Wireless Network Security and Attacks

Questions and Answers

What does the target's registry provide that is valuable for exploitation?

• System information, credentials, and configurations (correct)
• User interface elements
• Network traffic details
• Hardware specifications

What is the primary benefit of using sleep control with timing in command execution?

• Monitors user behavior effectively
• Reduces command predictability and avoids detection (correct)
• Allows for faster execution of commands
• Increases system performance

What type of vulnerability allows direct command execution on a Linux server?

• Remote Code Execution (RCE) (correct)
• Cross-Site Scripting (XSS)
• SQL Injection
• Buffer Overflow

What does server-side exploitation aim to achieve?

To gain unauthorized access or control over the server (A)

What is the function of keylogging?

To track and record keystrokes from users (A)

Which of the following is NOT a common network service that can be exploited?

IMAP (Internet Message Access Protocol) (B)

How does VNC injection facilitate exploitation?

It injects a VNC server for remote desktop control. (C)

What is the first step to enable remote desktop access?

Install a VNC server or enable RDP (D)

Which of the following vulnerabilities can be exploited in PDF files?

Buffer overflow (A)

What is a primary component required to create a simple Android backdoor?

Command & Control (C&C) server (A)

What is the main purpose of an Android backdoor?

To provide unauthorized remote access (B)

What is the primary purpose of antivirus software?

To detect, prevent, and remove malicious software (D)

What is the function of network segmentation?

To divide a network into smaller, isolated subnets for improved security (A)

Which technique is NOT used to bypass antivirus software?

Debugging (A)

What distinguishes a worm from a virus?

Worms are standalone programs that do not need a host to spread (A)

What is one consequence of backdooring executables?

Loss of data integrity (A)

Which of the following is NOT a method for securing a VNC connection?

Allowing unrestricted public access (C)

Which type of Trojan is responsible for downloading additional malware?

Downloader Trojans (C)

What is a common HID Attack method used to capture keystrokes?

Keylogger attacks (A)

Which capability does Meterpreter NOT provide?

Creating backup system images (C)

What best describes application whitelisting?

It permits only pre-approved applications to run on a system (B)

Why is signal strength important in an Evil Twin attack?

Stronger signals attract more victims. (A)

What is a common challenge faced when bypassing antivirus systems?

Behavioral detection through heuristic analysis (A)

What role does social engineering play in client-side exploitation?

It manipulates psychology to deceive users into compromising actions (C)

What is the primary purpose of packet sniffing?

To capture and analyze network packets (C)

Which of the following strategies can help mitigate Evil Twin attacks?

Use WPA3 encryption (A)

Which tool is commonly used to sniff and intercept traffic in Wireless MITM attacks?

Wireshark (C)

What is the role of encryption in preventing keystroke sniffing attacks?

It converts data into an unreadable format for sniffers (B)

What do Meterpreter resource scripts automate in penetration testing?

Run a series of commands automatically (B)

Which tool from the list is specifically used to create fake access points?

Karma (B)

What command is used to execute a Meterpreter resource script?

resource /path/to/script.rc (C)

What is a common activity for someone using packet sniffing tools?

Capturing data packets for analysis (C)

What is the initial step in exploiting a Windows machine?

Information Gathering (B)

Which tool is commonly used for network scanning in the exploitation process?

Nmap (B)

What is the purpose of payload generation in the exploitation phase?

To execute code on the target machine (A)

What kind of session is achieved after the payload is executed on a Windows machine?

Meterpreter session (C)

Which vulnerability can be exploited using the EternalBlue module?

MS17-010 (B)

Which of the following tools is suitable for vulnerability analysis on a Linux server?

Nessus (C)

What is the role of post-exploitation in the attack process?

Establishing a foothold in the system (A)

What technique is often used to deliver a malicious payload?

Phishing emails (C)

What is the main purpose of an Evil Twin Attack?

To intercept user data by mimicking a legitimate Wi-Fi access point. (B)

What is the first step in conducting an SMB relay attack?

Capture NTLM hashes using reconnaissance tools. (D)

Which defense mechanism is effective against SMB relay attacks?

Enable SMB Signing to ensure integrity of communication. (D)

What is the role of Metasploit in wireless penetration testing?

It offers exploit modules for various Wi-Fi vulnerabilities. (B)

Which of the following accurately describes ARP Spoofing?

Manipulating ARP tables to route traffic through the attacker’s device. (C)

What does the Karmetasploit tool primarily assist with?

Setting up access points for traffic capturing. (C)

What type of attack does a Deauthentication Attack represent?

Forcefully disconnecting users from a legitimate access point. (A)

Which aspect is NOT typically assessed during wireless penetration testing?

Assessing the physical layout of the network. (D)

Flashcards

Registry Exploitation

Accessing the system registry to find credentials and configurations to exploit the system.

Sleep Control with Timing

Using specific pauses to make commands unpredictable, avoiding detection.

Remote Code Execution (RCE)

Vulnerability allowing an attacker to run commands on a targeted Linux server.

Server-side Exploit

Attacking server vulnerabilities to gain unauthorized access or control.

Keylogging

Recording keystrokes to steal sensitive information like passwords.

Screen Capture

Taking snapshots or recording a screen to get sensitive information.

Exploitable Network Services

Common network services vulnerable to attacks (e.g., SMB, SSH, FTP).

VNC Injection

Injecting a VNC server into a compromised system for remote control.

Enabling Remote Desktop

The steps to allow remote access to a computer through a program.

Network Segmentation

Dividing a computer network into smaller, isolated subnets to improve security, performance, and manageability.

Antivirus Software

Software designed to detect, prevent, and remove malicious software, protecting systems from infections.

Application Whitelisting

Security approach allowing only pre-approved applications to run. Blocks unapproved or harmful software.

Virus

Malicious program that needs a host file (like a document) to spread.

Worm

Independent program that spreads through networks without needing a host file.

C&C (Command & Control)

Communication channels between an attacker and a compromised device (often in a backdoor).

Social Engineering

Exploiting human psychology to trick users into doing things harmful to their system.

Meterpreter Capabilities

Tools gained after compromising a system, allowing for actions like getting system info, escalating privileges, maintaining access, exfiltrating data, etc.

Bypassing Antivirus

Methods to evade detection by antivirus programs (e.g., avoiding known signatures, utilizing packing/obfuscation, or working around sandboxing).

VNC Security

Securing a VNC (Virtual Network Computing) connection using strong passwords, encryption, IP restrictions, and VPN/SSH tunneling.

PDF Exploit Techniques

Malicious PDF files can be exploited to execute code. This involves vulnerabilities like JavaScript, buffer overflow, malformed PDF structures, or malicious embedded links.

Android Backdoor Components

An Android backdoor needs payload (malicious code), a C&C server (command and control), an exploited vulnerability (in app or service), and persistence (to survive reboots).

Android Backdoor

Malicious software or code that provides remote access to an Android device without authorization, allowing an attacker to control the device, steal data, or execute commands from a distance.

Antivirus Bypass Techniques

These include obfuscation (making code hard to read), encryption, polymorphism (changing code), and code injection to evade antivirus detection.

HID Attacks

Attacks using Human Input Device (HID) interfaces (like USB keyboards, mice) to gain unauthorized access. Examples include keyloggers, mouse hijacking, BadUSB, and credential theft.

Backdooring Executables

Adding malicious code to legitimate executables, to secretly give attackers access and control, compromising confidentiality and unauthorized access.

Linux Trojans

Malicious programs disguised as legitimate software, designed to compromise Linux systems. Types include backdoors, rootkits, downloaders, and ransomware.

Evil Twin Attack Signal Strength

A stronger signal from a rogue access point (in an Evil Twin attack) attracts more victims, so they connect to the malicious network instead of the intended network.

Packet Sniffing

Capturing and analyzing network packets to intercept transmitted data.

Evil Twin Attack

Creating a fake Wi-Fi network to capture credentials.

MITM Attack

Interception of network communication between two parties.

WPA3 Encryption

Stronger Wi-Fi security protocol.

Wireless Intrusion Detection Systems (WIDS)

Systems to detect unauthorized Wi-Fi access points.

Meterpreter Resource Scripts

Automating tasks within a Meterpreter session.

Keystroke Sniffing

Recording keystrokes to steal sensitive data.

Encryption

Protecting data transmission from eavesdropping.

Ettercap

Tool for sniffing and intercepting network traffic.

Wireshark

Tool for network packet capture and analysis.

Aircrack-ng

Suite of tools for wireless network security analysis.

Cain and Abel

Password recovery and network traffic capture tool.

SQL Injection

An attack method used to inject malicious SQL code into a web application to gain unauthorized access to a database.

Windows Machine Exploitation

Process of gaining control of a Windows machine by identifying vulnerabilities and exploiting them.

Linux Server Exploit

Process of gaining control of a Linux server by identifying and exploiting security vulnerabilities.

Nmap

A network scanning tool used to discover open ports and running services on a target machine.

Vulnerability Scanner

Tools like Nessus, OpenVAS, or Metasploit to find exploitable security weaknesses.

Exploit Module (Metasploit)

Pre-built attack code for specific known vulnerabilities.

Payload Generation

Creating malicious code that delivers the exploit.

Meterpreter

A type of payload that gives the attacker remote control after a successful exploit.

Privilege Escalation

Gaining more access rights on the target system than originally granted or exploited.

Reconnaissance

Understanding the target system's environment before launching an attack.

Port Scanning

Identifying open network ports, checking for services running on the host machine.

Vulnerability Analysis

Systematically reviewing the target system for known security weaknesses using scanners such as Nessus, Nikto

Wireless MITM Attacks

Attacks that intercept network traffic between two parties.

Evil Twin Attack

A fake Wi-Fi access point mimicking a legitimate one.

Deauthentication Attack

Attack forcing users off a legitimate Wi-Fi network.

ARP Spoofing

Manipulating ARP tables to intercept local network traffic.

Wi-Fi Pineapple

A device designed to conduct various types of MITM attacks automatically.

Karmetasploit

Metasploit module enabling wireless penetration testing and credential capture.

SMB Relay Attack

Intercepting and relaying SMB authentication requests to gain unauthorized access.

SMB v1

An older, vulnerable version of SMB protocol.

SMB Signing

Ensuring the integrity of SMB communication to prevent tampering.

Wireless Penetration Testing

Assessment of Wi-Fi network security to find vulnerabilities.

Metasploit Framework

A tool for creating advanced penetration tests.

Study Notes

Wireless Network Attacks

• Wireless networks are susceptible to various attacks
• Keystroke sniffing involves capturing keystrokes
• Dump keys command is used for keystroke sniffing
• HTML smuggling exploits malicious HTML files to execute commands
• Meterpreter allows bypassing firewalls and network restrictions
• SMB relay attacks exploit communication between client and server

Network Services

• SMB: Server Message Block
• SSH: Secure Shell
• FTP: File Transfer Protocol
• HTTP/HTTPS: Hypertext Transfer Protocol
• RDP: Remote Desktop Protocol
• Telnet: Network Protocol

Vulnerability Assessment Tools

• Metasploit Framework: Penetration testing framework
• Wireshark: Network protocol analyzer
• Karma Toolkit: Wireless network attack tool
• Meterpreter: Post-exploitation framework
• Nmap: Network scanner

Security Concepts

• Intrusion Prevention System (IDS/IPS): Devices designed to detect and block malicious activity
• Application Whitelisting: Allows only pre-approved apps to run
• Network Segmentation: Dividing a network into smaller, isolated subnets
• Social Engineering: Exploits human psychology to deceive users

PDF Exploits

• Malicious JavaScript: Embedded code that executes when a PDF is opened
• Exploiting PDF Readers: Leveraging vulnerabilities in PDF readers
• Embedded Files: Concealing malicious executables or scripts within PDFs

Android Backdoors

• Unusual Network Traffic: Unexpected connections
• Unauthorized Apps: Apps with excessive permissions
• Battery Drain or Overheating: Device performance issues
• Mobile Threat Detection Tools: Lookout, Zimperium
• Network Monitoring: Wireshark, NetFlow

Evil Twin Attacks

• Mimicking Legit Wi-Fi Access Points: Creating fake access points to deceive users
• Capturing Credentials: Intercepting traffic and gaining unauthorized access
• Security Measures: Disabling auto Wi-Fi connection, Using strong passwords, Using VPNs, Deploying Wi-Fi Protected Access (WPA)

SMB Relay Attacks

• Responder: Tool for poisoning LLMNR, NBT-NS, and MDNS requests for credential relaying
• Metasploit: Framework for SMB relay attacks
• NTLMRelayX: Tool designed for SMB relay attacks
• Capture Credentials: Intercepting traffic and credentials for unauthorized access

Metasploit Framework

• Resource Scripts: Automate tasks within a Meterpreter session
• Registry Key in Windows: Container for configuration settings for OS and apps
• Advanced Meterpreter Techniques: Pivoting, persistence for access to other internal systems

Important Commands and Tools

• reg add: Create new registry keys and values
• msfvenom: Create malicious payloads
• nmap: Network scanner
• airodump-ng: Scan for nearby networks
• hostapd: Create rogue access points
• airmon-ng: Set Wi-Fi adapter to monitor mode
• aircrack-ng: Packet capture and analysis tools

Wireless MITM Attacks

• Evil Twin: Mimicking legit Wi-Fi access points
• Deauthentication: Forcing users off a legit AP
• ARP Spoofing: Manipulating ARP tables to intercept traffic
• Wi-Fi Pineapple: Device for conducting various MITM attacks

Description

This quiz covers various wireless network attacks, the tools used for vulnerability assessment, and key network services. It highlights concepts such as keystroke sniffing, SMB relay attacks, and the Metasploit Framework. Test your knowledge of how to protect wireless networks and understand the vulnerabilities they face.