireless cards are set to managed mode, so they can function as clients to infrastructure based networks. Monitor mode allows cards to read all traffic including packets that originate from non-associated networks. To set the card in monitor mode one can rely on the tool airmon-ng of the aircrack suite airmon-ng start <interface> Changing the mac address It is possible to change the MAC address of the NIC card Ifconfig <interface> down macchanger –m <new mac address> <interface> Ifconfig <interface> up Analyzing Traffic 802.11 Pen Testing Notes v2.0.2017

  6. 6 When a wireless card is set in monitor mode it captures all packets from the air interface. It is possible with the right tools to view, analyze and store these packets. The airodump-ng tool To view a list of all the APs in the area and the STAs connected to each one airodump-ng <interface in monitor mode> Note: by default, airodump-ng forces the card to hop among channels. Keep in mind that to achieve this, the card spends only a portion of time on each channel. However, when listening to a channel all packets transmitted to the rest of the channels will evade the monitoring. To restrain the monitoring to a specific channel airodump-ng <interface in monitor mode> -c <number of desired channel> This is usually done when the attacker has located the victim AP or STA and wishes to capture as many packets as possible for further analysis. Airodump has the capability of saving all packets on the disk. airodump-ng <interface in monitor mode> -c <number of desired channel> -w <name of file> 802.11 Pen Testing Notes v2.0.2017

  7. 7 Note that airodump-ng saves packets only relevant to WEP key cracking or pen testing. Therefore, the created file will not contain all the packets in the channel. For more information on the capabilities of airodump-ng tool visit: http://www.aircrack- ng.org/doku.php?id=airodump-ng The Wireshark tool It is possible to associate Wireshark’s output with a wireless network interface thus, gaining insight to the packets of the live capture. Moreover, one can apply different kinds of filters regarding various fields of the packets (e.g. their type and subtype). This can be done by inserting the mnemonic and the desired value in the filter input field. Alternatively, filtering can be achieved by locating a packet with a desired attribute and setting it as an example filter. Moreover, it is possible to combine multiple filters by applying the standard C operators (e.g., ==, !=, >, <=, !, &&, || etc.). Some of the most important filters for wireless capture can be retrieved from here: https://www.wireshark.org/docs/dfref/w/wlan.html https://www.wireshark.org/docs/dfref/w/wlan_mgt.html The subtype codes of 802.11 frames can be retrieved here: https://supportforums.cisco.com/document/52391/80211-frames-starter-guide-learn-wireless- sniffer-traces The traffic captured with Wireshark can be saved as a binary file (pcap) or another file type including textual formats (e.g., CSV). This is useful for processing with conventional tools and methods. To do that in Wireshark one simply can choose File->Export Packet Dissections-> as “CSV”. 802.11 Pen Testing Notes v2.0.2017

  8. 8 Availability Attacks It is possible to reduce the availability of a wireless network or cause denial-of-service (DoS) against specific clients by forging and transmitting specific management (in most cases) frames. This steams from the fact that in 802.11 networks management frames are transmitted unencrypted. Deauthentication attack This attack is based on the transmission of deauthentication frames. It is considered the easiest and most effective way of creating a DoS attack against all or specific clients of the network. The aircrack suite has tools that automate this process. To unleash a deauthentication attack against all clients connected to a specific AP, first one has to know the MAC address of the victim AP. This can be easily done via airodump-ng or wireshark. Then, by using the -0 (or -- deauth) option of the aireplay-ng tool one can cause a flood of deauthentication frames to be transmitted. aireplay-ng --ignore-negative-one -0 <packets to be sent> -a <AP MAC Address> <interface in monitor mode> 802.11 Pen Testing Notes v2.0.2017

  9. 9 Notice that you can insert 0 instead of a predefined number of packets and the process will carry on indefinitely. Another tool that can unleash a deauthetication attack is mdk3 . Actually, the specific tool follows a deadlier methodology (but at the same time more obvious to intrusion detection systems) for this attack. To execute a deauthentication attack with mdk3 mdk3 <interface> d 802.11 Pen Testing Notes v2.0.2017

  10. 10 Impersonation Attacks 802.11 permits multiple APs, advertising the same ESSID to exist in the same location. This is done so that multiple BSS can be formed under the same ESS, thus effectively increasing the range of a network. However, this fact can be abused by an attacker to introduce their own AP, in the neighborhood of a valid AP. Typically, the attacker will mimic the characteristics of the valid AP (BSSID, advertised ESSID, security capabilities) to confuse the client. This practice is known as Evil Twin attack. As a first step the attacker will typically set their card into higher power mode so that his/her fake AP be preferred by the clients: First, disable the card ifconfig <interface> down Change, the region of the wireless interface iw reg set <region code> Re-enable the wireless interface ifconfig <interface> up Make sure that the changes were successfully applied. iw reg get iwconfig <interface> A comprehensive list of region codes can be retrieved here: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 Note: the database of <region, permitted power levels> resides in the kernel and is taken from the file with the name wireless-regdb. A list of such files can be found in: https://www.kernel.org/pub/software/network/wireless-regdb/ 802.11 Pen Testing Notes v2.0.2017

  11. 11 The next step should be to infer the characteristics of the valid AP and then attempt to clone each one of the AP characteristics. The former, can easily be done with the airodump-ng tool while for the latter an attacker can choose to go through a manual change of settings or use the airbase-ng tool. For example, if they would wish to manually change the channel of the wireless interface one can rely on airmon-ng tool: airmon-ng start <interface> <channel number> alternatively, the same can be achieved through the iwconfig tool: iwconfig <interface> channel <channel number> After doing so, if the iwconfig command is executed again, an alternative frequency in GHz is presented which corresponds to the chosen channel. 802.11 Pen Testing Notes v2.0.2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading,

Wireless and Mobile Networks Wireless and 802.11 LANs wireless links: shared, fading, interference, hidden terminal problem IEEE 802.11 ( wi-fi ) CSMA/CA reflects wireless channel characteristics DIFS, SIFS,

1.43k views • 83 slides
Wireless Payment Protocol (WPP) Jeyanthi Hall, Susan Kilbank, Michel Barbeau and Evangelos

Wireless Payment Protocol (WPP) Jeyanthi Hall, Susan Kilbank, Michel Barbeau and Evangelos

Wireless Payment Protocol (WPP) Jeyanthi Hall, Susan Kilbank, Michel Barbeau and Evangelos Kranakis Introduction Problem Electronic credit card and debit card transactions over wireless networks Contribution Wireless Payment

364 views • 8 slides
1 Characteristics of selected wireless link Elements of a wireless network standards 54 Mbps

1 Characteristics of selected wireless link Elements of a wireless network standards 54 Mbps

The Data Link Layer Chapter 6: Wireless and Mobile Networks Our goals: Topics Background: link layer services understand principles # wireless (mobile) phone subscribers now behind data link layer error detection, correction

362 views • 10 slides
Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ?

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ?

Reversing a Japanese Wireless SD Card From Zero to Code Execution Guillaume VALADON - @guedou ? 2015 2018 2 ? ? 3 Get the slides at https://goo.gl/oijvdN 4 Toshiba FlashAir 5 See

1.5k views • 101 slides
Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a

Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a

Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a P-Card? VISA credit card issued by Bank of America Used to make purchase of goods and some services of $2,500 or less P-Card Controls

480 views • 34 slides
Wireless Challenges Force us to rethink many assumptions Need to share airwaves rather

Wireless Challenges Force us to rethink many assumptions Need to share airwaves rather

CS640: Introduction to Computer Networks Aditya Akella Lecture 22 - Wireless Networking Wireless Challenges Force us to rethink many assumptions Need to share airwaves rather than wire Mobility Other characteristics of

450 views • 12 slides
Training for Cardholders Introduction to the P-Card Program What is a P-Card? VISA credit

Training for Cardholders Introduction to the P-Card Program What is a P-Card? VISA credit

Purchasing Card Program Training for Cardholders Introduction to the P-Card Program What is a P-Card? VISA credit card issued by Bank of America Used to make purchase of goods and some services of $2,500 or less P-Card Controls

933 views • 26 slides
The Changing Usage of a Mature Campus-wide Wireless Network Andrew Stone CS525m Mobile and

The Changing Usage of a Mature Campus-wide Wireless Network Andrew Stone CS525m Mobile and

The Changing Usage of a Mature Campus-wide Wireless Network Andrew Stone CS525m Mobile and Ubiquitous Computing Overview Project Goal Data Collection Methods Findings and Data Analysis Conclusions and Recommendations 2

915 views • 46 slides
TRANServe Debit Card Overview 1 What is the TRANServe Debit Card? The TRANServe debit card

TRANServe Debit Card Overview 1 What is the TRANServe Debit Card? The TRANServe debit card

TRANServe Debit Card Overview 1 What is the TRANServe Debit Card? The TRANServe debit card is a Visa-branded debit card that provides your transit benefit electronically. TRANServes Counsel has been working closely with Counsel from

476 views • 14 slides
Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer Engineering University of Waterloo gbagnew@engmail.uwaterloo.ca Overview Wireless LANS 1. WLAN Standards and Characteristics Overview of

899 views • 72 slides
2017 Report Card Annual Report Cards The 2017 Report Card is our 6 th Report Card! 2 Sustainable

2017 Report Card Annual Report Cards The 2017 Report Card is our 6 th Report Card! 2 Sustainable

2017 Report Card Annual Report Cards The 2017 Report Card is our 6 th Report Card! 2 Sustainable Peterborough 2017 Overview 7 3 154 Working Staff Partners Groups Members Climate Change Action Plan updated baseline inventory for 2012-

506 views • 35 slides
Changing Places/Changing Faces 1 Running Head: CHANGING PLACES/CHANGES FACES Changing

Changing Places/Changing Faces 1 Running Head: CHANGING PLACES/CHANGES FACES Changing

Changing Places/Changing Faces 1 Running Head: CHANGING PLACES/CHANGES FACES Changing Places/Changing Faces: Immigrant Youth and Identity Development Elham Bagheri &amp; Jay M. Greenfeld, M.A. University of Iowa Changing Places/Changing

401 views • 11 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Husky One Card Office Welcome! www.onecard.uconn.edu Topics Functions of the Husky One Card

Husky One Card Office Welcome! www.onecard.uconn.edu Topics Functions of the Husky One Card

Husky One Card Office Welcome! www.onecard.uconn.edu Topics Functions of the Husky One Card Husky One Card Replacements Husky Bucks One Card Website Questions &amp; Answers Husky One Card: Key to Campus Functions of the

359 views • 11 slides
1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

1 Wireless standards Path Loss Phenomena Wireless standards Path Loss Phenomena Open

Outline Outline What is wireless? Overview Wireless parameters Cellular architecture Wireless Networks Wireless Networks Media multiple access Wireless LAN 802.11 MANET Mobile Ad-hoc NETworks Amnon Jonas

525 views • 13 slides
Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
802.11 Security &amp; Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security &amp; Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer

802.11 Security &amp; Pen Testing Fengwei Zhang Constantinos Kolias SUSTech CS 315 Computer Security 1 Wireless Communications: Advantages &amp; Disadvantages Makes communication possible where cables dont reach Convenience

399 views • 17 slides
Create your own dynDNS-service 1 Motjvatjon Why dynamic DNS? Access to devices without a

Create your own dynDNS-service 1 Motjvatjon Why dynamic DNS? Access to devices without a

create your own e Leonhard Kunz, Daniel Ocando Create your own dynDNS-service 1 Motjvatjon Why dynamic DNS? Access to devices without a non-changing (statjc) IP over the Internet 2 Motjvatjon Access to their private home network

358 views • 21 slides
Sumer and Babylon Warm Up: Take out your Bibles and have them ready. Then, read the &quot;Read

Sumer and Babylon Warm Up: Take out your Bibles and have them ready. Then, read the &quot;Read

5.2 Sumer and Babylon.notebook October 26, 2014 Sumer and Babylon Warm Up: Take out your Bibles and have them ready. Then, read the &quot;Read Aloud&quot; found on page 108 of your textbook. Oct 2611:13 AM 1 5.2 Sumer and Babylon.notebook

774 views • 17 slides
1 Peter 5:5-7 5 Young men, in the same way be submissive to those who are older. All of you,

1 Peter 5:5-7 5 Young men, in the same way be submissive to those who are older. All of you,

1 Peter 5:5-7 5 Young men, in the same way be submissive to those who are older. All of you, clothe yourselves with humility toward one another, because, God opposes the proud but gives grace to the humble. [Proverbs 3:34] 6 Humble

889 views • 40 slides
Katherine Strandburg New York University School of Law The Requirement to Explain Decisions *

Katherine Strandburg New York University School of Law The Requirement to Explain Decisions *

Decisionmaking, Machine Learning and the Value of Explanation Katherine Strandburg New York University School of Law The Requirement to Explain Decisions * Procedural due process: Individuals subject to government decisionmaking are

226 views • 20 slides
Cyber@UC Meeting 64 Wireless Auditing and Monitoring Tools If Youre New! Join our Slack:

Cyber@UC Meeting 64 Wireless Auditing and Monitoring Tools If Youre New! Join our Slack:

Cyber@UC Meeting 64 Wireless Auditing and Monitoring Tools If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees:

503 views • 15 slides
K e e p i n g A u t h o r i t i e s Honest or Bust with Decentralized Witness Cosigning

K e e p i n g A u t h o r i t i e s Honest or Bust with Decentralized Witness Cosigning

K e e p i n g A u t h o r i t i e s Honest or Bust with Decentralized Witness Cosigning Ewa Syta, Iulia Tamas, Dylan Visher, David Isaac Wolinsky Yale University Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khofg, Bryan Ford

840 views • 55 slides
Outline Previous e-cash and techniques CSci 5271 Bitcoin design Introduction to Computer

Outline Previous e-cash and techniques CSci 5271 Bitcoin design Introduction to Computer

Outline Previous e-cash and techniques CSci 5271 Bitcoin design Introduction to Computer Security Day 26: Electronic cash and Bitcoin Announcements Stephen McCamant University of Minnesota, Computer Science &amp; Engineering Bitcoin

365 views • 7 slides

More recommend