Detecting vulnerabilities in the WLAN with Wifislax
Overview
Many analysis programs, such as the Angry IP scanner, Etherape, Iptraf, the Net Activity Viewer, Wireshark, and Zenmap are available in the Wifislax | Network Tools menu to give you an overview of your a network.
These tools not only graphically visualize the local network but also provide the first indications of malicious or unusual traffic. With the well-known sniffing tool Ettercap, you can also record data transmissions, including insecure passwords on the internal network.
The Hping3, Mdk3, and Yersinia programs reveal weak spots in firewalls, clients, servers or routers using data flooding technologies. Yersinia also exploits known vulnerabilities in different network protocols to detect configuration deficits.
Applications such as Medusa and Hydra are dedicated to securing passwords and authentication mechanisms. Using dictionary attacks, these tools try to decrypt passwords, although Medusa primarily concentrates on the WLAN router. However, most programs from this group only work if you switch the computer's WLAN card to the monitor mode. You can do this at the command line with the command airmon-ng
: Without any parameters, it shows the WLAN card's current status. Then – if the WLAN adapter is not yet in monitor mode – enter the command airmon-ng start <Adapter>
(Figure 3).
You will also find tools that use a dictionary attack in the Decrypters menu. The menu assigns the tools to country-specific groups and also takes special hardware into account. For example, special scripts are available for providers Alice and Vodafone; they target the routers supplied by these providers, sounding them out for security vulnerabilities. The scripts that examine WLAN routers from manufacturers such as D-Link or TP-Link for gaps in the authentication are more neutral in their approach.
Additionally, other tools work independently of manufacturer and device. You can find these tools in the Suite aircrack-ng, Wireless, and Wpa submenus. The Aircrack suite offers extensive opportunities for sniffing data traffic on a WLAN; it can also extract WEP, WPA, and WPA2 keys from the WLAN using brute-force and dictionary attacks. Also, tools in the Aircrack suite can decrypt data streams that have been "secured" using a WEP or WPA key, provided that the associated key is known.
The Wireless and Wpa menus group offer additional analysis tools, which are again a mixture of command-based programs and tools with a graphical user interface. The focus of these utilities is also in finding and testing WLAN networks.
Lesser-known software, such as Wifi Metropolis, Minidwep-gtk (Figure 4), and GOYscript, are included, as well as the standard WLAN sniffer Kismet. The Wpa menu also includes several programs for recording WPA handshakes, such as Autohs GUI, coWPAtty, or HandShaker.
Many newer devices are integrated using WPS (WiFi Protected Setup) without cumbersome key acquisition on a WLAN. Authentication is usually performed using a PIN. This method has serious security vulnerabilities. Wifislax developers implemented their own Wpa wps submenu in order to detect the weak points on the WLAN. The Wpa wps submenu contains software that is suitable for detecting WPS-enabled devices on the WLAN, testing existing keys, and also generating PIN codes.
Additional Software
Wifislax may focus on network security, but it also provides several applications for data reconstruction. These include the programs Testdisk and Qphotorec programs in the System | Repair & Recover Tools menus. For forensic tasks under Wifislax | Forensics, you will also find some useful programs such as Dumpzilla and Grampus, which can be use for extracting metadata for forensic tasks.
If you are missing an application, you can install it using the package management system. Wifislax uses Slackware package management and – in the form of Gslapt – also provides a graphical interface for software installation that is strongly reminiscent of Synaptic under System | Wifislax packets administrator. You will also find a converter that allows you to convert third-party packages to the XZM package format used by Slackware (Figure 5).
Conclusions
Wifislax offers a good selection of testing tools, which you can use to track security vulnerabilities quickly for virtually all common WLAN security application scenarios. In addition, the Wifislax distribution is also capable of data reconstruction. The cumbersome installation wizard and the incomplete localization of certain programs are both areas for improvement.
Infos
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.