Wireless Networks and Hacking
Wireless networks are based on IEEE 802.11 standards defined by
IEEE(Institute of Electrical and Electronics Engineers) for ad hoc
networks or infrastructure networks. Infrastructure networks have one or
more access points which coordinate the traffic between the nodes. But
in ad hoc networks, there is no access point; each node connects in a
peer-to-peer way.
Basically there are two types of vulnerabilities which can be found
in the Wireless LAN. One is poor configuration and the other is poor
encryption. Poor configuration is caused by the network admin who
manages the network. It may include the weak password, no security
settings, use of default configurations, and other user related things.
Poor encryption is related to security keys used to protect the wireless
network. It is there because of issues in WEP or WPA.
WEP and WPA
WEP and WPA are the two main security protocols used in Wi-Fi LAN.
WEP is known as Wired Equivalent Privacy (WEP). It is a deprecated
security protocol which was introduced back in 1997 as a part of
original 802.11 standards. But it was weak, and several serious weakness
were found in the protocol. Now, this can be cracked within minutes.
So, a new kind of security protocol was introduced in 2003. This new
protocol was Wi-Fi Protected Access (WPA). It has mainly two versions, 1
and 2 (WPA and WPA2). Now it is the current security protocol used in
wireless networks. To get unauthorized access to a network, one needs to
crack these security protocols. There are many tools which can crack
Wi-Fi encryption. These tools can either take advantage of WEP
weaknesses or use bruteforce attacks on WPA/WPA2. I am sure now you know
that you should never use WEP security.
Basically wireless hacking tools are of two types. One of which can
be used to sniff the network and monitor what is happening in the
network. And other kinds of tools are used to hack WEP/WPA keys. These
are the popular tools used for wireless password cracking and network
troubleshooting.
1. Aircrack
Aircrack is one of the most popular wireless passwords cracking tools
which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses
the best algorithms to recover wireless passwords by capturing packets.
Once enough packets have been gathered, it tries to recover the
password. To make the attack faster, it implements a standard FMS attack
with some optimizations.
The company behind the tool also offers an online tutorial where you
can learn how to install and use this tool to crack wireless passwords.
It comes as Linux distribution, Live CD and VMware image options. You
can use any of these. It supports most of the wireless adapters and is
almost guaranteed to work. If you are using a Linux distribution, the
only drawback of the tool is that it requires deeper knowledge of Linux.
If you are not comfortable with Linux, you will find it hard to use
this tool. In this case, try Live CD or VMWare image. VMWare Image needs
less knowledge, but it only works with a limited set of host OS, and
only USB devices are supported.
Before you start using this too, confirm that the wireless card can
inject packets. Then start WEP cracking. Read the online tutorial on the
website to know more about the tool. If you will follow steps properly,
you will end up getting success with this tool.
Download: http://www.aircrack-ng.org/
2. AirSnort
AirSnort is another popular tool for decrypting WEP encryption on a
wi-fi 802.11b network. It is a free tool and comes with Linux and
Windows platforms. This tool is no longer maintained, but it is still
available to download from Sourceforge. AirSnort works by passively
monitoring transmissions and computing encryption keys once it has
enough packets received. This tool is simple to use. If you are
interested, you can try this tool to crack WEP passwords.
3. Cain & Able
Cain & Able is a popular password cracking tool. This tool is
developed to intercept network traffic and then discover passwords by
bruteforcing the password using cryptanalysis attack methods. It can
also recover wireless network keys by analyzing routing protocols. It
you are trying to learn wireless security and password cracking, you
should once try this tool.
Download: http://www.oxid.it/cain.html
4. Kismet
Kismet is the wi-fi 802.11 a/b/g/n layer2 wireless network sniffer
and IDS. It works with any wi-fi card which supports rfmon mode. It
passively collects packets to identify networks and detect hidden
networks. It is built on client/server modular architecture. It is
available for Linux, OSX, Windows and BSD platforms.
Download: http://www.kismetwireless.net/
5. NetStumbler
NetStumbler is a popular Windows tool to find open wireless access
points. This tool is free and is available for Windows. A trimmed down
version of the tool is also available. It is called MiniStumbler.
Basically NetStumblet is used for wardriving, verifying network
configurations, finding locations with a poor network, detecting
unauthorized access points, and more.
But the tool also has a big disadvantage. It can be easily detected
by most of the wireless intrusion detection systems available. This is
because it actively probes a network to collect useful information.
Another disadvantage of the tool is that it does not work properly with
the latest 64 bit Windows OS. This is because the tool was last updated
back in April 2004. It has been around 11 years since the last stable
release of the tool.
Download Netstumbler: http://www.stumbler.net/
6. inSSIDer
inSSIDer is a popular Wi-Fi scanner for Microsoft Windows and OS X
operating systems. Initially the tool was opensource. Later it became
premium and now costs $19.99. It was also awarded as “Best Opensource
Software in Networking”. The inSSIDer wi-fi scanner can do various
tasks, including finding open wi-fi access points, tracking signal
strength, and saving logs with GPS records.
Download inSSIDer: http://www.inssider.com/
7. WireShark
WireShark is the network protocol analyzer. It lets you check what is
happening in your network. You can live capture packets and analyze
them. It captures packets and lets you check data at the micro-level. It
runs on Windows, Linux, OS X, Solaries, FreeBSD and others. WireShark
requires good knowledge of network protocols to analyze the data
obtained with the tool. If you do not have good knowledge of that, you
may not find this tool interesting. So, try only if you are sure about
your protocol knowledge.
Download Wireshark: https://www.wireshark.org/
8. CoWPAtty
CoWPAtty is an automated dictionary attack tool for WPA-PSK. It runs
on Linux OS. This program has a command line interface and runs on a
word-list that contains the password to use in the attack.
Using the tool is really simple, but it is slow. That’s because the
hash uses SHA1 with a seed of SSID. It means the same password will have
a different SSIM. So, you cannot simply use the rainbow table against
all access points. So, the tool uses the password dictionary and
generates the hack for each word contained in the dictionary by using
the SSID.
The new version of the tool tried to improve the speed by using a
pre-computed hash file. This pre-computed file contains around 172000
dictionary file for around 1000 most popular SSIs. But if your SSID is
not in those 1000, you are unlucky.
Download CoWPAtty: http://sourceforge.net/projects/cowpatty/
9. Airjack
Airjack is a Wi-Fi 802.11 packet injection tool. This wireless
cracking tool is very useful in injecting forged packets and making a
network down by denial of service attack. This tool can also be used for
a man in the middle attack in the network.
Download AirJack: http://sourceforge.net/projects/airjack/
10. WepAttack
WepAttack is an open source Linux tool for breaking 802.11 WEP keys.
This tool performs an active dictionary attack by testing millions of
words to find the working key. Only a working WLAN card is required to
work with WepAttack.
Download WebAttack: http://wepattack.sourceforge.net/
11. OmniPeek
OmniPeek is another nice packet sniffer and network analyzer tool.
This tool is commercial and supports only Windows operating systems.
This tool is used to capture and analyze wireless traffic. But it
requires you to have good knowledge of protocols to properly understand
things. A good thing is that the tool works with most of the network
interface cards available in market. This tool is used for network
troubleshooting. This tool also supports plugins, and 40 plugins are
already available to extend the features of the tool.
Download: http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer
12. CommView for WiFi
CommView for WiFi is another popular wireless monitor and packet
analyzer tool. It comes with an easy to understand GUI. It works fine
with 802.11 a/b/g/n/ac networks. It captures every packet and displays
useful information as a list. You can get useful information like access
points, stations, signal strength, network connections and protocol
distribution.
Captured packets can be decrypted by user-defined WEP or WPA keys.
This tool is basically for wi-fi network admins, security
professionals, and home users who want to monitor their wi-fi traffic
and programmers working on software for wireless networks.
Download CommView: http://www.tamos.com/products/commwifi/
13. CloudCracker
CloudCracker is the online password cracking tool for cracking WPA
protected wi-fi networks. This tool can also be used to crack different
password hashes. Just upload the handshake file, enter the network name
and start the tool. This tool has a huge dictionary of around 300
million words to perform attacks.
Try Cloudcracker: https://www.cloudcracker.com/
Conclusion
In this post, I discussed 13 wireless hacking tools. A few wireless
hacking tools are for cracking the password to get unauthorized access,
and a few are for monitoring and troubleshooting the network. But most
of the people really interested in tools to crack wireless hotspots just
want to get free Internet access.
The above collection also contains those tools which try a dictionary
attack to crack wi-fi passwords to allow you to get free Internet
access. But be sure not to use these tools in a risky place. Hacking
wireless networks to get unauthorized access may be a crime in your
country. You may get into trouble for using these tools. So, please do
not use these tools for illegal works. As I already mentioned, you
should never use the WEP encryption key in your home or wireless
network. With available tools, it is child’s play to crack the WEP keys
and access your wi-fi network.
Wireless monitoring and troubleshooting tools are basically for
network admins and programmers working on wi-fi based software. These
tools really help when some of your systems face problems in connecting
to the network.
I hope you enjoyed this article and got relevant information about
popular wireless hacking and password cracking tools. I tried my best to
compile this list of password hacking tools, but as a human error, I
may miss something. If I forgot any important tool in this, please let
me know in the comments.
Hi there! I know this is somewhat off topic but
ReplyDeleteI was wondering if you knew where I could find a captcha plugin for my
comment form? I'm using the same blog platform as yours and I'm
having trouble finding one? Thanks a lot!
My blog post pure Colon cleanse