The art of hacker network connection can easily become one of the hackers' favorite attacks. By hacking into the internet Connection, hackers can easily hide their identity, enjoy the free bandwidth of massive downloads, and use another connection for illegal activities. It also allows hackers to decrypt users' traffic and capture them. You can only imagine what a criminal hacker would do once he mastered his abilities Your Wi-Fi connection and the troubles you may have when this happens.
Before you try to test a hacker on an internet connection, it’s important that you first understand to protect the privacy of your wireless connection. The level of attack you need to test will largely depend on the security level of the target Internet connection. Here are some of the most basic security protocols for wireless connection:
1. WEP (Wired Equivalent Privacy)
As the name suggests, this level of encryption is designed to provide user privacy for wired networks. connect. However, this is very easy to crack because its initialization vector is very small can be easily captured in the data stream. This type of encryption is usually in the old wireless connections and equipment that have not been upgraded to accommodate a better Internet Security Protocol.
2. WPA (WPA1)
This security protocol was created to solve the weaknesses in WEP encryption and use Temporal Key Integrity Protocol (TKIP) to improve WEP Safe without requiring users to install new hardware. This means that this technology is still Uses WEP security, but it is more difficult to attack it.
3. WPA2-PSK
This is usually used by small businesses and home users and uses pre-shared keys or PSK. Although this protocol is much more secure than the first two protocols, it is still vulnerable to certain Hacking tactics.
4. WPA2-AES
This is the enterprise version of the WPA protocol, which uses advanced encryption standards is used to encrypt data (AES). When you see an organization using this type of security, you can also expect it to come with a RADIUS server for additional authentication. The agreement can It is difficult to bypass, but it is still possible to crack.
Hacking a WEP Connection
Here, you will find out how a connection with low level of security can easily be hacked. To attempt this hack, you will need a wireless adapter, aircrack-ng, and BackTrack. Once you have those tools, follow these steps:
1. Load the aircrack-ng in Backtrack
Once you fire up Backtrack, plug in your wireless adapter and see if it is running. To do that, enter the command:
Iwconfig
After doing so, you will be able to see if your adapter is recognized. You may see that as wlan0, wlan1, and so on.
2. Place the wireless adapter in promiscuous mode
Now, search for the available connections nearby by placing your wireless adapter into monitor mode or promiscuous mode. To do that, enter the following command:
airmon-ng start wlan0
After doing so, airmon-ng will change the name of your interface to mon0. Once you are able to place your wireless adapter into monitor mode, you will be able to capture the available traffic by entering the following command:
airodump-ng mon0
Now, you will be able to see all access points and their corresponding clients that are all within your range.
3. Start capturing on a particular access point
If you see a BSSID or an ESSID that has a WEP encryption, you already get the idea that that will be the connection that is easiest to crack within the list of APs that you were able to capture. Now, copy the BSSID of the chosen AP and begin capturing using this command:
airodump-ng --bssid [BSSID of target] -c [channel number] -w WEPcrack mon0
After entering the command, Backtrack will start capturing packets from the targeted access point on its particular channel and then write the WEPcrack in the format of pcap. This will allow you to get all the packets that you need to decode the passkey used in the connection that you want to tap into. However, getting enough packets for decryption can take a long time. If you can’t wait to
get enough packets, you can inject ARP traffic instead.
4. Inject ARP Traffic
If you do not have the patience to get enough packets for the WEPkey capture, you can capture an ARP packet and then replay that multiple times in order to get all the IVs that you need to get in order to crack the WEPkey. Since you already have the BSSID and the MAC address of the target
(these can both be gathered on Step 3), enter the following command:
aireplay-ng -3 -b [BSSID] -h [MAC address] mon0
Now, you are able to inject the captured ARPs right into the target access point. All you need to do now is to capture the IVs that will be generated right into the airodump.
5. Crack the WEPkey
Once you are able to have enough IVs in the WEPcrack file, you will be able to run the file in aircrack-ng by entering the following command:
aircrack-ng [name of file, example:WEPcrack-01.cap]
The aircrack-ng will usually enter the passkey on your screen on a hexadecimal format. All you need to do is to apply that key to the remote access point to enjoy your free internet.
The Evil Twin Hack
While many beginning hackers are excited to hack Wi-Fi passwords to enjoy free bandwidth, there are network connection hacks that are more powerful and provide better access than a free internet connection. Among these hacks is the evil twin access point hack.
The evil twin AP is a manipulative access point that appears and behaves like a usual access point that a user connects to in order to connect to the internet. However, it is usually used by hackers to make targeted victims to their access point. This allows a hacker to see all the traffic that comes from the client, which gives way to a very dangerous man-in-the-middle attack.
Follow the steps to do an evil twin access point attack:
1. Fire up Backtrack and start airmon-ng.
Check if the wireless card is running by entering the command:
bt > iwconfig
2. Put the wireless card into monitor mode
Once you see that the wireless card is recognized by Backtrack, place it on monitor or promiscuous
mode by entering the command:
bt >airmon-ng start wlan0
3. Fire up airdump-ng
Start capturing all the wireless traffic that the wireless card can detect by entering the command:
bt > airodump-ng mon0
After doing that, you will be able to see all the access points within range. Locate the access point
of your target
4. Wait for the target to connect
Once the target connects to the access point, copy the BSSID and the MAC address of the system you want to hack.
5. Create an access point with the same credentials
Pull up a new terminal and type this command:
bt > airbase-ng -a [BSSID] --essid ["SSID of target"] -c [channel number] mon0
This will create the access point, or the evil twin, that you want your target to connect to.
6. Deauthenticate the target
In order for him to connect to the evil twin access point, you need to bump the target off the access point that he is connected to. Since most wireless connections adhere to the 802.11 which has deauthentication protocol, his access point will deauthenticate everyone that is connected to it. When the target’s computer tries to reconnect to the internet, he will automatically connect to
the AP with the strongest signal, which is the evil twin access point that you have just created. In order to do that, you need to make use of the following command:
bt > aireplay-ng --deauth 0 -a [BSSID of target]
7. Turn up the signal of the evil twin
Now, here is the crucial part – you need to make sure that the fake access point’s signal that you have just created is as strong as or stronger than the original access point. Since you are attacking from a distance, you can almost deduce that his own WiFi connection has much stronger signal than yours. However, you can use the following command to turn up the signal:
iwconfig wlan0 txpower 27
Entering this command will boost your access point’s power by 500 milliwatts, or 27 dBm. However, take note that depending on your distance from the target, 500 milliwatts may not be enough for him to stay connected to the evil twin. However, if you have a newer wireless card, you can boost the access point’s signal up to 2000 milliwatts, or four times what is legal in the US.
8. Change your channel
This step comes with a warning: it is illegal to switch channels in the US, and before you proceed, see to it that you have special permission as an ethical hacker.
There are certain countries that allow better Wi-Fi power, which can aid you in maintaining the signal strength of your evil twin access point. For example, Bolivia allows its internet users to access the Wi-Fi channel 12, which comes with a full power of 1000 milliwatts. To change the signal channel of your wireless card to match Bolivia’s, enter the following command:
iw reg set BO
Since your channel will now allow you to increase the power of your access point, you can further increase the signal of your evil twin by entering the command:
iwconfig wlan0 txpower 30
Now, check the power of the evil twin’s access point by typing iwconfig.
9. Make full use of the evil twin
Now that you have fully established the evil twin AP and you have ensured that your target is connected to it, you can take the next steps to detect activities in his system.
If you have the tool Ettercap, you can easily conduct a man-in-the-middle attack to analyze data that he sends or receives, intercept all traffic, or even inject the traffic that you want him to receive. You can also create a listener right into his system to obtain total control.
♥️♥️♥️
ReplyDelete