NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge

Wireless Network Penetration Testing

Cyber forensic investigators report that some of the most complicated and audacious hacks started in two simple ways: either with the compromise of an Internet-exposed web application or through the compromise of a misconfigured wireless network. Unified VRM Wireless module allows an organization to perform on-demand wireless penetration testing remotely and without cumbersome equipment.

Using wireless probes and agents

The wireless module works by deploying a number of wireless probes or “agents” at the customer’s remote site. These agents communicate back to the cloud instance via an encrypted channel that allows for command and control.

Originally we deployed these agents using “SheevaPlug” pluggable small-factor hardware with a wired network interface and a USB wireless card / antenna. However, there were some limitations of this approach:

  1. Agents need to be plugged into an electrical outlet, since battery life is limited.
  2. There are limitations on the kind of attack vectors that can be employed.
  3. These agents were small but were still a little conspicuous.

We recently deployed Unified VRM Wireless module with a new remote agent which proved to be extremely portable and powerful. The agent is called “R00tabaga” and it is distributed by ACE Hackware.

 

Based on their website, “The ACE r00tabaga MultiPwner combines the functionality of the original beloved Pen-test Drop Box with the man-in-the-middle capabilities of the ever-loved WiFi Pineapple in a single integrated device!” Integrating it into Unified VRM software-as-a-service was a straightforward exercise.

How the Unified VRM Wireless module works

  1. Wireless site survey, via nearby wireless signal probing, allowing to enumerate all wireless access points and endpoints nearby, their signal strength and their encryption standards.
  2. Rogue access point detection, via wireless and wired network probing.
  3. Encryption key cracking for all the most common wireless encryption protocols (WEP, WPA, WPA2 and WPS) via dictionary attack and brute-forcing in the cloud.

We deploy Metasploit in the agent device and use it for reconnaissance and attack once we are connected to the wireless network. Once we discover the target access point encryption key, then we can connect to the wireless network to start mapping and exploiting other targets.

In the man-in-the-middle attack mode, the wireless agent acts as a rogue access point responding to all the wireless clients request of connection. Once the client connects, the agent is able to sniff traffic and credentials from the unaware client.

The r00tabaga hardware also supports an external 4g mobile card to use an out-of-bad communication channel for command and control.

For Unified VRM the biggest strength of this remote wireless agent is in the vulnerability scanning and exploitation. Once connected to the wireless network, we are able to initiate remote vulnerability scanning. The discovered vulnerabilities can be exploited and user privileges escalated to other administrative users on the same target or even other hosts.

Learn more about NopSec’s approach to penetration testing and the methodology we use to secure applications and infrastructure from security breaches. Best Practices Guide: Penetration Testing.

Schedule a Product Demo Today!

See how NopSec's end-to-end Cyber Exposure Management platform can organize your security chaos.