CS1105I: ITT320 Introduction to Computer Security Progress Report

Verified

Added on 2021/07/02

AI Summary

This progress report for ITT320, Introduction to Computer Security, details a group project on wireless hacking. The report covers ethical hacking concepts, the objective of identifying network vulnerabilities, and the methods used, including wireless network analysis and dictionary attacks. It outlines the tools employed, such as CommView for WiFi and Aircrack-ng, along with a step-by-step guide on how the hacking method works, including discovering Wi-Fi networks, GPS mapping, wireless traffic analysis, conducting attacks, and breaking Wi-Fi encryption. The scope of the project focuses on wireless network security, addressing the risks involved, such as exposure to malware, and limitations like internet connectivity issues, lack of hacking skills, and device performance. The report also provides recommendations for defending wireless networks, such as changing and updating router settings. The project aims to analyze potential security issues in wireless systems and improve network security.

ITT320
INTRODUCTION TO COMPUTER SECURITY
PROGRESS REPORT
Class: CS1105I
Lecturer: Sir Lee Yee An
Group member:
1. Nadhirah binti Abdullah (2018296132)
2. Shahrieena Adina binti Suffian (2018273196)
3. Husna binti Hairol (2018273196)
4. Dayang Nur Zulaikha Binti Awang Alim (2018637326)
5. Mariny binti Mohamad Jamal (2018245968)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
Table of Content
Contents Page Number
1.0 Introduction 2
2.0 Objective 2
3.0 Method of Hacking
3.1 Step by step how the method works
3-4
4.0 Scope
4.1 Project Implementation
4.2 Risk Involves /Limitation during
Assessment
5-13
5.0 Ways to defend the wireless network 14-15
6.0 Recommendation 15

2
1.0 Introduction
Ethical hacking is also known as penetration testing or white-hat hacking that use the same
method as the hackers in order to identify potential threats that occur on a computer network. The
purpose of ethical hacking is to discover vulnerabilities from a hacker’s point of view for security
improvement. It helps to strengthen the system security and detect any weak point that can be a
target to the malicious hackers.
As the growth of internet became more advance, it has been a major concern for business and
government system. Despite of having the advantage such as advertising, e commerce and
information distribution and access, the possibility of being hacked are also high. Thus, most of
organization employ ethical hackers to have independent computer security professionals attempt
to break into their computer systems. Ethical hackers will evaluate the target systems security and
report back to the owners with the vulnerabilities that have been found and also try to improve the
systems.
In this project, we have decided to do wireless hacking where it will perform an attack on
wireless networks or access points that has confidential information such as authentication
attacks, Wi-Fi passwords, admin portal access and other related data. Wireless hacking are used
in ethical hacking to analyse the potential security issues faced by the wireless system.
2.0 Objective
• To evaluate the security and identify vulnerabilities in systems networks
• To keeps the computer secured from hackers.
• To identify possible weak point in the computer system or network.
• To analyse the information that can strengthen the security of the network.

3
3.0 Method: Wireless Network Hacking
 Wireless Network
Wireless network is a computer network that uses wireless data connections between nodes
and are not connected by cables of any kind. Wireless network are widely used and it is quite
easy to set them up. The use of wireless network helps in avoiding costly process of
introducing cable into buildings or as a connection between different equipment locations. A
wireless router is the most important device that connects the users with the internet.
 Security Problem
Although wireless network are advanced and have a great flexibility, hacker can still easily
sniff the network packet without having to be in the same building where the network is located.
Hacker can easily sniff the network from a nearby location since wireless networks
communicate through radio waves. Attacker use network sniffing to find SSID and hack a
wireless network.
Network sniffing is the process of monitoring and capturing all data packets that are
passing through a computer network with the help of a software tool that monitors or sniffs the
data flowing over computer networks.
 Tool used :
1. CommView for WIFI
This tools is used to capture data packets of wifi that need to be crack. CommView also
used to convert files into .cap file which is needed for cracking. In order to use this tools a
compatible WIFI adapter is needed.
2. Aircrack-ng
This tools is known for cracking WEP and WPA-PSK in Windows. It is used to retrieve
password from captured file from CommView for wifi software.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
3.1 Step by step how the method works
Nowadays, wireless networks has become extensively used not only by corporate organizations
but also by individuals and home users. In order to defend our self from being the victim of wireless
hacking, we should understand how the method works. Wireless hacking consists of the following
basic steps:
1. Discovering Wi-Fi Network
The first step is to scan any available networks within range by using Wi-Fi discovery tools
such as NetStumbler and NetSurveryor. It allows the hackers to gather information that can
be used to execute successful cyber-attack at the target system.
2. GPS mapping
Once a list of Wi-Fi networks is obtained, it can then be geographically visualized using maps.
One of the web –based service which is WiGLE can be used to show the listed networks on
map. It also can accepts feeds from Wi-Fi scanners.
3. Wireless traffic analysis
In this step it involves setting up the correct hardware and software for wireless hacking. For
the operating system such as windows will only be able to listen to traffic but don’t allow to
inject Wi-Fi traffic while others like Linux are able to do both. There is also some important
tools that used in wireless hacking such as Aircrack-ng that will work with specific wireless
adapter only. Once everything has been setup, tools such as Wireshark can be used to
analyse the wireless traffic.
4. Conduct attacks
After gaining information of the wireless network, hackers can use fragmentation attack where
it obtain up to 1500 bytes of PRGA (Pseudo Random Generation Algorithm). Once the PRGA
is obtained, it can be used to generate packets that are then used for various wireless injection
attacks. The hackers also can identify access point of the network and create a fake address
for spoofing. Besides that, denial of service attack also can be used by the hackers to forcefully
disconnect users who are actively connected to the target access point.
5. Break Wi-Fi encryption
This step involves finding the encryption key used in the target wireless network. The hackers
can used the Aircrack toolset which consist of airmon-ng, airodump-ng, airreplay-ng and
aircrack-ng that can be effectively used to crack the encryption key.

5
4.0 Scope
A wireless network is a series of two or more devices linked to each other by radio waves within
a limited space range. Devices on a wireless network have the flexibility to be in motion but must
being connected to a network and share the data with other network devices. One of the most
important points why they are so widespread is that their building costs are very cheap and fast
compared to wire networks. In a wireless network, they have access points which are extensions
of wireless ranges that act as logical switches. Although wireless networks offer great flexibility,
they also have their cons which is they have their own security problems. A hacker can sniff the
network packets from a nearby location as wireless networks communicate through radio waves.

6
4.1 Project Implementation
In this project, dictionary attack is used to perform wireless hacking. Dictionary attack is a brute-
force technique where attackers run through millions of common-words and phrases that can be
the possible password used by the target. It will check one by one of all the listed password for
authentication and if in those dictionary contains the correct password, the attackers will be able
to encrypt the Wi-Fi password. The requirement needed to carry out this project are Windows
10/7/8 version operating system for both user and attacker and a Wi-Fi adapter.
Before doing wireless hacking we need to ensure that the Wi-Fi adapter used is compatible with
monitor mode and packet injection. Wi-Fi adapter is needed to capture handshake during the
process. Then, install CommView For WiFi and aircrack-ng tools.
Step 1: Install CommView For Wi-Fi and aircrack-ng tools
Figure 4.1.1
The first step is to install CommView From Wi-Fi through CommView websites. Once the setup
is completed, the next tool that need to install is aircrack-ng. After completing aircrack-ng setup,
go to Windows and open control Panel. Then click System and Security settings then go to
system. In Figure 4.1.1, click advance system settings and click Environment Variables.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
Figure 4.1.2
From Figure 4.1.2, find path in system variables then click edit. Then create new and paste the
location of aircrack-ng tools.
Figure 4.1.3

8
Figure 4.1.4
To check whether the aircrack-ng has been inserted into the Windows, open cmd and type
aircrack-ng. The result will show as in Figure 4.1.5.
Figure 4.1.5

9
Step 2: Hack WiFi using CommView
Open CommView For WiFi and click start button. It will start to capture packets data and WiFi
available arounds it.
Figure 4.1.6
Then open logging and change the maximum directory size to 20000 and average log file size
to 100.
Figure 4.1.7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
To hack the desired network, go to nodes then click single channel mode and choose channel
of the target.
Figure 4.1.8
Once the number of packets data reach minimum 1500 packets, stop the searching and click file
then save the packets log as .cap
Figure 4.1.9

11
Step 3: Decrypt the password using aircrack-ng
Download any wordlist that consist millions of possible passwords text that can be used
as a bypass from the aircrack-ng. This technique also known as brute force dictionary
attack. Then open aircrack-ng folder and click aircrack-ng GUI. Click WPA (depend on
the type of the target network) then choose the current data packet file and wordlist then
click launch.
Figure 4.2.1
Then cmd will pop up as shown in Figure 4.2.2:
Figure 4.2.2