Guidelines for Exploiting Wireless and RF-Based Vulnerabilities

When exploiting wireless and RF-based vulnerabilities:

• Use aircrack-ng or similar tools to crack keys on Wi-Fi networks secured with WEP.
• Use a replay attack to obtain a repeated 24-bit IV to crack a WEP key.
• Speed up the WEP cracking process by launching a fragmentation attack using aireplay-ng.
• Use the PRGA obtained from a fragmentation attack to craft a packet with packetforge-ng.
• Send a crafted packet to an access point to easily obtain thousands of IVs.
• Check the laws in your area before using radio jamming devices.
• Use a tool like aireplay-ng to knock clients off a WAP.
• Spoof MAC addresses in deauthentication attacks to knock specific targets off a WAP.
• Use evil twins to entice users to connect to your rogue AP.
• Use Karma attacks to trick a client sending a probing request into connecting to your evil twin.
• Use SSL strip with an evil twin to downgrade a user's HTTPS session and act as a man-in-the-middle.
• Place your wireless interface in promiscuous mode to receive all available signals.
• Use airodump-ng to sniff the four-way wireless handshake for WPA/WPA2 key cracking.
• Use online brute forcing to crack a WPS PIN.
• Use the Pixie Dust attack to conduct offline cracking of vulnerable APs.
• Use bluejacking to send unsolicited messages to discoverable Bluetooth devices in range.
• Use bluesnarfing to read sensitive information from discoverable Bluetooth devices in range.