Pages

Sunday, March 28, 2010

Network Hacking Tools

Hey friends!! Let me share few details about different Network Hacking tools and how you can protect yourself from them if someone is playing with it on you.
So here we goooo……..

NetStumbler (Freeware):
                                Download Link: http://www.netstumbler.com/downloads/
NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g. It has many uses:
• Verify that your network is set up the way you intended.
• Find locations with poor coverage in your WLAN.
• Detect other networks that may be causing interference on your network.
• Detect unauthorized "rogue" access points in your workplace.
• Help aim directional antennas for long-haul WLAN links.
• Use it recreationally for WarDriving.
How to protect yourself from NetStumbler: 

      Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.



Kismet (Freeware)

                               Download Link:  http://www.kismetwireless.net/download.shtml

    Kismet is an 802.11 wireless network detector, sniffer, and intrusion detection system.  Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic (devices and drivers permitting).

    Kismet also sports a plugin architecture allowing for additional non-802.11 protocols to be decoded.

  Kismet identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic.

How to protect yourself from Kismet:

    There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption




AirSnort (Freeware) Old software not so active: 
                                                    
                              Download link: http://sourceforge.net/projects/airsnort/files/ 

AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. 802.11b, using the Wired Equivalent Protocol (WEP), is crippled with numerous security flaws. Most damning of these is the weakness described in " Weaknesses in the Key Scheduling Algorithm of RC4 " by Scott Fluhrer, Itsik Mantin and Adi Shamir. Adam Stubblefield was the first to implement this attack, but he has not made his software public. AirSnort, along with WEPCrack, which was released about the same time as AirSnort, are the first publicly available implementaions of this attack.

AirSnort requires approximately 5-10 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.

Alternatively one can use Aircrack-ng

                                Download link: http://download.aircrack-ng.org/

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

How to protect yourself from AirSnort

Use a 128-bit, not a 40-bit WEP encryption key.  This would take longer to crack.  If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).

coWPAtty (Freeware)
                                    
                                     Download link: http://sourceforge.net/projects/cowpatty/


Brute-force dictionary attack against WPA-PSK, To perform the coWPAtty dictionary attack we need to supply the tool with a capture file that includes the TKIP four-way handshake, a dictionary file of passphrases to guess with and the SSID for the network.

In order to collect the four-way handshake you can either wait until a client joins the network or preferably you can force it to rejoin the network using tools like void11 or aireplay and capture the handshakes using something like kismet, ethereal or airodump.
How to protect yourself from coWPAtty

Use a long and complex WPA Pre-Shared Key.  This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer.  If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out.  If using certificate like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.

ASLeap (freeware)
                          
                                   Download Link:  http://sourceforge.net/projects/asleap/


ASLeap is a tool designed to recover weak LEAP (Cisco's Lightweight Extensible Authentication Protocol) and PPTP passwords, asleap can perform:

  • Weak LEAP and PPTP password recovery from pcap and AiroPeek files or from live capture
  • Deauthentication of clients on a leap WLAN (speeding up leap password recovery) AIRJACK DRIVER REQUIRED
  • Handles dictionary and genkeys files up to 4 TB in size.
  • Can read live from any wireless interface in RFMON mode (DLT_IEEE802_11, DLT_TZSP).
  • Can read live from any network interface in Ethernet or Ethernet- compatibility mode (DLT_EN10MB). This was intended to let Windows users capture LEAP transactions without RFMON support, but is also useful to capture PPTP transactions on wireless or wired networks.
  • Added getopt to genkeys for advanced command-line parameter support.
  • Can read from STDIN with genkeys, useful to combining genkeys with John the Ripper to create custom dictionaries.
  • Support for a standard dictionary attack without genkeys databases (-W). Useful for trying to recover a password from a transaction that isn't in your dictionary file when you have a lot of time, or little disk space.


How to protect yourself from ASLeap

Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.

Ethereal (Freeware) 


                     Download Link: http://www.ethereal.com/download.html


Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development and education. It has all of the standard features you would expect in a protocol analyzer and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including UNIX, Linux, and Windows.

How to protect yourself from Ethereal

Use encryption, so that anything sniffed would be difficult or nearly impossible to break.  WPA2, which uses AES, is essentially unrealistic to break by a normal hacker.  Even WEP will encrypt the data.  When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL.  For corporate users, use IPSec VPN with split-tunneling disabled.  This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.



All the Best ........ :)
Cheers!
Posted by
Labels: , , , , , , , ,

1 comment:

  1. AnonymousApril 7, 2010 at 4:36 AM

    Good information. Thanks for sharing.
    So the basic lesson is one should use advanced Authentication and Encryption.

    Mustafa B.

    ReplyDelete

Subscribe to: Post Comments (Atom)