OtherPenetration TestingWireless Pentest

8 Scenario – How to Hack Wireless Networks

For this article, we are going to use different scenarios in order to help you better understand how to hack into different wireless networks.

Wireless networks are routers or any other way that a person or family gets WiFi in their home or business. These can usually be easily hacked because a lot of people do not change the password to the router from the original password that is given by the wireless provider.

It is a good idea to always change the password that is provided on the router that transmits data into the location in which it is located. This will help to make it harder for hackers to get into your WiFi therefore making it easier for them to get access to yourself.

Scenario 1: There is a computer that has no encryption on it which means that the network is wide open. Therefore, there is no isolation for the client and the network is considered to be unsafe to use and easy to hack.

Scenario 2: WEP is being used. There are several known attacks that exist and it will then make it easy to hack the network.

Scenario 3: The computer is not encrypted except for the isolation is enabled and a captive portal exists. With this type of wireless network, it is acceptable for a visitor to use the internet. Therefore, it should not be used for a company as it is still easy to be hacked.

Scenario 4: WPA/WPA2 is being used and a strong password has been put to use. The password has sixty characters, lower-case, upper-case, no dictionary words, and special characters in it. A hacker would not be able to crack the password with any computing power that we currently have. However, if the password is not changed every three months, there is a likelihood that a hacker will be able to figure out the password.

Scenario 5: WPA/WPA2, a weak password has been chosen. A hacker can now capture the authentication handshake and then make some attempts to crack it by using his own machine or even a “cloud” server. The server can then be compromised within a minute all the way up to a few hours.

Scenario 6: A company is using a WPA and a strong password that they change every day. But, the router that they are using in order to transmit WiFi has a static WPS pin that they are not able to change or even disable.

Because WPS is enabled, this is very similar to having an open network. So, this network is considered to be unsafe and should not be used for business purposes.

Scenario 7: RADIUS is being used and the settings are weak when it comes to the wireless clients and the server. A hacker would be able to perform what is called a rouge AP attack and obtain the authentication handshake.

Should a weak password also be used, it can be captured and user accounts will be at risk as well as the network being compromised. It is important for each person on this type of

network to have their own password that is tied directly to the domain. This means that the hacker will not be able to hack the wireless network as well as the domain.

Scenario 8: The company is using WPA/WPA2, as well as a strong password that is changed every day. The WPS is disabled and the administrator’s computer is kept up to date.

But, the router has not been updated since being installed and it contains odays (unknown vulnerabilities) that will allow a hacker to be able to conduct a CSRF attack. This is done by a persistent threat and the following can happen:

– The router will be compromised

– The hacker will be able to send targeted emails within the system administrators system that will cause it to appear like it is being sent from the router vender. This will also inform the system administrator to log into the router and check the email by clicking a link within the email after they have logged in.

– The link will then redirect the administrator to a page that will change the routers settings or simply steal the password.

It is also possible for a hacker to be able to get into a system because an employee has shared the password to the system unknowingly with a hacker and then makes the system compromised. This can also happen knowingly.

Or, if an employee’s phone or computer is compromised, then the wireless network password is compromised as well.

You should have a strict ACLs from the wireless to any segment that is wired. There should also be strict ACLs to any server that is going to hold sensitive information.

Noor Qureshi

Experienced Founder with a demonstrated history of working in the computer software industry. Skilled in Network Security and Information Security.

Related Articles

Back to top button