Documente Academic
Documente Profesional
Documente Cultură
Aircrack-ng is not a single tool, but rather a suite of tools that can be used to hack a wireless network. In this article,
though, it is used to secure a wireless network by discovering its vulnerabilities. Read on to see how this can be
done.
Security in networks is very vital for small as well as large organisations. Not only does it help in maintaining the
confidentiality of a client s and employer s data, but it is also important for retaining trade secrets to overcome
competition. Wireless networks form an important mode of communication as wired networks tend to incur
more infrastructure costs. But are wireless networks sufficiently secure? Let s have a look at a common
scenario.
Bob s start-up company, XYZ Pvt Ltd, has a few wireless access points. He has his network configured over the
WEP protocol with simple dictionary based passwords like YOUCANTGUESS . He is really annoyed with the
repeated unauthentication of legitimate users from the Wi-Fi network. After a few such compromises, he
changes his Wi-Fi passwords but the attacks continue. This continuous mischief irritates him and he has no idea
why this is happening.
He contacts Eve, a security analyst, for help. Eve investigates the situation and explains how wireless protocols
function. She provides him with the basic details of the two algorithms used in a majority of wireless networks:
WEP (Wired Equivalent Privacy) and WPA/WPA2 (Wi-Fi Protected Access).
2. Shared Key authentication: In this authentication mechanism as shown in figure 1, the WEP key is used for
authentication in a four-step handshake process:
a. The client sends an authentication request to the access point.
b. The access point responds to the request with a clear-text challenge.
c. The client encrypts the challenge-text using the configured WEP key and sends the encrypted message to the
access point.
d. The access point decrypts the response and verifies if the decrypted text matches the challenge-text. It
authenticates the client if the match is found.
In spite of the mechanisms used, this algorithm has a number of vulnerabilities and can be easily cracked.
Various techniques, based on brute force attacks and analysis of the IVs (initialisation vectors), were discovered
that led to deprecation of this algorithm.
Figure 2: WPA technique
WPA is much more secure than WEP. This is because in the case of the latter, every data packet has the same
key, which can be easy to find by capturing a sufficient number of packets. In WPA, it s difficult to get the key
because every data packet has a unique key. But there are also a few loopholes that can be exploited. WPA can
be compromised using Denial of Service attacks.
After some research, Eve concludes that WPA2 is secure enough to get rid of the kind of attacks Bob s office
suffers from and, hence, configures the entire network over WPA2. Yet, even after such heightened
countermeasures, Bob s network again gets compromised by some mischievous attackers. Alarmed at the
situation, he again contacts Eve for help. During her research, she comes across one such tool that suits her
needs. She advises Bob to use Aircrack-ng to internally spot the weak access points and enhance his network s
security to avoid future attacks. Since Bob is unaware of the functionality of Aircrack-ng, Eve provides a brief
overview.
Aircrack-ng stands for Aircrack new generation and is an advanced network auditing software used for sniffing
and cracking wireless networks. It is mainly used for testing the weaknesses of wireless networks by breaking
into the network using the WEP and WPA-PSK keys recovered by decrypting the gathered encrypted packets. This
tool can be used across Linux as well as Windows platforms, but has limited support in Windows.
The block diagram given in Figure 3 gives a brief description of the tool.
Bob is determined to patch up the weak links in his network; so he asks Eve to demonstrate how the tool is used
to prevent various attacks. Eve tells him how to install the tool on the Ubuntu 14.04 platform and then gives the
procedure to detect the vulnerable access points.
Installation
The package manager can be used to install the tool by using the following commands at the terminal:
Usage
Capturing packets: The first step involves turning on the monitor mode of the interface in order to capture the
packets required, i.e., to carry out sniffing. Airmon-ng is used for this task.
On the command line, type the following commands in the same sequence:
Airodump scans for the active networks and captures the packets for further analysis. It also shows the MAC
addresses of the access points and those of the systems/clients connected to each of them. This helps Bob to
figure out and filter the unwanted systems and/or access points.
Airodump-ng is used here to make a note of the packets in a file called ACapture.cap . Now, to crack the key,
Aircrack-ng is used on the .cap file and the key is retrieved, as follows:
$aircrack-ng z capture.cap
Airodump-ng is again used on the packets that are captured. Deauth packets are then injected using Aireplay:
She updated Bob s password, which now comprises letters, numbers and special characters, while his
network continued working over WPA2.
She installed a firewall over the Wi-Fi router and turned on MAC address filtering.
She assigned IP addresses to all the systems that were connected to the Wi-FI, thus preventing non-
employees from getting into the network because they would never get an IP address assigned to them.
Bob was never troubled anymore.
Shubhra Rana
The author is a software development engineer at Dell R&D, Bengaluru, and is
interested in network security and cryptography.
Share this: