-
-
Notifications
You must be signed in to change notification settings - Fork 218
Attacks
This file contains an explanation of every attack the tool is able to perform
It involves sending deauthentication frames to wireless devices, causing them to disconnect from the network. These frames are a type of management frame in the Wi-Fi protocol, used for managing network connectivity. The deauthentication frame contains the spoofed source MAC address of the AP or authorized device, along with the MAC address of the target device. When the target device receives the deauthentication frame, it interprets it as a request from the AP to disconnect. As a result, the device disconnects from the network
The WIDS (Wireless Intrusion Detection System) Confusion attack, implemented in the mdk4 tool, is a technique used to confuse or disrupt WiFi-based Intrusion Detection Systems. It takes advantage of the way wireless networks operate and attempts to overwhelm or confuse the monitoring systems. The attack can manipulate network traffic to confuse the WIDS by generating large numbers of association and deauthentication frames, disrupting the normal operation of clients connecting to the network. This can cause the WIDS to trigger false alarms or miss real attacks due to the high volume of disruptive traffic.
The attacker initiates the DoS attack by flooding the target Wi-Fi network with a large volume of authentication frames. This is performed via different tools, mainly using mdk4. As the APs resources become overwhelmed, it struggles to process legitimate authentication requests from genuine users. The AP may become slow, unresponsive, or even crash due to the excessive load caused by the attack. This could lead to a DoS (Denial of Services). Mitigating such attacks involves implementing various security measures, such as rate limiting the number of authentication requests per second, filtering and blocking suspicious traffic.
This attack overwhelms the network with a high volume of malicious beacon frames, disrupting its normal operation. Beacon frames are part of the 802.11 Wi-Fi protocol and are used by access points to announce their presence and provide network information to nearby devices. The attacker initiates the attack by continuously transmitting a high volume of malicious beacon frames into the target area. The target network and nearby devices receive the flood of malicious beacon frames, causing congestion and resource exhaustion. The excessive number of beacons can overload the Wi-Fi chipset of devices, leading to performance degradation and potential disconnections. However it rarely works.
There is no too much info about this attack, the tool itself says "Can shut down APs using TKIP encryption and QoS Extension with 1 sniffed and 2 injected QoS Data Packets" however it is not as useful as it seems, hardly ever it is able to shut down an AP.
It's a vulnerability found in the WPS (Wi-Fi Protected Setup) protocol. This attack takes advantage of a weakness in the generation of the public-private key pair during the authentication process. First of all the attacker finds the AP that have WPS enabled. If the AP uses weak PIN, the WPS protocol may inadvertently leak information that can be used to calculate the network's passphrase. In this attack you wouldn't have to crack anything as the password is retrieved in plain text.
It's a security vulnerability that targets the WPS feature of some Wi-Fi access points (APs). In a typical WPS setup, a user enters an 8-digit PIN on their device, which is then transmitted to the AP. The AP verifies the PIN and, if correct, grants access to the network. However, some APs have a flawed implementation where they accept an empty or null PIN as valid, thereby bypassing the security measures. Once the PIN is valid, it's the same as the Pixie Dust attack.
In a PIN brute-force attack, an attacker systematically tries all possible combinations of the 8-digit WPS PIN until the correct one is found. Since there are only 10^8 (100 million) possible combinations (00000000 to 99999999), a brute-force attack can be relatively quick compared to other methods of cracking Wi-Fi passwords.
The WEP ARP Replay attack takes advantage of the weaknesses in WEP's key management. In WEP-protected networks, the shared key is used for both encryption and integrity checks. The attacker intercepts an ARP request and response exchange between two legitimate devices on the network. These ARP packets are typically unencrypted. The attacker then replays the captured ARP request and response packets back onto the network. Since WEP uses a stream cipher for encryption, if the attacker replays the exact same packets, the encryption key is reused. The reuse of the WEP key due to the replayed ARP packets and the limited IV space makes it easier for an attacker to crack the encryption key. With enough captured packets and the corresponding IVs, the attacker can determine the WEP key using tools like Aircrack-ng.
The Hirte attack is a client attack which can use any IP or ARP packet. It extends the Caffe Latte attack (explained below) by allowing any packet to be used and not be limited to client ARP packets.
This attacks begins by exploiting weaknesses in ARP. ARP is used to map a known IP address to a MAC address in a local network. The attacker uses ARP spoofing to manipulate ARP tables, tricking devices on the network into sending their data to the attacker's machine, thinking it's the legitimate destination. WEP uses Initialization Vectors (IVs) to add randomness to the encryption process. The CaffeLatte attack involves collecting a sufficient number of these IVs by intercepting data packets sent over the network. The more IVs an attacker collects, the higher the probability of successfully cracking the WEP key.
In a fake authentication attack, an unauthorized device attempts to gain access to the network by pretending to be a legitimate device. The attacker sends a fake authentication request to the Access Point, pretending to be a device that wants to join the network. The fake authentication attack exploits these weaknesses to trick the Access Point into believing that the attacker is a legitimate device. The attacker may send forged authentication packets that mimic the structure of legitimate packets, attempting to convince the Access Point that the device is already authenticated. Once the fake authentication is successful, the attacker can proceed to collect Initialization Vectors (IVs).
This isn't a wifi attack like the already mentioned ones. Especially because this technique consists of abusing the protocol itself to capture the handshakes when a legitimate device connects to the AP. It doesn't interact directly with the targeted AP since it doesn't send any request. Then the attacker could try to crack the handshake using multiple tools like hashcat, john or aircrack-ng to obtain the AP password. This technique is usually combined with the deauthentication attack in order to force a device to send a handshake.
It's similar to the previous attack but it has some advantages. In this case the attacker doesn't need to wait until a legitimate client connects to the AP to generate a handshake, because the PMKID handshake can be captured by the attackers without interacting with the clients. The PMKID handshake is captured with hcxdumptool and cracked later with hashcat. Another advantage is that the handshake is smaller than a common WPA handshake so it could take you less time to crack it. It's currently one of the most effective attacks.
This attack involves creating a fake or malicious Wi-Fi network that appears to be a legitimate network. The attacker sets up a rogue access point with the same name (SSID) and similar characteristics as the legitimate network they want to impersonate, mainly using hostapd. Once the victim has connected to the malicious AP, the attacker can perform various malicious actions. They may attempt to capture sensitive information such as login credentials, inject malicious code into web pages, redirect the victim to phishing sites, or perform man-in-the-middle attacks.