Fall is finally here and it’s getting spooky, and that’s why in October we decided to dedicate our newest issue to a truly terrific topic, that is wireless hacking! Inside of this edition, you will find great tutorials, case studies, and guides, suitable both for advanced and intermediate hackers. Grab your hot tea or you-know-what-latte and let’s dive into it!
We prepared a handful of amazing articles that will help you with many aspects of wireless hacking - from most effective tools, like WiFiPumpkin3 in a tutorial written by Atlas Stark, to pentesting your wireless networks. Roberto Camerinesi will help you understand what are Stealth Chained Wi-Fi Attacks and how to perform them, and those of you who are just starting your adventure with hacking will get a chance to get to know a tool called Airgeddon in the Quick Guide to Wi-Fi Hacking for Newbies.
But there’s more! There are many interesting case studies and tutorials that will help you improve your wireless security or gain skills to exploit network vulnerabilities.
If Wi-Fi hacking is not your cup of tea, we have something for you too! If you are a fan of Nmap, take a look at Evading Firewalls & Enumerating SNMP Using Advanced Nmap Techniques by dr. Akashdeep Bhardwaj. For those who are still hungry for some raspberries we have an amazing tutorial Facial Recognition Using Raspberry Pi and Pi Camera. Python enthusiasts may be interested in an introduction to encoding/decoding things with Codext, a great open-source tool, written by Alexandre D’Hondt. You will also get a chance to get into your detective boots and investigate financial fraud crimes using Graph techniques!
While we focus mostly on wireless hacking, this issue is full of diverse knowledge and we believe it will be a great read for everyone, as our contributors did truly an amazing job to share their experience. We hope this edition will brighten the cold autumn days for you :)
We would like to send gratitude to our amazing contributors and reviewers for helping us create this piece. It wouldn’t be possible without you!
Without further ado, enjoy!
Magdalena Jarzębska and Hakin9 Editorial Team
Table of Contents
Fall is in the air and with those crisp gusts of wind, the month of October brings us countless “Hacktober” events and cool tools to discover. One tool I have grown really fond of is WifiPumpkin3 by POcL4bs. WifiPumpkin3 is a framework written in Python 3 for rogue access point attacks as well as other wireless attack functionalities, according to the project site. So, fire up a command line, grab your favorite cola or your Pumpkin Spice Latte and get ready to explore how this tool can enhance your arsenal for your next engagement.
How to Hack Wi-Fi Networks and Secure Them
Kirankumar Ramarao Subuddi, Nikhil Santosh Mahadeshwar
Many users assume that if they pay for a Wi-Fi network at a hotel or airport then the connection is as secure as the network connection at home or at the office. But wireless eavesdropping can happen on virtually any public Wi-Fi network. Plus, it is impossible for the untrained person to determine the safety of a public Wi-Fi network and to identify those that are dangerous and make users vulnerable to hacking. Let’s explore how a public Wi-Fi can be exploited in different means.
Stealth Chained Wi-Fi Attacks
It is clear then that wireless protects itself in various ways using more or less powerful encryption methods, but the fact remains that believing that wireless is impregnable can be a serious mistake. In this case, however, we are going to analyze an attack that is a bit more complex, carried out with a different goal from the usual "WPA crack", the goal will be to chain a Wi-Fi attack to obtain persistence in a LAN physically far away, using the transmission power as a vector, and thus violate that network in the most stealthy and invisible way possible.
Airgeddon - a Quick Guide to Wi-Fi Hacking for Newbies
Airgeddon makes things easy for you, from putting the wireless card on monitor mode and selecting target, through capturing the handshake, to cracking the Wi-Fi (WPA1 and WPA2), or performing an evil twin attack (to do this, you’ll need an external wireless card). It is also constantly evolving by adding new features. How cool is it? First, let’s see how to install Airgeddon.
Performing a Pentest on a Wireless Network - Practical Case
Joas Antonio dos Santos
The Pandemic has brought us several changes in the way we are going to work from now on, especially in the cybersecurity area, even though working remotely has been a reality for a long time. But sometimes it's quite difficult to work away from the company or one of our clients, of course, that's what we would think. But why am I saying this? I recently did a Wireless Network PenTest for a client, looking to test the security of their Wi-Fi networks that were used in their office, and for those who made the OSWP know that a connected wireless card and SSH access is enough for we started our audit and that's how we got here.
Improved Cyber Security on Higher Education Institutes: a Case Study on Wireless Networks Security
Wireless Networks are part and parcel of our daily life as it is seemingly everywhere. Wi-Fi is a commodity of every person, every home and organization with proper access and resources. However, only a few people are aware of the risks they are facing in using wireless networks and exchanging information through these types of networks. Therefore, through this case Study it is expected to first discuss basic concepts related to wireless networks, information exchange through these networks and configuration of security. Then it is expected to discuss the basic ideas of security threats and existing mitigations in general in wireless networks. Finally, the key objective of the case study is to focus on campus networks and implementing security in using campus networks for information interchange and different research conducted on enhancing the related security through different protocols and principles.
Evading Firewalls & Enumerating SNMP Using Advanced NMAP Techniques
You’ve been asked to gather information about a network and its systems (hosts) – about which you have no idea. It is an unknown network. You are asked to find live IP addresses, network interfaces, hosts running apps, services, OS and their versions, or simply the open or closed ports. But you are completely blank! This is where NMAP, or Network Mapper, comes in. We can perform reconnaissance using NMAP to probe the network and systems inside it, craft our TCP packets, and send them to the targets. You can evade firewalls and Intrusion Detection Systems when gathering valuable information from target networks and systems. The information gathered can further be used for penetration testing – search vulnerabilities!
Facial Recognition Using Raspberry Pi and Pi Camera (IoT Protocol Focus: MQTT)
Shoumit Karnik, Souryadip Sengupta
The project idea was to implement facial recognition using the Raspberry Pi single-board computer along with the Pi Camera attachment. The IoT protocol used to transmit the images between the simulated cloud environment (local machine) and the Raspberry Pi will be MQTT (Message Queuing Telemetry Transport) and the local environment would be used to identify the person. Facial recognition through OpenCV would be used to identify the captured image from the Pi Camera.
Encoding/Decoding Things with CodExt - a Python Package Featuring CLI Tools for Encoding and Decoding Many Things
Python provides a native package for handling encodings called codecs. It has a neat API defining codecs for encoding/decoding with various well-known encodings, especially for dealing with special characters. However, it contains a limited set of codecs and does not handle multi-layered encoded inputs. That is where codext comes into play, the CODecs EXTension. It provides various features for easily enriching the registry of codecs from the native library, increases this with many new encodings and also provides multi-layer guessing relying on an artificial intelligence algorithm. This article explains its basics and presents some of its capabilities.
Investigate Financial Fraud Crimes using Graph Techniques
Money laundering, terrorism funding, corruption, tax evasion, insurance fraud, are a few examples of financial fraud crimes. To avoid jail time or penalties, offenders must cover their traces in all of these circumstances. That includes using fake identities, middlemen, intricate financial schemes, and other techniques to create layers of obfuscation between their identity and their wrongdoings. Law enforcement authorities, financial institutions, and other fraud detection specialists, on the other hand, are seeking proof of wrongdoing. New graph technologies provide a one-of-a-kind opportunity to identify financial criminals.