Hack The Heaven !!

Wireless hacking
In security breaches, wireless hacking is the unauthorized use or penetration of a wireless network. A wireless network can be penetrated in a number of ways. There are methods ranging from those that demand a high level of technological skill and commitment to methods that are less sophisticated and require minimal technological skill. Once within a network a skilled hacker can modify software, network settings, other security items and much more. To counter the security threat of an intrusion into a wireless network, there are many precautions available.
[edit] Wireless intrusion methods
The various methods used by hackers that enable them to exploit wireless connections typically begin with finding wireless networks to hack and gathering as much information about it as possible. This is called Network enumeration. [1] Finding the networks is often done by WarXing, through the use computer with a network discovery software program such as Kismet, Network stumbler, ... After this, more information is gathered from the network, by eavesdropping the network. This may be done by "sniffing", which is monitoring the data packets transmitted by the wireless network for passwords, ... Sniffing is done through network analyzers or "sniffer"s The information that sniffer programs make available include SSID's, IP's, amount of PC's connected to the network, encryption, MAC-adresses, ... Also, network mappers may be used to figure out which servers are running the network and what their operating system is. SSIDSniff, Blade Software IDS Informer, and commands such as ArPing, ... may be used to gather IP-adresses. This is especially useful if MAC-filtering is turned on. Also, the obtaining of sensitive information such as SSID's, passwords, ... may also accur through specialised searches through common search engines as Google. There are even programs created which can automate these specialised searches (eg SiteDigger)

A next step is scanning for open ports, vulnerabilities, ... This is called a Vulnerability assessment. This is done through another network enumerator called a network scanner (eg nessus, fping, nmap, wireshark, Mognet, ...) Also, the vulnerability of the AP itself through its firmware may be looked into through tools such as Pong.

Depending on the outcome of this, the hacker has determined and will often chose the easiest means of entry. This may involve simply breaking the encryption through raw computing power (by network encryption-cracking software), through authentication as a legitimate user through any ports/services that are available/left open, creation of a null session (if the OS running is Windows), Man-in-the-middle attack, Queensland attack, ARP Poisoning, combined attacks (eg DoS-attacks through the use of Packet injectors on specific servers to relocate traffic, ...), ... Posing as a legitimate user requires the wireless network's authentic SSID, BSSID, WiFi-channel, ... ; this may be set using tools as Linux Wireless Extension and Wireless Tools. It may also require a valid MAC-adress which may be obtained via network analyzers, ... and altered through MAC-spoofers as SMAC, MAC Changer or even the ifconfig-command. Access to the entire system through authenthication as a legitimate user may not be available. To break into other (still restricted )parts of the network, Password crackers may be required. A null session is a connection to a freely accessible remote share called IPC$ and allows inmediate read and write access with Windows NT/2000 and read-access with Windows XP and 2003. Also, if the hacker has been able to recover info on the type of hardware used, he can look into online information booklets about the default settings of these devices, allowing (in some cases) access to the network. Websites offering such default settings information (SSID's, WEP-passwords, ...) include CIRT.net [3][4][5][6]
[edit] Other means of gaining access
Other means available and used by hackers to gain access to a wireless network include virtually probing, lost password and social spying. These methods are not as technologically intensive as virtual intrusions but they nonetheless pose a high security threat.

A wireless probe is when hackers contact users on a network on the pretence of being a vendor that a company normally deals with. The hacker than asks for sensitive information concerning the wireless network. A commonly used example of this is when a hacker pretends to be conducting a survey. They then ask for information about the firewalls, or many other sensitive pieces of information.
The lost password method of intrusion is when the hacker obtains a password to get past an organizations firewall or intrusion detection system. Then the hacker will develop an account for himself so they can access any information they want at any time they want.
The social spying method of intrusion is when hackers spy on everyday people when they are entering passwords. The person targeted does not know that they are the target of the hacker. An example of this is when people enter their PIN while at the ATM, very few take the precaution of protecting this important information.
Although not technically hacking, PC's running the Windows operating system can be inadvertently connected to unsecured wireless access points. Windows alerts the user when a new wireless access point is found by default, and if no encryption is employed, then it is simply a matter of clicking a single button.

[edit] Security measures
In an effort to protect a wireless network, there are several security measures that can be employed.

Encryption of all wireless traffic is the most secure way of reducing both hacking attempts, and successful breaches. There are several wireless encryption types available, including WEP, WPA and WPA2. WEP is considered insecure, as given enough processing power, it can be broken. That said, WEP will still stop any passive scans, as well as casual hackers.
Altering the network from the manufacturer’s defaults can also discourage hackers. The information about network defaults is easily accessible and will render any security enhancements useless. Settings such as default SSID, default admin password, and disabled encryption are the main items that need addressing.
Data, especially passwords, should be encrypted when travelling over the network. A cracked system without encrypted passwords and other information is totally accessible to hackers.
As with most technology updating security protocols and other information is crucial to maintaining the security of the system.
It is a common misconception that disabling broadcasting of the SSID and enabling MAC filtering is a sufficient security configuration. This is not the case. Disabling the SSID broadcast merely prevents casual nearby wireless users from detecting the presence of your network - war drivers and those who are already aware of your wireless network will not be disadvantaged at all by a disabled SSID. Similarly, MAC address filtering will only prevent accidental connection from casual users - MAC addresses can be spoofed to appear to be that of an authorised workstation or laptop.