WiFi Penetration Testing – Things You Should Know
For a WiFi penetration testing to take place, there must be a communication connection between at least two devices, and the connection between them can be via a cable (LAN) or wireless. Most hacking processes you have learned so far (Hacking with Nessus, Nmap, and John the Ripper) are done over the internet, meaning that they have been remote hacks that you can carry out anywhere provided the target host is online, and you have an internet connection.
The kinds of hackers you hear about on the news causing so much trouble to your potential clients are remote hackers. However, there is an even more dangerous type of hacker who can compromise a computer system by finding vulnerabilities in local computers using the client’s wireless network. More and more corporations and even individuals are hiring whitehat hackers to try to hack their wireless systems to know just how safe you are.
In this and the next article, we will cover a complete guide on WiFi penetration testing with Kali Linux. This article will cover all the important things you need to know about wireless networks to prepare you for the different kinds of networks you will encounter and how easy or difficult it is to hack each one. You will learn what hidden networks are and find out how much of a challenge they are to a hacker. This hour is meant to give you a rough idea on how different kinds of wireless networks are usually hacked. If you are familiar with the information provided here, you can skip this article and navigate to the next: How to Hack Password Protected WiFi.
Understanding Wireless Network Security
Wireless networks can be classified according to how secure they are. The various wireless network security protocols will need different hacking strategies, but first, let us summarize how many there are.
1. Open Wireless Network
A public WiFi is a free wireless network that is typically available to the public to connect to the access point (wireless router) and access the internet. There are two types of open wireless networks:
This is a kind of network where anyone can connect to and use without limitations. This is the kind of network used in public places such as trains, restaurants, and WiFi hotspots that offer free internet access.
Open but restricted
With this kind of network, users can connect to the access point, but this does not guarantee access to the internet. This kind of connection has another layer of authentication beneath the open protocol.
Considering that hacking a wireless network refers to finding the router’s password, you can hack the open but restricted but not the open, unrestricted network. However, in the scope of this article, both of these networks do not require hacking.
2. WEP (Wired Equivalent Privacy) Wireless Networks
Picture this as a house that asks you for a password before the door opens for you. Using WiFi penetration testing tools that come with Kali Linux, you will be able to hack this type of network within minutes because WEP is the least secure security protocol. ISPs who require users to log in to access the internet on their network, schools and colleges that require students to log in with their student ID and password to access the internet and large offices still use this security protocol. However, WEP is less common today as security-conscious network admins prefer WPA and WPA2.
3. WPA (WiFi Protected Access) Wireless Networks
The development of the WPA and later WPA2 security protocol was a direct response to the apparent vulnerabilities that WEP standard had. WPA was
officially adopted in 2003, just a year before the WEP was officially retired. The most common configurations of WPA is Pre-Shared Key (WPA-PSK) which features a 256-bit encryption system that can either use TKIP (Temporary Key Integrity Protocol) or AES (Advanced Encryption Standard).
As far as security goes, the TKIP is an earlier a stopgap encryption protocol that is no longer considered secure because it is easier to hack. This means that as an ethical hacker who performs WiFi penetration testing, you will have an easier time with a TKIP WiFi than AES.
The AES was introduced with WPA2 as a replacement for TKIP in WPA, and it is considered so secure that even the US military uses it.
4. Hidden Networks
Any type of WiFi networks we have discussed can be hidden. Consider it “security through obscurity.” A hidden network does not broadcast its name (called SSID) and is, therefore, a little bit harder to access or hack. It is a lot like trying to pick a lock to a door you do not know where it is located.
Kali Linux comes with several WiFi penetration testing tools that you will use to scan for and find hidden network SSIDs.
You have two options to find a hidden network: passive and active. With the passive method, you can wait until a client connects to the network to locate the network from the clues the client leaves behind. The active method involves de-authenticating clients on the network to force the access point to reveal the network details. However, finding and hacking hidden wireless networks is not the scope of this article.
WPA Security – What Makes WPA Networks so Secure?
Some of the changes implemented in WPA that makes it more secure than WEP include message integrity checks, which are carried out to determine whether an intruder had intercepted or altered packets exchanged between a client and the access point.
The WPA2 protocol that was launched in 2006 introduced Counter Cipher Mode with Block Chaining Message Authentication Protocol (CCMP) which is essentially what makes the AES more secure than the TKIP.
One of the top weakness of the AES is brute-force attacks, which can be prevented by using strong and complex passphrases. The WiFi Protected Setup (WPS) remains the biggest hole in the WPA armor because an intruder just needs to gain access to the secured WiFi network to access the keys they need to hack devices on the network.
WiFi Penetration Testing With Kali Linux
In this article, we covered everything important you need to know about different WiFi networks so you’ll be prepared to hack each one of them. This article was meant to give you a basic idea on how each wireless network is usually hacked.
Now that you have a general idea of the various types of wireless network security protocols, you are better armed for performing WiFi penetration testing with Kali Linux. In the next article, we will get our hands’ dirty learning to hack WPA, WPA2, and WEP encrypted WiFi password.