• No results found

Wireless Network Risks and Controls

N/A
N/A
Protected

Academic year: 2021

Share "Wireless Network Risks and Controls"

Copied!
56
0
0

Loading.... (view fulltext now)

Full text

(1)

Wireless Network

Risks and Controls

Offensive Security Tools, Techniques, and Defenses

22 January 2015 – ISACA Phoenix Chapter – Phoenix, AZ

Presented by:

Ruihai Fang Dan Petro

(2)

Introduction/Background

2

(3)

Used to be a Pain

Lots to of heavy things to carry

(4)

Kali VM and USB Adapter

4

N O W E A S Y

• Kali Linux VM + TP-LINK - TL-WN722N (USB)

(5)

Laptops, Netbooks (easier to conceal),

and adapters

Asus EEPc

(6)

YAGI Antennas – Directional

Very good for attacking from a distance, like from the comfort of your hotel room.

(7)
(8)

WiFi Hacking Using Android Phones

StarTech Micro USB On-the-go Adapter

Alfa 1000mW 1W 802.11b/g USB WiFi Adapter. Uses RTL8187 Chipset. Samsung Galaxy S3

(9)

Wireless Hacking Tools

(10)

Wireless Tools

10

Discovery

• Supported operating systems • Supported wireless protocols • Active vs. passive scanning

• Packet capturing and decoding

• Distinguishes between AP, ad hoc, and client devices

• Statistics and reporting capabilities • User interface

(11)

NirSoft Wireless Tools

W I N D O W S H A C K I N G T O O L S

• NirSoft – WirelessNetView • NirSoft – WifiInfoView

(12)

inSSIDer Wi-Fi Scanner

12

(13)

Aircrack-ng Suite

L I N U X H A C K I N G T O O L S

(14)

Kismet

14

(15)

Kismac

(16)

inSSIDer for Mac

16

(17)

Wi-Fi Pineapple

(18)

Features

18

• Wireless Jamming (De-auth Attack) • Man-in-the-Middle attack

• DNS Spoof on lure client • Web base management

• Tether via Mobile Broadband • Battery power and portable

(19)

Specs

Atheros AR9331 SoC at 400MHz

802.11 b/g/n 150 Mbps wireless

2x Ethernet, one PoE (Power-Over-Ethernet) capable

USB 2.0 for expanded storage, WiFi Interface and Mobile Broadband

(20)

Methodology

20

Social Engineering

1.

Karma (Rogue AP)

2.

DNS Spoof & MITM

(21)

Auto-Association

(22)

Karma

22

Listen to wireless probes from nearby wireless devices

Impersonate as the requested wireless AP

(23)

Karma

(24)

reddit.com

DNS Spoof

24

Modify DNS records and point to a malicious site

Man-in-the-middle between the victim and Internet

PO I SO N I N G YO U R D N S

reddit.com

(25)

Phishing

Clone the official

website (reddit.com) • Implement key logger

• Deploy malware or backdoor on the forged website

(26)

DEMO

(27)

1. Disable the “Connect Automatically” setting on all unsecured wireless networks.

2. Use DNS Crypt or Google DNS

3. Don’t connect to any unsecured or unknown wireless network

Mitigation

(28)

Raspberry Pi

28

F R U I T Y W I F I

• Raspberry Pi – cheap alternative (~$35)

(29)

Easy-creds

(30)

Dumping Keys

30

(31)
(32)

Using Kismet We’ve Decided on our

Target Network

(33)

Pyrit

https://code.google.com/p/pyrit/

Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through

ATI-Stream, Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols.

(34)

During Recon Find What Channel Your Target is on and Capture only on that Channel to Increase Your Chances of Getting a Valid WPA Handshake

CorpWiFi9 on Channel 6

(35)

Passive Monitoring with Kismet

Running Kismet for 12 hours will capture lots of packets and PCAP files can be large.

(36)

DEMO

(37)
(38)

Randomly Captured WPA2 Handshake

After Running Kismet for 12 hours in

(39)

A Typical Windows 7 Wireless Client

Using WPA2

(40)
(41)
(42)

Decrypting WPA Packet Captures with

Found Key in Wireshark

(43)

Before and After Decryption in

Wireshark

Before Applying WPA Key

(44)

Mobile WiFi

Security Tools

(45)

Popular Mobile WiFi Hacking Tools

WiFi Sniffing on Android in Monitor Mode

http://www.kismetwireless.net/android-pcap/

Password Sniffing & Session Hijacking Using dSploit

(46)

More Discreet Monitoring Using

Alpha 1 802.11b/g

Model Number

AWUS036H. This uses the RTL8187 Wireless Chipset.

(47)

Android PCAP Monitor Mode on a

Galaxy S3

(48)

Arp Spoofing & Detection

88:32:9b:0b:a8:06 is actually the Android Phone pretending to be

the default gateway at 192.168.1.254

(49)
(50)
(51)

PwnPad

(52)

Defenses

52

(53)

Defenses

R E C O M M E N D A T I O N S

• Conduct regular wireless assessments

• Employ strong encryption and authentication methods

• Employ wireless IDS/IPS

(54)

Defenses

54

R E C O M M E N D A T I O N S

Use “wireless checks” of network vulnerability scanners

(55)

Defenses

R E C O M M E N D A T I O N S

Physically track down rogue access points and malicious devices

(56)

Thank You

56

Bishop Fox – see for more info: http://www.bishopfox.com/

References

Related documents

Personnel outsourcing ranges from simply transferring non-core activities such as payroll and benefits administration to external providers, to the outsourcing

religije ono što se protivi načinu govora, onda ne smijemo pojaio božanstva uzeti naprosto u smislu najviše istine, već u smislu takve najviše istine, prema kojoj se čovjek

I use it as my personal Guru, always ready to give me a new piece of cosmic (or dover to earth) advice. You see his East and his West, you practically smell the air of each, and

We next provide insight into our second research question. Conditional on analysts providing disaggregated forecasts, we examine the superiority of the analyst forecast relative to

[r]

Dimensions and indicators based on a combination of stakeholder consultation, review of the literature, and preliminary analysis of the household survey data set Assessment

EXAMPLE: If one newly enrolled student in 3 rd grade needs one dose of Polio vaccine AND one newly enrolled student in 4 th grade needs two doses of Polio vaccine THEN the

the scope of Q.4/17. f) Work on frameworks for secure network operations to address how telecommunication/ICT network providers protect their infrastructure and maintain