Passive Exploitation Flashcards
(20 cards)
ability to exploit information after collecting signals naturally being sent on a network, without transmitting any frames into a wireless network;
Target is not aware;
Keylogging is an example
passive exploitation
If it is turned on, payloads on a data frame will be encrypted;
Settings on an access point tell you which kind to us
encryption
1997 original IEEE 802.11 standard of encryption;
RC4 cipher for confidentiality;
CRC-32 checksum for integrity
Wired Equivalent Privacy (WEP)
24 bit initialization vector;
40-104 bit secret key used by an administrator;
Frame max payload size 2312 bytes;
Predecessor to WPA
WEP Wired Equivalent Privacy
Robust encryption;
Uses TKIP which uses stream ciphers & checksum
Wi-Fi Protected Access (WPA)
Complex Advanced Encryption Standard (AES);
Two types of security- passphrase authentication for small offices & 802.1X/EAP security for enterprise networks;
counter mode with cipher-block chaining message authentication protocol (CCMP)
WPA2 (best one)
multi-tool which can be used as a packet sniffer, WEP,WPA/WPA2 cracker, analyzing tool and hash capturing tool;
WIFI security & hacking tool pre-installed in Kali Linux
aircrack
Uses Temporal Key Integrity Protocol (TKIP) as an interim solution to WEP shortcomings which also uses RC4 stream cipher and CRC-32 for the checksum as well
Wi-Fi Protected Access (WPA)
3 types of attacks that exploit WEP systems:
Brute force, dictionary, & man in the middle attacks
trial and error to crack passwords, login credentials, and encryption keys
brute force attack
Attacker makes logical guesses to crack your authentication system, based on details they may have about you
simple brute force attacks
dictionary attack method + simple brute force attack;
Hacker knows username to carry out a dictionary attack, then carries out a brute force attack (password)
hybrid brute force attack
Having a known password and running it against multiple users IDs;
Attacker isnt targeting a specific user but instead using a leaked password and testing it against other possible users
reverse brute force attack
Attacker uses ordinary words, paired with a typical sequence of numbers
dictionary attack
Successful WPa attack involves (3):
Capture wireless packets
Wireless clients authenticate with 4 way handshake, exchanging info
Brute force attack
attacker truncates last byte of the encrypted packet and guesses the value and returns the packet to the AP;
weakness of the CRC32 checksum called ICV ;
When they have guessed the right value for the last byte they continue backwards through the rest of the bytes until they have guessed the entire packet;
Average of ___ guesses per byte
chop chop attack; 128
most secure form of encryption used on personal wireless networks;
Employs AES to encrypt instead of RC4 stream cipher
WPA2-PSK(pre-shared key)
main vulnerability on WPA2;
When a user joins WiFi a 4-way-handshake is initiated; attacker intercepts connection then forces the re-installation of an already in use encryption key, by manipulating and replaying the cryptographic handshake;
When exploited attacker has access to all unencrypted info
WPA2 attack
client performs the Secure Hash Algorithm 1 (SHA-1) on the shared key with SSID, and attacker targets the user of the 4-way handshake
WPA2 attack
What type of an attack relies on the weakness of the CRC32 checksum?
CHOP CHOP ATTACK
