Wi-Fi networks: penetration and protection. 1) Materiel



    Forecasters predict that by 2016 there will come a second ice age traffic in wireless networks will 10% surpass traffic in wired Ethernet . At the same time, from year to year there are approximately 20% more private access points .

    With this trend, it can not but rejoice that 80% of network owners do not change default access passwords . These include networks of companies.

    With this series of articles, I want to put together descriptions of existing defense technologies, their problems and workarounds, so that in the end the reader himself can tell how to make his network impenetrable, and even demonstrate problems with an unlucky neighbor(do not try this at home, kids). The practical side of hacking will be covered using Kali Linux (formerly Backtrack 5) in the following sections.

    The article as it was written grew from 5 pages to 40, so I decided to break it into pieces. This cycle is not just an instruction as it should and should not be done, but a detailed explanation of the reasons for this. Well, and who wants instructions - they are:
    Use WPA2-PSK-CCMP with a password of 12 characters or more a-z(2000+ years of enumeration on an ATI cluster). Change the default network name to something unique (protection against rainbow tables). Disable WPS (just try 10,000 PIN combinations). Do not rely on MAC filtering and hiding the SSID.

    Table of contents:
    1) Materiel
    2) Kali. Hide SSID. MAC filtering. WPS
    3) WPA. OpenCL / CUDA. Selection statistics

    But first - the materiel.

    Pass me the sugar


    Imagine that you are a device that accepts instructions. Anyone can connect to you and give any command. Everything is fine, but at some stage it was necessary to filter the personalities that can control you. This is where the fun begins.

    How to understand who can give a command and who can’t? The first thing that comes to mind is the password. Let each client pass a certain password before sending a new command. Thus, you will only execute commands that are accompanied by the correct password. The rest - ftopku.

    This is how HTTP Basic Auth (Auth Basic) works:

    AuthType Basic
    AuthName "My super secret zone!"
    AuthUserFile /home/.htpasswd
    Require valid-user 
    



    After successful authorization, the browser will simply transmit a certain header with each request to the closed zone:
    Authorization: Basic YWRtaW46cGFzcw==
    

    That is, the original:
    echo -n 'admin:pass' | base64
    # YWRtaW46cGFzcw==
    

    This approach has one big drawback - because the password (or login password, which is basically just two parts of the same password) is transmitted “as is” - anyone can stick between you and the client and get your password on a silver platter. And then use it and dispose of you, whatever you like!

    To prevent such an outrage, you can resort to a trick: use some kind of two-way encryption algorithm, where our password will be the private key, and never transmit it explicitly. However, this will not solve the problem - just find out the password once and it will be possible to decrypt any data transmitted in the past and the future, plus encrypt your own and successfully disguise yourself as a client. And given that the password is intended for humans, and people tend to use far from the entire set of 256 bytes in each character, and these characters are usually about 6-8 ... in general, the Komsomol will not approve.

    What to do? And we’ll act like real conspirators: at the first contact, we’ll come up with a long random string (long enough so that it can’t be picked up while the sun is shining), we will remember it and we will encrypt all further transmitted data using this “alias” for this password . And periodically change this line - then the Jedi will not pass at all .


    The first two transfers (green icons in the figure above) is the “handshake” phase, when we first tell the server about our legitimacy, showing the correct password, to which the server responds with a random line, which we then use to encrypt and transfer any data.

    So, to select a key, a hacker will need to either find a vulnerability in the algorithm for generating it (as in the case of Dual_EC_DRBG ), or rent a hundred or two parallel universes and several thousand ATI farms to solve this problem during his lifetime. All this is due to the fact that the random key can be of any length and contain any of the available 256 codes, because the human user will never have to work with him.

    It is such a scheme with a temporary key (session key, session key or ticket) in different variations that is used today in many systems - including SSL / TLS and wireless security standards, which will be discussed.

    Attack plan


    Attentive readers, of course, noticed that no matter how we tricked, we could not get away from transmitting the password and the temporary key in open or hashed form. As a result, it is enough for the hacker to intercept the transmission in this phase, and he will be able to read all the subsequent data, as well as participate in the process, inserting his five cents. And it is impossible to distinguish it, since all the information that the server could use to issue a temporary key or access check is based on what was at the beginning of the transfer - handshake. Therefore, the hacker knows everything the same as the server and the client, and can drive both by the nose until the temporary key expires.

    Our task in breaking any transmission in one way or another boils down to intercepting a handshake from which it will be possible to either extract the temporary key, or the original password, or both. In general, this is a rather long lesson and requires some luck.

    But this is in an ideal world ...

    Wi-Fi Protection Mechanisms


    Technologies are created by people and in almost all of them there are errors, sometimes critical enough to circumvent any of the best defense in theory. Below we will go over the list of existing mechanisms for protecting data transmission over the radio channel (that is, without affecting SSL, VPN and other higher-level methods).

    OPEN



    OPEN is the lack of any protection. The access point and the client do not mask the data transfer. Almost any wireless adapter in any laptop with Linux can be set to wiretap mode, when instead of dropping packets intended not for it, it will fix them and transfer them to the OS, where they can be easily viewed. Who do we get on Twitter there?

    It is by this principle that wired networks work - they do not have built-in protection and when they "crash" into it or simply connect to a hub / switch, the network adapter will receive packets of all devices in this network segment in the clear. However, you can "crash" into a wireless network from anywhere - 10-20-50 meters or more, and the distance depends not only on the power of your transmitter, but also on the length of the hacker antenna. Therefore, open data transmission over a wireless network is much more dangerous.

    This type of network is not considered in this series of articles, since there is nothing to hack here. If you need to use an open network in a cafe or airport - use a VPN (avoiding PPTP) and SSL ( https://but at the same time put HTTPS Everywhere, or paranoid make sure that the lock does not disappear from the address bar “suddenly” if someone turns it on sslstrip- which, however, will not save the transmitted passwords), and even all together. Then nobody will see your seals.

    WEP



    WEP is the first Wi-Fi security standard. It stands for Wired Equivalent Privacy , but in reality it gives much less protection than these wired networks, since it has many flaws and is cracked in many different ways, which, due to the distance covered by the transmitter, makes data is more vulnerable. It should be avoided in much the same way as open networks - it provides security only for a short time, after which any transmission can be fully opened, regardless of the complexity of the password. The situation is aggravated by the fact that the passwords in WEP are either 40 or 104 bits, which is an extremely short combination and can be picked up in seconds (this is without taking into account errors in the encryption itself).

    WEP was invented in the late 90s, which justifies it, but those who still use it are not. I still stably find at least one WEP network on 10-20 WPA networks.

    In practice, there were several encryption algorithms for transmitted data - Neesus, MD5, Apple - but all of them are somehow unsafe. Particularly noteworthy is the first, whose effective length is 21 bits (~ 5 characters).

    The main problem with WEP is a fundamental design error. As illustrated at the beginning, stream encryption is done using a temporary key. WEP actually transfers a few bytes of this key along with each data packet. Thus, regardless of the complexity of the key, any transmission can be opened simply by having a sufficient number of intercepted packets (several tens of thousands, which is quite small for an actively used network).

    By the way, in 2004 IEEE declared WEP obsolete due to the fact that the standard "did not fulfill its goals [to ensure the security of wireless networks]."

    About attacks on WEP will be discussed in the third part.Most likely, WEP will not be in this series, since the articles turned out to be very large, and the prevalence of WEP is steadily decreasing. Whoever needs it can easily find manuals on other resources.

    WPA and WPA2



    WPA is the second generation to replace WEP. Decrypted as Wi-Fi Protected Access . A qualitatively different level of protection due to WEP errors. The password length is arbitrary, from 8 to 63 bytes, which greatly complicates its selection (compare with 3, 6 and 15 bytes in WEP).

    The standard supports various encryption algorithms for transmitted data after a handshake: TKIP and CCMP. The first is a kind of bridge between WEP and WPA, which was invented while IEEE were busy creating a full-fledged CCMP algorithm. TKIP, like WEP, suffers from some types of attacks, and is generally not secure. It is rarely used now (although why it is still used at all - I don’t understand) and in general using WPA with TKIP is almost the same as using simple WEP.

    One of the interesting features of TKIP is the possibility of the so-called Michael attack. In order to quickly patch some especially critical holes in WEP in TKIP, a rule was introduced that the access point must block all communications through itself (that is, “fall asleep”) for 60 seconds if an attack on key selection is detected (described in the second part). Michael-attack - simple transmission of "damaged" packets to completely disable the entire network. Moreover, in contrast to the usual DDoS, only two ( two ) packets are enough for a guaranteed disabling of the network for one minute.


    WPA differs from WEP in that it encrypts the data of each client individually. After the handshake, a temporary key is generated - PTK - which is used to encode the transfer of this client, but no other. Therefore, even if you penetrated the network, you can only read the packages of other clients when you intercept their handshakes - each one individually. A demonstration of this using Wireshark will be in the third part.

    In addition to different encryption algorithms, WPA (2) supports two different initial authentication modes (password verification for client access to the network) - PSK and Enterprise. PSK (sometimes called WPA Personal) - login with a single password that the client enters when connecting. It is simple and convenient, but in the case of large companies it can be a problem - let's say you left an employee and so that he could no longer access the network, you have to use the “People in Black” method to change the password for the entire network and notify other employees about it . Enterprise solves this problem due to the presence of many keys stored on a separate server - RADIUS. In addition, Enterprise standardizes the authentication process itself in the Extensible Authentication Protocol (EAP), which allows you to write your own bike algorithm. In short, some buns for big uncles.

    In this series, the attack on WPA (2) -PSK will be discussed in detail, since Enterprise is a completely different story, as it is used only in large companies.

    WPS / QSS



    WPS , aka Qikk aSS QSS - is an interesting technology that allows us not to think about the password at all, but just to add water, click on the button and immediately connect to the network. In fact, this is a “legal” method of circumventing password protection in general, but it is surprising that it became widespread with a very serious miscalculation in the access system itself - this is years after the sad experience with WEP.

    WPS allows the client to connect to the access point using an 8-character code consisting of numbers (PIN). However, due to an error in the standard, only 4 of them need to be guessed. Thus, only 10,000 attempts at selection and regardless of the complexity of the password to access the wireless network are enoughyou automatically get this access, and with it in addition - and this same password as it is.

    Given that this interaction occurs before any security checks, 10-50 login requests via WPS can be sent per second, and after 3-15 hours (sometimes more, sometimes less) you will receive the keys to paradise .

    When this vulnerability was discovered, manufacturers began to introduce a limit on the number of login attempts (rate limit), after exceeding which the access point automatically disables WPS for a while - however, until now, such devices are not more than half of those already released without this protection. Even more - a temporary shutdown fundamentally does not change anything, since with one attempt to enter a minute we need only10000/60/24 = 6,94days. And the PIN is usually searched before the entire cycle.

    I want to once again draw your attention to the fact that when WPS is enabled, your password will inevitably be revealed, regardless of its complexity. Therefore, if you need WPS at all, turn it on only when you are connected to the network, and the rest of the time keep this backdoor off.

    The attack on WPS will be discussed in the second part.

    ps: since the topic is very extensive, errors and inaccuracies could sneak into the material. Instead of shouting "the author does not understand anything" it is better to use comments and PM . This will be welcome.

    Table of contents:
    1) Materiel
    2) Kali. Hide SSID. MAC filtering. WPS
    3)WPA OpenCL / CUDA. Matching Statistics

    Also popular now: