CHAPTER IV: PRESENTATION AND DISCUSSION

CHAPTER IV

PRESENTATION AND DISCUSSION

NETWORK TOPOLOGY AND SECURITY PROTOCOLS OF WLAN OF COLLEGE

OF ENGINEERING AND ARCHITECTURE OF PANGASINAN STATE
UNIVERSITY URDANETA CITY CAMPUS

Figure 4. Topology of the Network of College of Engineering and Architecture

43
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 4 shows the network topology of the College of Engineering and

Architecture of Pangasinan State University Urdaneta City Campus. Topology is the

graphical representation of the overall structure of the network. Figure 4 shows that the

main connection is the internet service provider (ISP). The ISP is connected to the

backbone switch located at Civil Engineering faculty. The backbone switch is connected

to the switches of the CEA where the routers are connected. See Appendix A for the

actual photo of the backbone switch.

Table 3. Scanned Result in Monitor Mode

Architecture Civil Computer Electrical Mechanical
Department Engineering Engineering Engineering Engineering
WLAN
Security
Protocol
WPA2 WPA2 WPA2 WPA2 WPA2

Archi CE CpEDept PSUWifi PSUWifi2

SSID Department Department
MAC 00:24:01:E8:1 84:16:F9:CB:6 58:D9:D5:52:9 0C:F4:D5:3F:DC 0C:F4:D5:3F:
Address 2:6A 9:01 6:B8 :78 D9:38

Authentica- PSK PSK PSK PSK PSK

tion

Equipment D-Link TP-Link Tenda F3 TP-Link TP-Link

DIR 655 Archer A7 EAP110 EAP110
Location Inside Inside Civil Inside Computer Attached to the Attached to the
Architecture Engineering Engineering wall in front of wall in front of
Department Department Department ENG’G2-102 ENG’G2-108
Faculty room at faculty room faculty room ground floor of ground floor of
the northeast beside rest room beside chemistry Engineering Engineering
corner of the for girls at the laboratory room Buiilding 2. Buiilding 2.
room. northeast corner at the northwest
of the said room. corner of the
said room.

44
 CHAPTER IV: PRESENTATION AND DISCUSSION

Table 3 shows the summary of the scanned result in monitor mode of the

reconnaissance phase. Table 3 shows the College of Engineering and Architecture

Department. It includes the Architecture Department, Civil Engineering Department,

Computer Engineering Department, Electrical Engineering Department, and the

Mechanical Engineering Department. The data gathered shows the WLAN security

protocol, the SSID also known as the network name, the MAC address, authentication,

the equipment used, or the routers used of the said WLAN and their location. See

Appendix B for the monitor mode result of reconnaissance presented in Aircrack-ng

suite.

According to the data gathered, the most used Wireless Local Area Network

security protocol is the WPA2 with an authentication of PSK which means their network

requires a key or password. Table 3 also shows the MAC Address of the Wireless Local

Area Network of College of Engineering and Architecture Department. For the SSID, the

Architecture, Civil Engineering and Computer Engineering Department has short cuts

SSID based on the name of their department. However, for the Electrical Engineering

Department, since they do not have their own network, according to Ma’am Pauline Roa

a faculty member of the Electrical Engineering Department, they are using the PSU

WLAN having a SSID of PSUWifi. The same goes with the Mechanical Engineering

Department having no own network according to Engr. Ryndell Casem a faculty member

of Mechanical Engineering Department, they are also using the PSU WLAN having a

SSID of PSUWifi2. See Appendix C for the step-by-step commands used in

reconnaissance using Aircrack-ng suite.

45
 CHAPTER IV: PRESENTATION AND DISCUSSION

Based on the data gathered, TP-Link is the commonly used router brand for the

WLAN of the College of Engineering and Architecture as shown in Table 2. Other

departments also used D-Link and Tenda. Actual photo of the equipment shown in

Appendix D. See Appendix E for the location of the said routers and the detailed

connection to the backbone switch. Full specifications of the said wireless routers are

shown in Appendix F.

HARDWARE AND MODULES USED IN PENTEST

Hardware Devices

According to Kevin Beaver (2018)[21], there are many tools, and each one is

designed to perform a particular test; nevertheless, there is no tool that can test for

everything. In this research study penetration testing for Wireless Loal Area Network, the

hardware devices used were selected based on its accessibility, versatility, performance,

portability, and prices. The researchers will utilize these devices for penetration testing.

Table 4 shows the comparison of the devices that can be used for the penetration

testing. The first column shows the actual name of the devices which includes the, ESP32

Wi-Fi Penetration Tool, USB Ethernet Adapter LAN Turtle SD, Alfa AWUSO36NHA

USB Wi-Fi adapter, Raspberry Pi 4B and the Wifi Pineapple Mark VII +AC Tactical.

The second column shows the accessibility of the hardware devices in terms of their

interfaces. In the third column shows the versatility of the devices when it comes to

penetration testing. In the fourth column shows the performance through the processor

and RAM used of the hardware devices. The fifth column shows the portability through

46
 CHAPTER IV: PRESENTATION AND DISCUSSION

their size and weight. The last column shows the price of the hardware devices in peso.

See Appendix G for the full specifications of these hardware devices.

Table 4. Comparison of Hardware Devices

Hardware De- Accesibility Versatility Perfomance Portability Prices
vices (Interface)
ESP32 WI-FI Command Network scanning: Dual-core 30mm x Php 537.83
PENETRATION Line Ineter- Packet sniffing: processor with 18mm to
TOOL face Deauthentication up to 240 MHz 50mm x
attacks: clock speed 23mm which
Evil twin attacks: Minimum of is about the
Rogue access point 520KB of size of a
detection: SRAM (Static small USB
DoS attacks: Random Ac- drive
cess Memory)
2mm to 7mm
and up to 4MB
thickness
of PSRAM
2 grams to
(Pseudo Static
10 grams of
Random Ac-
weight
cess Memory
USB Command Network ARM-based 15 x 7 x 0.5 Php
ETHERNET Line Ineter- monitoring CPU cm; 199.58 4,482.00
ADAPTER face Remote access 128MB of Grams
LAN Turtle SD Password cracking DDR2 slightly
Network mapping SDRAM larger than a
Social engineer- standard
ing attacks USB flash
drive

Alfa Command Wireless network It uses the Length: 8.5 Php 2,378
AWUS036NH Line Ineter- monitoring Atheros cm (3.35 in)
A USB Wi-Fi face Wireless AR9271 Width: 2.0
adapter penetration testing chipset. sup- cm (0.79 in)
Network Height: 1.4
ports IEEE
troubleshooting cm (0.55 in)
Range extension
802.11 b/g/n
Remote access standards and
38 grams
Network mapping can operate on
(1.34
both the 2.4
ounces)
GHz and 5
GHz frequency
bands

47
 CHAPTER IV: PRESENTATION AND DISCUSSION

RASPBERRY PI Command Network scanning Quad-core Length: 8.6 Ph-

4B Line Ineter- Wireless network ARM Cortex- cm (3.4 in) p11,205.84
face auditing A72 processor Width: 5.5
Password cracking running at up cm (2.2 in)
Security camera Height: 1.7
to 1.5 GHz, up
monitoring cm (0.7 in)
to 8 GB
VPN gateway
46 grams
(1.62
ounces)
WiFi network Quad-core Dimensions: Ph-
WIFI PINEAP- Command auditing ARM proces- 125mm x p11,150.37
PLE MARK Line Ineter- Man-in-the-middle sor running at 83mm x
VII+AC face and attacks 1.4 GHz, 2 GB 29mm
Graphical Rogue access point
TACTICAL of RAM
detection Weight:
User Inter-
Wireless intrusion 224g (7.9
face detection oz)
Wireless security
testing

The researchers selected two devices to be used for penetration testing. First, the

major factor that the researchers considered was accessibility. It is very convenient for

the researchers to use a device having a Graphical User Interface (GUI) since it is no

longer hard for them to memorize codes and commands. One more thing is the

researchers are looking for a device that is capable of capturing information from

networks. Wide range devices are also considered in selecting the hardware device.

Therefore, the researchers selected the Alfa AWUS036HHA USB Wi-Fi adapter that will

be used for the reconnaissance. The Wifi Pineapple Mark VII +AC Tactical will be used

for penetration testing.

The Alfa AWUS036HHA USB Wi-Fi adapter is one of the best things you can use

with Kali Linux for wireless pen testing (very popular among Kali Linux users). It's small,

has a great range, and costs very little. Setting up is easy because the drivers are already

built in. The Alfa AWUS036HHA USB Wi-Fi adapter must be plugged in to the PC in or-

48
 CHAPTER IV: PRESENTATION AND DISCUSSION

der to be used (Cyberpunk, 2018)[35]. Therefore, the researchers decided to use the Alfa

AWUSO36NHA USB Wi-Fi Adapter since Alfa AWUS036NHA is one of the most well-

known for monitoring mode wifi adapters (KaliTut, 2021)[34]. The researchers used this de-

vice for reconnaissance. The Alfa AWUSO36NHA USB Wi-Fi Adapter was bought by the

researchers in Shopee Philippines and was imported from Malaysia, the device cost is Php

2428 including shipping. The Alfa AWUSO36NHA USB Wi-Fi Adapter is shown in Fig-

ure 5. See Appendix H for the quick start guide and the hardware setup of Alfa AWU-

SO36NHA USB Wi-Fi adapter.

Figure 5. Alfa AWUSO36NHA USB Wi-Fi Adapter

The researchers used the device Alfa AWUSO36NHA USB Wi-Fi adapter as

shown in Figure 5. The Alfa AWUSO36NHA is a high-gain USB wireless adapter that al-

lows you to connect to wireless networks from your desktop or laptop computer. It sup-

49
 CHAPTER IV: PRESENTATION AND DISCUSSION

ports the 802.11n standard and has a maximum transfer rate of 150 Mbps. The adapter

comes with an external antenna that can be adjusted and rotated to improve signal strength

and range. This device supports the Aircrack-ng suite, that was used for the reconnais-

sance phase of the researchers. Aircrack-ng is a suite of tools used for penetration testing

and network security assessments. It is commonly used to test the security of wireless net-

works by attempting to crack WEP and WPA/WPA2-PSK encryption keys.

Figure 6. WIFI PINEAPPLE MARK VII+AC TACTICAL

The Wi-Fi Pineapple is a network auditing device used by several cybersecurity

and networking organizations. It is an easy-to-learn and use application that also delivers

thorough information regarding network security (Hautzinger, 2021)[23]. It is a strong and

versatile tool that, depending on the user's intention, may be useful or deadly. The wi-fi

50
 CHAPTER IV: PRESENTATION AND DISCUSSION

Pineapple is regarded as one of the riskiest services available give numerous possibly in-

experienced or would-be hackers access to several effective hacking capabilities This

hacking tool may be purchased by anyone for a little price (NI Cyber Guy, 2021)[25].

The researchers used the Wifi Pineapple Mark VII +AC Tactical for the Penetra-

tion Testing. The Wifi Pineapple has a web interface through which users can configure

the device, execute attacks, and monitor handshakes. The Wifi Pineapple Mark VII +AC

Tactical comes with a Wifi Auditing Adapter called MK7AC as shown in Figure 6. It is

connected to the Wifi Pineapple via USB port. It was built for Wifi Pineapple Mark VII

only that allows user to scan 5G networks. The said device has five (5) antennas, three (3)

for the Wifi Pineapple and two (2) for the wifi auditing adapter.

The Wifi Pineapple was purchased by the researchers directly from hak5

shop via a relative. It was pre-ordered and must wait forty-five (45) days and another ten

(10) days for the delivery to the Philippines via LBC. The device costs $199 excluding the

tax and the shipping fee. The Wifi Pineapple Mark VII +AC Tactical is shown in Figure 5.

See Appendix I for the hardware setup.

Modules

The Wifi Pineapple Mark VII +AC Tactical is a device equipped with various

modules, including Recon for reconnaissance. Within the Recon module are two (2) sub-

modules: "Deauthentication of Clients" and "Capture Handshakes", which can be utilized

to acquire network passwords. Additionally, the device has a PineAP module that contains

an "EvilWPA" module capable of initiating a fake access point attack. Moreover, down-

loadable modules such as "Evil Portal", "HTTPeek", and "MDK4" can be installed on the

51
 CHAPTER IV: PRESENTATION AND DISCUSSION

device to enhance its attacking capabilities. Overall, the Wifi Pineapple Mark VII +AC

Tactical provides numerous tools for conducting attacks on wireless networks.

PROCESSES OF INFILTRATING WIRELESS LOCAL AREA NETWORK SECURITY

PROTOCOLS

Reconnaissance

The reconnaissance phase is the first step in any cyber-attack, where attackers

gather information about the target network. This process involves identifying critical

details such as the Service Set Identifier (SSID) or network name, Basic Service Set

Identifier (BSSID) or Media Access Control (MAC) address of the network, number of

clients connected to the network along with their respective BSSIDs, the type of routers

and devices used by clients. Moreover, during the reconnaissance phase, attackers can

also identify the security protocols implemented by the network. One important security

protocol is the Management Frame Protection (MFP), which adds an additional layer of

security to the network by preventing attackers from using deauthentication attacks to

disconnect clients and gain access to sensitive data.

In addition to identifying the network's SSID and encryption type, reconnaissance

also includes identifying the presence of Wi-Fi Protected Setup (WPS) on the router.

WPS is a feature that simplifies the process of connecting to a secure wireless network

from a computer or other device. Another important factor in reconnaissance is

determining the channel strength of the network. Different channels have different signal

strengths and understanding this can help attackers optimize their attacks. Lastly, the time

of the reconnaissance is also important because it can impact the accuracy of the data

52
 CHAPTER IV: PRESENTATION AND DISCUSSION

collected. By conducting reconnaissance attacks, cyber attackers can gain a better

understanding of the target network's infrastructure, weaknesses, and potential

vulnerabilities. This information can then be used to plan and execute further attacks on

the network.

Figure 7. Connection of the Attacking Device to the Wifi Pineapple

To begin the attack, the attacker must first connect to the network of the WiFi

Pineapple. The WiFi Pineapple has both wired and wireless connectivity options, but it is

recommended to use a wired connection to avoid disconnection from the attacking device

to the WiFi Pineapple. To establish a wired connection, a Type-C cable can be used to

connect the attacking device to the WiFi Pineapple. This will be connected as an Ethernet

connection, providing a stable and reliable connection for the duration of the attack. See

Appendix J for the wired connection of the attacking device to the wifi pineapple via

type-c cable.

53
 CHAPTER IV: PRESENTATION AND DISCUSSION

The “Wifipineapple” is the secured network of the Wifi Pineapple. “Pinya” is the

open network of the Wifi Pineapple. “Pineapple_3050” is the wired connection of the

Wifi Pineapple and it is connected via ethernet. The Wifi Pineapple works either of the

three as shown in Figure 7. Configurations of the three connectivity were configured

during the hardware setup and can be changed whenever the attacker wants to change it.

See Appendix K for the changing of SSIDs of the network of the Wifi Pineapple. See

Appendix I for the hardware setup of the Wifi Pineapple.

Figure 8. Accessing the Web User Interface of the Wifi Pineapple

Second is open browser and type “172.16.42.1:1471”. The IP address 172.16.42.1

is the default IP address of the Wifi Pineapple shown in Figure 8. The port number 1471

is the default port number used for the web interface of the Wifi Pineapple. This IP

address and port number can be accessed in any web browser as long as the device is

54
 CHAPTER IV: PRESENTATION AND DISCUSSION

connected to the Wifi Pineapple. Attacker will be redirected to the web-based User

Interface of the Wifi Pineapple.

Figure 9. Root login of the Wifi Pineapple

Once the attacker has been redirected to the web-based User Interface of the WiFi

Pineapple, they will need to enter the password to gain full access to the operating system

of the device shown in Figure 9. The default username for the WiFi Pineapple is "root,"

and this account provides the attacker with complete control over the device's functions

and customization options. The default password for the WiFi Pineapple is

"Pineapple123," and it was set during the hardware setup of the device. It is important to

note that changing the default password is highly recommended to ensure better security

and prevent unauthorized access by other attackers. If the attacker wishes to change the

password, instructions on how to do so can be found in hardware setup of the Wifi

Pineapple.

55
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 10. Scanning of Networks

After gaining access to the operating system of the WiFi Pineapple, the attacker

should look for the "recon" module located in the left navigation menu of the home page.

Clicking on this module will redirect the attacker to the recon page, as shown in Figure

10. To start the scanning process, the attacker must first select the time duration of the

scan. Selecting "continuous" will provide real-time updates on the scanned networks and

clients. However, it is also possible to set the scan duration to 2 minutes, 5 minutes, or 10

minutes based on the attacker's preferences. Once the desired time duration has been

selected, the attacker can start the scanning process by clicking the "Scan" button. This

will initiate the reconnaissance phase of the attack, allowing the attacker to gather

important information about the target network and its connected clients.

56
 CHAPTER IV: PRESENTATION AND DISCUSSION

After a few seconds of scanning, networks will then appear including the

necessary information needed for the attacks shown in Figure 10. Scanned networks can

be expanded to show clients connected to the networks after pressing the “+” and will be

scaled down using the “-”. The information of the clients such as the BSSID and the type

of device used by the clients will be shown Figure 11. Note that in the scanning of

reconnaissance, internet connection for the wifi pineapple is optional.

Figure 11. Scanned Network with Clients

Lastly, to check if the scanning really works, get a phone, and try to connect to

the target network. Click on the network to see the BSSID of the phone shown in Figure

12. Check the BSSID of the phone to see if it is included in the scanned clients. If the

BSSID is included in the scanned clients, try to disconnect and then reconnect to the

network to see if the continuous scanning is updated. Attackers will then know that the

recon module of the Wifi Pineapple is working properly.

57
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 12. Connectivity of the Client to the target network

Deauthentication Attack

The Recon page of the Wifi Pineapple allows users to conduct various attacks,

including deauthentication attacks. This type of attack forces client devices to disconnect

from a particular network by sending forged deauthentication packets that imitate

legitimate messages sent by the access point or router. Deauthentication packets used in

attacks are designed to mimic legitimate messages that are transmitted by an access point

or router in order to disconnect a client device. When the targeted client device receives

these fake deauthentication packets, it will assume that it is being disconnected from the

network by the access point or router, causing it to disconnect as intended.It's important

to note that deauthentication attacks are not possible when clients or networks use

58
 CHAPTER IV: PRESENTATION AND DISCUSSION

Management Frame Protection (MFP) or when they are on a restricted channel. MFP

adds an extra layer of protection against deauthentication attacks by requiring a secure

exchange of frame signatures between the client and access point, making it difficult for

attackers to forge deauthentication packets.

To execute a successful deauthentication attack using the Wi-Fi Pineapple, the

attacker's primary objective is to obtain the password of the target network by capturing

handshakes. This can be achieved by utilizing the Capture Handshakes feature available

on the device. Once handshake capture feature has been enabled, the attacker can proceed

to deauthenticate all clients within range of the target network with a single click through

the Deauthenticate All Clients function shown in Figure 13. This method streamlines the

process and enables the attacker to quickly disrupt the connectivity of all devices within

the network, increasing the chances of password cracking and unauthorized access.

Figure 13. Capturing of Handshakes and Deauthenticating all Clients

59
 CHAPTER IV: PRESENTATION AND DISCUSSION

In deauthenticating clients there are two options, deauthenticating all clients and

deauthenticating single client. If the attacker wishes to focus on a particular client, they

can use the Deauthenticate Clients function to achieve this goal by clicking on the desired

target client and click “Deauthenticate Clients” as shown in Figure 14. The

deauthentication attack will result in sudden disconnection from the network, rendering

their device temporarily useless. This time, capturing handshakes still up so, if the client

that was deauthenticated will try to reconnect again, the wifi pineapple will still capture

the handshake.

Figure 14. Deauthenticating Client

To test the effectiveness of the attack, it is necessary to have a phone or device

that can be connected to the target network and will act as a target client. Using either the

"deauthenticating all clients" or "deauthenticating single client" method, the target client

should be disconnected from the target network, as shown in Figure 15. Once

disconnected, when the device is reconnected to the network, the WiFi Pineapple will act

60
 CHAPTER IV: PRESENTATION AND DISCUSSION

as a man-in-the-middle and attempt to intercept the information transmitted during the

reconnection. Specifically, the information that will be captured is the password of the

network. This process demonstrates how easily a hacker could gain access to sensitive

network information using a simple attack like deauthentication.

Figure 15. Disconnection of Client to the Network

Once the client/s reconnect to the network and start transmitting data, the Wifi

Pineapple device will capture handshakes as shown in Figure 16. The attacker will be

notified of the captured handshakes, which are saved in two different file formats: 22000

and pcap. These files can be downloaded and used for password cracking using brute

force or dictionary attack techniques to gain access to the network. Brute force is a

61
 CHAPTER IV: PRESENTATION AND DISCUSSION

method of guessing a password by trying every possible combination until the correct one

is found. Dictionary attacks, on the other hand, use pre-existing lists of commonly used

passwords and try them one by one until a match is found.

Figure 16. Handshakes Captured by the Wifi Pineapple

Credential Harvester
A Credential Harvester is designed to collect personal data including usernames

and passwords. The aim of a credential harvester is to trick people into providing their

login credentials or other sensitive information on a fake website or login page that looks

just like a legitimate one. Once the user enters their info, the credential harvester captures

it and sends it to the attacker's server. A range of unlawful activities, such as financial

fraud, identity theft, and unauthorized access to online accounts, can then be carried out

using the stolen data.

62
 CHAPTER IV: PRESENTATION AND DISCUSSION

The internet is commonly used by people. In order to use social media, participate

in online classes, or play online games, one requires a reliable internet connection. Most

students and employees are making use of the free wireless networks that are available at

Pangasinan State University's Urdaneta Campus. However, the large number of users on

these free wi-fi networks may cause the internet connection to sluggish. As a result of

these, some users will find another free wireless network that they are familiar with. All

the free wi-fi that is available in PSU provides a webpage that a user requires to agree to

certain terms and conditions, enter login credentials, or provide other information before

granting access to the internet.

Furthermore, this will be the advantage of the researchers to get the credentials of

the people in PSU. They will provide a free wireless network having the SSID that the

users are familiar with. If the users try to connect to it, a fake webpage will be displayed,

and the users will be forced to put their credentials. To do this, the researchers use Wi-Fi

Pineapple that can perform a man-in-the-middle (MITM) attack that can intercept

communication between two parties to steal sensitive information. See Appendix L for

the full installation of Evil Portal module. To do this attack, follow the step-by-step

instructions as shown in the figures below.

The first step in carrying out a credential harvester attack using the Evil Portal

module is to access the module through the Wifi Pineapple interface. This can be done by

clicking on the "Module" tab located on the left-hand side of the navigation page. Once

the module page is opened, search for the "Evil Portal" module and click on it to access

its interface. Figure 17 shows what the Evil Portal module button looks like. The

63
 CHAPTER IV: PRESENTATION AND DISCUSSION

module's interface provides various options for customizing the attack, such as selecting

the target network and designing the phishing page.

Figure 17. Module Page of the Wi-Fi Pineapple

Once the attacker accesses the Evil Portal module and browse through its

interface shown in Figure 18. The attacker will come across the Portal Library. This

library contains numerous portals created by researchers which are essentially fake

webpages imitating popular sites such as social networking platforms, e-commerce sites,

and fast-food platforms. The researchers have imported these portals into the library, and

they can be used for testing purposes. For more information on how these portals are

added to the Evil Portal library, check out the corresponding section in the appendix M.

Overall, the Portal Library is a valuable resource for cybersecurity researchers to simulate

various attacks and develop solutions to defend against them.

64
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 18. Interface of the Evil Portal with the Portal Library

To deploy the fake webpage, you need to activate a web server. This can be done

by clicking the “Web Server” button in your chosen software or platform. This button

will allow you to access the portal that you will use to host the fake webpage. After

activating the web server, the attacker can now activate the Portal by clicking “Activate”.

In this attack, the researchers used the PSU login. However, there are bunch of portals

that can be activated as shown in Figure 19. Portals will depend on the environment of

the target since the researchers’ target is in PSU. Click the “Preview” button to see the

fake web interface that the target will see.

65
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 19. Start the Web Server and Activating the Portal
Activating the portal requires starting the web server. This is because the web

server is responsible for hosting and serving the portal's content to users. Without a

running web server, the portal cannot be accessed by anyone. It is important to note that

attempting to activate the portal without starting the web server will result in failure.

Therefore, it is crucial to ensure that the web server is running before attempting to

activate the PSU-Login portal. To see the fake webpage of the PSU Login, click the

“preview”.

66
 CHAPTER IV: PRESENTATION AND DISCUSSION

After activating the webserver and the portal, start the attack by clicking the

“start” button of the Evil Portal shown in Figure 20. This time, the attack is running and

whoever connects to the open network of the Wifi Pineapple will be redirected to the fake

webpage of the PSU Login. Take note that this attack requires an internet connection for

the Wifi Pineapple to access the fake webpage. See Appendix N for the internet

connectivity of the Wifi Pineapple. In addition, successful attacks can lead to the theft of

sensitive information.

Figure 20. Starting the Credential Harvester Attack

In client's perspective, first the client is connected to the open network of the Wifi

Pineapple as shown in Figure 21. Upon connecting to the open network, the client will

then be redirected to the fake webpage of the PSU Free Wifi which asks for email

address, phone number, and a password. Since the Wifi Pineapple is connected to the

internet, the open network has internet. The objective of the attacker is to capture the

67
 CHAPTER IV: PRESENTATION AND DISCUSSION

information that the PSU Free Wifi is asking. This attack can easily be executed in PSU

since there are so many open networks in school.

Figure 21. Client’s POV of the Credential Harvester Attack

From the attacker's viewpoint, upon the target clicking on the sign-up button on

the fake PSU Free Wifi page, the evil portal or credential harvester will capture all the

information entered by the target. By revisiting the evil portal module in Wi-Fi

Pineapple, the attacker can observe that any credentials entered by the target are

immediately notified to them as shown in Figure 22. To view the information, click the

“View Log” button. With access to this sensitive information, the attacker can potentially

use it for various malicious purposes such as identity theft and fraud.

68
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 22. Viewing Log

If the "view log" button is clicked, the attacker can access the client's email

address, password, and mobile number that were entered shown in Figure 23.

Furthermore, the information reveals the BSSID of the client and the IP address of the

fake network. The Wifi Pineapple would continue to record data from clients for as long

as the attack remains active. Once the attack has been captured, the attacker would

receive a notification.

69
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 23. Captured Credentials of the Client

Fake Access Point Attack

Fake Access Point attack is the type of attack where an attacker sets up a rogue

Wi-Fi access point (AP) with the same name and characteristics as a legitimate AP in

order to trick users into connecting to it. Once connected, the attacker can intercept

network traffic by acting as a man-in-the-middle, potentially gaining access to sensitive

information such as login credentials, credit card numbers, or other data that's transmitted

over the network. Fake access point attacks are particularly dangerous because many

people automatically connect to any available Wi-Fi network without checking whether

70
 CHAPTER IV: PRESENTATION AND DISCUSSION

it's legitimate or not. This makes it relatively easy for an attacker to set up a fake access

point and lure unsuspecting victims into connecting to it.

This is a type of attack that can be done while on the Recon page of the Wifi

Pineapple. This can be done when the fake access point will be configured as same with

the target network and will set random password. Once the attack enabled, clients will not

be able to connect to the legitimate network unless the attack disabled. This attack also

captures handshakes from the clients which contain sensitive information about the

network.

To do this, first, click on the target network. Click on the “Clone WPA/2

AP”. It will be redirected to the configuration of the fake access point as shown in Figure

24. It will automatically copy the SSID and the BSSID of the target network. Next, enter

a random password depending on the encryption of the network. The encryption of the

fake access point must be the same as the target network. The fake access point should

not be hidden and disabled. To start the attack, click the “Capture Handshake”.access

point.

71
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 24. Configuration of the Fake Access Point

There is one other way of configuring the Fake Access Point, located at the

PineAP module of the Wifi Pineapple. PineAP can be used to create rogue access points

(APs) and capture network traffic, probe for client devices, and perform deauthentication

attacks. Additionally, PineAP can be configured to automatically harvest MAC

addresses, SSIDs, and other information from nearby Wi-Fi networks, allowing for more

targeted and effective attacks. PineAP module is located at the left navigation bar of the

Wifi Pineapple page just above the recon module. Upon clicking the PineAP module, it

will then be redirected to the home page of the PineAP as shown in Figure 25. Click the

“Evil WPA” to configure the Fake Access Point.

72
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 25. Home Page of PineAP Module

Figure 26 shows the PineAP Evil WPA feature of the Wifi Pineapple. This allows

attackers to configure the Fake Access Point manually. First, enter the SSID and the

BSSID of the target network. Next, enter a random password. Then select the encryption

that the target network has. Lastly, enable the attack and capture handshakes then save

the configuration.

73
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 26. Fake Access Point using Evil WPA

After saving the configuration, go back to reconnaissance page and deauthenticate

client or deauthenticate all clients as shown in Figure 27. Clients will be disconnected

from the target network. Clients will not be able to connect to the network unless the

attack disabled. When clients try to connect, they will need to enter the password again

and when they enter the password the Wifi Pineapple will capture the handshake.

74
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 27. Deauthenticating Client/s from the Target Network

The captured handshake of the Fake Access Point is in pcap file format shown in

Figure 28. These captured handshakes are downloadable and can be cracked using brute

force or dictionary attack. Captured handshakes are located at the recon page of the wifi

pineapple. It is also accessible in Evil WPA page “View Handshake”

75
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 28. Handshakes Captured by the Wifi Pineapple

Http Traffic Analysis

HTTPeek is a module for the WiFi Pineapple, a wireless penetration testing tool,

that allows you to intercept and modify HTTP traffic between clients and servers. The

basic function of HTTPeek is to act as a man-in-the-middle (MITM) proxy server,

intercepting all HTTP requests and responses that pass through the WiFi Pineapple's

network interface. One practical application of HTTPeek is that it can be used to identify

vulnerabilities in web applications. By intercepting the HTTP traffic between a user's

browser and a web server, you can examine the contents of requests and responses,

including cookies, headers, and other data, and look for potential security weaknesses.

76
 CHAPTER IV: PRESENTATION AND DISCUSSION

If a user accesses an unsafe website, or one that does not employ HTTPS,

HTTPeek can record and show all HTTP traffic in plain text between the user's browser

and the website's server. As a result, any private information sent via an HTTP

connection, including login passwords or personal information, may be intercepted, and

read by hackers with access to the same network. The researchers came up with the

concept of utilizing HTTPeek in Wi-Fi Pineapple to see if the users of free wireless

network in PSU are accessing any unsecured websites. See Appendix O for the full

installation of HTTPeek module. To do this attack, follow the step-by-step instructions as

shown in the figures below.

The first step in carrying out a HTTP traffic analysis attack using the HTTPeek

module is to access the module through the Wifi Pineapple interface. This can be done by

clicking on the "Module" tab located on the left-hand side of the navigation page. Once

the module page is opened, search for the " HTTPeek " module and click on it to access

its interface. Figure 29 shows what the HTTPeek module button looks like. Once inside

the interface, users can begin carrying out HTTP traffic analysis attacks.

77
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 29. Module page of the Wi-Fi Pineapple

After accessing the HTTPeek module through the Wifi Pineapple interface, the

next step for an attacker is to click the "Enable" button in the HTTPeek interface shown

in Figure 30. This will activate the sniffer feature of the tool and allow the attacker to

intercept data being transmitted over unencrypted HTTP connections. Once the sniffer

feature is enabled, HTTPeek will begin collecting sensitive information such as

usernames, passwords, and session cookies sent over these unencrypted connections.

Furthermore, images loaded by the client in a http webpage will also load using this

module. By using this information, an attacker can gain unauthorized access to

confidential user accounts or other systems on the network.

78
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 30. HTTPeek Home Interface

After enabling the sniffer, start the capturing process. Click the "Start" button and

will start the capturing of HTTP traffic on the wire and displaying it in real-time shown in

Figure 31. This functionality is essential for network administrators to monitor network

activity and identify potential security threats. By capturing network traffic,

administrators can analyze data packets transmitted between devices, detect suspicious

activities, and troubleshoot network issues. In addition, real-time monitoring provides

immediate notifications of any abnormal network behavior, allowing for prompt action to

be taken to prevent any negative impact on network performance or security. Overall, the

ability to start capturing HTTP traffic in real-time is a critical feature for maintaining

optimal network performance and security.

79
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 31. Start the capturing of HTTP traffic

From the client's perspective, the first step is to connect to the open network of

the Wifi Pineapple, which is illustrated in Figure 32. If the client is already connected to

the open wireless network and happens to visit an unsecured website by accident, it can

pose a significant security risk. For instance, the client visited http://shippingchina.com/

-- an example of an unsecured site that offers online selling, shopping, and logistics

services in China. This website contains numerous images that are typical for online

marketplaces, but also displays Chinese characters that may be hard for non-Chinese

speakers to understand.

80
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 32. Client Perspective while Accessing HTTP Site

From an attacker's point of view, when a client accesses an unsecured site as

shown in Figure 33. The attacker can intercept various types of data such as unsecured

URLs, cookies, post data and images from the targeted client. The attacker can continue

to capture this data until they disable the attack. This means that if the client continues to

browse unsecured sites, the HTTPeek module will keep providing information to the

attacker about what the client is accessing over HTTP or unsecured networks.

81
 CHAPTER IV: PRESENTATION AND DISCUSSION

In simpler terms, when a client accesses an unsecured website, an attacker can

easily access and gather different types of sensitive data being transmitted between the

client and the website. For instance, the attacker can obtain the URLs of the sites the

client visits, any information the client enters on the site, such as login credentials, and

even images that the client loads from the unsecured site. This type of attack can continue

without detection unless the attacker stops it. As long as the client continues to use

unsecured sites, the attacker will be able to gather more information using HTTPeek

module.

Figure 33. Attacker’s Perspective while the Client is Accessing HTTP Site
The attacker can also gain login credentials if the target carelessly visits an

unsecured site that asks for login credentials as shown in Figure 34. This time, for

instance, the client visited vulnweb.com. Vulnweb.com is a vulnerable web application

aimed at helping security professionals and enthusiasts to learn and practice web

82
 CHAPTER IV: PRESENTATION AND DISCUSSION

application security testing techniques. If the client entered his/her username and

password, HTTPeek is also capable of capturing such information.

Figure 34. Client Perspective while Accessing vulnweb.com

From the attacker's point of view, they can intercept and obtain login credentials

when a client accesses an unsecured website like vulnweb.com. As shown in Figure 35,

the attacker can capture the login information and use it to gain unauthorized access to

the user's account. To elaborate further, an attacker can use various methods to intercept

the data transmitted between the client and the website, such as using a network sniffer or

setting up a fake Wi-Fi hotspot. Once the attacker gains access to the login credentials,

they can use them to log in to the user's account and perform malicious activities such as
83
 CHAPTER IV: PRESENTATION AND DISCUSSION

stealing sensitive information, modifying, or deleting data, or carrying out fraudulent

transactions.

Figure 35. Captured Credentials

Beacon Flooding
Beacon flooding is a type of wireless network attack that aims to disrupt the

normal functioning of the target network by overwhelming it with a large volume of

frames. This type of attack can be carried out using the MDK4 module, which allows the

attacker to broadcast multiple networks with random SSIDs or a single SSID. The MDK4

module is a software module available on the Wifi Pineapple, which is a wireless

penetration testing tool used for testing and securing wireless networks. The goal of this

attack is to create congestion on the network, causing legitimate users to experience slow

connectivity or complete disconnection. By flooding the network with excessive beacons,

the attacker can render the target network unusable and compromise its security. It is

important for network administrators to implement measures to protect their networks

84
 CHAPTER IV: PRESENTATION AND DISCUSSION

from such attacks, such as limiting the number of beacons that can be received from a

single access point. See Appendix P for the installation of the MDK4 module.

The first step in carrying out a beacon flooding attack using the MDK4 module is

to access the module through the Wifi Pineapple interface. This can be done by clicking

on the "Module" tab located on the left-hand side of the navigation page. Once the

module page is opened, search for the "MDK4" module and click on it to access its

interface. Figure 36 shows what the MDK4 module button looks like. This interface

provides the attacker with various options for configuring and executing the attack, such

as selecting the target network, setting the duration of the attack, and choosing the type of

attack to carry out. It is important for network administrators to monitor their networks

regularly and take measures to prevent unauthorized access and attacks such as beacon

flooding.

Figure 36. Module Page of the Wifi Pineapple

The second step is, the user should click on "Attack Mode" and select the

"Beacon Flooding" option from the list of available attacks shown in Figure 37. It is

85
 CHAPTER IV: PRESENTATION AND DISCUSSION

important to note that this attack requires both input and output interfaces to be set to

monitor mode, which can be achieved by using the "wlan3mon" interface for both.

Furthermore, it is essential to continuously scan for any potential targets during the

attack, as this helps to identify vulnerable devices that may be susceptible to the attack.

This scanning process also ensures that the input and output interfaces remain in monitor

mode throughout the duration of the attack.

Figure 37. Setting Attack Mode and Input and Ouput Interfaces

The "Attack Options" feature allows the attacker to specify the SSID of the

networks shown in Figure 38. This feature can also be used to specify arbitrary SSIDs. It

should be noted that only one attack option can be used at a time for this type of attack.

By providing the ability to select specific or random SSIDs, the attacker can customize

their attack strategy according to their specific objectives. The ability to choose from

multiple options enables attackers to launch more effective attacks and potentially

compromise the security of targeted networks. After setting up all the necessary

86
 CHAPTER IV: PRESENTATION AND DISCUSSION

information about the attack, the attacker can start the attack by clicking the “Start”

button as shown in Figure 3.

Figure 38. Setting Attack Options and Starting the Attack

The output provides information on the success of the attack, including whether

the targeted network(s) have been compromised shown in Figure 39. By analyzing the

output, the attacker can determine the effectiveness of their attack strategy and adjust as

necessary. The ability to monitor the progress of the attack in real-time enables the

attacker to make informed decisions and optimize their approach for maximum impact.

The output can also be used to gather valuable information about the targeted network,

such as the types of devices connected and the security measures in place, which can be

leveraged for further attacks.

87
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 39. Output of the Beacon Flooding Attack

The client's experience with fake networks can be frustrating and confusing.

These fake networks often appear in the Wifi connectivity settings as multiple networks

with the same SSID, but with different security settings shown in Figure 40. The attack

opens three networks with same SSID “PSUWifi” however, it has different security

setting. This can make it difficult for clients to determine which network is the real one.

The constant refresh of these fake networks every five seconds can add to the confusion

and create a sense of distrust towards Wifi networks in general. Ultimately, the presence

of fake networks highlights the need for increased awareness and security measures when

connecting to Wifi networks.

88
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 40. Output of Beacon Flooding Attack in Client/s POV

Deauthentication and Disassociation

Deauthentication is a process by which an attacker sends forged deauthentication

packets to a wireless client, causing it to disconnect from its current access point. This

can be used to force a client to connect to a rogue access point set up by the attacker.

Disassociation is similar to deauthentication, but instead of forcing the client to

disconnect entirely, it causes the client to disassociate from its current access point

without completely disconnecting. Disassociation can be used to force a client to switch

to another access point and can also be used to gather information about the client's

89
 CHAPTER IV: PRESENTATION AND DISCUSSION

connection habits. MDK4 is a tool used for Wi-Fi penetration testing and it has a feature

that allows for the deauthentication and disassociation of wireless clients from access

points.

Furthermore, these features are often used by security professionals during

penetration testing to test the security of a wireless network by simulating an attack on

the network. A common scenario is when the attacker uses the mdk4 tool on their Wi-Fi

Pineapple. This is to send deauthentication and disassociation frames to the legitimate

access point, causing all connected devices to lose connectivity to the network. However,

this attack will not allow clients to connect to the network, unless the attack stops. See

Appendix P for the full installation of mdk4 module.

The first step in carrying out a deauthentication and disassociation attack using

the MDK4 module is to access the module through the Wifi Pineapple interface. This can

be done by clicking on the "Module" tab located on the left-hand side of the navigation

page. Once the module page is opened, search for the "MDK4" module and click on it to

access its interface. Figure 41 shows what the MDK4 module button looks like. This

interface provides the attacker with various options for configuring and executing the

attack, such as selecting the target network, setting the duration of the attack, and

choosing the type of attack to carry out.

90
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 41. Module page of the Wi-Fi Pineapple

After accessing the MDK4 module interface, the next step in performing a

deauthentication and disassociation attack is to select the attack mode shown in Figure

42. This can be done by choosing the "deauthentication and disassociation" option from

the available attack modes. The input and output interfaces should also be specified, with

"wlan3mon" being selected for both. It is important to note that reconnaissance should be

turned on during the attack process. This is necessary because the input and output

interface is in wlan3mon meaning both interfaces are in monitoring mode.

91
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 42. Choosing the attack mode and the input/output interface

After choosing the attack mode and setting up the input and output interface, enter

the necessary data for the chosen attack. The Attack Options #1 and #2 can be a client or

a network. Number 1 are the unaffected clients or. Attack Option networks while number

2 are the unaffected clients or networks. These files are saved under the cabinet module.

See Appendix Q for the configuration of the cabinet module. Attack options number 4 is

the channel of the target network. The channel of the target is shown in reconnaissance.

After setting up the necessary information about the attack, activate the attack by clicking

the “Start” button shown in Figure 43.

92
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 43. Setting Up the Attack Option and Starting the Attack

The deauthentication and disassociation attack is a type of wireless network attack

that aims to disconnect clients from the network. Figure 44 is a visual representation of

this attack, demonstrating how clients are disconnected from the network. The figure

shows that once a client is disconnected from the network through this method, they will

not be able to reconnect unless the attack is deactivated. This makes it an effective attack

for disrupting wireless networks and causing inconvenience or potential harm to users

who rely on these networks for communication or other critical tasks.

93
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 44. Devices Disconnected to the Network

Dictionary Attack
A dictionary attack is a type of cyber-attack where an attacker uses a list of words

from a pre-existing dictionary or a generated wordlist to try to guess a user's password.

The idea behind the attack is that many people use common words, phrases, or

predictable patterns in their passwords, making it easier for an attacker to guess them by

simply trying a large number of possibilities until they find the correct one. Dictionary

attacks are a popular method of password cracking because they can be automated and

can quickly try many different combinations without requiring much effort on the part of

the attacker. The researchers used the hashcat tool for cracking passwords. Hashcat is a

popular password cracking tool that uses GPU acceleration to perform brute-force attacks

and dictionary attacks on hashed passwords. Take note that this attack was done without

the help of the Wifi Pineapple.

94
 CHAPTER IV: PRESENTATION AND DISCUSSION

The process of cracking passwords requires the use of specialized tools such as

hashcat-6.2.6, which is readily available for download. The first step in initiating the

cracking process is accessing the properties of the hashcat-6.2.6 folder and copying its

location, as demonstrated in Figure 45. It's worth noting that access to hashcat-6.2.6 is

essential before proceeding with the cracking process. See Appendix R step-by-step

procedure on how to download it. While hashcat in Kali Linux is also suitable for

password cracking, researchers recommend using hashcat-6.2.6 due to its compatibility

with the command prompt, which requires less memory usage than the Kali Linux

version that runs through a virtual machine.

Figure 45. Copying the hashcat-6.2.6 folder location

Once the attacker has accessed the properties of the hashcat-6.2.6 folder and

copied its location, they can start the cracking of passwords using the command prompt.

The directory must be changed by typing "cd" before pasting the folder location and then

typing "\hashcat-6.2.6". After changing the directory, the attacker can initiate the

95
 CHAPTER IV: PRESENTATION AND DISCUSSION

password cracking process using the "hashcat -m 22000 CpEDept.22000 rockyou.txt"

command shown in Figure 46. This time the researchers are using the captured handshake

of the Computer Engineering Department CpEDept.22000 handshake was captured

during the deauthentication attack. The researchers are using rockyou.txt wordlist which

is a common password list used in hash cracking.

Figure 46. Command used for the cracking of Password using hashcat

After entering the command, it will take four minutes before it is cracked

shown in Figure 47. The cracking of a password using hashcat is dependent on the

specifications of the laptop used. The time taken to crack a password can vary

significantly depending on the complexity of the password and the power of the hardware

being used for the cracking process. In this case, the researchers used an Acer Aspire E15

Intel Core i5 8th generation processor with 12 Gb of RAM, which took four minutes to

crack a password. The program displays the progress of the cracking in both percentages

and exact numbers, given that rockyou.txt wordlist has 14,345,935 common passwords.

Overall, the speed and success of password cracking using hashcat will always depend on

a variety of factors, including hardware specifications, password length and complexity,

and the chosen wordlist.

96
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 47. Progress of Cracking using Dictionary Attack

The cracking of passwords is a common practice in the field of cybersecurity, and

it often involves the use of specialized tools like hashcat and wordlists such as

rockyou.txt. Figure 48 depicts the outcome of using these tools to crack a particular

password, along with its corresponding hash value. The figure suggests that the password

was successfully cracked, as evidenced by the plaintext version appearing next to the

hash value. This serves as a cautionary tale for the importance of selecting strong

passwords, as weak or easily guessable passwords can be vulnerable to attacks by

malicious actors.

97
 CHAPTER IV: PRESENTATION AND DISCUSSION

Figure 48. Cracked Password of the CpEDept network

Brute Force Attack

A brute force attack is a type of cybersecurity attack that involves attempting

to guess a password or encryption key through trial and error. It is a method that hackers

use to gain access to a system or data by trying every possible combination of passwords

until the correct one is found. Brute force attacks are often automated using software

programs that can try thousands or even millions of passwords per second, depending on

the complexity of the password and the processing power of the attacker's computer.

While such attacks can be successful, they can also be time-consuming and resource

intensive.

To do the brute force attack, repeat the process in dictionary attack shown in

Figure 44 and 45 except for the command used. This time the researchers used the

Architecture Department for this attack. The command is “hashcat -m 22000 -a 3

ArchiDepartment.22000 ?a?a?a?a?a?d?d?d@#$_^*” shown in Figure 49. This command

has a combination of five characters with three-digit numbers and different special

characters.

Figure 49. Command used for the cracking of Password using Brute Force

98
 CHAPTER IV: PRESENTATION AND DISCUSSION

Password strength directly affects the time required to crack them, which varies

depending on several factors such as password length and complexity. Figure 50

highlights the time required to crack a password with a length of thirteen possible

combinations. It shows that cracking such a password can take up to 50 years using an

ASUS X407U Intel Core i3 7th Gen processor with 8 Gb of RAM. However, it is

important to note that the time required for a brute force attack is dependent on the

specifications of the device used, and stronger devices can crack passwords much faster.

Figure 50. Progress of Cracking using Brute Force Attack

99
 CHAPTER IV: PRESENTATION AND DISCUSSION

Table 5. Vulnerability Analysis of Security Protocol

Vulnerabilities Computer Civil Engi- Mechanical Electrical Architecture
Engineering neering Engineering Engineering Department
Department Department Department Department

CpEDept CE Depart- PSUWifi2 PSUWifi Archi De-

ment partment
WPA2-PSK WPA2-PSK WPA2-PSK WPA2-PSK WPA2-PSK

Deauthentica- Possible Possible Possible Possible Possible

tion Attack
Man-in-the- Possible Possible Possible Possible Possible
Middle Attack
(Capturing of
Handshake)
Credential Har- Possible Possible Possible Possible Possible
vester Attack
Fake Access Possible Possible Possible Possible Possible
Point Attack
HTTPeek Possible Possible Possible Possible Possible

Beacon Floodi- Possible Possible Possible Possible Possible

ing Attack
Deauthentica- Possible Possible Possible Possible Possible
tion and Disas-
sociation Attack
Dictionary At- Possible Not Possible Not Possible Not Possible Not Possible
tack
Brute Force At- Possible but Possible but Possible but Possible but Possible but
tack takes years takes years takes years takes years takes years

The security protocol of the wireless local area network at CEA of PSU-UCC has

been analyzed for vulnerabilities, and the results are presented in a Table 5. All these

networks utilize WPA2-PSK as their security protocol and are possible to receive various

attacks such as Deauthentication Attack, Man-in-the-Middle Attack, Credential Harvester

Attack, Fake Access Point Attack, HTTPeek, Beacon Floodiing Attack, Deauthentication,

and Disassociation Attack. See instructional material for the detailed process in

100
 CHAPTER IV: PRESENTATION AND DISCUSSION

infiltrating the Wireless Local Area Network security protocols using these modules.

These attacks can be executed using either built-in or downloadable modules that can be

easily installed in Wifi Pineapple. Although the networks share the same security

protocol, the only difference is their respective passwords, which means that they are

equally susceptible to similar security breaches.

Furthermore, in the cracking of passwords conducted, it was discovered that only

one network's password, CpEDept, was successfully cracked using a dictionary attack

with the rockyou.txt wordlist - a widely available and frequently used list of common

passwords. In brute-force attack the researchers were not able to crack any of the

captured passwords. It is not because it is impossible, but it takes years before it is

cracked This is because the attack would need to consider all possible combinations of

uppercase and lowercase characters, numbers, and special characters that may be used in

the password. Additionally, the length of the password would also play a significant role

in determining the time required for a successful brute-force attack.

101
 CHAPTER IV: PRESENTATION AND DISCUSSION

PROBLEMS ENCOUNTERED

During the penetration testing proper, the team encountered several technical

difficulties while working with the wifi pineapple. One of the major problems they faced

was in cracking of passwords, the researchers were not able to crack the passwords of the

networks except for the CpEDept. Second, when connecting the attacking device to the

wifi pineapple. The attacking device was not able to connect due to high CPU usage.

Another challenge the team faced was capturing handshakes during the attack. The

researchers found out that SSIDs are automatically added to the SSID Pool during

scanning. To resolve this, the researchers disable the automatic add SSID to the SSID

Pool. The wifi pineapple device was unable to deauthenticate clients, which made it

difficult to capture the handshakes. The researchers solved this by resetting the Wifi

Pineapple. The researchers also experienced issues with starting the listening process

during HTTPeek attacks. They observed that they were not able to initiate the listening

process, which hindered their progress. This problem was solved by clearing all the

browsing history, the cookies and cache.

102