Pre-connection Attacks | Ethical Hacking

Interconnection of two or more devices that share all resources creates a network. The devices may share physical connections or wireless connections. The wireless connection comes from a router that uses the internet to function.

These networks have become highly vulnerable in the last few years. This is mainly due to an increase in cybercrimes. To overcome this problem, companies go for network penetration testing.

Pen testing is a method of identifying potential risks and vulnerabilities in a system or a network. It includes performing a real-time attack to see how strong the network security really is. The network testing is divided into three parts – Pre connection attack, gaining access, and post connection attack.

We will look at all the parts briefly to understand their relevance in the process.

Network Penetration Testing Parts

Pre-connection Attacks

This is the first step of network penetration testing which works on identifying networks around us. This includes details about all the connected devices in a network. Knowing these details helps in easy disconnection during the attack. Tools needed for pre-connection attacks are –

1. A wifi adaptor in monitor mode
2. airodump-ng
3. aireplay-ng
4. An Operating System

Gaining Access

This is the next step in network penetration testing that requires a network connection. This step allows the implementation of stronger attacks with reliable information sources. The networks without encryption are easier to get in and sniff unencrypted data. If there is encryption, we decrypt the information in all network types like WEP/WPA/WPA2.

Post-connection attacks

This the last step in network penetration testing. After we get access to the network and the information, we start placing bugs. We break in through the network to get everything we need. We can also place malware, virus, and more in it to test how the security reacts to it. Netdiscover and Zetmap are the two famous tools used in this process.

Steps in Pre-connection Attack

1. Wireless Interface in Monitor mode and Change MAC Address

This is the first step in the process of a pre-connection attack. The aim is to put wireless cards into monitor mode so that all packets in the network are audible.

The wireless devices have “managed” mode by default allowing access to packets with our device’s MAC address as the destination.

To make it simple, packets directed to your personal machine are the only ones you can access. But the entire point is to capture all packets within our range even if they don’t have our MAC address. This is possible by changing the device’s setting to Monitor mode.

Use iwconfig to get access to wireless interfaces. You will see that it is in Managed mode. Change it using the following command.

• ifconfig wlan0 – disable the Managed mode
• airmon-ng check kill – remove any interference and stop the internet connection
• iwconfig wlan0 mode monitor – enable monitor mode
• ifconfig wlan0 up – enable the interface
• iwconfig – check the Monitor mode

Now we can easily capture all the Wi-Fi packets within our range. The packet sniffing attack begins with this step. The second part of the step is to change the MAC Address.

MAC address refers to the physical static address of a network card. The purpose is to use it for identifying devices while packet transmission. The reason why we change the MAC address is to increase anonymity and impersonation. The steps to change MAC Address are –

i. Click on the network card’s adapter
ii. Select Properties from the menu
iii. Select the Advanced tab under it
iv. Click on Network Address
v. Now type the new MAC address

2. The Packet Sniffing Tool – airodump-ng

This tool allows the collection of networks in our range and then collects useful information about them. It is made to capture all packets in these networks using the Monitor mode. You can collect information like – mac address, encryption type, number of clients, etc. You can use an Access point too in case of a certain Wi-Fi network.

Some Key Point to Remember while Using airodump-ng

• The name of the wifi is at the left top of the screen.
• BSSID has the MAC addresses of the network under it.
• PWR displays the signal strength of the network. Higher the better.
• Frames sent by the network are under Beacons.
• #Data is for the number of data packets.
• #/s is for data packets captured in the last 10 seconds.
• CH has the information of network channels.
• ENC is for the type of encryption used.
• CIPHER is literally for cipher use.
• AUTH stands for authentication type.
• ESSID has the network names under it.
• STATION is for devices under the network.
• Rate signifies the speed.
• Lost has data loss information.

The next step is to run airodump-ng and target a particular network. This is done using the command –

( airodump-ng–Name of the Network–Channel Number–write test Interface name in monitor mode )

After the execution of this command, we get information about the connected networks and all the subheads mentioned above.

3. Deauthenticate the Wireless client

This also refers to de-authentication attacks. We can disconnect any device from the network using its private encryption key. We impersonate the client by changing the MAC address and send a packet to the router.

Also, we disconnect the client using the router’s MAC address leading to connection failure. Aireplay-ng. is the tool used in this process. It begins with running airodump-ng on the target network to get a list of connections. After getting the information, we disconnect the device using the aireplay-ng.

The command for the process is –
aireplay-ng –#DeauthPackets -NetworkMac -TargetMac Interface

This command will disconnect the device till you press Ctrl + C to quit it. The “deauth” in the command instructs the program to send de-authentication packets to the router and client, keeping the client disconnected.

Conclusion

Ethical hackers are mainly famous for performing pen tests for organizations. Pen testing is an important precautionary step to safeguard the company. It is important to know about it in detail before you start practicing. This tutorial is useful for beginners in the field of ethical hacking and even the students who want to pursue a career in it. This is the most basic framework you follow for pre-connection attacks.