Attacking Wifi Nets with Traffic Injection

I am in truth a lot thankful to him. I benefited a lot discussing with him. I am in addition thankful to my p arnts who encouraged me and provided such(prenominal) a motivation, so I became able to perform this. I am also thankful to every destination(predicate) my friends and those who helped me directly or indirectly in completion of my project. CONTENTS ingress Crime Definition Laws that make up been violated Possible Punishments (IT wreak + international LAWS) Unnatural lawful Losses and Gains Working of Attacks Description of Tools INTRODUCTION This marge melodic theme is prepargond on assailing wifi nets with art filmion also nown as packet foolion which simply means the cuding of receiving set enlistments with unalike techniques to send extra amount of calling (packets, phases, duplicate copies) on a ne dickensrk by which a hacker savet able to introduction the information and identity that a client is utilize. Some techniques atomic number 18 radio receiver interlocking whiffing, DOS (denial of service attack), Man in the middle attack etc. Attacks on receiving set LANs (WLANs) and wireless-enabled laptops argon a quick and unprovoked way for hackers to eliminate data and enter the corporate network.M wholly types of beams argon employ to perform hacking. Some of them argon named as aircrack-ng, airjack etc. thts typography provide later realize brief information on beasts practice sessiond , working(a) of calamuss , prejudicees and make believes with hacking etc. These type of attacks are known as INTEGRITY attacks. receiving set networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop electronic data processor stand listen in. Worse, an attacker tail troopsuf executeure new packets on the fly and persuade wireless send to accept his packets as legitimate. We already know 802. 11 networks are weak.Open networks are pr single to whatever well-known LAN perimeter attack WEP is vulnerable. job injection has changed things like Increased DoS (denial of service) capabilities Dramatically decreased WEP duck soup achievement time Allows traffic tampering Allows stations attacks CRIME explanation Cyber Crime A offence where the information processing system is utilisationd as a tool or target. Cyber detestation encompasses every criminal act relations with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the meshing.For example hate crimes, telecommerce and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are commoveted through the use of a computer and the Internet. Hacking commerce injection attacks comes under hacking. It is defined as whomever with the conception to lawsuit or knowing that he is likely to cause wrongful tone ending or damage to the public or any soul destroys or deletes or alters any information residing in a computer re springfulness or diminishes its value or utility or affects it injuriously by any means, collapses hacking.Hacking may also occur when a person willfully, knowingly, and without federal agency or without reasonable grounds to believe that he or she has such authorization, destroys data, computer programs, or supporting documentation residing or existing intragroup or external to a computer, computer dodge, or computer network. withal the destruction of such data, hacking may also be defined to include the disclosure, use or taking of the data commits an curse a gain groundst intellectual property.This paper is a survey of wireless attack tools focalizationing on 802. 11 and Bluetooth. It includes attack tools for iii major categories confidentiality, integrity, and availability. Confidentiality attack tools focus on the contented of the data and are best known for inscribeion catch. Integrity attacks tools foc us on the data in transmission and include gear up insertion, man in the middle, and replay attacks. Finally, availability attack tools focus on defence of Service (DoS) attacks. Law That Have Been ViolatedThe laws that have been violated are instalment 43,65 and 66 of IT ACT 2000. Section 43 of IT ACT 2000, defines as If any person without permission of the owner or any former(a) person who is in charge of a computer, computer transcription or computer network, (a) Accesses or secures gateway to such computer, computer system or computer Network (b) Downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any extractable storage medium c) Introduces or causes to be introduced any computer taint or computer virus into any computer, computer system or computer network (d) Damages or causes to be damaged any computer, computer system or computer network, dat a, computer data base or any separate programs residing in such computer, computer system or computer network (e) Disrupts or causes disruption of any computer, computer system or computer network (f) Denies or causes the denial of admission charge to any person authorized to irritate any computer, computer system or computer network by any means g) Provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the commissariat of this Act, rules or regulations made there under (h) Charges the services availed of by a person to the account of an different person by tampering with or manipulating any computer, computer system, or computer network, Section 65 of IT ACT 2000, defines as, Tampering with computer artificial lake documentsWhoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer reference work code used for a computer, computer programs, computer system or computer network, when the computer semen code is required to be kept or maintained by law for the time being in force, shall be punishable with fetter up to three historic design, or with fine which may extend up to two lakh rupees, or with both. Section 66 of IT ACT 2000, defines as, (1) Whoever with the intent to cause or knowing that he is likely to cause rongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer alternative or diminishes its value or utility or affects it injuriously by any means, commits hacking. (2) Whoever commits hacking shall be punished with duress up to three years, or with fine which may extend up to two lakh rupees, or with both. POSSIBLE PUNISHMENTS (IT ACT + International laws) Cyber crime is a type of crime that not unless destroys the security measure measure system of a clownish nevertheless also its financial system. One suppor ter of legislation against cyber crime, Rep.Lamar Smith (R-Texas), stated, Our crawl can be just as dangerous as a bullet or a bomb. Cyber attackers should be penalized and punished severely and nigh cyber crimes have penalties reflecting the severity of the crime committed. Although in the past many laws against cyber crimes were insufficient, law enforcement agencies and g oernments have novelly proposed many innovative plans for fighting cyber crimes. Punishment Cybercrime must be dealt with very seriously because it causes a lot of damage to businesses and the material penalisation should depend on the type of fraud used.The penalty for illicitly accessing a computer system ranges from 6 months to 5 years. The penalty for the unofficial modification on a computer ranges from 5 to 10 years. other(a) penalties are listed below Telecommunication service theft The theft of telecommunication services is a very common theft and is punished with a heavy fine and imprisonment. Communications intercept crime This is a Class-D crime which is followed by a severe punishment of 1 to 5 years of imprisonment with a fine.Other cyber crimes like telecommunication piracy, offensive material dissemination, and other cyber frauds also belong to this category. Information Technology Act-2000 According to this act, different penalties are available for different crimes. Some of the penalties are as follows Computer source document tampering The person who changes the source code on the website or any computer program will get a punishment up to 3 years of imprisonment or fine. Computer hacking The respective(prenominal) who hacks the computer or computer devices will get an imprisonment up to 3 years or a fine.Government saved system An act of trying to gain access to a system which is a valueed system by the government, will result in imprisonment for 10 years and a heavy fine. The introduction of such penalties have champion to a drastic reduction in the cyber cr ime rates as more(prenominal)(prenominal) and more criminals are becoming a strugglee of the penalties related to them. ventilation the word about the penalties of cyber crime can serve as a deterrent against such crime. Penalties relating to cyber crime will vary depending on the country and legislation in place. Punishments correspond to IT ACT 2000The person who commits the crime shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so unnatural according to atom 43 of IT ACT. The person who commits the crime shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both according to contribution 65 of IT ACT. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both according to section 66 of IT ACT 2000 INTERNATIONAL LAWS In USA section 18 U. S. C. 1030 A) a fine under this human action or imprisonment for not more than ten years, or both, in the case of an offense under subsection (a)(1) of this section which does not occur subsequently a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph and (B) a fine under this title or imprisonment for not more than twenty years, or both, in the case of an offense under subsection (a)(1) of this section which occurs after a conviction for another offense under this section, or an attempt to commit an offense punishable under this subparagraph In CanadaThe person who commits the crime is culpable of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction. UNLAWFUL LOSSES AND GAINS Losses due to hacking Hackers targeted major companies including Sony, RSA Security, and Citigroup, but also governmental websites and smaller firms. Many companies could have prevented the attacks. Because of their vulnerabilities, they not only lost money, but also risked losing clients, p consistige and market share. Multitudes of people were unnatural by their security breaches Recent reports showed hackers earned $12. billion in 2011, in the main by spamming, phishing, and online frauds. Some companies have made their financial losings public, plot of land others chose not to disclose them. Heres a top 5 of the declared losses caused by hackings from last year until present. Undeclared losses may even exceed these ones. 1. $171 one million million million Sony Hacked in April to June 2011, Sony is by far-off the most famous recent security attack. After its Playstation network was leave off down by LulzSec, Sony reportedly lost just about $171 million. The hack stirred 77 million accounts and is still considered the worst gaming community data breach ever.Attackers take valuable information full names, logins, passwords, e-mails, home addresses, gr ease ones palms history, and credit card numbers. 2. $2. 7 million Citigroup Hacked in June 2011, Citigroup was not a difficult target for hackers. They exploited a basic online vulnerability and stole account information from 200,000 clients. Because of the hacking, Citigroup said it lost $2. 7 million. Just a few months before the attack, the company was affected by another security breach. It started at Epsilon, an email marketing provider for 2,500 large companies including Citigroup.Specialists estimated that the Epsilon breach affected millions of people and produced an overall $4 billion loss. 3. $2 million Stratfor decision Christmas wasnt so joyful for Stratfor Global Intelligence. Anonymous members hacked the US look into group and published confidential information from 4,000 clients, threatening they could also give expound about 90,000 credit card accounts. The hackers stated that Stratfor was cluelesswhen it comes to database security. According to the criminal co mplaint, the hack cost Stratfor $2 million. 4. $2 million AT&ampT The US carrier was hacked last year, but said no account information was exposed.They said they warned one million customers about the security breach. capital stolen from the hacked business accounts was used by a group related to Al Qaeda to fund terrorist attacks in Asia. According to reports, refunding costumers cost AT&ampT almost $2 million. 5. $1 million Fidelity Investments, Scottrade, E*Trade, Charles Schwab The most recent declared losses were in a brokerage scam. A Russian national was charged in the US with $1. 4 million in computer and hacking crimes. $1 million was stolen from stock brokerages Fidelity Investments, Scottrade, E*Trade, and Charles Schwab.The rest of the money was taken from fraudulent tax refunds, with the stolen identities of more than 300 people. Gains To Hackers * To use your computer * as an Internet Relay Chat (IRC) host hackers wouldnt sine qua non to discuss openly abou t their activities on their own servers * as Storage for unlawful Material (ex. pirated packet program, pirated music, pornography, hacking tools etc) * as part of a DDoS Attack where many computers are simplenessled by hackers in an attempt to cause resource starvation on a victims computers or networks * To steal services and/or valuable blames For gush and excitement * To get even maybe an IT staff who was terminated, or other parties youve wronged * As a publicity stunt an example of which was reported in 1998 by Jim Hu in MTV hack backfires * Knowledge/Experiment/Ethical whatever hackers probe a computer system to rise its security vulnerabilities and thusly inform the system administrator to help improve their security * some other possible reason is that the hackers might suffer from a disease called Asperger syndrome (AS).They are people who are very good with numbers and at focal head teacher on a problem for a very long period of time, but are not good in s ocial relationships. How AS can possibly be linked to hacking behavior was discussed more thoroughly by M. J. Zuckerman in his USA Today article, What fuels the mind of a hacker? * wonderment * To spy on friends, family members or even business rivals * Prestige amplify rights in their social circle (particularly if theyve hacked high-pro send sites or systems) * Intellectual Challenge Money although most hackers are not motivated by financial gain many professional criminals make money by using hacking techniques any to * set up fake e-commerce sites to collect credit card details * gain entry to servers that contain credit cards details * engage in other forms of credit card fraud WORKING OF ATTACKS in the first place studying about how traffic injection attacks works there are some basic terms we shoud have to know WEP Wired equivalent weight Privacy (WEP) is a shared- sneaking(a) call encoding system used to encrypt packets transfer between a station and an AP.The WEP algorithm is intended to protect wireless communication from eavesdropping. A secondary function of WEP is to prevent unauthorised access to a wireless network. WEP encrypts the payload of data packets. Management and control traps are always transmitted in the clear. WEP uses the RC4 encryption algorithm. The shared-secret line is all 40 or 104 bits long. The key is chosen by the system administrator. This key must be shared among all the stations and the AP using mechanisms that are not specified in the IEEE 802. 11. FRAMES Both the station and AP radiate and stack up 802. 1 puts as strikeed. The format of frames is illustrated below. Most of the frames contain IP packets. The other frames are for the commission and control of the wireless connection. There are three classes of frames. The management frames establish and maintain communications. These are of Association request, Association response, Reassociation request, Reassociation response, try out request, Probe res ponse, Beacon, Announcement traffic indication message, Disassociation, trademark, Deau sotication types. The SSID is part of several of the management frames.Management messages are always sent in the clear, even when link encryption (WEP or WPA) is used, so the SSID is visible to anyone who can intercept these frames. Authentication Authentication is the process of proving identity of a station to another station or AP. In the open system stylemark, all stations are authenticate without any adjudgeing. A station A sends an Authentication management frame that contains the identity of A, to station B. Station B replies with a frame that indicates recognition, intercommunicate to A. In the closed network architecture, the stations must know the SSID of the AP in enounce to connect to the AP.The shared key authentication uses a prototype challenge and response along with a shared secret key. Traffic injection quick HOWTO 1 Insert adapter 2 misdirect device driver and activate adapter 3 engraft driver into supervise mode (real 802. 11 mode) 4 Set appropriate channel 5 Open PF PACKET/RAW socket on embrasure (Linux only) 6 purpose your socket and play Still, you need a 802. 11 stack over your socket and/or good libs and tools so you can communicate WORKING This phase of term paper describes the working of attack by using one tool called INJECTION WIZARD dig Wizard is an cover for injecting traffic into WEP-protected Wi-Fi networks, like aireplay-ng, but its much more easy to use and it can work with worse conditions (for example, more interferences, weaker transmitted/received signals, more restricted access points, etc). The higher the traffic of the network, the earlier we will be able to crack a WEP key with tools like aircrack-ng, airsnort, dwepcrack, weplab, WEPAttack, WEPCrack, etc. However, injecting traffic is not easy because you must build or fuck off a frame that causes a response frame in any other station (that is, a wireless node).Th is application carries out automatically all the needed actions to build a frame that causes a response in other station. These actions can be summarized in the following sequence of steps 1. The application scans Wi-Fi networks and shows a list of WEP-protected networks, then it allows the user to select one of them. 2. It joins the selected network and monitors that network in order to befall a data frame. 3. It tries to extract a keystream prefix from the captured frame and then it tries to extend the keystream up to 40 bytes by means of the W.A. Arbaughs inducive chosen plaintext attack. 4. It tries to find a host (for example, a connected computer, a network device, etc), which has an IP address belonging to a predefined range, by injecting big ARP packets. 5. After finding an active host, it injects ARP packets targeted at that host. Some of the benefits of this application are easiness of use (due to its graphical interface, automatic operation, etc) androbustness (detectio n/management of network disconnections, repeat of failed actions, etc).Moreover, the Arbaughs inductive attack can be performed by any Wi-Fi interface supporting injection in monitor mode, because the interface driver doesnt need any additional put together as its usual to happen with the Bittaus fragmentation attack. Besides its higher applicability, this attack is generally more reliable than promptly attack for recovering a keystream of a given size, because it doesnt have to inject any frame larger than needed. This application is distributed under the terms of the wildebeest General Public License sport 2 (read the clear. tm file for more details) and comes with absolutely no warranty. The author assumes no responsibility derived from the use or the dispersal of this program. The copyright of this application is owned by Fernando Pablo Romero Navarro (May 2010). Injection Wizard has made use of (with convenient modifications) the following free software applications * sc apy (version 2. 0. 1), distributed under the license GNU GPL version 2. Copyright Philippe Biondi,2009 (http//www. secdev. org/projects/scapy). * python-wifi (version 0. 3. 1), distributed under the license GNU LGPL version 2. 1.Copyright Roman Joost, 2004-2008 Software Requirements For the client application (graphical interface) each system with a recent Java virtual machine JRE version 1. 6 or later. For the server application * A Linux box with a recent kernel, so it should support Wireless Extensions version 22 or later (since kernel version 2. 6. 21) and the mac80211 stack for Wi-Fi interfaces (since kernel version 2. 6. 24, it is back up by many Wi-Fi adapter drivers). * A Wi-Fi network interface driver supporting injection in monitor mode (sometimes its required to patch the driver for supporting this feature). The iw system command, if its not provided by your Linux distribution you can get it by put the aircrack-ng package or by compiling the source code that can be dow nloaded from http//wireless. kernel. org/download/iw. * A Python translator with version 2. 5, later versions might also work. Instructions 1. loosen up the injwiz. zip file. 2. Copy the client directory on a system with a Java virtual machine accessible from the command path (for example, absorb a shell, enter the client directory, execute the command java -version and check the command outputs the JRE version number). .Copy the server directory on a Linux box. If the client and server directories werent copied on the same machine, you should edit the runserver. sh script (in the server directory) and replace the IP address 127. 0. 0. 1 with the IP address of the Linux boxs network interface that is attached to the same network that the client machine (i. e. the computer that hosts the clientdirectory). 4. Enter the server directory and run the script . /runserver. sh (the Python interpreter should be accessible from the command path. You can check this by running ython -V from the command line and verifying that the interpreter version is showed). 5. On the client machine, enter the client directory and run both the script . /runclient. sh (for Linux or Unix-like operating systems providing a shell compatible with the term shell and whose path for the executable file is /bin/sh) orrunclient. bat (for Windows). verbal description OF TOOLS The tools used for packet injection purposes are divided into two categories computer computer hardware and software 1. Software Serious hackers usually use Linux-based open source penetration test tools from which to launch their attacks.This section details some of the more popular tools that can be used to search out and hack wifi networks. Aircrack-ng This suite of tools includes 802. 11 WEP and WPA-PSK key cracking programs that can capture wireless packets and recover keys once enough information been captured. Aircrack-ng supports newer techniques that make WEP cracking much faster. This software has been downloa ded over 20,000 times. Airjack An 802. 11 packet injection tool, Airjack was originally used as a development tool to capture and inject or replay packets.In particular, Airjack can be used to inject big deauthentication packets, a fundamental technique used in many denial-of-service and Man-in-the-Middle attacks. repeatedly injecting deauthentication packets into a network wreaks havoc on the connections between wireless clients and access points. AirSnort AirSnort is wireless LAN (CLAN) tool which recovers WEP encryption keys. AirSnort works by passively monitoring transmissions, and then computing the encryption key when enough packets have been gathered.After that point, all data sent over the network can be decrypted into plain text using the cracked WEP key. Cain amp Able This is a multi-purpose tool that can intercept network traffic, using information contained in those packets to crack encrypted passwords using dictionary, brute-force and cryptanalysis attack methods, rec ord VoIP conversations, recover wireless network keys, and analyze routing protocols. Its main purpose is the simplified recovery of passwords and credentials. This software has been downloaded over 400,000 times. CommView for wireless local area network This commercial product is designed for capturing and analyzing wifi network packets. CommView for WiFi uses a wireless adapter to capture, decode, and analyze packets sent over a single channel. It allows hackers to view the list of network connections and vital IP statistics and examine individual packets. ElcomSoft Wireless Security Auditor This is an all-in-one cracking solvent that automatically locates wireless networks, intercepts data packets, and uses cryptanalysis techniques to crack WPA/WPA2 PSKs.This software displays all available wireless networks, identified by channel number, AP MAC address, SSID, speed, load, and encryption parameters. While these capabilities can be found in open source tools, ElcomSoft provides a more polished product for professional use by wireless security auditors. Ettercap Ettercap can be used to perform man-in-the-middle attacks, sniff live connections, and filter intercepted packets on the fly. It includes many features for network and host analysis. This shareware has been downloaded close 800,000 times. Firesheep This is a plug-in to the Firefox web browser that allows the hacker to capture SSL session cookies sent over any unencrypted network (like an open wifi network) and use them to possibly steal their owners identities. It is extremely common for websites to protect user passwords by encrypting the initial login with SSL, but then never encrypt anything else sent after login, which leaves the cookie (and the user) vulnerable to sidejacking. When a hacker uses Firesheep to grab these cookies, he may then use the SSL-authenticated session to access the users account. Hotspotter handle KARMA, Hotspotter is another wireless attack tool that mimics any access po int being searched for by nearby clients, and then dupes users into connecting to it instead. IKECrack This is an open source IPsec VPN authentication cracking tool which uses brute force attack methods to analyze captured Internet Key Exchange (IKE) packets to find valid VPN user identity and secret key combinations. Once cracked, these credentials can be used to gain unauthorized access to an IPsec VPN. KARMA This evil twin attack listens to nearby wireless clients to determine the name of the network they are searching for and then pretends to be that access point. Once a victim connects to a KARMA evil twin, this tool can be used to redirect web, FTP, and email requests to phone sites in order to steal logins and passwords. Kismet Kismet takes an intrusion detection surface to wireless security, and can be used to detect and analyze access points within radio range of the computer on which it is installed.This software reports SSIDs (Service Set Identifiers used to distinguish one wireless network from another) advertised by nearby access points, whether or not the access point is using WEP, and the range of IP addresses being used by connected clients. NetStumbler This tool turns any WiFi-enabled Windows laptop into an 802. 11 network detector. NetStumbler and dozens of similar war driving programs can be used with other attack tools to find and hack into discovered wifi networks. WireShark WireShark is a freeware LAN analyzer that can be used to passively capture 802. 11 packets being transmitted over a wifi network.This software has been downloaded millions of times. 2. Hardware For hackers that prefer a turn-key package, there are also hardware wireless hacking tools available. Weve highlighted one called WiFi Pineapple. Its a simple, small, portable device that can be carried into any hotspot and used to attract any laptop trying to find a wifi access point. The Pineapple uses a technique called an fiendish Twin attack. Hackers have used tools like KARMA to do the same thing for years, but with Pineapple, now you can buy a piece of hardware for only $100 that allows you to become a hacker without downloading or installing any software. Heres what their website says Of course all of the Internet traffic flowing through the pineapple plant such as e-mail, instant messages and browser sessions are easily viewed or even modified by the pineapple holder. REFERENCES http//www. cse. wustl. edu/jain//cse571-07/ftp/wireless_hacking/index. html http//www. cs. wright. edu/pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks. htm_Toc77524642 http//www. webopedia. com/TERM/C/cyber_crime. html http//www. wi-fiplanet. com/tutorials/article. php/3568066 file///C/Users/jsk/Desktop/Wireless%20Hackers%20101. htm