Wireless Hacking Flashcards
(20 cards)
What protocol was initially introduced to protect wireless traffic?
Wired Equivalent Privacy (WEP).
Explain Initialization Vector (IV) in WEP.
A 24-bit number used once per encryption to increase security, but easily guessable in WEP.
What is an ARP request replay attack?
Capturing ARP packets and repeatedly retransmitting them to generate IVs to crack WEP.
What algorithm weakness is exploited by the FMS attack?
RC4 Key Scheduling Algorithm weakness.
What tool uses the FMS attack method?
AirSnort and AirCrack.
What replaced WEP due to its vulnerabilities?
Wi-Fi Protected Access (WPA).
How long can a WPA passphrase be?
Between 8 and 63 ASCII characters.
Describe the main weakness of WPA-PSK.
Static keys vulnerable to brute-force/dictionary attacks.
What is TKIP and how is it used?
Temporal Key Integrity Protocol; used with WPA to dynamically generate keys.
What encryption does WPA2 utilize?
AES (Advanced Encryption Standard) with CCMP.
What server is typically used for WPA2 Enterprise authentication?
RADIUS server.
Define a nonce in wireless security.
A number used once to secure communications, preventing replay attacks.
What is the four-way handshake in WPA/WPA2?
Authentication process establishing a secure session between client and AP.
What vulnerability specifically affects WPA2?
KRACK (Key Reinstallation AttaCK).
List some wireless hacking tools.
AirCrack, Kismet, Wireshark, Fern WiFi Cracker, Reaver, Wifite.
What is a packet injection attack?
Injecting forged packets into a network to facilitate attacks like IV generation.
Why is MAC address spoofing used by attackers?
To masquerade as authorized devices to bypass security measures.
What is a Wi-Fi Pineapple?
A tool that acts as a rogue AP, used in penetration tests and man-in-the-middle attacks.
What is SSLStrip?
An attack that downgrades secure HTTPS connections to unencrypted HTTP.
How can wireless attacks be mitigated?
Strong encryption (WPA3), regular updates, MAC filtering, hiding SSID, VPN.
