3 Levels of WiFi Hacking

How do hackers attack Wi-Fi networks? You are safe? Is yours vulnerable in this video? We will analyze it. I will show you how three

levels

of hackers, a newbie, a hipster and a professional will attack a

wifi

network. Let's simulate this at Bear Cave Coffee, a charming coffee shop in downtown Mesquite, Texas. We'll break down each attack and show you how it works and how you can stay safe. Prepare your coffee. Let's do this again. Three

levels

of hackers, newbies, hipsters and professionals will come in and try to attack their targets, the

wifi

network and the individual people in that coffee shop.

Just try to sit there and enjoy their idiotic POR of coffee. Now, disclaimer, I will show and demonstrate real wifi attacks. You must not use any of these with anyone without explicit permission. Now, if you want to try them at home, with your friends and family with permission, do it. Have fun practicing, teach. Otherwise, don't do this to anyone. You will get into trouble. This is illegal. Now the first attack is stupid, easy to do, but super effective. It's called a man-in-the-middle attack and honestly, you'll never know what's going on. So look at this, the newbie, walks into the cafeteria, happy and go lucky, not even shy about what he's about to do.

All he needs for this attack is a laptop and that's it. He watched some YouTube videos and learned how to install Cali Linux, a professional

hacking

operating system, which is pretty good. Now, like most public cafe locations, there is free wifi. No need to hack it; by the way, you can hack a wifi network and get the password. I'll show you how to do it here in a moment. But the wifi password is there, on the wall. He connects to it and begins to find his victims. Again, this is stupidly easy. It turns on, calls up Linux, and with one command launches a tool called Better Cat.

Now the new hacker will start with a little reconnaissance. The first stage of any good hack is to activate network scanning, which will allow you to scan the current Wi-Fi network and find targets. And then he'll write net show to see what he's found. It's his lucky day. That's his goal. Now it's time for the man in the middle attack. Again, scary, effective. This is what is happening on the wifi network. At the coffee shop, we have our target sitting there relaxing on his laptop, drinking coffee. His laptop is connected to the wifi router, and every time he wants to visit a website, I tell the router: Hey, I want to go to the network chuck.com, and the router connects it, focusing on the fact that the conversation is happening. right now between the target and the wifi router, as it should be.

But the new hacker wants to be in the middle of this conversation, and that's exactly what he does. Look at this. What the new packager wants to do here is first fool the wifi router. Are you going to tell him: Hey, the objective? We'll call him Bob, because I'm getting tired of saying objective. Bob is no longer there. I'm bob. Whatever you need to say to Bob, you say it to me, and that's what he does. This is called arp spoofing. ARP is what devices on a network use to find out where things are. So if the wifi router is in a crowded room, say a party, and you want to find Bob, he will send an artistic message.

Bob, where are you? And Bob upon hearing that message will say: I'm next to the bathroom. So now the wifi router knows where Bob is and can send Bob a message or continue talking to him or whatever. But in this situation, the hacker is going to alter the ARP communication. The wifi router thinks Bob is in the bathroom, but the hacker will come in and just yell: Hey wifi router, it's Bob and I'm by the stairs and the router, let's face it, it's a little silly. . So he says, okay, now you're Bob. And then the attacker does the same thing to Bob.

He says: Hi Bob, I'm the router. I'm next to the stairs. And he sends a malicious art packet to Bob and his device. It's a bit silly, so he's going to believe it. So now you see what happened? The target believes the hacker is the router. So when he wants a website, he will send it to the hacker and the hacker will forward it. It is not a big thing. He will send it to the router. That way things seem to work as usual, and that's the goal here. You don't want the target to know that he is being hacked.

Now, on the other hand, when the WiFi router is ready to send the network, the chuck.com website returns to Bob, believing that Bob is the attacker and the attacker has effectively placed himself right in the middle. He is the man in the middle. Let's do it right now. The attacker will configure his ARP by setting it to full duplex mode and then specify his target. The type identified in his previous investigation. That said, all he has to do is activate ARP spoofing with a single command. And before I do that, I want to open up a packet capture program called Wire Shark.

What this will do is capture everything you see over the network. And since here the entire network between the target and the router goes through the hacker, we will see many things. So I'm going to start sniffing or capturing on WLAN zero, the interface that he's working on. I'm going to look for a source IP address, what was the IP address again? 1 9 6. You will see this flood while I take care of our impersonation. Boom. Did you see that? Now I'm seeing everything. Every bit of the Internet this person visits comes through me. I can see. I am the hacker.

Now, in case you don't know if I changed my filter to DNS, I'm going to go to the chuck.com network. You can see all the requests that come in right there. I can see all the websites that are visited. Now what's scary is that the new hacker didn't have to know what ARP spoofing is or how a man in metal attack works. He just had to follow an online tutorial and press a few keys on his keyboard. That's all. But honestly, it's kind of harmless if he doesn't have the right skills to go further, because while he has control of your traffic and can do some crazy things to you, he probably doesn't know how to do it.

But in the hands of a real hacker, you better be careful. Now, I'm going to stop this real quick and show what happens if no VPN is used. I'm going to reset my capture here. So no spoofing, I can't see anything. Only a few messages circulating on the network. The target will not connect to any VPN, and this is crazy. See this. We will turn our phishing back on when it works 100%. Notice that here in Wireshark, all messages look the same. It's between my goal and a destination, which is not VPN, and then the protocol is cable protector.

What happens here is that all the target's traffic is encrypted and hidden from the attacker. The hacker can't see anything. This makes no sense. You can't do anything with it. The cable protection protocol encrypts it to where you cannot see its interior. So while you may be the target of a man-in-the-middle attack, if you're connected to a VPN, you thwart the attacker's attack. The plants can't touch it. Connect to VPN. Now this right here is probably the scariest attack. It's called evil twin attack and twins are already scary. You add an evil one and I'm done.

But seriously, this one is incredibly effective. And again, it's not that hard to do as an attacker, even for someone new. This is what makes evil twin attacks so evil and why almost anyone can fall into the trap, including me without even knowing it. How it works is that you have your standard Wi-Fi network. So let's say coffee in the bear cave. Evil is simply that. It's a copy that appears to work on the same wireless channel, and if the hacker is really good, we'll have the same wireless password popping up in no time. And the goal is to try to get you to connect with the bad guy instead of the good guy.

And looking at these two wireless networks, how would you know that they would appear the same on your phone on your laptop? You wouldn't know it. That's the bad part. Now, for the cloud, it's a little more difficult. You'll need a few more YouTube tutorials and a special WiFi adapter, one that can go into monitor mode like this alpha network adapter. The good news for humanity is that achieving that setup is difficult, if not downright frustrating. So Cloud will sit there for a while, maybe get frustrated trying to install the drivers. So we'll let him figure it out and move on to the hipster hacker and how he could set up an evil twin attack.

Now, hipster is cool, man. He doesn't need any special equipment to hack wifi. In fact, he always carries a fin-shaped WiFi

hacking

kit with him. Zero. He can do many things including hack your wifi. And look at this hipster hacker, you'd never know it, right? He's just there to have some coffee and read a novel, or so you think. The hipster casually walks into the cafeteria and finds a place to hide his flipper zero. He plugs in his ES ESP 32 dev board or a wifi dev board flash with Marauder firmware, allowing the flipper zero to do crazy wifi attacks, and just hides it on a shelf somewhere behind some things.

No one will notice this. He then sits down, pulls out his phone and remotely controls the Zero flipper. Now the hipster hacker has done the hard work of setting up the flipper zero so he can perform wireless hacks. Once set up, it is very easy to do so. He goes through a simple menu, activates an evil twin, and even adds a captive portal. What's that? You've seen it before. You go to a coffee shop like Starbucks or an airport and connect to the Wi-Fi, a web page immediately appears asking you to accept the terms before you connect or even log in, or if you're at a hotel, you enter your Enter the number of the hotel room and once you finish the process, you are connected to the wifi.

It is a normal thing that is used for good purposes. But not here. The zero flipper can spin a captive portal that pretends to be anything. Maybe Google is Facebook and you, not realizing that you are connecting to an evil twin network, will enter your credentials, which will immediately be sent to the hipster hacker, and he will have your password and your email, and can do whatever he wants with the. Now the downside to flipper zero is that if a target connects to the wifi network, they are broadcasting to the evil twin and can't give them internet.

So as a goal, you'll immediately know, "Oh my God, this Wi-Fi is not working." He can't go anywhere. Then you disconnect. This is where the professional comes in and this, oh my god, the professional is so scary. So the professional walks into the coffee shop and orders coffee, puts on his hoodie, doesn't want to be seen, doesn't want to be known. This is the first time he has gone outdoors in three years. So naturally, he finds a dark, dark corner in the cafeteria to hang out and set up his wireless attack. He pulls out this crazy spider looking gadget called wifi, pineapple company, a custom made device for hacking wifi networks and his specialty is evil twin attacks.

The professional hacker will start by screwing down the million antennas that he uses to attack. Then he'll connect to the nice friendly web interface of it and start doing some reconnaissance, scanning the entire wireless network around him, literally taking in everything. And with one click, you can identify the network that he wants to impersonate and become an evil twin, and he becomes an evil twin like that. The fear. In part, this is because devices sometimes drop the connection to the WiFi router, go to the bathroom, go out, reconnect, leave, come back, reconnect. And as long as the wifi pineapple transmits a stronger signal, you will connect to the hemp.

That's what their devices are designed for. Prioritize a stronger signal. So it's very easy for that huge spider-like device to have a stronger signal than anything else around it. Now, it's not just that. Maybe you don't connect to Wi-Fi. Maybe the 5G on your cell phone is good. You do not have to worry about that. You don't connect to Wi-Fi. You're too smart for that, not with the wifi pineapple. It can make you connect to Wi-Fi even when you don't want to. Here is a scenario. Last year you were at a conference in Las Vegas, there was no cell signal at that conference, but they did have free wifi.

Let's say it was a coffee convention. Obviously I go to those, not really. It was called coffee, wifi, whatever. Was opened. You connected to it, used it, left Las Vegas and that's it. Now, what you don't know, what you don't realize is that the wireless network, your phone remembers it, and everywhere you go, your phone sends out probes that say, Hey, coffee conference network. Are you here? Because he is always wanting to connect. This is how it automatically connects to your home network and your work network. It's sending out probes and when it says, oh, I found one, it connects automatically, if you have that setup configured.

Well, Chuck, what's your point? Okay, well, a year later you arrive at the Bear Cave cafe. Your phone still remembers the coffee from the Las Vegas conference, the wireless thing, and it's sending out probes. The wifi pineapple listens to those probes, all the probes, every wireless connection your phone remembers and looks for the wifi pineapple, grabs it, turns it into an evil twin and broadcasts it. NoI know why. Just this, the wifi pineapple movement. So your phone, if it's set to automatically connect to a network, we'll look at that network and say, Hey, buddy, long time no see, let's connect.

And it connects. You've done it? No, your phone had Wi-Fi, Pinea took care of it for you, and now you're connected to a hacker's network. You are committed without even trying. How scary is that? That polling feature is crazy, and it literally captures every Wi-Fi network it can find and broadcasts those that cast a wide net capturing everything it can. And once connected, the hacker can do whatever he wants, especially a professional hacker, the captive portal. Yes, I can do that. What's crazy is the professional hacker it took five minutes, not even that, it was a few clicks.

It's automated. They often have a script that runs a small manual. They come in, they click and it just works and does it. And then, looking at the new hacker, he finally figured out how to install the drivers for the alpha network adapter from him and installed some tools to make this work. He uses a tool called DNS Mask to run DHCP, which will distribute IP addresses and run DNS, which will help his targets reach websites on the Internet. And then he'll launch Host to PD, another really fun Linux tool, which will just launch a wireless network, nothing at all, in this case, it's evil.

He is matching the SSID and name of a channel so that they are exactly the same. Then you will accidentally connect to it. And for professional and new packers, once you are connected to your network, I say you can do whatever you want. One of the cool things they can do, and when I say cool, I mean scary, is that they can spoof your DNS. Now we only talk about DNS. It means domain name system and is essential in the functioning of the Internet. When you visit a website, say target.com, your computer has no idea how to get to target.com because it's looking for an IP address somewhere in a data center, somewhere else in the world. target.com is like a nickname, a descriptive name.

Therefore, we don't have to type IP addresses in our URL bar. So to make things easier for us, have DNS servers. So we say: Hey, DNS server, I want to go to target.com. And he says, okay, let me look up where that IP address is. And then he tells your computer: Hey, this is the IP address of that thing, that thing that your owner wanted to visit. That happens with everything you visit target.com, facebook.com, google.com. You have to do a DNS lookup, find out what the IP address is and then you can go to it.

The scary thing about this is that the DNS server is the hacker's computer. It is the computer of the clouds. It's the wifi pineapple that's there, and the hacker can make the DNS server respond any way he wants. So you try to go to target.com, the DNS server can go, you know what? The goal is not where it really is. target.com is actually on a server. I just created a fake website. I even used a tool to clone the website. So it looks like Target. And when you visit it, you won't even realize you type target.com, I'm telling you it's here.

You get there, it seems the same. You think you're fine, right? No. Now this attack is called DNS spoofing. It is very common and often difficult to notice. Now, the unique thing about this site is that it runs the framework, which means I now have control as a hacker of your browser. And I can do some crazy things like send you weird messages, I can trick you. And these are all fun things. More nefarious things would be like taking over your webcam, increasing all logins to your website, and gaining more access to your PC and into the hands of a skilled hacker.

That's a lot. And although some of these attacks are more advanced, what I just demonstrated is not that difficult to learn. So what's your protection or your VPN? Please use VPN. Because even if you connect to an evil twin network, a Wi-Fi network owned and operated by a hacker trying to catch you, if you're not connected to any VPN, your traffic is encrypted, they can't see it. And if you're really paranoid, you can double onion VPN over VPN and the attacker won't be able to spoof your DNS. All your DNS queries are encrypted and secure when you are not connected to any VPN.

Now, what happens if you are not connected? What happens if you forget that even the VPN still doesn't support you in the worst scenarios? They have new protection against threats. Like this option here, I'm going to enable it right now. Even when you're not connected to a VPN, it will protect you from cyber threats. So things like malware trackers, they even have file protection that prevents you from downloading malicious things. So even if the attacker is trying to get you to download malware and gain a more serious foothold on your system, having more VPNs present on your computer with this setting enabled can help protect you.

But in the best case scenario, you are connecting to nor v pn and are protected across the board. If you visit nor vpn.com/network chuck you will get an amazing discount and free bonus months. Now, let's talk about cracking wifi passwords. How can a hacker access your wifi network and find out your wifi password? Because maybe they just want to steal your wifi. Maybe it's your neighbor and it's on your wifi, you don't even know. Or they're trying to get access to your network so they can do more things like a man-in-the-middle attack, or maybe it's an enterprise network and they want to attack your servers and stuff.

That's a real thing. And for the professional hacker who is really trying to pull off some crazy, evil attacks on twins, having that wifi password for your network will make it much more effective. So how can a hacker crack a password? Actually, he's not too crazy. Look at this. We will start with the new. He will enter. He will use what is called the Air Crack NG suite. He will first put his alpha network adapter in monitor mode by doing the zero boot of the airon NG WN. This allows his wifi adapter, instead of simply connecting to a wireless network, to now be able to listen and even carry out some type of attack.

I'll show you here in a moment something called the D off attack. It's something amazing. He will write an IW configuration just to make sure it is working and in monitor mode. Now sometimes other processes on your Calli Linux computer may interfere with that air mode write, NG check kill will check and kill those processes if there is something there. Now it's time to start monitoring with an arrow command dump NG WLAN zero using the dash switch to BG to monitor all types of wireless channels, 2,4 and five gigahertz. He will start monitoring and will be able to see everything, all the wireless networks in the surrounding area, everything that he can reach.

And since he's at Bear Cave Coffee, he immediately recognizes and locates Bear Cave Coffee, the wireless network with that network identified, he wants to dig deeper and investigate further. Using the same command as before, the dump ng arrow, he will specify the Mac address or station address of the AP or wireless router, the channel on which he is operating and he will specify a file to dump that information. And finally, the wireless interface, WN zero. Now, he'll keep this running and capturing for a while because what he's looking for is a four-way handshake, capturing the four-way special.

Handshake will give you everything you need to crack your wireless password. Now what is that? No matter what your device connects to a wireless access point, or when you enter a new place and see a wireless connection and try to connect, it will work a little bit between itself and the wireless network. Four separate messages. It is this exchange of the four messages that authenticates your phone to the application, the access point. They are also called E APO or E-A-P-O-L messages. And again, once captured, the hacker can take that information and figure out your password. Maybe now he could just sit there and wait for someone to come in and try to connect.

And this also assumes that the wireless password isn't broadcast on the wall or something you're trying to crack. So if you don't have the patience and don't want to wait, he can use what's called a deauthentication attack. And this attack is a little crazy. In fact, you can force any phone, laptop, or device on the wireless network to lose its connection to authenticate from the wireless network. It doesn't have to be connected to it, it just has to be adjacent to it. Now this is abusing something that is common in a wireless network. The wifi router can often send a D off message to its clients to say: Hey, you need to reconnect.

For some reason, it's a real thing. But the hacker can abuse that by sending his own DO messages impersonating the wifi router to the clients. And what are you going to do? They are going to listen. They say, oh, I'm just going to tune out. And then connect again. So if Airplay and G command, the cloud does that, it can target an individual person who scanned and recognized or the entire network and all clients are authenticated all at once. And when you do that, bam, you capture a four-way handshake as they try to reconnect. And then he ends his capture.

See EA's survey message, I think I say it right. He stops it and now he can start figuring it out for the hipster. It's even easier. He has his zero fin. He places it somewhere. He scans the network around him with the push of a button on his phone, right? Too easy. He chooses the target for him. He executes a deauthentication attack and immediately begins capturing the raw packet from the network. And hopefully, fingers crossed, he also captured a four-way handshake. Now, again, clarifying the fact that the flipper zero is so compact that it looks like a toy.

No one will notice that you are hacking anything. I love that flipper zero thing. It's also the scariest thing about flipper zero. And then, of course, the professional hacker, it's a little more obvious, but he hides. So it doesn't matter. He is professional and his attack is much easier. When he enables scanning for his wifi pineapple company, he automatically sets himself up to start receiving all the handshakes he can. And with a few clicks, he can just say, Hey, disable this network, de-authenticate this client, and seamlessly capture it in moments. It's super easy for the professional.

Now, whether you're a newbie, hipster, or professional, we'll all end up here. He will have a packet capture file with a four-way handshake. Now, just so you know, having the four-way handshake doesn't mean you have the WiFi password, but it doesn't mean you have the ingredients to figure it out. So, for example, let's say we have our four messages, the four-way handshake, 1, 2, 3, 4. The way the hacker might try to figure out the password with this four-way handshake is to do a lot of guessing. . Let's take a password, like password 1, 2, 3 and combine it with the ingredients and the four-way handshake and see if that password can successfully decrypt one of the messages and the four-way handshake that we know is the correct password.

Now, it's a lot more complex than this, but that's essentially what we're doing. And the software we are about to use will guess many passwords over and over again until we finally find one that does the job. It's like you have to lock it and try a bunch of different keys to see which one unlocks it. And of course, the first thing we will need is a large bag of keys or a large bag of passwords. Otherwise, no one has a word list or a password word list. A list full of hundreds, sometimes thousands of passwords that will be tried and tried over time.

And depending on how strong and powerful your computer is, how quickly we can test these passwords. Now, the new packer is going to try this. What you don't have a lot of experience with is that you will probably fail. It will use a default word list. A list of passwords previously can be used by people in the wild discovered through other hacks and things like that. It's actually a popular list called Rock U and it contains a ton of passwords. So you're going to extract it, you're going to try to crack it with the air crack command.

I note that it will take a while and there is no guarantee that the password actually exists in that database. That's a finite list of passwords. This is where the hipster and the professional hacker are going to differ a little. They have more experience. They know that the password will probably only be relevant to the place they are trying to attack and they will use it to their advantage. And this is a lot of great tools. First, they're going to use a tool called Okay, cool, and I didn't do that on purpose. I promise they will use Cool to crawl the coffee shop's website to find all the keywords that could be used in a password, and it will generate them into a list.

How cool is that? Then we'll use a tool called Pi Pal, which will go through that list of words and find words that will probably actually be used in a password. Identify the top 10. And I'll use something special about Linux to put them in a nice, neat list that we can use with our next tool. And this is a toolcustom that we build ourselves or the hipster and the professional hacker. It's a Python script that will go through this list and combine all the words in different ways. And finally, with our list of words, we will do the same thing that a new hacker did, only with a more specific list, which will take us less time and give us a better chance of discovering the password.

And in half a second we find that the password is mesquite coffee. We did it. Now, this is very simplistic what I showed you here, but it's an example of how someone could find out if they can do the same thing, like profile your home, find out more about you. And once they have that wifi password, they can connect to your wifi, use it all they want or connect and do some bad things. Make a really, really, really evil twin or do lots of other things like gain a foothold on your servers and get all your files.

Whatever it is, it can be done. So let's talk about safety and security. What can you do to protect yourself first and foremost as a citizen? Individual, as a user, protecting your own Internet traffic and your own data? VPN or VPN? Check it out. Link below beyond VPN. What about your own Wi-Fi network or your company's network? The first thing you can do is have a strong WiFi password with randomly generated characters that have nothing to do with you. Yes, it's painful to share, I understand. But you have to do what you have to do. Security has a price, but it is much cheaper than the consequences of not having it.

Now, beyond that, there's really not much else you can do, especially against evil twin attacks or man-in-the-middle attacks, unless you have more enterprise hardware. There are enterprise Wi-Fi networks that can do some interesting things. One thing is that they can isolate the host from all hosts that connect to their networks. So the man in the middle attack can't even happen. They cannot talk or connect with anyone else on that network. It can't happen as far as evil twin attacks are concerned, much harder to deal with, but many of these smart enterprise wireless networks can look for similar SSIDs or the same SSD as the networks they are transmitting and alert you or try. to stop them with their own type of wifi mitigation attacks.

It's very cool. Anyway, that's wifi. I'm about to travel with my family to Japan. I am using these techniques to protect myself and take care of people. Mainly just connecting all my kids, family and I to a VPN while I travel. That is all that I have. I'll see you next time.