Wireless Network Penetration Testing Checklist – A Detailed Cheat Sheet


Wireless Penetration screening actively examines the process of Details security Steps which is Placed in WiFi Networks and likewise analyses the Weak point, technical flows, and Important cordless Vulnerabilities.

Most crucial countermeasures we need to concentrate on Threat Assessment, Data theft Detection, security control auditing, Risk avoidance and Detection, information system Management, Upgrade infrastructure and the Detailed report ought to be prepared.

Likewise Read: Top 5 Best WiFi Hacking Apps For Android

Framework for Wireless Penetration Testing

1. Discover the Devices which gotten in touch with Wireless Networks.

2. If Wireless Device is Found, Document all the findings.

3. If wireless Device found utilizing Wifi Networks, then perform typical wifi Attacks and inspect the devices utilizing WEP Encryption.

4. if you discovered WLAN utilizing WEP Encryption then Perform WEP Encryption Pentesting.

5. Check whether WLAN Using WPA/WPA2 Encryption.if yes then perform WPA/WPA2 pentesting.

6. Inspect Whether WLAN using LEAP Encryption.if yes then carry out LEAP Pentesting.

7. No other Encryption Method used which I mentioned above, Then Check whether WLAN using unencrypted.

8. If WLAN is unencrypted then carry out typical wifi network attacks, check the vulnerability which is placed in unencrypted method and produce a report.

9. Prior to creating a Report make certain no damage has been caused in the pentesting assets.

Also Read: Penetration screening with your WordPress website

Wireless Pentesting with WEP Encrypted WLAN

1. Check the SSID and analyze whether SSID Visible or Hidden.

2. Look for networks using WEP encryption.

3. Then try to sniff the traffic and check the packet capturing status, if you find the SSID as visible mode.

4. If the package has actually been effectively recorded and injected then its time to break the WEP key by utilizing a WiFi breaking tool such as Aircrack-ng, WEPcrack.

4. Then sniff the traffic again and catch the Packet, if packets are not reliably caught.

5. If you find SSID is the Hidden mode, then do Deauthentication the target client by utilizing a few of deauthentication tools such as Commview and Airplay-ng.

6. As soon as successfully Authenticated with the customer and Discovered the SSID, then again follow the Above Procedure which is already used for discovered SSID in earlier steps.

7. If the Authentication technique utilized is OPN (Open Authentication) or SKA (Shared Key Authentication), inspect. Bypassing mechanism requires to be performed if SKA is used.

9. If the STA (stations/clients) are connected to AP (Access Point) or not, examine. This details is essential to perform the attack accordingly.

If customers are linked to the AP, Interactive package replay or ARP replay attack requires to be carried out to collect IV packages which can be then used to split the WEP key.

If theres no customer linked to the AP, Fragmentation Attack or Korex Chop attack requires to be carried out to generate the keystream which will be even more used to respond ARP packages.

10. Once the WEP key is split, attempt to link to the network utilizing wpa-supplicant and examine if the AP is allotting any IP address or not.” EAPOL handshake”

Likewise Read: Web Server Penetration Testing Checklist

Wireless Penetration Testing with WPA/WPA2 Encrypted WLAN

1. Start and Deauthenticate with WPA/WPA2 Protected WLAN customer by utilizing WLAN tools Such as Hotspotter, Airsnarf, Karma, and so on 2. If the Client is Deaauthenticated, then smell the traffic and check the status of caught EAPOL Handshake.

3. Then do it once again, if the customer is not Deauthenticate.

4. Examine whether EAPOL handshake is recorded or Not.

5. Once you recorded EAPOL handshake, then carry out PSK Dictionary attack utilizing coWPAtty, Aircrack-ng to gain secret information.

6. Add Time-memory trade off technique (Rainbow tables) likewise referred to as WPA-PSK Precomputation attack for splitting WPA/2 passphrase. Genpmk can be used to create pre computed hashes.

7. Then Deauthenticate again and attempt to record once again and renovate the above actions, if its Failed.

LEAP Encrypted WLAN

1. Confirm and examine whether WLAN safeguarded by LEAP Encryption or not.

2.De-authenticate the LEAP Protected Client utilizing tools such as karma, hotspotter etc 3. if client is De verified then break the LEAP Encryption utilizing tool such as asleap to steal the personal info

4. Then de confirm once again, if procedure dropped

Penetration Testing with Unencrypted WLAN

1. Examine whether SSID shows up or not

2. sniff for IP range if SSID is noticeable then inspect the status of MAC Filtering.

3, if MAC filtering allowed then spoof the MAC Address by utilizing tools such as SMAC

4. Try to connect to AP using IP within the discovered range.

5. Then discover the SSID utilizing Aircrack-ng and follow the treatment of noticeable SSID which i Declared above, if SSID is concealed.

Also Read: Advanced ATM penetration screening approaches

You can follow us on Linkedin, Twitter, Facebook for day-to-day Cybersecurity updates

When the WEP secret is broken, try to link to the network using wpa-supplicant and examine if the AP is setting aside any IP address or not. Start and Deauthenticate with WPA/WPA2 Protected WLAN customer by utilizing WLAN tools Such as Hotspotter, Airsnarf, Karma, etc 2. Genpmk can be used to generate pre computed hashes.

Examine if the Authentication approach utilized is OPN (Open Authentication) or SKA (Shared Key Authentication). If SKA is used, then bypassing mechanism requires to be performed.