Determining the antivirus and firewall software installed on a Windows computer is crucial to an attacker preparing to create a targeted stager or payload. With covert deep packet inspection, that information is easily identified.
This attack assumes the Wi-Fi password to the target network is already known. With the password, an attacker can observer data traversing the network and enumerate installed security software. Popular antivirus and firewall solutions become easily identifiable when benign web traffic is filtered out.
We'll learn how to capture and decrypt Wi-Fi traffic without authenticating to the target router, and we'll perform packet inspection to figure out the kinds of third-party security applications installed on the operating system.
Step 1: Capture Wi-Fi Traffic
To get started in Kali, use the airmon-ng command to stop all of the processes running in the background that may interfere with the wireless card.
~# airmon-ng check kill Killing these processes: PID Name 2891 wpa_supplicant
Enable monitor mode on the Alfa adapter (or another wireless adapter) with the airmon-ng start wlan0 command.
~# airmon-ng start wlan0 PHY Interface Driver Chipset phy2 wlan0 rt2800usb Ralink Technology, Corp. RT2870/RT3070 (mac80211 monitor mode vif enabled for [phy2]wlan0 on [phy2]wlan0mon) (mac80211 station mode vif disabled for [phy2]wlan0)
Then, perform an initial airodump-ng scan to enumerate Wi-Fi networks in the surrounding area.
~# airodump-ng wlan0mon CH 6 ][ Elapsed: 36 s ][ 2020-04-06 20:45 ..
Support the originator by clicking the read the rest link below.
