Wireless Network Penetration Testing
- Sep 10, 2013
- Guest Author
Cyber forensic investigators report that some of the most complicated and audacious hacks started in two simple ways: either with the compromise of an Internet-exposed web application or through the compromise of a misconfigured wireless network. Unified VRM Wireless module allows an organization to perform on-demand wireless penetration testing remotely and without cumbersome equipment.
The wireless module works by deploying a number of wireless probes or “agents” at the customer’s remote site. These agents communicate back to the cloud instance via an encrypted channel that allows for command and control.
Originally we deployed these agents using “SheevaPlug” pluggable small-factor hardware with a wired network interface and a USB wireless card / antenna. However, there were some limitations of this approach:
We recently deployed Unified VRM Wireless module with a new remote agent which proved to be extremely portable and powerful. The agent is called “R00tabaga” and it is distributed by ACE Hackware.
Based on their website, “The ACE r00tabaga MultiPwner combines the functionality of the original beloved Pen-test Drop Box with the man-in-the-middle capabilities of the ever-loved WiFi Pineapple in a single integrated device!” Integrating it into Unified VRM software-as-a-service was a straightforward exercise.
We deploy Metasploit in the agent device and use it for reconnaissance and attack once we are connected to the wireless network. Once we discover the target access point encryption key, then we can connect to the wireless network to start mapping and exploiting other targets.
In the man-in-the-middle attack mode, the wireless agent acts as a rogue access point responding to all the wireless clients request of connection. Once the client connects, the agent is able to sniff traffic and credentials from the unaware client.
The r00tabaga hardware also supports an external 4g mobile card to use an out-of-bad communication channel for command and control.
For Unified VRM the biggest strength of this remote wireless agent is in the vulnerability scanning and exploitation. Once connected to the wireless network, we are able to initiate remote vulnerability scanning. The discovered vulnerabilities can be exploited and user privileges escalated to other administrative users on the same target or even other hosts.
Learn more about NopSec’s approach to penetration testing and the methodology we use to secure applications and infrastructure from security breaches. Best Practices Guide: Penetration Testing.