Tuesday, December 05, 2017

HOWTO : Wifi Penetration Testing Without Tears

Wifi everywhere! There are a lot of private and public wifi access points around you. Almost everyone will use wifi at anytime. The security of wifi should be taken into account.

The most common wifi frequencies are 2.4GHz and 5GHz at the time of this writing. 2.4GHz frequency channel range is between 1 and 14 while 5GHz frequency channel range is between 34 and 165. That's include a/b/g/n/ac modes.

You can even find some access points still using WEP but it is not common. Almost all access points are using WPA/WPA2. To get passphrase of WEP from access point is very easy. However, WPA/WPA2 is not very hard indeed.

When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passhrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.

To complete the capture steps, you need a tool namely Aircrack-ng. It is a very powerful wifi auditing tool. Furthermore, there is a good tool to brute forcing WPA/WPA2 key, it is Hashcat. Hashcat is very powerful tool for password recovery. Hashcat requires GPU to do the brute forcing job. The more powerful the GPU, the faster the process of brute forcing.

However, to carry out the wifi penetration testing is somehow very hard for some people. It is because it will involve a lot of steps and procedure to complete. In addition, you also need a workable wifi USB dongle or card to make the job done.

Current version of Aircrack-ng 1.2 RC4 does not fully compatible to 5GHz frequency. It is required to patch it and compile it yourself in Kali Linux.

Realtek 8812au chipset wifi USB dongle is ready for 5GHz frequency and penetration testing. The driver is required to compile and install on Kali Linux yourself too.

One of the automated tools for penetration testing wifi is WAIDPS. It also can act as intrusion detection and prevention system for wifi. It just a few keystrokes to complete the wifi penetration testing.


[1] List of WLAN channels
[2] Kali Linux
[3] Aircrack-ng Official Site
[4] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[5] Install Realtek 8812au Linux Driver
[6] Patch Aircrack-ng For 5GHz Band On Kali Linux 2017.3
[7] Hashcat Official Site
[8] Install Hashcat on Ubuntu 16.04.3
[9] TP-Link Archer T4UHP (Realtek 8812au chipset)
[10] ALFA AWUS036NH (Realtek 8812au chipset)
[11] D-Link DWA-171 Nano USB Adapter (Realtek 8812au chipset)

That's all! See you.