Skip to content
/ wisec_demos Public

Demonstrations I showed during WiSec class at EURECOM

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pierreay/wisec_demos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
gsm-openbts
gsm-openbts
 
 
rf-clicker
rf-clicker
 
 
rf-etherify
rf-etherify
 
 
wifi-evil-twin
wifi-evil-twin
 
 
wifi-wep
wifi-wep
 
 
wifi-wpa
wifi-wpa
 
 
README.org
README.org
 
 

Repository files navigation

About

Demonstrations I showed during WiSec class at EURECOM.

Demos

RF, Replay - Clicker

Perform a replay attack on a unprotected clicker.

RF, Soft-TEMPEST - Etherify

Exfiltrate a secret in Morse Code through a Soft-Tempest covert-channel based on Ethernet link mode.

  • Prerequisites :
    1. One computer connected with an Ethernet cable to an internet box OR two computers connected with an Ethernet cable to each others.
    2. One SDR (from RTL-SDR to USRP).
    3. GQRX and sudo permissions.
  • Directory: rf-etherify/

GSM, Spoofing - OpenBTS

  • Hardware :
    • Ettus USRP B210
  • Software :
    • Ubuntu 16.04
    • OpenBTS

Demo using OpenBTS and a USRP B210 or B200mini SDR to build a rogue GSM base station.

Wi-Fi: WEP

In this demo, you will generate traffic (using ARP replay) on a WEP-protected Wi-Fi network in order to capture IVs and perform an offline cracking of the WEP key. Every steps are programmed in a =Makefile=.

List of the setup:

  • Software:
    • aircrack-ng
    • NetworkManager
  • Hardware:
    • Attacker aircrack-compatible Wi-Fi dongle (here, ZyXEL NWD6605 (Amazon) with the rtl8812au driver).
    • Victim AP-compatible interface (here, Wi-Fi card of a Lenovo Thinkpad T460 laptop).

Wi-Fi: WPA

In this demo, you will setup a WPA2 protected network with a victim authenticated to it. As an attacker, you will start listening to the traffic to capture a 4-way handshake while sending deauthentication request to the victim. Hence, you will be able to perform an offline dictionary attack on the 4-way handshake to retrieve the WPA 2 key.

Every steps are programmed in a =Makefile=.

List of the setup:

  • Software:
    • aircrack-ng
    • NetworkManager
  • Hardware:
    • Attacker aircrack-compatible Wi-Fi dongle (here, ZyXEL NWD6605 (Amazon) with the rtl8812au driver).
    • Victim AP-compatible interface (here, a COTS ASUS Wi-Fi access point).
    • Victim STA-compatible interface (here, Wi-Fi card of a Lenovo Thinkpad T460 laptop).

Wi-Fi: Evil-Twin

Setup a fake Wi-Fi network with the same name as a legitimate Wi-Fi network, creating an evil twin. The goal is to make the victim client connect to the evil twin instead of the legitimate Wi-Fi AP.

This demo succeed once, but failed another. Some parameters could be tuned to make it more reliable. Once it will be done, it would be great to setup the transparent forwarding of the victim data to the internet, to make the evil twin stealth (currently, the victim will loose connection to the internet).

About

Demonstrations I showed during WiSec class at EURECOM

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages