Wireless network hacking

From OLPC
Revision as of 06:28, 27 February 2008 by Vonankh (talk | contribs)
Jump to navigation Jump to search
  Please copy/paste "{{Translationlist | xx | origlang=en | translated={{{translated}}}}}" (where xx is ISO 639 language code for your translation) to Wireless network hacking/translations HowTo [ID# 112469]  +/-  

English | español


These instructions describe how to test wireless networks for security holes and how to use the various security softwares with the XO OLPC. However, great care should be taken in using these tools and software as they may brick your XO in the worst case or considerably bloat your configuration. (Especially when saving large data files...)

Updating Your Software/Firmware

Check General Firmware

http://wiki.laptop.org/go/Firmware
http://wiki.laptop.org/go/Upgrading_the_firmware

to do

Check Wireless Firmware

Check that you have a recent version of the wireless firmware by following these instructions: http://wiki.laptop.org/go/Test_Config_Notes#Update_the_wireless_firmware

Check Software

Install security related software

In order to continue we need some network tools:

wireshark      - Is the world's foremost network protocol analyzer (according to themselves)
kismet         - Is a 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
aircrack-ng    - Is a 802.11 WEP/WPA-PSK key cracking program that can recover keys from enough captured data packets
nessus         - Is a well known network vulnerability scanner
bind-utils     - Is a collection of utilities for querying name servers and looking up hosts.
traceroute     - is a computer network tool used to determine the route taken by packets across an IP network.

We can install all of these in one go (in the terminal application):

su
yum install wireshark kismet aircrack-ng nessus bind-utils traceroute

Probably you should use:

yum install wireshark_gnome

Configuration of Network Tools

to do

Performing the Analysis

Find a target network

Press the Mesh button and inspect any interesting access point (AP).

Check if the network has some form of security

If you can connect to the access point without any trouble, the network is not secured. Check the instructions at #Securing your network.

Collect Network data

Cracking a WEP key

Follow the instructions at this page: http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

TODO: We should write a short distillation of that wiki here.

Cracking a WPA key

Execute the following command in the terminal application while there is a client succesfully connected to the wireless access point:

 aireplay -0 5 -a <AP MAC> -c <Client MAC> ath0

Cracking a MESH network

to do


For More Info

http://wiki.laptop.org/go/Wireless_Driver_README
http://wiki.laptop.org/go/88W8388
http://wiki.laptop.org/go/Wireless#Capturing_wireless_traffic_on_the_xo
http://dev.laptop.org/ticket/4805
http://lists.infradead.org/pipermail/libertas-dev/2007-July/000607.html
http://lists.infradead.org/pipermail/libertas-dev/2007-December/001003.html
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Linux.Wireless.drivers.802.11ag.html
http://www.olpcnews.com/forum/index.php?topic=814.msg13043;topicseen

References:

http://www.wireshark.org/
http://www.kismetwireless.net/
http://www.aircrack-ng.org/doku.php
http://www.nessus.org/nessus/
http://www.tcpdump.org/tcpdump_man.html 

http://www.freebsd.org/cgi/man.cgi?query=traceroute
To check what's in the default installation: 
http://dev.laptop.org/~bert/joyride-pkgs.html