Upload File

hacking wifi josua m sinambela

prev
next
out of 15
Download Hacking Wifi Josua M Sinambela

Upload: dontworrybehappy

Post on 30-May-2018

227 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    1/15

    Hacking Wifi

    Josua M Sinambela

    Unit Sistem & Teknologi Informasi

    Teknik Elektro UGMjosh at gadjahmada edu

    http://josh.staff.ugm.ac.id

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    2/15

    Pembahasan

    Wifi Today Standard Keamanan Wireless (Wifi) No ESSID ? MAC Filtering ?

    Cracking WEP & WPA Hotspot / Captive Portal Miss configuration jaringan Wifi Rogue AP

    Denial of Service Kesimpulan

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    3/15

    Wifi Today

    Jaringan di Kampus & Perkantoran (b/g)

    Antar ISP (a/b/g)

    Warnet-ISP (b/g)

    Hotspot di Hotel-hotel, RT/RW-net,Swalayan, Supermarket, CoffeeShop(b/g)

    Aparat Pemerintahan, Kepolisian danMiliter (a/b/g)

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    4/15

    Standard Keamanan Wireless(Wifi)

    WEP Algoritma RC4 yang lemah CRC32 untuk integritas Kunci bersifat statik Umumnya AP/Card/Driver support WEP

    WPA (solusi sementara pengganti WEP) PSK : Algoritma RC4 + Temporal Key (TKIP) RADIUS : RC4 + Temporal Key (TKIP) + 802.1X +

    better ICV (MIC) Umumnya AP/Card sudah mendukung, butuh upgrade

    applikasi, driver atau firmware

    WPA2 (RSN 802.11i) Algoritma enkripsi AES dan TKIP Butuh hardware baru (hardware keluaran 2003-kini)

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    5/15

    802.blabla

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    6/15

    No ESSID ?

    Menyembunyikan ESSID (hidden SSID)Tidak menyertakan ESSID pada beacon

    Saat deauth, SSID pasti akan di broadcast

    ESSID yang disembunyikan dapatdengan mudah dicloaked (dibuka)

    Tools Linux: aircrack, airjack & kismet

    Tools windows : airmagnet, airsnort Demo

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    7/15

    MAC Filtering ?

    Fasilitas MAC Filtering umumnya sudahdisediakanVendor Access Point/Router

    Useless, karena MAC address sangat

    mudah diganti atau ditiru (spoof). Tidak ada istilah konflik MAC address

    pada Wifi

    Demo

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    8/15

    Cracking WEP & WPA

    Cracking WEPMengumpulkan IV yang lemah sebanyak

    mungkin (FMS attack : Key SchedulingAlgorithm). Sangat bergantung pada jumlahIV lemah yang ditemukan.

    Mengumpulkan IV yang unique (choppingattack)

    Mempercepat proses pengumpulan IVdengan menggunakan trafik Injection.

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    9/15

    Cracking WEP & WPA

    Cracking WPA (PSK)WPA dapat diserang dengan menggunakan

    dictionary atau bruteforce attack.

    Menggunakan kamus kataDapat dilakukan secara offline

    Tools : Aircrack, WEPlab, Airsnort

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    10/15

    Hotspot / Captive Portal

    Hotspot umumnya dibangun denganCaptive Portal

    Otentikasi berdasar user/password

    Identifikasi setelah mendapat otentikasi,menggunakan MAC dan IP AddressMAC dan IP dapat di spoof

    Trafik masih Plain TextKomunikasi setelah otentikasi dapat

    disadap

    Demo

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    11/15

    Miss configuration jaringan Wifi

    Vendor umumnya menyediakan defaultkonfigurasi User/password

    IP address

    SNMP enable, private & public access No Encryption

    Teknisi/Admin just plug n play

    Kesalahan konfigurasi pada design

    Hotspot/Captive portal Kesalahan setting firewall

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    12/15

    Rogue AP

    AP yang terpasang secara ilegal pada areatertentu

    Digunakan oleh Hacker untuk menjebaktargetnya.

    Menggunakan ESSID yang sama dengan AP real.

    Mendapatkan user/password pada hotspot

    Membelokkan komunikasi data yang terjadi,sehingga memungkinkan dilakukan serangan

    MITM (Man In the Middle )

    Umumnya menggunakan Host AP (AP yangdibangun menggunakan Kartu Wireless Client)

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    13/15

    Denial of Services

    Wireless sangat rentan dengan DoS

    Interference & Jamming

    Deauth broadcast

    Tools : void11, airjack, aircrack

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    14/15

    Kesimpulan

    Ganti setting default AP SSID, IP Address, Remote Manageable,

    User/Password

    Gunakan kombinasi beberapa fitur keamananwireless (tidak menggunakan satu fitur saja MAC Filtering, Disable ESSID, Enkripsi minimum menggunakan WPA(PSK).

    Batasi Transmit Power pada AP The best solution today : WPA2/RSN 802.11i

    dengan mutualisme otentikasi Koneksi wireless tidak reliable !!

  • 8/9/2019 Hacking Wifi Josua M Sinambela

    15/15

    Pustaka

    S. Fluhrer1, I. Mantin2, & A. ShamirAug, 2001http://www.drizzle.com/%7Eaboba/IEEE/rc4_ksaproc.pdf

    http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html Robert Moskowitz December 1, 2003

    http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdf George OuJune 2, 2005 http://blogs.zdnet.com/Ou/?p=67 Cedric Blancher June, 2005

    http://sid.rstack.org/pres/0506_Recon_WirelessInjection.pdf Jouni Malinen, Host AP driver for Intersil Prism2/2.5/3, hostapd, and

    WPA Supplicant http://hostap.epitest.fi/ http://www.aircrack-ng.org/ http://www.kismetwireless.net/ http://www.wlsec.net/void11/

    http://airsnort.shmoo.com/ http://sourceforge.net/projects/cowpatty http://www.blackalchemy.to/project/fakeap/

    http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdfhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.htmlhttp://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdfhttp://sid.rstack.org/pres/0506_Recon_WirelessInjection.pdfhttp://www.sss-mag.com/prism.htmlhttp://hostap.epitest.fi/http://www.aircrack-ng.org/http://www.kismetwireless.net/http://www.wlsec.net/void11/http://airsnort.shmoo.com/http://sourceforge.net/projects/cowpattyhttp://www.blackalchemy.to/project/fakeap/http://www.blackalchemy.to/project/fakeap/http://sourceforge.net/projects/cowpattyhttp://airsnort.shmoo.com/http://www.wlsec.net/void11/http://www.kismetwireless.net/http://www.aircrack-ng.org/http://hostap.epitest.fi/http://www.sss-mag.com/prism.htmlhttp://sid.rstack.org/pres/0506_Recon_WirelessInjection.pdfhttp://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdfhttp://www.isaac.cs.berkeley.edu/isaac/wep-faq.htmlhttp://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf

Hacking / Hacking Exposed 6: Network Security Secrets ...media.techtarget.com/searchMidmarketSecurity/downloads/Hacking_exposed... · Hacking / Hacking Exposed 6: Network Security

OSHANA REGION - The Namibian · PDF fileOSHANA REGION 4101: First Language Afrikaans ... HAUFIKU FESTUS 4116-F HAUFIKU JOSUA S 4116-G 4331-X ... KALOMHO JOSUA S 4116-U 4331-C 4332-D

HACKING AND WAYS TO PREVENT HACKING

Adult Steelhead Monitoring Challenges in Cedar Creek, WA Josua Holowatz & Dan Rawding

Ethical Hacking: Hacking GMail. Teaching Hacking

IN2120: Ethical hacking$ ethical (fun) hacking vs. criminal (boring) hacking $ black hat, white hat and grey hat hacking Ethical hacking $ what to do when finding vulnerabilities?

Computer Forensic Josua M Sinambela

Hacking: Computer Hacking Beginners Guide

Josua Redman Book

A Hacking Atlas: Holistic Hacking in the Urban Theater€¦ · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below) are introduced

Career Hacking: Episode 1 - Resume Hacking

Hacking Rapidshare Complete Hacking Process

Efektifitas Model Role Playing Terhadap Peningkatan ...fe.unp.ac.id/sites/default/files/unggahan/15. Elizar Sinambela (hal...Pengantar Akuntansi II Elizar Sinambela Fakultas Ekonomi

Josua Redman Book-2

A Hacking Atlas: Holistic Hacking in the Urban Theater · 2018-12-05 · of hacking and holistic hacking, and hacking spaces (and seven types of hacking spaces, each described below)

# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

Hacking Rapid Share Complete Hacking Process

Hacking beyond hacking - Forgotten Chapters - DefCamp 2012

GOOGLE HACKING GOOGLE HACKING

BlackHat Hacking - Hacking VoIP

Ethical Hacking Module XV Hacking Wireless Networks

Hacking Tips & Tricks - OWASP 2 Agenda Security Incidents Vulnerability Assessment Wireless Hacking Bluetooth Hacking Advance password hacking

hacking and ethical hacking

What is hacking | Types of Hacking

Hacking( Full hacking guide for beginners)

Hacking / Hacking Exposed 6: Network Security Secrets & …cdn.ttgtmedia.com/searchMidmarketSecurity/downloads/Hacking... · 153 Hacking / Hacking Exposed 6: Network Security Secrets

A Hacking Atlas: Holistic Hacking in the Urban Theatercasci.umd.edu/wp-content/uploads/2019/09/Schuler... · effort, the concepts of hacking and holistic hacking, and hacking spaces

HACKING AUTHENTICATION CHECKS IN WEB … · INDEX •Hacking Authentication Checks in Web Applications Hacking Application Designs Hacking J2EE Container Managed Authentication Hacking

Hacking and Civic Hacking

Hacking and Anti Hacking

Presented by: Josua Tarigan, MBA, CMA, CFP, CSRS Performance Management System: Introduction [Ch 1-2]

Hacking & Ethical Hacking

Hacking Rural Medicine - Hacking 101

BAB II PROSES INSTALASI LINUX MANDRAKE 9 - … II Proses install mandrake 9... · Josua M Sinambela @ 2003 9. Jika pada tahap sebelumnya anda memilih aplikasiaplikasi berjenis server,

Hacking / Hacking Exposed Windows Server 2003: …books.mhprofessional.com/.../products/0072230614/0072230614_ch04.pdfCHAPTER 4 Enumeration 73 Hacking / Hacking Exposed Windows Server