You are on page 1of 56

Contents

1.0 Layout of Site Survey ............................................................................................................................. 3


2.0 Site Survey Specification ........................................................................................................................ 3
3.0 Heat Map of Site Survey ......................................................................................................................... 4
4.0 Site Survey Result ................................................................................................................................... 5
5.0 Signal Jamming (Loh Choon Way TP041264) ....................................................................................... 5
5.1 Tools and Hardware ............................................................................................................................ 6
5.2 Comparison of tools ............................................................................................................................ 6
5.3 Selection of Tools ............................................................................................................................... 8
5.4 Impact of Wi-Fi Jamming ................................................................................................................. 10
5.5 Conclusion and Evaluation ............................................................................................................... 10
6.0 Interference (Liau Sze Nan TP03415) .................................................................................................. 11
6.1 What Causes Wireless Interference Happen? ................................................................................... 11
6.2 Physical Obstacles ............................................................................................................................ 11
6.3 Radio Frequency Interference ........................................................................................................... 12
6.4 Electrical Interference ....................................................................................................................... 13
6.5 Analysis............................................................................................................................................. 13
6.6 Comparison of Software ................................................................................................................... 14
6.7 Solution of Interference .................................................................................................................... 15
7.0 Threats and Issues to WLAN (Abdulaziz Aljawder TP032807)........................................................... 16
7.1 Solutions ........................................................................................................................................... 16
Individual Part (Evil Twin Attack) (Loh Choon Way TP041264) ........................................................ 18
1.0 Statement........................................................................................................................................... 18
2.0 Aim ................................................................................................................................................... 18
3.0 Evil Twin Attack (Fluxion) ............................................................................................................... 18
4.0 How to prevent Evil Twin Attack ..................................................................................................... 19
5.0 Selection tools - comparison tool ..................................................................................................... 20
6.0 Testing Plan and Result .................................................................................................................... 22
7.0 Conclusion ........................................................................................................................................ 30
Individual Part - Wi-Fi Password Dictionary Attack (Liau Sze Nan TP034915) ....................................... 31
1.0 Statement........................................................................................................................................... 31
2.0 Selection of Tools ............................................................................................................................. 32

1
3.0 Test Plan/Specification ..................................................................................................................... 34
4.0 Demonstration of walkthrough ......................................................................................................... 36
7.0 Evaluation and Solutions .................................................................................................................. 40
Individual Part: EVIL TWIN ACCESS POINT ATTACK (Abdulaziz Aljawder TP032807) ................... 41
1.0 Introduction: ...................................................................................................................................... 41
2.0 Aim and Objectives: ......................................................................................................................... 42
3.0 Test Plan............................................................................................................................................ 45
4.0 Demonstration of walkthrough ......................................................................................................... 46
5.0 Solution and Recommendations: ...................................................................................................... 52
6.0 Conclusion: ....................................................................................................................................... 52
Reference .................................................................................................................................................... 53

2
1.0 Layout of Site Survey

2.0 Site Survey Specification


APU New Campus Level 6, Block D, Discussion Room is chosen as the location for the site
survey. This area mainly occupied by 12 tables and 48 chairs for students to use or stay at
discussion room. This room usually for students waiting class, doing their work such as doing
assignment, revision, reading, writing, meeting with friends or group members to have a
discussion and soon. Site survey is performed on 4pm and it will be less classes that interfere
with the site survey. Thus, the numbers of users in the area is not more than 10 users.

The summary of site survey specification:

• The discussion room consist 1 access point

• The discussion room mainly occupied by 12 tables and 48 chairs

• The discussion room is able to accommodate 48 persons


• The Walls are mostly made of glass and cement
• The Floor is covered with carpet

3
3.0 Heat Map of Site Survey

4
4.0 Site Survey Result
The site survey is done by using Ekhau Heatmapper Software. This site survey is done in APU
Level 6 Block D, outside the classroom of D6-04, Discussion Room. In the figure above, it shows
the WiFi coverage strengthen network is decent by showing light green to left side bottom corner.
It is noticed that few access points, the red circle point is the main access point to be test. The
others access point is from others classroom and outside the discussion room.

From the figure above, it shows many access point with different strength power of the network.
There are many access point because each floor of the building block has to spread the network
connection throughout every corners of the University. In the next section, the researchers will
explain further the site survey based on the diagram above for the network interference within the
area, the packets transmission sniffing in the area, as well as signal transmission jamming to
determine whether it is existing within the tested area.

5.0 Signal Jamming (Loh Choon Way TP041264)

Signal Jamming is one of the exploits that used in the wireless network environment. Signal
jamming can be used the tools or script to interrupt the wireless communications. It could prevent
users from connecting to the wireless access point. The attacker is allowing to select one target
from the access point to attack it. However, the results will show the users who are using the target
access point could disable to reconnect the network. The process of the attack will be using the
deauthentication packets for sending to the access point. (Thesignaljammer.com, 2018)

Additionally, the wireless protocol has different kind of management frames which is used for
establishing and authenticate the connections. There has one packet called deauthentication frame
could send to access point for affected the network could be disconnected. For Example, an
attacker will choose one place which is that provided the Free Wi-Fi and starts the deauth-attack
to disturb the wireless network to deny all the client's devices cannot access the target network and
block the internet connection to affect user can’t reconnect the wireless network. (Medium, 2018)

5
5.1 Tools and Hardware
Tools will be used in this active attack are:

• TP-Link Wireless Adapter USB


• Kali Linux 2018.3 versions
• Terminal
• Wi-Fi (mobile hotspot)

5.2 Comparison of tools

Websploit

Websploit is an exploitation tool and automated vulnerability assessment. It also an open source
project that could scan and analysis to find out the various type of the vulnerability (Sourceforge.net,
2018). The tools have provided different types of modules which available user to choose for it.

Example, Web Modules, Network Modules, Exploit modules and Wireless Modules (Hacking, 2018).
Each of the modules has listed out the few options of attack that supported in the tools. For
Example, Wi-Fi jammer is one of the attacks that include in the wireless modules.

Aircrack-ng

Aircrack-ng is a tool which consists of different types of tools to capture and examine the data
packets from the wireless network. It has supported to perform the analysis and cracking such as
password cracking and Wi-Fi jamming for the WPA and WPA2 wireless security. It can be used
on different areas of Wi-Fi network security. For Example, monitor, attack, test, and crack. Each
of the function will show different results like monitoring is focused on packet capture and export
data to text files by third party tools. Besides that, the tools can run the attack such as replay attacks,
deauthentication attack, fake access point and more. It also checking and testing the Wi-Fi cards
capabilities to capture and injection the packets while processing the attack. Moreover, it could be
cracking the WEP and WPA 1 and WPA 2. (Aircrack-ng.org, 2018)

6
Airmon-ng is the tool that included in the aircrack-ng package to enable or disable the monitor
mode on the wireless interfaces (Kali Tools, 2017). Although, it can enable the monitor mode to
manage mode on the wireless interfaces.

Airodump-ng is used to capture the packet of raw 802.11 frames and suitable to collect the WEP
by using with the aircrack-ng (Aircrack-ng, 2018). It is capable of the found access point and writes
out some of the files containing the detail of the access point that appears in the nearby area to
show the clients can see the results.

Aireplay-ng will be used for cracking the WEP and WPA1 and WPA2 keys. There have few types
of attack can use deauthentication for capture the WPA handshake data, ARP request injection and
more (Aircrack-ng, 2018).

Comparison Tools

Tools Websploit Aircrack-ng

Types of Attack -Social Engineering -aircrack-ng

-Man In The Middle Attack -airmon-ng


(MITM)
-airodump-ng
-Directory Scanner
-aireplay-ng
-Information Gathering from
Victim Web Using -airedecap-ng

-Fake Access Point Attack -ivstools

7
-Wi-Fi Jammer -airsev-ng

-ARP DoS Attack

Operating System Kali Linux (version) Kali Linux (version)

Process Flexible to use but it quite a little Simple and effective


complex

5.3 Selection of Tools

Based on the comparison table of results, the tools will be chosen is Aircrack-ng to proceed the
Wi-Fi jamming attack. The three types of tools are free to download from the website which has
the RAR file. It needs to extract out from the RAR file to get the data files. All the tools are required
to use the terminal to run the script or command line for doing the attacks. The aircrack-ng is
simple and effective to perform the Wi-Fi jamming.

8
After the process complete, the WiFi want to connect will be show Can’t connect to this network.

9
5.4 Impact of Wi-Fi Jamming
The impact of Wi-Fi jamming can spam the deauth messages to disconnect the target wireless
network and user are unable to reconnect the target network. If the attacker still running the
program, the user will never connect to the internet unless the attacker has stopped running the
program.

5.5 Conclusion and Evaluation


After performing the attacks of Wi-Fi jamming, the tools of “aircrack-ng” has successful to show
the process of the Wi-Fi jamming. Wi-Fi jamming attack is easy to launch the attack when an
attacker has known the target wireless network is lack of prevention or protection to secure it.
After all, an attacker needs to gather information from the target wireless network which is BSSID,
ESSID and what channel will be used to start the attack.

It won’t have solutions to stop the attacker from sending the deauthentication packets. It can
prevent the attack from an attacker is the network should be configured and distance also far away
from the attacker devices so the deauth attack will not enable the attacker to scan out at the nearby
area of Wi-Fi networks to compromise it.

There are one of the methods to protect the wireless network from the attacker. It should check the
wireless network is secure and prevent an attacker could easily to aim as a target of the victim's
wireless network.

10
6.0 Interference (Liau Sze Nan TP03415)
In communications and electronic equipment, particularly in telecommunications, interference
refers to anything that modifies or destroys a signal as it propagates along a channel between a
signal source and a receiver. Besides, the lack of wires that makes WLAN so attractive is also the
feature that makes other devices capable of causing Wi-Fi interference. (Juniper, 2017) Wi-Fi
interference is a common and troublesome issue, it is because wireless signals travel through the
atmosphere, and they are susceptible to different types of interference than standard wired
networks. (Harwood, 2009) Therefore, this is an important consideration when using wireless
networks and interference to attenuate wireless signals. The impact of wireless interference include,
low signal strength in the Wi-Fi menu, unstable connection to the Internet when using Wi-Fi
connection and slow file transfers rate between computers when the Wi-Fi connection is slow or
unstable.

6.1 What Causes Wireless Interference Happen?


There are many factors that cause wireless interference, depending on the various areas of the
network itself, including the technology of the equipment used, the local environment through
which the signal will pass, the fundamental physics behind wireless transmission, and so on. Some
of these are unavoidable, and measures must be taken to minimize the negative impact of these
factors on network performance, but other factors can be completely resolved through device
upgrades or good network planning. (Solutions, 2018) There are various types of factors that
causes wireless interference happen.

6.2 Physical Obstacles


The most common of factors that causes wireless interference happen is physical objects. For
example, trees, humans, buildings, and any other physical obstacles in our surrounding are the
most common sources of interference. (Harwood, 2009) Besides, the impact of interference is
highly dependent on the transmission strength and the distance from the source of the interference.
Access points that are closest to the interferer and on the same channel will be more affected than
the farther access points. (Juniper, 2017) In addition, the density of the materials also affect the

11
wireless interference happen. Below are show the table of wireless interference level depend of
the density of the materials.

Type of Barrier Interference Level


Wood Low
Plaster Low
Synthetic Material Low
Glass Low
Water Medium
Bricks Medium
Human Medium
Concrete High
Metal High
Mirror Very High

6.3 Radio Frequency Interference


Since most wireless networks transmit signals in a narrow RF range around 2.4 GHz, devices of
the same frequency typically affect wireless signals. (Mitchell, 2018) This mean the signals
operating at similar frequencies can cause radio frequency interference and have a significant
negative impact on Wi Fi network performance. (Solutions, 2018) Some non-network devices such
as microwave ovens, car alarms, cordless phones, or wireless cameras may interfere with the
wireless channel because most of the cases, these devices use a 2.4 GHz frequency to perform.
(Juniper, 2017) For example:

• Microwave — the closer the router is to microwave the more network interference can
expect to occur when the microwave is in action. That is especially true for older wireless
routers that just like microwaves operate in the 2.4 GHz spectrum.
• Cordless Phone — again 2.4 GHz spectrum. Just like the previous item these phones can
cause large signal interference. Wi-Fi Interference will occur during active call time.
• Other Wireless Devices — any wireless device can technically be the reason for a signal
interference. These can be wireless speakers, baby monitors, garage door openers, etc.

12
Some other wireless devices operating in 2.4 GHz or 5 GHz spectrum, including
microwave transmitters, wireless cameras can also contribute to wireless interference.
(NetSpot, 2018)

6.4 Electrical Interference


The effect of electrical interference on the signal depends on how close the electrical equipment is
to the wireless access point. Advances in wireless technology and electronic devices have reduced
the impact of these types of devices on wireless transmission. (Harwood, 2009) Electrical
interference examples of devices that can wireless interference include laptops, phones, tablets,
streaming media players, TV’s, Blu-Ray players, printers, exercise equipment, sound bars,
thermostats, refrigerators, bathroom scales, or any other electrical equipment. (Communications,
2017)

6.5 Analysis
Based on the result of site survey, the heat mapper is show that the APU New Campus Level 6,
Block D, Discussion Room area are most coverage in green which mean the Wi-Fi signals
coverage is quite good. It show the discussion room that the Wi-Fi interference is very low.
However, the site survey is performed when the discussion room is less persons and the level 6
block D is less classes at around 4 p.m. The result will be different if the selected time is on working
time or hot time or the area has accommodate a lot of persons.

This is because students will always bring their gadget such as laptops, smartphones and
etc, which all of its will occur radio frequency interference. Since most of the wireless networks
transmit their signals in a narrow radio frequency range around 2.4 GHz, it's common for devices
on the same frequency to affect the wireless signal. (Mitchell, 2018) Besides, the APU New
Campus Level 6, Block D, Discussion Room mainly occupied by 12 tables with 48 chairs and the
floor of the is covered with carpet. Although the discussion room facility does not have wireless
features, but it can be caused physical obstacles. All of the physical obstacles in the Block D, Level
6 discussion room may causes reflection, refraction, diffraction, scattering or absorption
phenomena that impact the Wi-Fi signal. (Cook, 2015)

13
6.6 Comparison of Software
Ekahau HeatMapper

HeatMapper is the free version of networking design toolmaker Ekahau’s Wi-Fi Site and Survey
Planner. It is an enterprise Wi-Fi planning and wireless site survey tool. It offers an attractive
graphical overview of the airwaves around the floor plans and even some information about the
security setting on detected Wi-Fi networks. (Geier, 2017) Below are the features of Ekahau
HeatMapper:

• Scan Wi-Fi coverage on a map


• Locate all access points
• Find available networks
• Detect security settings
• Supports 802.11n, as well as a/b/g
• Works on pretty much any Windows laptop
• Free of charge, one-minute install

NetSpot

NetSport is a Wi-Fi stumbler and map-based survey tool, but for free home edition reviewed, the
map-based survey tool is disabled. It available for both Windows and Mac OS X. On the simple
GUI, network details of the SSIDs are shown bold and clear. The signal level are shown in negative
dBm values and percentages. It doesn’t show hidden network at all on the network list. (Geier,
2017) Below are the features of NetSport:

• Analyze Wi-Fi Coverage


• Visualize Wireless Network
• Wireless Network Planning
• Works on Mac OS X and Windows
• Works over any 802.11 network

Comparison Ekahau HeatMapper NetSpot Wi-Fi Site Survey

14
Creator Ekahau NetSpot
Operating System Windows Windows and Mac OS
Support Network Supports 802.11n, as well as a/b/g Any 802.11 network
Simulated APs & Yes Yes, Pro version only
Coverage
Simultaneous active Yes Yes
and passive surveys

6.7 Solution of Interference


Based on the analysis above, since most of the wireless devices transmit signals in a narrow radio
frequency range around 2.4 GHz. Students will always bring their gadget such as laptops,
smartphones and etc, which all of its may occur radio frequency interference. The 2.4 GHz Wi-Fi
signal range is divided into multiple smaller bands or channels, with some Wi-Fi channel numbers
overlapping each other. Therefore, the farther the two channel numbers are, the less the degree of
overlap and the probability of interference. In addition, there are three Wi-Fi channels 1, 6, and 11
that do not overlap each other, which means that using one of these three channels will result in a
smooth Wi-Fi signal. (Mitchell, 2018)

Furthermore, wireless networks allow more than 1 person to communicate with another
network source at any one time. This sharing of connection means that the more subscribers
utilizing the network, the more devices the access point has to try and communicate with
instantaneously. The point of access has to delegate its resources to each subscriber individually
per the amount of transmitting radios it operates on. (Solutions, 2018) To solve this issue, APU
has broadcast Staff APU and BYOD SSID for APU staffs and students. The Staff APU SSID is
created for all the APU staffs only and the BYOD SSID is supports 5 GHz Wi-Fi signal.
Nowadays, some of the devices are supporting 5GHz Wi-Fi signal, students can switch to BYOD
instead of using the 2.4 GHz.

15
7.0 Threats and Issues to WLAN (Abdulaziz Aljawder TP032807)

• Denial of Service: In this type of attack, an intruder floods the network with valid or invalid
messages that affect the availability of network resources. Due to the nature of radio
transmission, WLANs are very vulnerable to denial of service attacks.

• Spoofing and session hijacking: An attacker can access privileged data and resources on the
network by assuming the identity of a valid user. This happens because the 802.11 network does
not authenticate the source address, which is the media access control (MAC) address of the
frame. Therefore, an attacker could spoof the MAC address and hijack the session.

• Eavesdropping: This involves exploiting the confidentiality of data transmitted over the
network. By its very nature, wireless LANs deliberately radiate network traffic into space. This
makes it impossible to control who can receive signals in any wireless LAN installation.

7.1 Solutions

• Change Default SSID: The Service Set Identifier (SSID) is a unique identifier attached to the
packet header sent over the WLAN, which acts as a password when the mobile device attempts
to connect to a particular WLAN. The SSID distinguishes one WLAN from another, so all access
points and all devices attempting to connect to a particular WLAN must use the same SSID. In
fact, it is the only security mechanism the access point needs to enable association when the
optional security feature is not activated.

16
• As shown, the wireless AP is behind a corporate firewall in a typical wireless implementation.
This type of implementation opens a big hole in the trusted network space. A secure way to
implement a wireless AP is to place it behind a VPN server. This type of implementation
provides high security for wireless network implementations without adding significant overhead
to the user.

• VPN is a more comprehensive solution that authenticates users from untrusted spaces and
encrypts their communications so that someone can't intercept it.

• TKIP: The Temporary Key Integrity Protocol (TKIP), originally called WEP2, is designed to
address all known attacks and defects in the WEP algorithm.

17
Individual Part (Evil Twin Attack) (Loh Choon Way TP041264)

1.0 Statement
An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to
eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the
phishing scam in the site survey

2.0 Aim
To steal the passwords of unsuspecting users, either by monitoring their connections or by
phishing, which involves setting up a fraudulent web site and luring people there.

3.0 Evil Twin Attack (Fluxion)


The attacker snoops on Internet traffic using a bogus wireless access point. Unwitting web users
may be invited to log into the attacker's server, prompting them to enter sensitive information
such as usernames and passwords. Often, users are unaware they have been duped until well
after the incident has occurred. (WonderHowTo, 2018)

When users log into unsecured (non-HTTPS) bank or e-mail accounts, the attacker intercepts the
transaction, since it is sent through their equipment. The attacker is also able to connect to other
networks associated with the users' credentials.

Wireless stations generally do not generally connect to specific Aps, they connect to any AP with
a given SSID and the best signal. Worse, many stations automatically reconnect to any SSID
used in the past. Just placing an Evil Twin near business users can be enough to trick their
wireless devices into associating with a phony AP. An attacker who gets impatient waiting for
users to roam to the Evil Twin can use a tool like Aireplay to deauthenticate everyone, forcing
immediate reassociation. (rootsh3ll, 2018)

18
Fake access points are set up by configuring a wireless card to act as an access point. They are
hard to trace since they can be shut off instantly. The counterfeit access point may be given the
same SSID and BSSID as a nearby Wi-Fi network. The evil twin can be configured to pass
Internet traffic through to the legitimate access point while monitoring the victim's connection,
or it can simply say the system is temporarily unavailable after obtaining a username and
password.

4.0 How to prevent Evil Twin Attack


• Use wireless intrusion detection to spot or block out-of-policy associations. Network
WIPS products can provide these services for in-house WLANs.
• Centrally-manage wireless device configurations to avoid mistakes and prevent users
from adding unsecured wireless network entries.
• Supply mobile workers with secure hotspot clients to avoid Web page login. For
example, T-Mobile's Connection Manager uses 802.1X with EAP-TTLS when
connecting to "Enhanced WPA Networks."

Tools and Hardware

Tools will be used in this active attack are:

• Kali Linux 2018.3 version


• Terminal
• Wi-Fi
• Fluxion
• TP-Link Wireless Adapter USB (TL-WN722N)

19
5.0 Selection tools - comparison tool

Fluxion

Fluxion is the future blend of technical and social engineering automation that trick a user into
handing over the Wi-Fi password in a matter of keystrokes. Specifically, it's a social engineering
framework using an evil twin access point (AP), integrated jamming, and handshake capture
functions to ignore hardware and focus on the "wetware." Tools such as Wifiphisher execute
similar attacks, but lack the ability to verify the WPA passwords supplied.

Fluxion evolved from an advanced social engineering attack named Lindset, where the original
tool was written mostly in Spanish and suffered from a number of bugs. Fluxion is a rewritten
attack to trick inexperienced users into divulging the password/passphrase of the network.

Fluxion is a unique tool in its use of a WPA handshake to not only control the behaviour of the
login page, but the behaviour of the entire script. It jams the original network and creates a clone
with the same name, enticing the disconnected user to join. This presents a fake login page
indicating the router needs to restart or load firmware and requests the network password to
proceed. Simple as that.

Features

• Scan the networks.


• Capture a handshake (can't be used without a valid handshake, it's necessary to verify
the password)
• Use WEB Interface *
• Launch a FakeAP instance to imitate the original access point
• Spawns a MDK3 process, which deauthenticates all users connected to the target
network, so they can be lured to connect to the FakeAP and enter the WPA password.

20
• A fake DNS server is launched in order to capture all DNS requests and redirect them
to the host running the script
• A captive portal is launched in order to serve a page, which prompts the user to enter
their WPA password
• Each submitted password is verified by the handshake captured earlier
• The attack will automatically terminate, as soon as a correct password is submitted

Airgeddon

Airgeddon is a multi-use bash script for Linux systems to audit wireless networks. Airgeddon
will show lot of option with a menu that required different attack to use on the victim. Each of
the attack design different effect to perform a wireless attack with using multi use bash script.
Airgeddon including DDOS attack, WPS attack, Rogue Access Point, Evil Twin attack and
others.

Features

• WPS scanning (wash). Self-parameterization to avoid "bad fcs" problem


• Custom PIN association (bully and reaver)
• Pixie Dust attacks (bully and reaver)
• Brute force PIN attacks (bully and reaver)
• Parameterizable timeouts
• Known WPS PINs attack (bully and reaver), based on online PIN database with auto-
update
• Integration of the most common PIN generation algorithms (ComputePIN, EasyBox,
Arcadyan, etc.)
• Offline PIN generation and the possibility to search PIN results on database for a target

21
Comparison table of tools

Tools Fluxion Airgeddon


Type of Attacks 1. Aircrack 1. mdk3
2. Lighttpd 2. hashcat
3. airmon-ng
3. Hostapd
4. aircrack-ng
5. hostapd
6. lighttpd
7. iptables
Operating System Kali Linux Kali Linux
Process Easy and Fast Medium and Complicated

Selection Tool (Fluxion)

For the vulnerability testing will be choosing Evil Twin Attack (Fluxion) to proceed the testing.
Fluxion can be git clone from the GitHub and using the terminal to run the command line.
Fluxion is a simple and easy tools for do the testing.

6.0 Testing Plan and Result

Machine Name: Ubuntu 64-bit

Date and Time: 9/10/2019, 10.00pm

1. Download or Git Clone the File

22
2. Run Fluxion

Goto extracted directory where fluxion.sh is located and Run ./fluxion.sh .

If all required file are updated and installed then fluxion will run, otherwise a list of unavailable
files will show.

3. Install Required Files

For this go to install directory and open terminal there. Now, run: ./install.sh

4.Cracking WiFi

Select Language

23
Select Channels, it will start scanning your nearby networks on all channels.

Enter ID of channel to crack

Select FakeAP - Hostapd

24
Select pyrit

Select Deauth all

Wait for handshake

25
After handshake is captured close both windows and in Status Handshake select Check
handshake.

Select Create a SSL certificate and Web Interface

26
Select Login Page

5. Result

Now wait for the user to connect to our open twin Ap and enter key for authentication.

After a user is connected he/she has to enter the password. As soon as target enters the password
so attacker can get the password.

27
28
29
7.0 Conclusion

Given the success of Wi-Fi networks, wireless clients are vulnerable to a variety of threats such
as the evil twin attack. This attack evolves from traditional phishing attacks and is well known as
the wireless version of email phishing scams. The attack requires no special equipment and is
easy to implement. Although few solutions exist today, most of them are designed to work on
corporation wireless devices. Two solutions were discussed with emphasis on their limitations.
Users can protect themselves by disabling their wireless network interface card (NIC) when not
connected to a wireless network. Users should also connect to Wi-Fi networks manually and
avoid setting up the device to connect automatically. When entering information on the web one
should always check the address bar to determine whether the web browser connection is secure
or not. The most powerful thing for the user to remember is to be vigilant, do not take things for
granted, and always confirm connections. Make sure to limit details in the conclusion. Keep it
succinct.

30
Individual Part - Wi-Fi Password Dictionary Attack (Liau Sze Nan
TP034915)

1.0 Statement
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols
and security certification programs developed by the Wi-Fi Alliance to secure wireless computer
networks. (Rouse, 2014) Although, WPA2 is widely in use to secure our wireless network today,
it still has vulnerable to perform attack such as dictionary attack. A dictionary attack is an attempt
to attack a password or authentication mechanism type brute force technique by trying hundreds
or sometimes millions of possible possibilities, such as words in a dictionary to determine its
decryption key or password. This is a method of breaking into a password-protected computer or
server by systematically entering every word in a dictionary as a password. Dictionary attacks are
often successful because many users and businesses use ordinary words as a Wi-Fi passwords.
(Inc, 2018) It successful against systems that employ multiple-word phrases, and unsuccessful
against systems that employ random combinations of uppercase and lowercase letters mixed up
with numerals. (Rouse, 2005)

Aim

To study the penetration testing of dictionary attack by using the aircrack-ng techniques

Objective

• To identify the techniques and features of aircrack-ng


• To demonstrate the walkthrough of dictionary attack
• To provide solutions of dictionary attack

31
2.0 Selection of Tools

Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and
WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless
network interface controller whose driver supports raw monitoring mode and can sniff 802.11a,
802.11b, and 802.11g traffic. It supported several operating systems such as Windows, Linux,
BSD, and OS X. It usually used to monitoring packet capture and export of data to text files for
further processing. Besides, it can be used to initiate attacks such replay attacks, deauthentication,
fake access points and others via packet injection. Furthermore, it also can used for testing purpose
such as checking WiFi cards and driver capabilities to capture and injection and cracking WEP,
WPA and WPS2 PSK. (Aspyct.org, 2018)

Aircrack-ng Features

Name Description
aircrack-ng Cracks WEP keys using the Fluhrer, Mantin and Shamir attack (FMS)
attack, PTW attack, and dictionary attacks, and WPA/WPA2-PSK using
dictionary attacks.
airdecap-ng Decrypts WEP or WPA encrypted capture files with known key.
Airmon-ng Placing different cards in monitor mode.
aireplay-ng Packet injector (Linux, and Windows with CommView drivers).
airodump-ng Packet sniffer: Places air traffic into pcap or IVS files and shows
information about networks.
airtun-ng Virtual tunnel interface creator.
packetforge-ng Create encrypted packets for injection.
ivstools Tools to merge and convert.
airbase-ng Incorporates techniques for attacking client, as opposed to Access Points.
airdecloak-ng Removes WEP cloaking from pcap files.

32
airolib-ng Stores and manages ESSID and password lists and compute Pairwise
Master Keys.
airserv-ng Allows to access the wireless card from other computers.
buddy-ng The helper server for easside-ng, run on a remote computer.
easside-ng A tool for communicating to an access point, without the WEP key.
tkiptun-ng WPA/TKIP attack.
wesside-ng Automatic tool for recovering wep key.

KisMAC

KisMAC is a wireless network discovery tool for Mac OS X. It has a wide range of features, similar
to those of Kismet. The program is geared toward network security professionals and is not as
novice-friendly as similar applications. It scan for networks passively on supported cards including
Apple's AirPort, and AirPort Extreme, and many third-party cards, and act on any card supported
by Mac OS X. It cracking of WEP and WPA keys, by brute force, and exploiting flaws such as
weak scheduling and badly generated keys is supported when a card capable of monitor mode is
used. (Software, 2018)

KisMAC Features

• Reveals hidden / cloaked / closed SSIDs


• Shows logged in clients (with MAC Addresses, IP addresses and signal strengths)
• Mapping and GPS support
• Can draw area maps of network coverage
• PCAP import and export
• Support for 802.11b/g
• Different attacks against encrypted networks
• Deauthentication attacks

33
• AppleScript-able
• Kismet drone support (capture from a Kismet drone)

Comparison Aircrack-ng KisMAC


Module Aircrack-ng 1.4 Kismac 0.3.4 Alpha1
Flexible yes yes
Friendly No need install Need install
User platform Linux, Windows, and etc MAC OS
license GPL GPL
Open source Yes Yes

3.0 Test Plan/Specification


Requirement of Software and Hardware

• VMware Workstation Pro 12 or above


• Kali Linux Operating System - kali-linux-2018.3-vm-amd64
• Wireless TP link adapter
• WPA2 Wi-Fi Router or Hotspot
• Client or user device such as mobile phone
• Aircrack-ng tool
• A password dictionary

Virtual Environment Setup

1. Install the VMware Workstation Pro 12 or above and setup the Kali Linux Operating
System - kali-linux-2018.3-vm-amd64 into the VMware.
2. Insert or plug in the Wireless TP link adapter and make sure the Kali Linux Operating
System is connected to the internet.

34
3. Create or download a password dictionary and make sure the Wi-Fi Router or Hotspot is
turning on.
4. Set the Wireless TP link adapter interface to monitor mode by using command airmon-ng.
5. Type the command airodump-ng to scan and monitor the surrounding Wi-Fi or Hotspot
available.
6. Select a target Wi-Fi and generate a handshake file.
7. Type the command aireplay-ng to deauthenticate client or user.
8. Type the command aircrack-ng to crack the handshake file with the password dictionary.
9. Connect to the target Wi-Fi or Hotspot by using the crack password.

35
4.0 Demonstration of walkthrough
1. Check the Wireless TP link adapter interface

Insert or plug in the Wireless TP link adapter and make sure the Kali Linux Operating System is
connected to the internet. To make sure the Wireless TP link adapter is connected to the Kali Linux
Operating System, type “ifconfig” command to list the configuration of network interface. Base
on the diagram above, the wlan0 is the Wireless TP link adapter interface.

2. Create or download a password dictionary

Create or download a password dictionary and locate it where you can find. Base on
the diagram, the testing.txt is my password dictionary and located at /root/Desktop.

3. Find the interface

36
Base on the diagram above, type “airmon-ng” to find the connected network interface. The wlan0
is the Wireless TP link adapter interface.

4. Set the network interface to monitor mode

Base on the diagram above, in the command prompt type “airmon-ng start wlan0” set the wlan0
network interface to monitor mode and it will become wlan0mon.

5. Scan the surrounding target Wi-Fi available

37
Base on diagram above, type the command “airodump-ng wlan0mon” to scan the surrounding
target Wi-Fi available. After that, press CTRL + C to stop the scanning, when you found the target
Wi-Fi. Now, the testing ESSID is our target Wi-Fi, is a WPA2 network security technology,
channel 1 and the BSSID is 84:C7:EA:7D:EE:7B.

6. Generate a handshake file

Base on the diagram above, generate a handshake file with the command “airodump-ng –channel
1 –bssid 84:C7:EA:7D:EE:7B – write handshake wlan0mon”

38
After that, it is important to have a user device to connect the target Wi-Fi. When a user device is
connecting to the target Wi-Fi, it will show the user device’s BSSID on STATION. Base on the
diagram above, the user device’s BSSID is 64:09:80:CC:1C:BC which is list on STATION.

If the handshake file is generate complete, it will located at /root.

7. Deauthenticate with aireplay

Base on the diagram above, type the command “aireplay-ng --deauth 5 -a 84:C7:EA:7D:EE:7B -c
64:09:80:CC:1C:BC wlan0mon” to deauthenticate the user.

8. Start dictionary attack

Base on the diagram, type the command “aircrack-ng -w /root/Desktop/testing.txt handshake-


01.cap” to start the dictionary attack.

39
Base on the diagram, the password of the testing target Wi-Fi is “nibuzhidao”

7.0 Evaluation and Solutions


As you can see, the ordinary or common words as a Wi-Fi passwords is easily to be crack by
performing dictionary attack. Aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking
program. It is able to crack the target Wi-Fi by perform dictionary attack to get the Wi-Fi password.
If the Wi-Fi password is not strong or complexity with combination of special characters such as
symbols, numbers, and capital letters, the Wi-Fi password is not secure anymore, although it is
protected by WPA2 network security technology.

So that, the Wi-Fi passwords need unique qualities, regular updating and a credible
password manager. Create strong passwords, the stronger of user’s passwords, the harder it will
be to guess. Stronger passwords can include by using combination of special characters such as
symbols, numbers, and capital letters to improve the complicated of password. Do not use some
common passwords, such as family’s name, nickname or birthday. And last but not least, change
the Wi-Fi password one a month to avoid users can guessing your Wi-Fi password or continuously
used your Wi-Fi.

40
Individual Part: EVIL TWIN ACCESS POINT ATTACK (Abdulaziz
Aljawder TP032807)

1.0 Introduction:
Over the years, wireless signals have evolved from hypothetical observations to easy-to-apply
sciences that play an important role in many aspects of modern life. Due to the discovery of radio
waves in 1880, wireless communication became conceivable, which led to the main exhibition of
telegraph communication. In 1901, operators transmitted short-range wireless signals between
Canada and the United Kingdom, the first long-distance wireless transmission. Later, Edwin
Armstrong discovered portable radios, FM frequencies and super regenerative receivers, all of
which laid the foundation for future developments in the field.

With innovative innovation, in 1970, Professor Norman Abramson created Alohanet, a pioneer
in Ethernet and future wireless signals. His development uses radio tags to quickly meet less
demanding information transmission needs. Later, in 1979, the main business simple mobile
phone framework was accessible in Japan. After a period of time, the progress of various mobile
phones in different countries is constantly increasing, and every mobile phone is striving to
expand the innovation of its pioneers. In 2000, South Korea promoted the widespread use of the
world's first 3G commercial system, and until 2009, 4G systems became popular. This latest
development also addresses a variety of device changes that will flock to 2.4 GHZ to ensure
more data transfer. Experts speculate on the future of wireless networks, and many predict that
these systems will continue to provide more accessibility to all users.

Thanks to the rapid development of wireless LANs and the widespread deployment of Wi-Fi
devices, it can help users easily access the network and allow users to connect to any Wi-Fi
wireless Internet hotspot in public places. As a result, they become more vulnerable to fraud and
identity theft.

41
Malicious evil twin attacks are attacks that clone a victim's Wi-Fi access point to a legitimate
access point. This attack on wireless networks has been known and documented for a long time.
To perform the attack, the routing access point broadcasts the SSID that the victim system needs
to interface with. Typically, clients connect to known networks as they enter the range. This is
especially true for public hotspots that do not use encryption because the client cannot
distinguish between real and malicious access points. If the attacker also provides Internet
access, the user will not notice any differences after connecting. Therefore, the usual
recommendation is to always use WPA2 encryption.

When using a public key, the connection to the rogue access point will not succeed because the
entry point cannot decrypt the packet from the client and vice versa. In any case, very little
information about how it affects WPA2 Enterprise.

Therefore, when a victim accesses a fake access point, the attacker can easily access the
information. An attacker could use a smartphone or any Internet-enabled device to create a
malicious dual access point. The attacker will access a legitimate access point. The clone access
point is then initiated and the same personal radio signal as the legitimate access point is sent.
After that, the victim will notice that there are two types of access points with the same network
name. The evil twin attack is not a new phenomenon in wireless transmission; it is called a base
station clone or honeypot. Now, enterprises have begun to use VPNs to protect corporate data
and employees using wireless devices from malicious attacks.

2.0 Aim and Objectives:


The goal is to perform a double attack of evil in real time in a real wireless network environment,
detecting vulnerabilities and finding solutions to problems. In our targeted evil twin attacks, the
evil twin AP pretends to be a legitimate person, enticing the victim to connect and use a
legitimate AP to forward the user's network packets to the Internet. The attacker will use his
laptop to connect to the network and the victim will use his smartphone to connect to the

42
network. Under this type of attack, an attacker can easily steal the victim's information without
having to create additional network connections for the Internet.

Threat Model and Assumptions:

It can be assumed that an attacker can operate a malicious access point that competes with a real
access point in a location such as a cafe. In addition to accessing secret key material, a rogue
access point can fully emulate a trusted access point. However, an attacker cannot destroy or
replace a trusted access point. In particular, an attacker cannot manipulate the communication
channel to manipulate the light of the access point in any other way that is external to the access
point. An attacker can manipulate a malicious access point in a hidden manner. However, it can
be assumed that any rogue access point is installed in a conspicuous place and the customer may
mistake it for a real access point and the cafe staff will discover and delete those access points.

Short Authentication Strings:

In our scenario, we cannot assume that the user's device and the wireless access point share a key
or have a public key certificate signed by a trusted third party. Instead, devices exchange public
keys over unsecured wireless channels and use them to protect their communications. The user
blocks man-in-the-middle attacks by verifying the exchanged keys on a low-bandwidth (verified)
visible channel. This can be done efficiently with the "short authentication string" protocol
because they have been described and proven to be safe.

43
Hardware and Software Requirements:

The hardware and software in the table below show the minimum requirements that researchers
need to perform this attack simulation.

Hardware &
software Description
Function - To provide network connection.

Purpose - To allow both the researcher and the victim to connect to a


Wi-Fi network.

Connection Limitation - Limited to a certain range.

Comparison - Researcher could use Bluetooth pairing attack.

Function - An external adapter for better Wi-Fi Connection


PROLINK Purpose - It allow to communication with network, which mean enable
wireless adapter computer connect to server and network device with LAN
connection.

Function - To be used to perform the attack.


- To enable the laptop to connect to the network device with
Purpose LAN connection.

Laptop - And to perform attack to the victim,


Limitation - Should be in range of the Wi-Fi.

Comparison - The researcher could use a tablet.

Function - To connect to the Wi-Fi

Purpose - To play the role of the victim.


Smart Phone Limitation - It must connect to the Wi-Fi.
- It should be in range of the Wi-Fi.
Comparison - It could be at tablet.

Function - It works as an Operating System.

Purpose - It is an Operation System that will allows the researcher to


perform the attack.

Kali Linux 2.0 Limitation - The researcher will have to learn Kali Linux commands.

Comparison The researcher could use:


- Metasploit

44
- Wireshark
- CORE Impact
Function - It allows the user to install and run other OS on a single
virtual machine.

Virtual Purpose - It will allow the researcher to run the Kali Linux 2.0

Machine 10 Limitation - It use the some of the laptop resources such as the Memory
and processing time.
- Thus, it is slower than an OS which is directly install on the
laptop.
Comparison The researcher could use:
- RVTools
- VMVision Manager.

3.0 Test Plan


Test Command Result
Check if monitor mode is ON iwconfig As Expected
Kills all Process that could airmon-ng As Expected
cause trouble to the simulation
Startup monitor mode airmon-ng start wlan0 As Expected
To double check if monitor iwconfig As Expected
mode is working
Start scanning the network airdump-ng wlan0 As Expected
Create fake access point airbase-ng –a As Expected
AA:AA:AA:AA:AA:AA –
essid “ALFA”- c 6 wlan0
Make sure fake access point is airodump-ng- channel 6 As Expected
working wlan0
De-authenticate the victim aireplay-ng – deauth 0 –a As Expected
smart phone and force him to 00:C0:CA:74:CC:7A wlan0

45
connect to the fake access
point.

4.0 Demonstration of walkthrough


This is an attack on the wireless infrastructure. Many people think they have a higher level of
security, such as WPA2 or even WPA, to defend against all types of attacks. However, this is not
necessarily the case. The following steps will show how Evil Twin Access Point allows access to
the client network or allows clients to access fake networks.

Step: 1

Evil twin attacks will require VMware machines, Kali Linux 2.0 and PROLINK wireless
adapters to attack. First you need to install a VMware machine on an Internet-enabled device and
then install Kali Linux 2.0 on a VMware machine. After installing Kali Linux and VMware, plug
the wireless adapter into the device.

Step 2:

Create an access point that is controlled by an attacker. Here, the study created an access point
controlled by an attacker. Also, he will use a smartphone to connect to the virtual access point. A

46
fake access point will be used to promote the same SSID as the original network. So when
someone sees their phone or laptop, they can see the same name as the original network. Users
may accidentally connect to the network and think this is their own network. Once a connection
is established, an attacker can eavesdrop on the entire network and obtain valuable information.

• In here I open terminal and type ‘iwconfig’ to check if monitor mode is on.

Step: 3

We have to create a monitoring mode. Because the network must be scanned to get the ESSID
and channel. So, airmon-ng checks. As you can see, we found three processes that could cause
problems. We will have to kill these processes by typing 'airmon-ng check kill' so they don't
interfere with our scans.

Step:4

47
Now we have to start up to monitor mode interface. So we type: ‘airmon-ng start wlan0. And we
should have a monitor mode on our interface.

Step:5

To double check we type ‘iwconfig’.

Step:6

Now, we will have to start scanning the network. We type ‘airodump-ng wlan airbase-ng –a
AA:AA:AA:AA:AA:AA –essid “ALFA”- c 6 wlan0’.

As you can see, the researchers are using WEP encryption. The type of encryption is less
important. This attack applies to WPA or WPA2. Therefore, the main information we need is the
ESSID, which is basically the ID or name of the network. We need the channel on which it is
located. Therefore, we will simulate this information by creating our own fake access points. Air
interface points: AA: AA: AA: AA: AA: AA - essid "ALFA" - c 6 wlan0.

48
Step: 7

Kali Linux provides a tool called "airbase-ng" that can be used to create fake access points. Now
we will create a fake access point. To do this, we need a BSSID and create a standard name. It
must be similar to the original address. Here, the researchers have copied essid to their original
access point so that when users view the access point, they will not be able to distinguish
between the differences. This is the command: 'airbase-ng -a AA:AA:AA:AA:AA:AA -
essid"ALFA" - c 6 mon0. The following image shows a virtual access point that was successfully
created.

Step:8
To make sure, the fake access point is running, we go to a new terminal and type in: ‘airodump-
ng –channel 6 wlan0.

49
Once we press the Enter key, we can see that the wireless network card is scanning the fake
access point. The figure below shows two "ALPHA" access points, one of which is a pseudo
access point and the other is the original access point. Users don't know that one is actually fake
and the other is original.

Step: 9
Now we will disconnect the user from the original access point and force him to connect to the
virtual access point. The only way is through a denial of service attack. We are going to use a
floating denial of service attack that will continually attack users and prevent them from
authenticating with the original access point. After a while, they should automatically connect to
the pseudo access point, which is an open authentication. Once they have established a
connection, the study will get their details. We can eavesdrop on what they do on the internet.

For the unauthentication attack, we will use the unauthentication packet. The user or client
typically uses this packet to terminate the connection. Here, the researchers will use it for his
advantage. In order to prevent users from reconnecting to the original access point, the researcher
will send a flood denial of service packet so that reconnection can be prevented. And they
establish a connection between the next closest access point, which will hopefully stop the
pseudo access point.

The way to study is to open a new terminal and type it; 'aireplay-ng - deauth 0 -a
00:C0:CA:74:CC:7A mon0. The following image shows a DE authentication packet sent to a
smartphone. And the smartphone is not connected back to the original access point.

The diagram blow show attack keeps on sending those packet to the victim smart phone.

50
Step: 10

The result is that the attack was very successful because the victim smartphone was not
connected to the original access point. So, after a while, it will try the next closest access point
and connect to the virtual access point again instead of the original access point. Researchers can
get valuable information from users.

Now the attacker can collect valuable information from the user smartphone.

51
5.0 Solution and Recommendations:
The problem may be less problematic by using physical sensors and link layer information to
collect and locate Evil Twin APs in a distributed architecture by using sensors throughout the
network. It can be used in many enterprise WLANs. and to Use a Hybrid approach for detection
of Evil Twin.

6.0 Conclusion:
Research simulations have been successful. Researchers can execute and attack and discover
vulnerabilities. In addition, the researchers provided solutions and recommendations to prevent
information theft. Evil twin attacks pose a serious security risk to the use of hotspots. Therefore,
it is highly desirable to equip users with additional tools and methods for verifying the APs to
which they are connected to ensure that these are real and not trapped by an attacker.

52
Reference
1. SourceForge. (2018). WebSploit Framework. [online] Available at:
https://sourceforge.net/projects/websploit/ [Accessed 10 Oct. 2018].

2. Hacking, E. (2018). Kali Linux Tutorial - Websploit Framework. [online] The World of IT &
Cyber Security: ehacking.net. Available at: https://www.ehacking.net/2013/05/kali-linux-
tutorial-websploit-framework.html [Accessed 10 Oct. 2018].

3. Thesignaljammer.com. (2018). What is a WiFi Jammer and Why You Might Need One.
[online] Available at: https://www.thesignaljammer.com/blog/what-is-a-wifi-jammer-and-why-
you-might-need-one/ [Accessed 10 Oct. 2018].

4. Medium. (2018). Hacking and jamming WiFi networks – Jack Mahoney – Medium. [online]
Available at: https://medium.com/@jackmahoney/hacking-and-jamming-wifi-networks-
d2a6ec51f0c2 [Accessed 10 Oct. 2018].

5. Aircrack-ng.org. (2018). Aircrack-ng. [online] Available at: https://www.aircrack-ng.org/


[Accessed 10 Oct. 2018].

6. SourceForge. (2018). WebSploit Framework. [online] Available at:


https://sourceforge.net/projects/websploit/ [Accessed 10 Oct. 2018].

7. rootsh3ll. (2018). Evil Twin Attack [A Step by Step Guide] (Updated 2018). [online] Available
at: https://rootsh3ll.com/evil-twin-attack/ [Accessed 10 Oct. 2018].

53
8. Aspyct.org, 2018. Aircrack-ng. [Online]
Available at: https://www.aircrack-ng.org/
[Accessed 28 September 2018].

9. Communications, P., 2017. Pioneer Communications. [Online]


Available at: http://www.pioncomm.net/wireless-internet-interference-happens/
[Accessed 228 September 2018].

10. Cook, A., 2015. Mirazon. [Online]


Available at: http://www.mirazon.com/5-phenomena-that-impact-wi-fi-signal/
[Accessed 9 October 2018].

11. Dorsey, B., 2017. Medium. [Online]


Available at: https://medium.com/@brannondorsey/crack-wpa-wpa2-wi-fi-routers-with-aircrack-
ng-and-hashcat-a5a5d3ffea46
[Accessed 28 September 2018].

12. Geier, E., 2017. NETWORKWORLD. [Online]


Available at: https://www.networkworld.com/article/2925081/wi-fi/8-free-wi-fi-stumbling-and-
surveying-tools.html#slide4
[Accessed 9 October 2018].

13. Geier, E., 2017. NETWORKWORLD. [Online]


Available at: https://www.networkworld.com/article/2925081/wi-fi/8-free-wi-fi-stumbling-and-
surveying-tools.html#slide9
[Accessed 9 October 2018].

54
14. Harwood, M., 2009. Person IT Certification. [Online]
Available at: http://www.pearsonitcertification.com/articles/article.aspx?p=1329709&seqNum=3
[Accessed 28 September 2018].

15.Inc, T., 2018. techopedia. [Online]


Available at: https://www.techopedia.com/definition/1774/dictionary-attack
[Accessed 1 October 2018].

16. Juniper, 2017. Juniper Networks. [Online]


Available at: https://www.juniper.net/documentation/en_US/junos-space-apps/network-
director3.1/topics/concept/wireless-interference.html
[Accessed 28 September 2018].

17. Mitchell, B., 2018. Lifewire. [Online]


Available at: https://www.lifewire.com/wifi-channel-number-change-to-avoid-interference-
818208
[Accessed 28 September 2018].

18. NetSpot, 2018. NetSpot. [Online]


Available at: https://www.netspotapp.com/wifi-interference.html
[Accessed 28 September 2018].

19. Rouse, M., 2005. TechTarget. [Online]


Available at: https://searchsecurity.techtarget.com/definition/dictionary-attack
[Accessed 1 October 2018].

55
20. Rouse, M., 2014. TechTarget. [Online]
Available at: https://whatis.techtarget.com/definition/Wi-Fi-Alliance
[Accessed 1 October 2018].

21. Software, E., 2018. kismac. [Online]


Available at: https://web.archive.org/web/20140914230616/http://trac.kismac-ng.org/
[Accessed 28 September 2018].

22. Solutions, C. D. G. L. t. 4., 2018. 4Gon Solution. [Online]


Available at:
https://www.4gon.co.uk/solutions/technical_factors_affecting_wireless_performance.php#obstru
ctions
[Accessed 28 September 2018].

56

You might also like