Skip to main content

Wireless Hacking Part-1


What is Wifi?
It is wireless Internet connection through a wireless router which is transmitting data in specific high frequency radio signal.

Evolution of 802.11
1:802.11 legacy
2:802.11a – 5.4GHz,1999,orthogonal frequency Multiplexing
3:802.11b—2.4GHz ,CSMA/CA,11mbps
4:802.11g—2003,backward compatible,54mbps
5:802.11n – MIMO,150mbps,2.4-5GHZ
6:802.11ac – underdevelopment,6.9Gbps,8-MIMO streams etc…



Modes
There are 6 modes of wifi :
1. Monitor
2. Master
3. Managed
4. Ad-hoc
5. Mesh
6. Repeater
7.Promoscuios 

To know the wireless mode that you are running can be checked by following command :

iw phy phy1 info 

1. Master : It is Access Point or Base Station, it€™s an embedded device with a proprietary OS or slim down Linux installation setup to provide network access to clients.
2. Managed : Infrastructure Mode, are considered clients or stations and are the devices connected to an access point. Your laptop, Nintendo, iPhone, etc..
To connect in managed Mode:
iwconfig wlan0 mode managed
iwconfig wlan0 essid Hostelj (Hostelj is the access point name it may be different I have taken it for the sake of the example)
iwconfig wlan0 (see if it has associated with the access point)

3. Ad-hoc: Also know as peer-to-peer.
Ad-Hoc network to communicate with each other, they must use the same ESSID
setup.
iwconfig wlan0 channel 1 essid myadhocnetwork mode ad-hoc
(myadhocnetwork is the name if the access point)
4. Mesh :
It is a planned ad-hoc network.
Mesh networks, or mesh clouds, are comprised of radios acting as routers, gateways and clients.
Mesh network node communicate as long as there is a common communication channel
Lets take and  example that node A can talk to node C if they are both within range of node B. Likewise, if a node were to go down a mesh can heal itself by routing through other nodes in the network.

5. Repeater : In this mode it connect to a wireless network, and repeat the signal.


 Wifi Frames
Following Types of wireless frame exist:
1:Management Frames
a)Beacons:Beacons frames are like someone shouting 'I am Here' and telling about his presence.Access     point shout loudly in their vicinity telling every client about his existence. 
b)Probes:Probes frames comes in two flavour.Probe Request and Probe Response.When a client need some info about an access point it sends a probe request and access point respond to it by sending what we call probe Response.Probes Response contain info about access point like channel it uses,frequency,band available,data rates etc.
c)Authentication:Two types are request and response.client send request for authentication that contain   some secret and AP replies according to it by sending auth Response 
d)Association:whenever a client passes authentication step it moves to association step in which it send a association request and AP respond by sending association response.Its a way the AP allocate resource for new client.Association frame have three types:1:Association Request,2:Association Response,3:Disassociation

 2:Control Frames
 RTS(Request to send):Name clearly tells what these frames are meant for. 
CTS(Clear to send)
Ack to send

3:Data Frame
 Meat of whole 802.11 protocol structure.

Thats all for part one,this may be little boring to read all this theory but believe me if you really want to
hack something then you should  known its basics clearly.
In Next Part We will do Some practicals  to understand  the importance of what we have just studied.

Labels:

Comments

Post a Comment

Popular posts from this blog

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8. Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv
5 comments
Read more

Installing vmware-11.0 on Ubuntu 15.04 Using kernel Patch

curl http://pastie.org/pastes/9934018/download -o /tmp/vmnet-3.19.patch cd /usr/lib/vmware/modules/source tar -xf vmnet.tar patch -p0 -i /tmp/vmnet-3.19.patch tar -cf vmnet.tar vmnet-only rm -r *-only vmware-modconfig --console --install-all References: http://askubuntu.com/questions/605530/vmware-player-7-1-0-on-ubuntu-15-04-kernel-3-19-0-10-generic-app-loading http://askubuntu.com/questions/617704/failed-to-build-vmnet-for-kernel-3-19
1 comment
Read more

SSI Injection Attack

SSIs are directives present on Web applications used to feed an HTML page with dynamic contents. They are similar to CGIs, except that SSIs are used to execute some actions before the current page is loaded or while the page is being visualized. In order to do so, the web server analyzes SSI before supplying the page to the user. The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use in the application or force its use through user input fields. It is possible to check if the application is properly validating input fields data by inserting characters that are used in SSI directives, like:  Code: < ! # = / . " - > and [a-zA-Z0-9] Another way to discover if the application is vulnerable is to verify the presence of pages with extension .stm, .shtm and .shtml. However, the lack of these type of pages does not mean that th
5 comments
Read more