Introduction

This report outlines an attack made on a target connected to a separate, password protected network. The aim is to take control of the target’s browser. The attack is carried out in 3 steps. The first and foremost thing to do is to get on to the network that the target is on. For this we used the tool Aircrack-ng to capture the 4 way handshake and crack the password with a dictionary attack. Next steps include launching a Man-in-the-Middle (MITM) attack to spoof the traffic, this helped redirect the target to one of our own websites. Here social engineering techniques are used to persuade the target to click on a link generated by The Browser Exploitation Framework (BeEF). The link, once clicked on, hooks the target’s browser and allows us to manipulate any vulnerabilities it might have.

The report also outlines the 4 way handshake, how the password used in the WPA/WPA2 authentication can be cracked using the MIC in the EAPoL payload. ARP poisoning and DNS spoofing is briefly explained as well. For the full pdf version, please click here.