Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Penetration testing

Published byLaura Maria das Graças Estrela Modified over 5 years ago

Similar presentations

Presentation on theme: "Advanced Penetration testing"— Presentation transcript:

1 Advanced Penetration testing
MIS Week 10

2 Tonight's Plan News New info in Reconnasaince More Wireless Security
Getting wireless card working in Kali Introduction to Kismet Next Week MIS

3 News https://redmonk.com/sogrady/2019/03/20/language-rankings-1-19/
MIS

4 Reconnasaince https://inteltechniques.com/index.html
Grab it fast. Will not stay up long MIS

5 More Wireless Security
Open WiFi Networks vs Encrypted WiFi Networks In an open network, your browsing can be monitored Every thing is sent in the clear WPA2-PSK fixes this “Somewhat” MIS

6 WPA2-PSK Uses a pre-shared key (hence the acronym PSK)
The pre-shared key is known to all authorized users Anyone with the pre-shared key has what they need to decrypt traffic Wireshark has a built in option to decrypt traffic if you have the key This means WPA2-PSK is not much more secure than no encryption, unless you trust everyone on the network MIS

7 Wireshark WPA2-PSK Decryption
Edit->Preferences->IEEE MIS

8 PTK or Pairwise Transient Key
WPA2-PSK tries to address this issue by use of PTK However, the PTK is derived from the PSK So… It is easy to capture the PTK if you have the PSK MIS

9 WPA2-Enterprise WPA2-Enterprise corrects these issues for large networks EAP authentication along with a Radius server ensures each client gets a unique key Other authenticated users no longer have a master key to decrypt the traffic MIS

10 WPA2 Hole196 Vulnerability
Even in WPA2-Enterprise there is still a potential vulnerability from other authorized users (Abuses GTK or Group Temporal Key) Limited to: ARP poisoning Injecting malicious code Denial of Service w/o using de-auth packets More detailed description MIS

11 Key Reinstallation Attack
Also known as KRACK The attack works against all modern protected Wi-Fi networks Basically takes advantage of weakness in protocol to reinstall keys MIS

12 Kismet wireless: Network detector Sniffer Intrusion detection system Works with any wireless card which supports raw monitoring mode (not all do) Can sniff: 802.11b 802.11a 802.11g 802.11n MIS

13 Kismet Supports a plugin architecture allowing for additional non protocols to be decoded Identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic MIS

14 Kismet in Kali Pre-installed in Kali
Did not launch from drop down menu in my instance Needed to start from command line Be patient, it will walk through configuration You can automate via configuration files, but for now just follow prompts MIS

15 Getting Started We will Get USB Wireless Adapter working with Kali
Launch and configure Kismet Explore a little bit MIS

16 Connecting Wireless Card
MIS

17 Checking Card Use the command: iwconfig
This should give something like the following: MIS

18 Kismet Kismet is a wireless network detector, sniffer, and intrusion detection system. Kismet works predominately with Wi-Fi (IEEE ) networks, but can be expanded via plug-ins to handle other network types. Features sniffing Standard PCAP logging (compatible with Wireshark, TCPDump, etc) Client/Server modular architecture Plug-in architecture to expand core features Multiple capture source support Live export of packets to other tools via tun/tap virtual interfaces Distributed remote sniffing via light-weight remote capture XML output for integration with other tools MIS

19 Starting Kismet MIS

20 Kismet Example MIS

21 Kismet Reference http://kismetwireless.net/documentation.shtml
MIS

22 Wireshark Saw this briefly last semester Pre-installed in Kali
MIS

23 Wireshark MIS

24 Or MIS

25 Startup of Wireshark Will throw an error due to running as root in Kali, just click OK and move on Will need to turn wireless menu on by going to View tab and clicking on “Wireless Toolbar” MIS

26 Configuring Interface
Select “wlan0mon” Click on “Start” Be patient, it will take a minute or so to update MIS

27 More Wireshark MIS

28 Next Week In the news More wireless WEP in detail Intro to AirCrack
Breaking WEP Breaking WPA2-PSK MIS

29 Questions ? MIS

Download ppt "Advanced Penetration testing"

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
MIS 5212.001 Week 12 Site:

MIS Week 12 Site:
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.

Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
MIS 5212.001 Week 11 Site:

MIS Week 11 Site:
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.

Wireless Networking Concepts By: Forrest Finkler Computer Science 484 Networking Concepts.
1 C-DAC/Kolkata C-DAC All Rights Reserved www.cdackolkata.in Computer Security.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Similar presentations

Ads by Google