Wireless Methodology

• Threat Assesment 

-identify the wireless threats facing an organisation info assets

• Upgrading infrastruture

-Change or upgrade existing infrastructure of software, hardware or network  design

• Risk Prevention and Response

-provide comprehensive approach of preparation steps that can be taken to prevent inevitable exploitation

• Security Control Auditing

-to test and validate the effieciency of wireless security protections and controls

• Data Theft Detection

-Find streams of sensitive data by sniffing the traffic

• Info Systems Management

-Collect info on security protocols, network strength and connected devices

Wireless Pen Testing Framework:

• Start
• Discover wireless devices
• If wireless device is foind, document all findings
• If the wireless device found using wi fi network then perform general wi fi network attack and check if it uses WEP encryption
• If WLAN uses WEP encryption then perform WEP encryption, then perform WPA/WPA2 encryption pen testing or else check if it uses WPA/WPA2 encryption
• If WLAN uses WEP encryption then perform WPA/WPA2 encryption, then perform WPA/WPA2 encryption pen testing or else check if it uses LEAP encryption
• If WLAN uses LEAP encryption, then perform LEAP encryption pen testing or else check if WLAN is encrypted
• If WLAN is unencrypted, then perform unencrypted WLAN pen testing or else perform general wifi network attack

Pen Testing for General Wifi Network Attack:

• Create Rogue Access Point
• Deauthenticate the client using the tools such as Karma, airpplay-ng, etc  and then check for client documentation
• If client is deauthenticated, then assocciate with the client, sniff the traffic, and check if passphrase/certificate is acquired, or else try to deauthenticate the client again
• If passphrase is acquired then crack the passphrase using the tool  wzcook to steal confidential info or relse try to deauthenticate the client again.

Pen Testing WEP encrypted WLAN:

• Start
• WEP encrypted WLAN
• Visible SSID - check if visible or hidden
• If SSID is visible, sniff the traffic and then check the status of packet capturing
• If the packets are captured/injected, then break the WEP key using tools such as aircrack-ng, WEPcrack etc or else sniff the traffic again
• If SSID is hidden, then deauthenticate the client using tools such as aireplay-ng, commview for wifi etc, associate the client and then follow the procedure of visible SSID

Pen Testing WPA/WPA 2 Encrypted WLAN:

• Deauthenticate the client using tools such as Karma, Aireplay-ng
• If client is deauthenticated, sniff the traffic and then check the status of capturing EAPOL handshake or else try to deauthenticate the client again
• If EAPOL handshake is captured, then perform PSK dictionary attack using tools such as coWPAtty, Aircrack-ng, to steal confidential info or else try to deauthenticate the client again

Pen Testing LEAP encrypted WLAN:

• Deautheticate the client using tools such as karma,airplay-ng
• If client is deauthenticated, then break the LEAP encryption using tooks such as Asleap, THC-LEAPcracker to steal confidental info or else try to deauthenticate client again

Pen Testing Uncrypted WLAN:

• Check if SSID is visible or hidden
• If SSID is visible sniff for IP range and then check the status of MAC filtering
• if MAC filtering is enabled, spoof valid MAC using tools such as technitium MAC add changer (TMAC), mac add changer, change mac add etc  or connect to the AP using IP within the discovered range
• If SSID is hidden, then deauthenticate the client using tools such as aireplay-ng, commview for wifi associate the client and then follow the procedure of visible SSID