Wireless Network Security and Attacks

Questions and Answers

What does the target's registry provide that is valuable for exploitation?

System information, credentials, and configurations (correct)

User interface elements

Network traffic details

Hardware specifications

What is the primary benefit of using sleep control with timing in command execution?

Monitors user behavior effectively

Reduces command predictability and avoids detection (correct)

Allows for faster execution of commands

Increases system performance

What type of vulnerability allows direct command execution on a Linux server?

Remote Code Execution (RCE) (correct)

Cross-Site Scripting (XSS)

SQL Injection

Buffer Overflow

What does server-side exploitation aim to achieve?

To gain unauthorized access or control over the server

What is the function of keylogging?

To track and record keystrokes from users

Which of the following is NOT a common network service that can be exploited?

IMAP (Internet Message Access Protocol)

How does VNC injection facilitate exploitation?

It injects a VNC server for remote desktop control.

What is the first step to enable remote desktop access?

Install a VNC server or enable RDP

Which of the following vulnerabilities can be exploited in PDF files?

Buffer overflow

What is a primary component required to create a simple Android backdoor?

Command & Control (C&C) server

What is the main purpose of an Android backdoor?

To provide unauthorized remote access

What is the primary purpose of antivirus software?

To detect, prevent, and remove malicious software

What is the function of network segmentation?

To divide a network into smaller, isolated subnets for improved security

Which technique is NOT used to bypass antivirus software?

Debugging

What distinguishes a worm from a virus?

Worms are standalone programs that do not need a host to spread

What is one consequence of backdooring executables?

Loss of data integrity

Which of the following is NOT a method for securing a VNC connection?

Allowing unrestricted public access

Which type of Trojan is responsible for downloading additional malware?

Downloader Trojans

What is a common HID Attack method used to capture keystrokes?

Keylogger attacks

Which capability does Meterpreter NOT provide?

Creating backup system images

What best describes application whitelisting?

It permits only pre-approved applications to run on a system

Why is signal strength important in an Evil Twin attack?

Stronger signals attract more victims.

What is a common challenge faced when bypassing antivirus systems?

Behavioral detection through heuristic analysis

What role does social engineering play in client-side exploitation?

It manipulates psychology to deceive users into compromising actions

What is the primary purpose of packet sniffing?

To capture and analyze network packets

Which of the following strategies can help mitigate Evil Twin attacks?

Use WPA3 encryption

Which tool is commonly used to sniff and intercept traffic in Wireless MITM attacks?

Wireshark

What is the role of encryption in preventing keystroke sniffing attacks?

It converts data into an unreadable format for sniffers

What do Meterpreter resource scripts automate in penetration testing?

Run a series of commands automatically

Which tool from the list is specifically used to create fake access points?

Karma

What command is used to execute a Meterpreter resource script?

resource /path/to/script.rc

What is a common activity for someone using packet sniffing tools?

Capturing data packets for analysis

What is the initial step in exploiting a Windows machine?

Information Gathering

Which tool is commonly used for network scanning in the exploitation process?

Nmap

What is the purpose of payload generation in the exploitation phase?

To execute code on the target machine

What kind of session is achieved after the payload is executed on a Windows machine?

Meterpreter session

Which vulnerability can be exploited using the EternalBlue module?

MS17-010

Which of the following tools is suitable for vulnerability analysis on a Linux server?

Nessus

What is the role of post-exploitation in the attack process?

Establishing a foothold in the system

What technique is often used to deliver a malicious payload?

Phishing emails

What is the main purpose of an Evil Twin Attack?

To intercept user data by mimicking a legitimate Wi-Fi access point.

What is the first step in conducting an SMB relay attack?

Capture NTLM hashes using reconnaissance tools.

Which defense mechanism is effective against SMB relay attacks?

Enable SMB Signing to ensure integrity of communication.

What is the role of Metasploit in wireless penetration testing?

It offers exploit modules for various Wi-Fi vulnerabilities.

Which of the following accurately describes ARP Spoofing?

Manipulating ARP tables to route traffic through the attacker’s device.

What does the Karmetasploit tool primarily assist with?

Setting up access points for traffic capturing.

What type of attack does a Deauthentication Attack represent?

Forcefully disconnecting users from a legitimate access point.

Which aspect is NOT typically assessed during wireless penetration testing?

Assessing the physical layout of the network.

Study Notes

Wireless Network Attacks

• Wireless networks are susceptible to various attacks
• Keystroke sniffing involves capturing keystrokes
• Dump keys command is used for keystroke sniffing
• HTML smuggling exploits malicious HTML files to execute commands
• Meterpreter allows bypassing firewalls and network restrictions
• SMB relay attacks exploit communication between client and server

Network Services

• SMB: Server Message Block
• SSH: Secure Shell
• FTP: File Transfer Protocol
• HTTP/HTTPS: Hypertext Transfer Protocol
• RDP: Remote Desktop Protocol
• Telnet: Network Protocol

Vulnerability Assessment Tools

• Metasploit Framework: Penetration testing framework
• Wireshark: Network protocol analyzer
• Karma Toolkit: Wireless network attack tool
• Meterpreter: Post-exploitation framework
• Nmap: Network scanner

Security Concepts

• Intrusion Prevention System (IDS/IPS): Devices designed to detect and block malicious activity
• Application Whitelisting: Allows only pre-approved apps to run
• Network Segmentation: Dividing a network into smaller, isolated subnets
• Social Engineering: Exploits human psychology to deceive users

PDF Exploits

• Malicious JavaScript: Embedded code that executes when a PDF is opened
• Exploiting PDF Readers: Leveraging vulnerabilities in PDF readers
• Embedded Files: Concealing malicious executables or scripts within PDFs

Android Backdoors

• Unusual Network Traffic: Unexpected connections
• Unauthorized Apps: Apps with excessive permissions
• Battery Drain or Overheating: Device performance issues
• Mobile Threat Detection Tools: Lookout, Zimperium
• Network Monitoring: Wireshark, NetFlow

Evil Twin Attacks

• Mimicking Legit Wi-Fi Access Points: Creating fake access points to deceive users
• Capturing Credentials: Intercepting traffic and gaining unauthorized access
• Security Measures: Disabling auto Wi-Fi connection, Using strong passwords, Using VPNs, Deploying Wi-Fi Protected Access (WPA)

SMB Relay Attacks

• Responder: Tool for poisoning LLMNR, NBT-NS, and MDNS requests for credential relaying
• Metasploit: Framework for SMB relay attacks
• NTLMRelayX: Tool designed for SMB relay attacks
• Capture Credentials: Intercepting traffic and credentials for unauthorized access

Metasploit Framework

• Resource Scripts: Automate tasks within a Meterpreter session
• Registry Key in Windows: Container for configuration settings for OS and apps
• Advanced Meterpreter Techniques: Pivoting, persistence for access to other internal systems

Important Commands and Tools

• reg add: Create new registry keys and values
• msfvenom: Create malicious payloads
• nmap: Network scanner
• airodump-ng: Scan for nearby networks
• hostapd: Create rogue access points
• airmon-ng: Set Wi-Fi adapter to monitor mode
• aircrack-ng: Packet capture and analysis tools

Wireless MITM Attacks

• Evil Twin: Mimicking legit Wi-Fi access points
• Deauthentication: Forcing users off a legit AP
• ARP Spoofing: Manipulating ARP tables to intercept traffic
• Wi-Fi Pineapple: Device for conducting various MITM attacks

Description

This quiz covers various wireless network attacks, the tools used for vulnerability assessment, and key network services. It highlights concepts such as keystroke sniffing, SMB relay attacks, and the Metasploit Framework. Test your knowledge of how to protect wireless networks and understand the vulnerabilities they face.