When people think of attacking wireless networks, Linux is the first operating system that comes to mind. Although there are great tools and resources available for Linux, there are also several outstanding auditing tools available for the OS X wireless hacker.
To perform a penetration test on a wireless network, you need first to find your target network. One good tool for discovering and attacking wireless networks is KisMAC.
Once KisMAC has been downloaded and installed it is quite easy to use. While you can start scanning for networks once KisMAC is loaded, it’s recommended to understand and set the right preferences for your needs.
In order to access KisMAC preferences, open the Preferences windows via the KisMAC menu bar – KisMAC | Preferences. Out of the nine available options, we are most interested in two: Filter and Driver. The Filter options allow you to designate specific MAC addresses that you do not want included in the scanning results. The Driver options allow you to choose the capture device and define scanning options such as channel hopping, hopping frequency and logging.
KisMAC has a built-in support for a wide range of chipsets. It supports both passive and active scanning. KisMAC supports Apple Airport (Hermes chipset) and Airport Extreme in active mode. Passive mode is supported for PCMCIA cards and with Prism2, Prism GT as well as USB wireless devices.
Scanning for Wireless Networks
The KisMAC interface is very intuitive and easy to understand. The main window displays all wireless networks and their information: channel number, SSID, BSSID, encryption type, signal strength and date last seen. Start scanning by clicking on the Start Scan button in the bottom right of the main window.
The Show Details button in the bottom left of the window allows you to obtain a significant amount of information about a specific access point. This information is essential to a penetration tester because it contains crucial information needed for a successful attack.
To perform successful penetration tests against wireless networks, it is important to understand the vulnerabilities associated with 802.11 networks. Being an open standard, security was the least concern and security mechanisms were developed as afterthought. Wireless network vulnerabilities can be broken down into two types: vulnerabilities due to incorrect configuration and vulnerabilities due to poor encryption, or lack of it.
Configuration problems account for many of the vulnerabilities associated with wireless networks. They are usually easy to exploit and are not of a great interest to the penetration tester. The growing number of wireless vulnerabilities led to deployment of one of the available encryption mechanisms to overcome the security problems. While wireless encryption seems to be a perfect protection from random prying eyes, its weakness will not stop the common hacker.