System access, in this context, is the ability for an unauthorized intruder
to gain access to a device for which the intruder does not have an account or
password. Entering or accessing systems to which one does not have authorized
access usually involves running a hack script or tool that exploits a known
vulnerability of the system or application being attacked. Access is an
all-encompassing term that refers to unauthorized data manipulation, system
access, or privileged escalation. Some examples of access include the
following:
- Exploitation of weak or non-existent passwords
- Exploitation of services such as HTTP, FTP, SNMP, CDP, and Telnet.
The easiest hack is called Social Engineering. It involves no computer
skills at all. If an intruder can trick a member of an organization into giving
out valuable information such as locations of files and servers or passwords,
then the process of hacking is made much easier.
Rogue AP
Attack
Most clients will associate to the access point with the
strongest signal. If an unauthorized AP, which is generally a rogue AP, has a
strong signal, clients will associate to the rogue AP. The rogue AP will have
access to the network traffic of all associated clients. Therefore, the rogue
AP can be used to perform man-in-the-middle attacks against encrypted traffic
like SSL or SSH. The rogue AP can also use ARP and IP spoofing to trick clients
into sending passwords and sensitive information. The rogue AP can also request
non-Wired Equivalent Privacy (WEP) protected sessions with clients during
association.
Wired Equivalent Privacy (WEP) Attacks
Attacks
against WEP include Bit Flipping, Replay Attacks, and Weak IV collection. Many
WEP attacks have not been released from the laboratory, but they are well
documented. One utility, called AirSnort, captures weak Initialization Vectors
to determine the WEP key being used. Figure
shows an
AirSnort screen.