Advanced Penetration testing

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Filtering and Security By Mohammad Shanehsaz June 2004.
IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
MIS Week 12 Site:
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
MIS Week 11 Site:
Mobile and Wireless Communication Security By Jason Gratto.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Certain security vulnerabilities exist in every mode of wireless communications.
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Linux Networking and Security
Wireless Networking & Security Greg Stabler Spencer Smith.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
.  TJX used WEP security  They lost 45 million customer records  They settled the lawsuits for $40.9 million.
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Wireless Security Presented by Colby Carlisle. Wireless Networking Defined A type of local-area network that uses high-frequency radio waves rather than.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.
MIS Week 5 Site:
WIRELESS NETWORK SECURITY By Mohammad Khairul Hazwan Bin Sarihan.
EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Module 48 (Wireless Hacking)
[blank page for bug work-around]
Intro to Ethical Hacking
Advanced Penetration testing
Authentication and handoff protocols for wireless mesh networks
Re-evaluating the WPA2 Security Protocol
OSA vs WEP WPA and WPA II Tools for hacking
Advanced Penetration testing
Wireless Protocols WEP, WPA & WPA2.
Module Overview Installing and Configuring a Network Policy Server
We will talking about : What is WAP ? What is WAP2 ? Is there secure ?
WEP & WPA Mandy Kershishnik.
Advanced Penetration testing
Wireless LAN Security CSE 6590.
Wireless Hacking.
Security of a Local Area Network
Advanced Penetration testing
Advanced Penetration testing
On and Off Premise Secure Access
Advanced Penetration testing
Wireless LAN Security 4.3 Wireless LAN Security.
Intro to Ethical Hacking
Hacking Wi-Fi Beyond Script Kiddie and WEP
Advanced Penetration testing
Intro to Ethical Hacking
IEEE i Dohwan Kim.
Wireless Network Security
Advanced Penetration testing
Public-Key, Digital Signatures, Management, Security
Security Issues with Wireless Protocols
Advanced Penetration testing
Advanced Penetration testing
Presentation transcript:

Advanced Penetration testing MIS 5212.001 Week 10 Site: http://community.mis.temple.edu/mis5212sec001sp2017/

Tonight's Plan More Wireless Security Getting wireless card working in Kali Introduction to Kismet Next Week MIS 5212.001

More Wireless Security Open WiFi Networks vs Encrypted WiFi Networks In an open network, your browsing can be monitored Every thing is sent in the clear WPA2-PSK fixes this “Somewhat” MIS 5212.001

WPA2-PSK Uses a pre-shared key (hence the acronym PSK) The pre-shared key is known to all authorized users Anyone with the pre-shared key has what they need to decrypt traffic Wireshark has a built in option to decrypt traffic if you have the key This means WPA2-PSK is not much more secure than no encryption, unless you trust everyone on the network MIS 5212.001

Wireshark WPA2-PSK Decryption Edit->Preferences->IEEE 802.11 MIS 5212.001

PTK or Pairwise Transient Key WPA2-PSK tries to address this issue by use of PTK However, the PTK is derived from the PSK So… It is easy to capture the PTK if you have the PSK MIS 5212.001

WPA2-Enterprise WPA2-Enterprise corrects these issues for large networks EAP authentication along with a Radius server ensures each client gets a unique key Other authenticated users no longer have a master key to decrypt the traffic MIS 5212.001

WPA2 Hole196 Vulnerability Even in WPA2-Enterprise there is still a potential vulnerability from other authorized users (Abuses GTK or Group Temporal Key) Limited to: ARP poisoning Injecting malicious code Denial of Service w/o using de-auth packets More detailed description http://www.mojonetworks.com/wpa2-hole196-vulnerability MIS 5212.001

WPA2 KRACK October 16, 2017 a public announcement made that a vulnerability was found in WPA2 Enterprise Vulnerability is within the IEEE 802.11 standard Standard allows for “replay” third message in four way handshake to perform a “key re-installation” attack Requires attacker to “pretend” to be an Access Point. Reference: https://www.kb.cert.org/vuls/id/228519 MIS 5212.001

Kismet 802.11 wireless: Network detector Sniffer Intrusion detection system Works with any wireless card which supports raw monitoring mode (not all do) Can sniff: 802.11b 802.11a 802.11g 802.11n MIS 5212.001

Kismet Supports a plugin architecture allowing for additional non-802.11 protocols to be decoded Identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic MIS 5212.001

Kismet in Kali Pre-installed in Kali Did not launch from drop down menu in my instance Needed to start from command line Be patient, it will walk through configuration You can automate via configuration files, but for now just follow prompts MIS 5212.001

Getting Started We will Get USB Wireless Adapter working with Kali Launch and configure Kismet Explore a little bit MIS 5212.001

Connecting Wireless Card MIS 5212.001

Checking Card Use the command: iwconfig This should give something like the following: MIS 5212.001

Kismet Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE 802.11) networks, but can be expanded via plug-ins to handle other network types. Features 802.11 sniffing Standard PCAP logging (compatible with Wireshark, TCPDump, etc) Client/Server modular architecture Plug-in architecture to expand core features Multiple capture source support Live export of packets to other tools via tun/tap virtual interfaces Distributed remote sniffing via light-weight remote capture XML output for integration with other tools http://kismetwireless.net/ MIS 5212.001

Starting Kismet MIS 5212.001

Kismet Example MIS 5212.001

Kismet Reference http://kismetwireless.net/documentation.shtml MIS 5212.001

Wireshark Saw this briefly last semester Pre-installed in Kali MIS 5212.001

Wireshark MIS 5212.001

Or MIS 5212.001

Startup of Wireshark Will throw an error due to running as root in Kali, just click OK and move on Will need to turn wireless menu on by going to View tab and clicking on “Wireless Toolbar” MIS 5212.001

Configuring Interface Select “wlan0mon” Click on “Start” Be patient, it will take a minute or so to update MIS 5212.001

More Wireshark MIS 5212.001

Next Week In the news More wireless WEP in detail Intro to AirCrack and breaking WEP MIS 5212.001

Questions ? MIS 5212.001

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.