How To Perform A Wireless Penetration Test

The term WiFi refers to wireless network technology that uses radio waves to establish wireless network connections. Due to the nature of WiFi and its methods for providing network access, malicious hackers often choose to penetrate a company by compromising its WiFi network and corresponding infrastructure devices. Homes are also at risk, especially due to the rise of IoT-connected devices and appliances.

Wireless penetration testing is comprised of six main steps including reconnaissance, identifying wireless networks, vulnerability research, exploitation, reporting, and remediation. These tests are performed primarily to maintain secure software code development throughout its lifecycle. Coding mistakes, specific requirements, or lack of knowledge of cyber attack vectors are the main purpose of performing this type of penetration test.

In this article, we will focus our efforts on Wi-Fi penetration testing steps, methods, and the most popular tools used in the Wi-Fi penetration testing process.

In this article you will learn more about:

1. What Is A Wireless Penetration Test?
2. What Are The Goals Of A Wireless Pen Test?
3. Steps To Performing A Wireless Penetration Test

• Step: 1 Wireless Reconnaissance
• Step 2: Identify Wireless Networks
• Step 3: Vulnerability Research
• Step 4: Exploitation
• Step 5: Reporting
• Step 6: Remediation & Security Controls

What Is A Wireless Penetration Test?

Wireless penetration testing involves identifying and examining the connections between all devices connected to the business’s wifi. These devices include laptops, tablets, smartphones, and any other internet of things (IoT) devices.

Wireless penetration tests are typically performed on the client’s site as the pen tester needs to be in the range of the wireless signal to access it.

What Are The Goals Of A Wireless Pen Test?

Every official penetration test should primarily focus on the vulnerabilities most easily exploited.

This is often referred to as going for the “low-hanging fruit” as these identified vulnerabilities represent the highest risk and are most easily exploitable.

In the case of wifi networks, these vulnerabilities are most often found in wifi access points.

A common reason for this is insufficient Network Access Controls and the lack of MAC filtering.

If these security controls are not used to effectively increase the security of a WiFi network, malicious hackers gain a significant advantage over the company and can use various techniques and WiFi hacking tools to gain unauthorized access to the network.

Steps To Performing A Wireless Penetration Test

As previously stated, we will focus on the methodology and steps for testing the WiFi network and give examples of certain attacks and tools that will accomplish our goal.

Step: 1 Wireless Reconnaissance

Before jumping straight into hacking, the first step in every penetration testing process is the information-gathering phase.

Due to the nature of Wi-Fi, the information you gather is going to occur via War Driving. This is an information-gathering method that includes driving around a premise to sniff out Wi-Fi signals.

To do this you will require the following equipment:

• A car or any other transportation vehicle
• A laptop and a Wi-Fi antenna
• Wireless network adapter
• Packet capture and analysis software

?Most of the information you gather here will be useful but encrypted as most if not all companies use the latest Wi-Fi protocol: WPA2.

This Wi-Fi protocol protects the access point by utilizing encryption and uses EAPOL authentication.

Step 2: Identify Wireless Networks

The next step in Wi-Fi penetration testing is scanning or identifying wireless networks.

Prior to this phase, you must set your wireless card in “monitor” mode in order to enable packet capture and specify your WLAN interface.

After your wireless card starts listening to wireless traffic, you can start the scanning process with airodump in order to scan traffic on different channels.

An important step in decreasing your workload during the scanning process is to force the airodump to capture traffic only on a specific channel.

Step 3: Vulnerability Research

After finding wifi access points through scanning, the next phase of the test will focus on identifying vulnerabilities in that access point. The most common vulnerability is in the 4-way handshake process where an encrypted key is exchanged via between the WiFi access point and the authenticating client.

When a user tries to authenticate to a Wi-Fi access point, a pre-shared key is generated and transmitted.

During the key transmission, a malicious hacker can sniff out the key and brute force it offline to try and extract the password.

In order to clarify this most commonly exploited vulnerability, the next section of the article will focus on the pre-shared key sniffing attack and tools used to successfully accomplish the task.

???? Read the full article here.

We help enterprises with 360 cybersecurity services.

Follow PurpleSec for more vulnerability management and penetration testing content.