Ethical Hacking: Hardware and Software Tools of the Trade
- select the contributor at the end of the page -
I often get asked what I use for wireless attacks, what kind of hardware and software do I use? I'll get to software in a moment. Typically, I'll use a laptop. I don't use special fluke devices. I don't use special crazy meters or things like that with lights and signals and giant rotating antennas. I get a laptop. I have a laptop that has an external adapter, external wireless adapter, and drivers that allow promiscuous mode so I can actually do sniffing. Typically, these would be AirPcap or the real tech chip set, 8187 chip set. You can take a look. There's plenty and plenty of vendors. I don't want to endorse any in particular, but there are a lot of vendors that sell wireless adapters, external wireless adapters and use the real tech chip set. AirPcap is probably the best if I'm cracking within Windows because the drivers and the devices are really stable in Windows.
What to Use
Real Tech works pretty well in both Windows and in Linux, although the drivers for promiscuous mode in Windows for real tech chip sets have been a little bit flaky. They've gotten better, but they're still not quite perfect enough, so I have one of each that I typically keep.
Do I need special antennas? No. I usually take the ones that came stocked with the real tech or the AirPcap external and I'll often buy one or two directional antennas to use to point straight at an access point so I can get better signal strength from a longer distance away. I don't necessarily need these. If I'm close enough it won't really matter, but the higher quality, the better transmission and reception I get. The faster the attack is going to be, the less time I have to spend on wireless.
I'll usually also keep two operating systems handy. I'll keep Windows handy because, in my experience, running Wire Shark on Windows is more stable and more usable than on Linux. On the other hand, Backtrack Linux is a great platform for wireless cracking in itself and there are a lot of great tools built into Backtrack Linux for wireless attacks so I usually keep both. I just get a feel for which one works best for which environment.
Actually, it's your preference, whatever you want to use. I would recommend you keep a current update version of Windows and a current updated version of Backtrack Linux handy for wireless attacks.
For software, Network Monitor works on Windows. It's a great packet analysis tool. I don't use it for sniffing as much as I use it for parsing captures once I've captured them with something like Wire Shark. Wire Shark works great. It's really stable and fast. It occasionally has challenges with some of the parsers, though.
It gets better with every version so I can't really pick it apart because if I gave you an example, by the time you saw this video it wouldn't be valid anymore. It's really, again, personal preference. Do you prefer Network Monitor? Use it. Do you prefer Wire Shark? Use it.
InSSIDer is a fun little free tool that comes from MetaGeek and it's great for understanding what wireless networks are out there. It displays in a really nice, pretty way what wireless networks are around, the signal strength and so forth. It's worth downloading and trying out.
One word of caution:
This last one, Cain and Abel, it's actually a great tool and has been around for a very long time. It is sort of self contained in that it does a lot of sniffing, cracking, network analysis, and wireless network analysis on its own and it has a lot of the drivers built right into it.
At the surface, it sounds like a great tool that you would want to put into your toolkit. There are two drawbacks, actually, for using it here. First of all, the first drawback is that it is somewhat unstable. It does tend to crash when it's doing wireless network sniffing and cracking. Therefore, it's not a perfect tool.
The second problem, and the one that impacts administrators more than it does ethic hackers with dedicated hardware and software solutions, Cain and Abel often gets flagged as a virus or as malware by a lot of scanners.
Theoretically, it could be. It's more of a hacker tool than anything else, but because it can get flagged and actually send up alarms in your network, it's something that you should be cognizant of, aware of, and maybe only use it on isolated systems or in certain cases.
You should probably get familiar with it. You should probably download all of these if you haven't already and get familiar with whichever one is going to be your preference.