Wireless Networking
Content
System Cracking 2k
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with
activities and devices which would be in violation of various Federal, State, and local laws if actually
carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our
text files and message bases are for informational purposes only. We recommend that you contact
your local law enforcement officials before undertaking any project based upon any information
obtained from this or any other web site. We do not guarantee that any of the information
contained on this system is correct, workable, or factual. We are not responsible for, nor do we
assume any liability for, damages resulting from the use of any information on this site.
Seems like it's been a while since my last article (though I am still receiving e-mails in response to my
article on breaking into school networks), so I've decided to submit yet another article, this time on
newer forms of network infiltration. Because, let's face it, times have changed. It takes more than a
wardialer and a list of default passwords to break into a network. So enough of the introduction,
let's begin...
Section I: Wireless Networking ------------------------------
Recently the implementation of wireless networking has become the new convenient and efficient
way for businesses to communicate between nodes. With wireless networking users are able to stay
connected to their networks approximately 1 3/4 more hours, which increases productivity by 22%.
This also makes it easier to set up new connections to the network (without having to deal with
wires and such). However, as technology develops, so does methods of exploitation. But before we
get into exploiting wireless networks we must first understand the different types of wireless
networks. There are four different types of wireless networks...Bluetooth, IrDA, SWAP (HomeRF),
and Wi-Fi.
Bluetooth is a radio-frequency standard that is rather inexpensive. Bluetooth communicates on a
frequency of 2.45 gHz, which is the same radio frequency band that is used on such devices as baby
monitors and garage door openers. When communication is established, Bluetooth creates a PAN
(personal area network, also known as a piconet). These piconets encompass an area not much
larger than a single room, but can communicate with other piconets that are nereby. This type of
wireless networking of course is not very efficient when dealing with a large business. IrDA (Infrared
Data Association) is a standard for devices to communicate using infrared light pulses. An example of
a device using IrDA is a remote control. Though an IrDA can transfer data up to speeds of 4Mbps, it
requires that it each device be in direct sight of each other. This of course very much limits it's use in
your average work place. SWAP and Wi-Fi are both based on spread-spectrum radio waves that are
in the 2.4 GHz range. Spread spectrum simply means that data is sent in small pieces over a number
of frequencies that are available for use in the specified range. They also allow two ways for
communication between nodes and allow for speeds up to 2 Mbps.
These two methods are called DSSS (direct-sequence spread spectrum) and FHSS (frequency-
hopping spread spectrum). Communication using DSSS is done by splitting each byte of data into
separate parts and sending them concurrently on different frequencies (using approximately 22 MHz
of the available bandwidth). Communication using FHSS is done by sending a short burst of data,
switching frequencies, and then sending another short burst (which uses only 1 MHz or less of the
available bandwidth). Wi-Fi is probably the type of wireless network you will encounter most often
in business networks due to the fact that it is very efficient and can integrate into existing wired-
Ethernet networks (unless they can't afford it). Anyways, that should give you a good idea of how
wireless networks operate. I'm sorry for the long lecture, but as I like to tell a lot of people, you can
not expect to be able to exploit something you don't even understand. So now that we are done
with that we will get into methods of targeting and exploiting wireless networks.
We will start off with a method that is becoming quite popular, very quickly...wardriving. Wardriving
is the act of driving around looking for unsecured wireless networks. It's a fairly new concept, but
has already grown quite a following. So how do we do it? Well first you need to invest in the supplies
needed. First you need to buy a decent laptop with a PCMCIA slot for the wireless card. Then of
course a wireless card. An antenna is optional, but is prefered if you are wanting to be able to search
targets from a safe distance. Make sure the wireless card you purchase comes with an antenna jack
(unless you have enough experience to modify the wireless card).
Finally the software. Netstumbler is the most popular software available for wardriving, and works
on a Windows operating system. There is also Airsnort for linux, and Ap Scanner for Macintosh. If
you have some money left over then it is also a good idea to invest in a GPS unit, which will allow
you to log the exact coordinates of a targeted wireless network. www.wardriving.info is a good place
to start to learn more about wardriving.
Now lets get into warchalking. Warchalking is simply the process of making a sort of physical mark to
indicate wireless networks in the premises. The symbols are usually marked as such (in chalk
somewhere outside the premises, thus giving it's name). A symbol such as ")(" (two semi-circles
sitting back to back) indicates an open node, which means that anybody who sees this symbol and
knows it's meaning can freely access into the network. A symbol as such "O" (a circle) indicates a
closed node. And a circle with a 'W' inside it indicates a WEP (Wired Equivalent Privacy), which is a
40-bit encryption and 24-bit IV (Initialization Vector...also known as a 64-bit encryption)
implemented in order to prevent eavesdropping (WEP2 offers a 128-bit encryption, and may be
implemented if the business has enough concern to implement such measures). The WEP encryption
standard is however quite insecure, and I will briefly describe some methods that can be used to
crack such measures, but it will be up to you to do a little bit of research (utilize a search engine).
The key scheduling algorithm for RC4, which is what WEP utilizes, is not unbreakable. In fact, the
implementation of BOTH the RC4 encryption and the IV seems to be what causes the WEP algorithm
to be so weak. Click on the link below to read a more indepth article on problems persistant in
WEP...
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
The main problem here is the keys are static, meaning that if you utilize a tool like Airsnort you can
sniff the traffic and figure out the key, therefore, giving you the chance to pose as a legitimate user.
Also, if you can get your hands on this, there is a tool IBM has recently released called WSA (Wireless
Security Auditor) that could greatly automate your task of finding security vulnerabilities present in
wireless networks. This tool runs off Linux on an iPAQ PDA (you'll have to do a bit of shopping
around, but if you can get a copy of WSA for your iPAQ, then you could greatly reduce the time it
takes to infiltrate the wireless network). There are other aspects of wireless network exploitation
such as warwalking, and warflying. However, if I got into the these topics I would simply be repeating
what has already been said, since the concept is basically the same. Another technique that can be
applied to wireless network exploitation is ARP poisoning, as well as other ARP based attacks. For
information on various ARP based attacks go to...
http://packetstormsecurity.nl/papers/protocols/intro_to_arp_spoofing.pdf
Section II: Conclusion ----------------------
Hope you enjoyed the article. There was probably more techniques I could have gone over, but they
didn't really feel related to the subject quite as much. So until next time...
Note: Also make sure to visit Hacking Palace at www.hackingpalace.net (it's not my site, but I'm
helping out a friend). There's a lot of useful tutorials on the site and a new forum that we are trying
to start up. So make sure to join us.
Note-2: If you have any questions of comments and feel the need to reach me then you can do so at
[email protected] and I will try to get back with you as soon as possible.
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
