Wireless Network Hacking

Question 1

What vulnerability exists in WPS (Wi-Fi Protected Setup)?

Answer 1

Brute-force, with 11,000 tries or less by providing first 4 numbers instead of the 8.

Question 2

What is Fragmentation Attack in Wireless Hacking?

Answer 2

Used to help crack the WEP password by obtaining the pseudorandom generation algorithm (PRGA) of captured packets.

Question 3

What is a Karma Attack?

Answer 3

It is a variant of the evil twin attack. It exploits a device’s Wifi behaviour by connecting to a SSID that was used to connect to in the past. This attack replicates the SSID with a malicious AP instead.

Question 4

What is a Downgrade Attack?

Answer 4

A downgrade attack is an attack that seeks to cause a connection, protocol, or cryptographic algorithm to drop to an older and less secure version, typically in SSL/TLS.

Question 5

What is a Deauthentication attack?

Answer 5

Kicking the victim off from the current connected AP. This is done by spoofing the victim’s MAC address and sending the deauthentication frame to the AP. The victim will automatically try reconnecting. Deauthentication attack can be repeated to prevent the victim from establishing stable connection.

Question 6

What does WEP Stand for?

Answer 6

Wired Equivalent Privacy

Question 7

What is the bit size for the IV (Initialization Vector) in WEP?

Answer 7

24 bits

Question 8

What are the 2 possible key lengths for WEP?

Answer 8

40/104 bits

Question 9

What encryption does WEP use?

Answer 9

RC4

Question 10

What redundancy check is used in WEP?

Answer 10

CRC-32

Question 11

What does TKIP stand for?

Answer 11

Temporal Key Integrity Protocol

Question 12

What does WPA stand for?

Answer 12

Wi-Fi Protected Access

Question 13

What encryption does WPA use?

Answer 13

RC4 + TKIP

Question 14

What is the IV bit size for WPA networks?

Answer 14

48 bits

Question 15

What is the key length for WPA networks?

Answer 15

128 bits

Question 16

How often does WPA key changes?

Answer 16

Every 10,000 packets

Question 17

What encryption does WPA2 use?

Answer 17

AES

Question 18

What type of authentication does WPA2 - Personal use?

Answer 18

Pre-Shared Key.

Question 19

What type of authentication does WPA2 - Enterprise use?

Answer 19

Set of credentials (Either via EAP or RADIUS server)

Question 20

What is the purpose of the 802.11 Series?

Answer 20

Defines the standard for wireless networks

Question 21

What technology uses the following standard:

802.15.1

Answer 21

Bluetooth

Question 22

What technology uses the following standard:

802.15.4

Answer 22

Zigbee - Low power, Low data rate, close proximity networks

Question 23

What technology uses the following standard:

802.16

Answer 23

WiMAX - Broadband wireless metropolitan area networks (MAN)

Question 24

What is Basic Service Set Identifier (BSSID)?

Answer 24

MAC address of the wireless access point

Question 25

Wireless Attack: Data Frame Injection

What is it?

Answer 25

Constructing and sending forced network frames (Data).

Question 26

Wireless Attack: Bit-Flipping

What is it?

Answer 26

Capturing frames and flipping bits within the data payload.

Question 27

What is the purpose of warwalking, wardriving and warflying?

Answer 27

To discovery WiFi networks and access points, often looking for insecure ones to hack or gain access to.

Question 28

What type of tool is Kismet?

Answer 28

Wireless packet analyser/sniffer. Also can be used for network discovery.

Question 29

Wireless Attack: Rogue Access Point

What is it?

Answer 29

Placed Access Point controlled by an attacker.

Question 30

Wireless Attack: Evil Twin

What is it?

Answer 30

Rogue AP with similar SSID to the target network. AKA Mis-association attack.

Question 31

Wireless Attack: Honeyspot

What is it?

Answer 31

Faking a well-known hotspot with a Rogue AP

Question 32

Wireless Attack: Ad-Hoc Connection Attack

What is it?

Answer 32

Connecting directly to another phone via wireless media. Victim has to accept the connection

Question 33

Wireless Attack: Deauthentication

What is it?

Answer 33

Send a deauth packet to the AP with spoofed victim MAC address, disconnecting them from the network.

Question 34

Wireless Attack: MAC Filtering

What is it?

Answer 34

Retrieving (Sniffing) authorised MAC addresses to connect to the network

Question 35

Are the following tools used for?

SMAC and TMAC

Answer 35

MAC spoofing

Question 36

List 2 main attacks against WPA/WPA2 networks

Answer 36

1. Password Brute-force
2. Key Reinstallation Attack (KRACK)

Question 37

What does AAA stand for?

Answer 37

1. Authentication
2. Authorisation
3. Accounting

Question 38

Which network protocols has AAA functionality?

Answer 38

1. TACACS+
2. RADIUS
3. Diameter

Question 39

What is a Rogue Access Point?

Answer 39

A Wireless Access Point (WAP) added by a well-meaning employee or by a malicious attacker.

Question 40

What is 802.1x protocol?

Answer 40

Provides authentication mechanism for both wireless and wired connections.

Question 41

What is a Packet/Network sniffer?

Answer 41

Hardware or software tool to monitor data in a network

Question 42

What is a Protocol Analyser?

Answer 42

Hardware or software tool to monitor and perform analysis on data in a network

Question 43

What tool can be used for computer network protocol analysis and security auditing?

Answer 43

Ettercap

Question 44

Wireless intrusion prevention system (WIPS) operates at what layer of the Open Systems Interconnection (OSI) model?

Answer 44

Layer 2 - Data Link

Question 45

What is Tcptrace used for?

Answer 45

Analyze the files produced by packet-capture programs such as tcpdump, WinDump, Wireshark, and EtherPeek

Question 46

What type of tool is NetStumbler?

Answer 46

Application is a Windows-based tool generally used to discover WLAN networks running on 802.11 a/b/g standards and used to collect wireless packet data