Wireless Access points
A wireless access point (AP) is a device providing wireless connectivity to a wired network πΆ. Wi-Fi is the most well-known protocol.
Most of the time, we refer to a WAP when we say "access point" (AP).
Access point security π
- Limit the range to the company
- Disable SSID broadcasting (if applicable)
- Use non-default settings
On Linux, wireless network interfaces are starting with wlan
. You can use iwconfig
to dig information about them while iw
is the modern recommended alternative.
$ iw dev # same as 'iwconfig'
Interface wlan0
...
addr 02:00:00:00:00:00
We commonly use hostapd
for managing an access point.
Pentester Access point Notes β οΈ
- π₯ Evil twin attack
A hacker create an access point using the SSID of another network. Users may connect to it, and the hacker will be able to do an M-I-T-M attack or sniff communications.
- Dig Information
If you have access to a device connected to a wireless network or acting as an access point:
$ iw dev
Interface wlan0
type AP -- access point
addr 02:00:00:00:00:00 -- bssid
type managed -- client
type monitor -- used to monitor trafic
- If you have access to a monitor interface and you have the BSSID associated with the access point, you can try to use Reaver to brute force the WPA/WPA2 passphrase.
$ reaver -i mon0 -b 02:00:00:00:02:00 -v
$ reaver -i mon0 -b 02:00:00:00:02:00 -vv
$ reaver -i mon0 -b 02:00:00:00:02:00 -vv -c 1
- If you have enough permissions, you can scan for wireless networks using the wash command:
$ wash -i mon0
$ wash -i mon0 -c 6
$ wash -i mon0 -c 6 -C
π» To-do π»
Stuff that I found, but never read/used yet.
- MAC filtering
-
wpa_supplicant