Completed Project Part III

Wireless
The final piece of this project that I wanted to examine was wireless. I wanted to figure out if it was possible to break WEP encryption and simulate that in my test network. For this test, I used the wireless suite within Kali called Aircrack-ng. More information about Aircrack-ng can be found here: https://www.aircrack-ng.org/doku.php?id=getting_started. In theory, this is easy to do but I found it to be very hard to do in my test network. In the end, I wasn't able to crack it. I was able to see all the beacons from the wireless access point and  I was able to de-authenticate clients but for whatever reason I couldn't capture data packets. I tested packet injection and that worked fine but I'm thinking it was a driver error that was limiting data packet capture. Anyways here's my setup

I tried the test on 3 different access points and changed the channels but still couldn't capture anything.


Captive Portal
After being discourage by the WEP attempts, I decided to move on to something better. I used a WiFi Pineapple to create a captive portal and Man in the Middle attack. After thinking through the mindset of a hacker, I tried to figure out what it is that an attacker would be after. Is is financial information, personal information,  login credentials, Internet searches? I decided to go the financial information route and do this by obtaining a credit card number.

For this attack, I decided to set it up to something similar that might be seen at a public WiFi hotspot. I made a captive portal page similar to the website of a coffee shop and then required users to enter a credit card number before they could access the Internet.

Here was the setup:

The Pineapple would be set to the same SSID of the coffee shop (in this case Barista's Daily Grind) and then clients would connect to it not being able to spot the difference between the real one and my fake one. Another sure way of getting clients to connect would be to de-authenticate all clients from the real coffee shop access point. This would cause all previously connected clients to automatically connect to my fake one.

The coffee shop's actual website looks like this:

I tried to base my captive portal off of this design and after writing some HTML, CSS, and PHP here is what I came up with.

As soon as users try to connect they are immediately redirected to this page where they are forced to enter a credit card number. Once the number is entered, it is then stored to a text file on the Pineapple itself.

This attack is interesting because it is no longer dependent on vulnerabilities but rather playing on the human side or social engineering. Another interesting thing about this attack is that for the average user it is typically going to be undetectable. The user will think they are connecting to the coffee shop when in reality they are connecting to my device. Hopefully the user will be cautious and start to ask questions but that depends on the person. If you run a trace route command on the computer, you will see the extra hop through the Pineapple but otherwise it will be unnoticeable. If a user actually enters a number and connects, there are numerous things that can be done to them. With a Man in the Middle attack, you could redirect DNS, spoof websites, possibly decrypt HTTPS, and the list goes on. A penetration tester could use this to target other systems or a hacker could use this for malicious gains. It again just goes to show how important it is to be alert and safe on the Internet.