WEP/WPA2 WiFi Password Security & Exploiting IP Based - - PowerPoint PPT Presentation

wep wpa2 wifi password security exploiting ip based
SMART_READER_LITE
LIVE PREVIEW

WEP/WPA2 WiFi Password Security & Exploiting IP Based - - PowerPoint PPT Presentation

Nov 24, 2023 169 likes •468 views

WEP/WPA2 WiFi Password Security & Exploiting IP Based Surveillance Cameras By Basiru Mohammed Rajkumar Ramadhin Alexander Martin Introduction With growing advancement in the "Internet of Things" we must take a look at the

slide-1
SLIDE 1

WEP/WPA2 WiFi Password Security & Exploiting IP Based Surveillance Cameras

By Basiru Mohammed Rajkumar Ramadhin Alexander Martin

slide-2
SLIDE 2

Introduction

  • With growing advancement in the "Internet of Things" we must take a

look at the security of networks and their associated devices and determine the threats associated with this rapidly growing field of technology.

  • Surveillance cameras, baby monitors, household appliances, and
  • ther network devices are all connected through wireless networks.

As these devices grow in popularity, so too does the threat they pose to privacy and security.

  • Hardening the security of networks and IOT devices is vital in

ensuring the safe use of these convenient and helpful appliances.

slide-3
SLIDE 3

Basic Password Definitions

  • Encryption- Scrambling information so that only someone with a

corresponding key (cipher) can decrypt that information. The intent of Encryption is to protect data with the intent to later decrypt that data.

  • Hashing- Uses an algorithm to map data of any size to a fixed length known

as a hash value. Different than encryption in that it is not meant to be decrypted and there is no cipher. Each hash value is unique.

  • Salting- Typically unique to password hashing. Salting adds extra data to

the known data before it is hashed. This adds an extra layer of complexity from brute force decryption.

slide-4
SLIDE 4

Salting

slide-5
SLIDE 5

Increasing total Password Size and Character Types used makes a more secure password

Total characters in alphabet = 26 characters

  • Every character makes it 26x stronger
  • EX: a-z _ _ _ _ = 264 = 456,976 password possibilities
  • EX2: a-z _ _ _ _ _ = 265 = 11,881,376 password possibilities

Capital and Lower Cases = 52 characters

  • Combination of Upper and Lower case letters
  • EX: _ _ _ _ of upper and lowers = 524 combination = 7,311,616

Add Special Characters and Numbers (!@#$ etc.) = 75 characters

  • EX: _ _ _ _ of Numbers, Upper and Lower Letters, and Special Characters = 75^4 = 31,640,625
slide-6
SLIDE 6

Different Ways to Attack Passwords

  • Password Guessing – Default passwords, common passwords, Sports teams, Cars. Sometimes will

require research on user background.

  • Shoulder Surfing - Watching Password Input from behind user.
  • Social Engineering - Ask or demand employee to reveal password. Often attacker will pose as a

technician or authority to pressure user into giving password.

  • Dictionary Attack - Attacker uses every word in dictionary in sequence to crack password.
  • Brute Force Attack – Attacker uses every letter/character in sequence to eventually crack

password.

  • Reverse Engineer Password Hashes – Intercepting password hashes between system and server

using a sniffer. Hash is reverse engineered to reveal password using precomputation.

  • Precomputation (rainbow table) – Uses a rainbow table – A rainbow table is a table of common

passwords with their hash equivalent. Very time consuming to generate a rainbow table. Simply compare the target hash to your table of hashes to figure out password. Defeated by salting which adds additional hash info and defeats ability to match that information together.

slide-7
SLIDE 7

What we want to accomplish

  • Research the encryption methods used in WEP and WPA2
  • Distinguish what makes WPA2 more secured than WEP
  • Attempt to crack the password of WEP
  • Possible tool: Kali Linux Airmon-NG and AirCrack to crack the password
  • Attempt to crack the password of WPA2
  • Possible tool : Kali Linux Airmon-NG and AirCrack to crack the password
  • Implement these attacks in a real world situation
  • Set up a test environment with WEP then WPA2
  • Tools: IP camera and ALFA card(?)
slide-8
SLIDE 8

What is WEP?

  • Wired Equivalent Privacy – meant to provide

the security of wired LAN

  • Introduced in 1997, implemented as 1999
  • Uses RC4 algorithm
  • Started with a 40-bit long key with 24-bit

initialization vector

  • Other failed attempts to fix WEP includes

WEP2 and WEP+

slide-9
SLIDE 9

What is WPA2?

  • Introduced in 2004
  • Full implementation of 802.11i
  • Substituted WPA-TKIP with WPA2-AES
  • Backward compatibility with WPA
  • Utilizes AES-CCMP
  • Advanced Encryption Standard – Counter Mode with Cipher Block Chaining

Message Authentication Code Protocol

slide-10
SLIDE 10

Pros and Cons of WPA2

  • Not susceptible to the attacks of WEP
  • Becomes vulnerable due to backward compatibility
  • Vulnerability to Man-In-The-Middle attacks
  • Vulnerable to KRACK attack due to affected 802.11i standard
slide-11
SLIDE 11

Goals of project

  • Our group will attempt to demonstrate four different exploits
  • 1. The cracking of WEP WiFi password protection.
  • 2. The cracking of WPA2 WiFi password protection.
  • 3. Performing a de-authentication attack to "kick" a device off of a desired

network, thus disabling it.

  • 4. Demonstrating the importance in updating a IP based surveillance camera

default username and password.

slide-12
SLIDE 12

What we plan to do?

  • 1. Set up a test environment with WEP and WPA2 password protected

wireless routers.

  • 2. Crack WEP security using Wifite, or Kali Linux tool suite AirCrack.
  • 3. Crack WPA2 security using Kali Linux tool suite AirCrack and

perhaps using Hashcat for dictionary list attack.

  • 4. Attempt a de-authentication attack taking a device offline using a

bash script.

slide-13
SLIDE 13

Dropkick.sh

slide-14
SLIDE 14
slide-15
SLIDE 15

Cracking WPA using Aircrack suite of tools

slide-16
SLIDE 16
  • 1. Putting network adapter into "Monitor"

mode.

slide-17
SLIDE 17

Verify monitor mode using iwconfig command

slide-18
SLIDE 18

2.Use airodump to begin monitoring for wifi networks and clients in vicinity.

slide-19
SLIDE 19
  • 3. Copy target

networks bssid and begin capturing packets using airodump.

slide-20
SLIDE 20
slide-21
SLIDE 21
  • 4. Begin

Deauthentication attack to force new 4 way handshake

slide-22
SLIDE 22
slide-23
SLIDE 23
  • 5. Cracking

password using aircrack

slide-24
SLIDE 24

Password cracked!

slide-25
SLIDE 25

Cracking WPA using Wifite automated attack tool

slide-26
SLIDE 26
slide-27
SLIDE 27
slide-28
SLIDE 28

Links to videos of attacks w/ narration

  • Link to Aircrack WPA attack
  • Aircrack Attack
  • Link to Wifite WPA attack
  • Wifite Attack
slide-29
SLIDE 29

Citations

  • 1. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
  • 2. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-hunting-down-cracking-wep-networks-

0183712/

  • 3. https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-passwords-using-new-

pmkid-hashcat-attack-0189379/

  • 4. https://hackernoon.com/forcing-a-device-to-disconnect-from-wifi-using-a-deauthentication-

attack-f664b9940142

  • 5. https://www.tomsguide.com/us/cheap-security-cameras-poor-passwords,news-27495.html
  • 6. https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
  • 7. https://julianoliver.com/output/log_2015-12-18_14-39
  • 8. https://tools.kali.org/wireless-attacks/wifite
  • 9. http://www.ivanescobar.com/wep%20vs%20wpa.pdf