When searching for targets, a hacker will see networks both with and without encryption. Those networks without encryption are very vulnerable. Almost anyone could probably connect in a few seconds. These are usually home connections broadcast by users who either don’t know about encryption or don’t care, but sometimes even businesses leave themselves wide open. Hackers can use these connections for free Internet access, either for casual browsing or as a means of launching Internet-based hacking attacks.
For those networks with WEP encryption, a good hacker can usually crack them within a reasonable amount of time, some within minutes. The ability and amount of time it takes to crack depends upon the WEP key length and complexity, how much the network is being used, and the cracking techniques employed. The newer PTW hacking technique is much faster than most older techniques.
A hacker might also take a stab at cracking networks protected with the simpler or personal form of WPA or WPA2 encryption using pre-shared keys (PSK). The success of these attacks is all up to the simplicity (or complexity) of the passphrase used.
To get started cracking WPA/WPA2-PSK, a hacker only has to capture one client association (someone successfully connecting to the network). Then she can use dictionary-based attacks, trying to guess the passphrase. If the passphrase is simple and is contained in her dictionary, she’ll eventually crack the encryption. Hackers use dictionaries with hundreds of millions of words. Though this would take forever on your own PC, hackers have the ability to use outsourced super computers, such as WPA Cracker.
Some networks, usually in larger businesses or organizations, use the enterprise mode of WPA or WPA2 encryption using the Extensible Authentication Protocol (EAP) and 802.1X. These won’t have passphrases or PSKs to crack, but these are susceptible to man-in-the-middle attacks.
To get started hacking WPA/WPA2-Enterprise, a hacker would set up a fake AP matching the SSID and security settings of the target network and would then run a modified RADIUS authentication server. She’d try to get users to connect to her fake setup and attempt authentication, which requires that the client EAP settings have been set insecurely and that the bogus network is cleverly disguised enough to convince users to connect to it.
If everything does go according to plan, our hacker will capture usernames right away. For the passwords, she’ll have to run a dictionary attack. If the password is relatively simple, she’ll have everything she needs to connect to the target network.
No comments:
Post a Comment