Jump to content
Anastasis

Wireless Penetration Testing Checklist – A Detailed Cheat Sheet

Recommended Posts

Anastasis
Wireless Penetration Testing
 

What is wireless Penetration Testing

Wireless Penetration testing is the Actively Examine the Process of Information security Measures which is Placed in Wireless Networks and also analyses the Weakness, technical flows, and Critical wireless Vulnerabilities.

Most important counter Measures we should focus on Threat  Assessment, Data theft Detection, security control auditing , Risk prevention and Detection, information system Management, Upgrade infrastructure and the Detailed report should be prepared.

 

Framework for Wireless Penetration Testing

  1. Discover the Devices which connected with  Wireless Networks.
 

2. Document all the findings if Wireless Device is Found.

3. If wireless Device found using Wifi Networks, then perform common wifi Attacks and check the devices using WEP Encryption

4. if you found WLAN using WEP Encryption then Perform WEP Encryption Pentesting.

 

5. Check whether WLAN Using WPA/WPA2 Encryption .if yes then perform WPA/WPA2 pentesting .

6. Check Whether WLAN using LEAP Encryption .if yes then perform LEAP Pentesting.

7. No other Encryption Method used which I mentioned above, Then Check whether WLAN using unencrypted.

8. If WLAN is unencrypted then perform common wifi network attacks, check the vulnerability which is placed in unencrypted method and generate a report.

9. Before generating a Report make sure no damage has been caused in the pentesting assets.

 

Penetration Testing with WEP Encrypted WLAN

  1. Check the SSID and analyze whether SSID Visible or Hidden.

2.  Check for networks using WEP encryption.

3.If you find the SSID as visible mode then try to sniff the traffic and check the packet capturing status.

4. If the packet has been successfully captured and injected then it’s time to break the WEP  key by using a wireless cracking tool such as Aircrack-ng, WEPcrack .

4. If packets are not reliably captured then sniff the traffic again and capture the Packet.

5. If you find SSID is the Hidden mode, then do Deauthentication the target client by using some of deauthentication tools such as Commview and Airplay-ng.

6.Once successfully Authenticated with the client and Discovered the SSID , then again follow the Above Procedure which is already used for discovered SSID in earlier steps.

7.Check if the Authentication method used is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism needs to be performed.

9.Check if the STA (stations/clients) are connected to AP (Access Point) or not. This information is necessary to perform the attack accordingly.

If clients are connected to the AP, Interactive packet replay or ARP replay attack needs to be performed to gather IV packets which can be then used to crack the WEP key.

If there’s no client connected to the AP, Fragmentation Attack or Korex Chop Chop attack needs to be performed to generate the keystream which will be further used to reply ARP packets.

10.Once the WEP key is cracked, try to connect to the network using wpa-supplicant and check if the AP is alotting any IP address or not.”EAPOL handshake”

 

Penetration Testing with WPA/WPA2 Encrypted WLAN

  1. Start and Deauthenticate with WPA/WPA2 Protected WLAN client by using WLAN tools Such as Hotspotter, Airsnarf, Karma etc .

2. If the Client is Deaauthenticated, then sniff the traffic and check the status of captured EAPOL Handshake.

3.If the client is not Deauthenticate then do it again.

4.Check whether EAPOL handshake is captured or Not.

5.Once you captured EAPOL handshake, then perform PSK Dictionary attack using coWPAtty , Aircrack-ng to gain confidential information.

6. Add Time-memory trade off method (Rainbow tables) also known as WPA-PSK Precomputation attack for cracking WPA/2 passphrase. Genpmk can be used to generate pre computed hashes.

7.if its Failed then Deauthenticate again and try to capture again and redo the above steps.

 

Penetration Testing with LEAP Encrypted WLAN

  1. Check and Confirm whether WLAN protected by LEAP Encryption or not.

2.De-authenticate the LEAP Protected Client using tools such as karma,hotspotter etc.

3. if client is De authenticated then break the LEAP Encryption using tool such as asleap to steal the confidential information

4.if process dropped then de authenticate again

 

Penetration Testing with Unencrypted  WLAN

1.Check whether SSID is Visible or not

2. sniff for IP range if SSID is visible then check the status of MAC Filtering.

3, if MAC filtering enabled then spoof the MAC Address by using tools such as SMAC

4.Try to connect to AP using IP within the discovered range.

5.If SSID is hidden then discover the SSID using Aircrack-ng and follow the procedure of visible SSID which i Declared above.

Share this post


Link to post
Share on other sites

Δημιουργήστε ένα λογαριασμό ή συνδεθείτε προκειμένου να το δείτε

Πρέπει να είστε μέλος για να μπορέσετε να αφήσετε κάποιο σχόλιο

Δημιουργία λογαριασμού

Κάντε μια δωρεάν εγγραφή στην κοινότητά μας. Η εγγραφές μας είναι εύκολες.!

Εγγραφή τώρα

Σύνδεση

Εάν έχετε ήδη λογαριασμό σε αυτό το Forum; Συνδεθείτε εδώ.

Συνδεθείτε τώρα

  • Μηνύματα

    • de4d_R1n63r
      Πως μπορώ να δημιουργήσω ένα evilAP (Access Point) όπου όταν ένας χρήστης συνδέεται θα πρέπει πρώτα να περάσει από ένα fake captive Portal που εχω φτοιάξει εγώ και το τρέχω στο localhost?  Παράδειγμα: όπως οι καφετέριες έχουν το Free access Captive Portal! Όπου Πρέπει να κάνεις Κλικ κάπου πρώτα και μετά μπορείς να συνεχισεις να σερφάρεις «ανενοχλητος». Κατάφερα Να στήσω ενα Access Point με το mitmAP.py αλλά κολλάω στη Δημιουργία Του Captive Portal...  Λογισμικό : kali Linux 2.0 Virtual machine Οποιαδήποτε βοήθεια είναι καλοδεχούμενη!  Σας ευχαριστώ Πολύ! 
    • dichvusocks
      Payment Instantly perfectmoney, bitcoin, wmtransfer, wex, ETH (Please click Buy Socks)
      Update Tools Client Dichvusocks.us http://dichvusocks.us/tools.php Link check socks http://check.dichvusocks.us/
      LIVE | 37.59.8.29:19571 | 1.52 | Unknow | Unknow | ns3099982.ovh.net | France | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 103.21.163.81:6667 | 1.69 | Gujarat | 396445 | N/A | India | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 188.120.228.252:42796 | 1.72 | Unknow | Unknow | stylemax.ru | Russian Federation | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 150.129.52.74:6667 | 1.22 | Gujarat | 394601 | N/A | India | Blacklist: No | Checked at http://dichvusocks.us
      LIVE | 79.137.72.22:56975 | 0.5 | Unknow | Unknow | 22.ip-79-137-72.eu | France | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 118.139.176.242:40440 | 0.73 | Unknow | Unknow | ip-118-139-176-242.ip.secureserver.net | Singapore | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 95.110.227.5:50459 | 0.61 | Toscana | 52100 | host5-227-110-95.serverdedicati.aruba.it | Italy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 103.250.148.82:6667 | 1.05 | Gujarat | 382845 | N/A | India | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.140.100:28724 | 1.56 | Arizona | 85260 | ip-192-169-140-100.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 132.148.130.208:24484 | 1.36 | California | 92603 | ip-132-148-130-208.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.202.104:36198 | 1.75 | Arizona | 85260 | ip-192-169-202-104.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 192.169.196.126:6365 | 1.76 | Arizona | 85260 | ip-192-169-196-126.ip.secureserver.net | United States | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 118.139.176.242:61359 | 0.74 | Unknow | Unknow | ip-118-139-176-242.ip.secureserver.net | Singapore | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 37.208.69.147:9050 | 0.86 | Unknow | Unknow | stitu.shapefeeds.com | Anonymous Proxy | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 103.250.166.4:6667 | 1.08 | Gujarat | 370201 | N/A | India | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 125.227.69.220:3261 | 0.91 | Unknow | Unknow | 114-26-161-57.dynamic-ip.hinet.net | Taiwan | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 43.224.8.121:6667 | 1.29 | Gujarat | 363001 | N/A | India | Blacklist: Yes | Checked at http://dichvusocks.us
      LIVE | 150.129.52.75:6667 | 1.44 | Gujarat | 394601 | N/A | India | Blacklist: Yes | Checked at http://dichvusocks.us
       
    • vn5socks.net
      LIVE ~ 204.42.255.250:13264 | 0.245 | Englewood | CO | 80112 | United States | Checked at vn5socks.net
      LIVE ~ 37.59.56.88:17371 | 0.235 | Unknown | Unknown | Unknown | France | Checked at vn5socks.net
      LIVE ~ 66.110.216.221:39603 | 0.303 | Atlanta | GA | 30328 | United States | Checked at vn5socks.net
      LIVE ~ 184.185.2.146:47659 | 0.292 | Unknown | Unknown | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 165.227.214.55:2018 | 0.232 | Santa Cruz | CA | 95060 | United States | Checked at vn5socks.net
      LIVE ~ 52.196.27.196:34000 | 0.107 | Wilmington | DE | 19893 | United States | Checked at vn5socks.net
      LIVE ~ 45.55.169.78:19556 | 0.269 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net
      LIVE ~ 72.11.148.222:56533 | 0.197 | Los Angeles | CA | 90014 | United States | Checked at vn5socks.net
      LIVE ~ 216.21.200.120:10200 | 0.239 | Walpole | ME | 04573 | United States | Checked at vn5socks.net
      LIVE ~ 66.110.216.105:39431 | 0.302 | Atlanta | GA | 30328 | United States | Checked at vn5socks.net
      LIVE ~ 192.169.250.198:40710 | 0.193 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net
      LIVE ~ 192.169.180.124:6085 | 0.221 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net
      LIVE ~ 69.198.62.206:39593 | 0.364 | Richardson | TX | Unknown | United States | Checked at vn5socks.net
      LIVE ~ 50.63.153.173:46311 | 0.196 | Scottsdale | AZ | 85260 | United States | Checked at vn5socks.net
      LIVE ~ 192.169.188.100:53562 | 0.194 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net
      LIVE ~ 173.249.7.249:34925 | 0.258 | Pacifica | CA | 94044 | United States | Checked at vn5socks.net
      LIVE ~ 192.210.202.156:2018 | 0.237 | Unknown | Unknown | Unknown | Unknown | Checked at vn5socks.net
      LIVE ~ 50.63.153.173:25515 | 0.2 | Scottsdale | AZ | 85260 | United States | Checked at vn5socks.net
    • tisocks
      SOCKS Proxy List by Tisocks.net
      If you Need Socks5 , Please visit service and add fund via PM , BTC WMZ , WEX . Thanks all!!
      Add fund : https://tisocks.net/addfund
      Check socks5 Online here : https://checksocks5.com
      LIVE | 64.118.87.14:40028 | 0.052 | SOCKS5 | New Jersey | 07310 | drive500.123servers.com | United States | Checked at https://tisocks.net
      LIVE | 64.118.87.11:40028 | 0.052 | SOCKS5 | New Jersey | 07310 | drive500.123servers.com | United States | Checked at https://tisocks.net
      LIVE | 64.118.88.53:40028 | 0.052 | SOCKS5 | New Jersey | 07310 | drive500.123servers.com | United States | Checked at https://tisocks.net
      LIVE | 79.137.72.22:56975 | 0.335 | SOCKS5 | Unknow | Unknow | 22.ip-79-137-72.eu | France | Checked at https://tisocks.net
      LIVE | 192.169.142.205:4265 | 0.281 | SOCKS5 | Arizona | 85260 | ip-192-169-136-149.ip.secureserver.net | United States | Checked at https://tisocks.net
      LIVE | 64.130.131.172:34048 | 0.224 | SOCKS5 | Kentucky | 42141 | 64-130-131-172.pool.dsl.scrtc.com | United States | Checked at https://tisocks.net
      LIVE | 69.89.101.16:62720 | 0.169 | SOCKS5 | Michigan | 48915 | 69-89-101-16.dhcp.acd.net | United States | Checked at https://tisocks.net
      LIVE | 164.132.20.94:12968 | 0.252 | SOCKS5 | Georgia | 30736 | 64-18-108-170.hsi.catt.com | United States | Checked at https://tisocks.net
      LIVE | 96.31.247.253:38882 | 0.447 | SOCKS5 | California | 90009 | 96-31-247-253-static-ip.telepacific.net | United States | Checked at https://tisocks.net
      LIVE | 149.56.65.157:46684 | 0.324 | SOCKS5 | Al Qahirah | Unknow | host-41.234.217.155.tedata.net | Egypt | Checked at https://tisocks.net
      LIVE | 192.169.140.74:58022 | 0.279 | SOCKS5 | Arizona | 85260 | ip-192-169-140-74.ip.secureserver.net | United States | Checked at https://tisocks.net
      LIVE | 163.172.202.116:42908 | 0.265 | SOCKS5 | Michigan | 48066 | c-68-36-229-146.hsd1.mi.comcast.net | United States | Checked at https://tisocks.net
      LIVE | 149.56.65.157:58128 | 0.404 | SOCKS5 | Region Metropolitana | Unknow | N/A | Chile | Checked at https://tisocks.net
      LIVE | 185.244.128.102:28102 | 0.555 | SOCKS5 | Unknow | Unknow | N/A | Romania | Checked at https://tisocks.net
      LIVE | 64.118.88.39:40028 | 0.059 | SOCKS5 | New Jersey | 07310 | drive500.123servers.com | United States | Checked at https://tisocks.net
    • shopsocks5.com
      [Shopsocks5.com] Service Socks5 Cheap
      Payment Instantly Perfectmoney, Bitcoin, Wmtransfer, BTC-E ( Please click Buy Socks )
      Check Socks Online  http://shopsocks5.com/check/




        Live | 184.185.2.146:47659 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 72.210.252.134:46164 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 14.102.109.133:10198 | India | New Delhi | 07 | Unknown | Checked at Shopsocks5.com Live | 138.68.59.157:1210 | United States | Wilmington | DE | 19880 | Checked at Shopsocks5.com Live | 31.148.219.150:1443 | Netherlands | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 173.245.239.223:16938 | United States | Atlanta | GA | 30328 | Checked at Shopsocks5.com Live | 208.97.31.229:53124 | United States | Atlanta | GA | 30328 | Checked at Shopsocks5.com Live | 72.49.49.11:31034 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 205.240.205.108:25798 | Honduras | San Pedro Sula | 06 | Unknown | Checked at Shopsocks5.com Live | 69.61.200.104:36181 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 216.144.230.233:15993 | United States | Santa Ana | CA | 92705 | Checked at Shopsocks5.com Live | 204.42.255.250:13264 | United States | Englewood | CO | 80111 | Checked at Shopsocks5.com Live | 98.172.253.157:40753 | United States | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 37.59.56.88:3605 | France | Unknown | Unknown | Unknown | Checked at Shopsocks5.com Live | 72.11.148.222:56533 | United States | Los Angeles | CA | 90014 | Checked at Shopsocks5.com Live | 52.196.27.196:34000 | Japan | Tokyo | 40 | 100-0001 | Checked at Shopsocks5.com
×