Building and Hacking an Exploitable WiFi Environment for your classroom
1. About the Workshop
The theory behind exploiting WEP and WPA2 has been available for a number of years. However, it has not been easy to offer students the opportunity to apply these theories in a real environment. In this workshop, you will (1) learn how to locate and identify WiFi access points (a.k.a. reconnaissance), (2) understand the conditions under which WEP and WPA2 can be hacked, and (3) hack up to four WEP access points (with different settings), in addition to a WPA2 access point. In addition, participants will learn (4) how to build and configure WiFi access points for their students to hack and (5) how Raspberry Pis can be used to act as the necessary clients for those access points. Participants will have access to the Raspberry Pi scripts and all access point configuration directions. We will go over setting up the whole environment with VPN access such that students can have dedicated machines to use for learning the WiFi attacks discussed in the workshop.
Dates: Wednesday 1/13/2021 (10am - 7pm EST) and Thursday 1/14/2021 (10am - 5pm EST)
Audience: Faculty officially affiliated with 2-year or 4-year U.S. higher education institutions.
Hardware Requirements: Participants must have a computer with at least 25GB of disk space available, VirtualBox installed, Zoom installed, and a stable Internet connection.
Venue: Zoom (link will be provided to accepted registrants).
Fee: $0. This workshop is sponsored by a Dakota State University (DSU) NSF Award #1730105.
In this workshop, you will learn:
1. How the WEP protocol works
2. WEP Weakness
3. How the WPA2 protocol works
4. WPA2 Weakness
5. WiFi scanning and reconnaissance
6. Exploiting WEP access points with connected clients
7. Exploiting WEP access points with no connected clients
8. Exploiting WEP access points with different key sizes
9. Exploiting WPA2 access points with a given wordlist
10. How to build a similar exploitable WiFi Environment
11. Best practices in offering hands-on WiFi hacking to college students
3. Prerequisite Knowledge
To participate in the hands-on activities in this workshop, you will (a) download and import a custom Kali VM, (b) connect to a VPN, then (3) SSH into a dedicated machine (one machine per participant) which is equipped with all necessary packages and hardware to engage in the workshop activities within the sandboxed WiFi environment built for this workshop.
A few days before the workshop, participants will receive a link to download and install the software and Virtual Machine required to participate in this workshop. Thus, participants must have a computer with at least 25GB of disk space available, VirtualBox installed, Zoom installed, and a stable Internet connection.
4. Tentative Agenda
During day 1, the instructor will introduce the theory behind WEP and its weakness. Then, we will walk through the basics for WiFi Scanning and Reconnaissance. Afterwards, the participants will have a guided hands-on session to apply what they learned by scanning, locating, and hacking a WEP access point with a 64-bit key size and a connected client. The day will end with an “Observation and Conclusions” session. Participants will continue to have access to the sandboxed environment to test their skills by scanning, locating, and hacking a WEP access point with a 128-bit key size and a connected client. The tentative schedule for day 1 of the workshop (times are EST) will be as follows:
* This period will be used as a break for participants who have already imported the VM before the workshop and can successfully connect to the VPN. The instructor will be helping participants who need technical assistance or still need to download or import the VM.
† Participants will use their dedicated machines to perform this hands-on activity. Instructor will be answering questions and providing support.
During day 2, the instructor will introduce the theory behind how WPA2 works, its weakness, and the condition under which it can be broken. Then, the participants will have a guided hands-on session to apply what they learned by scanning, locating, and hacking a WPA2 access point given a wordlist which has the access point’s password. Afterwards, the instructor will present how to build an exploitable WiFi environment, similar to the one the participants are using in the workshop, which they can use in their classrooms. In addition, the instructor will share best practices to offer such hands-on WiFi hacking experience to college students. Finally, the day will end with a “Workshop Conclusion” session. After the workshop conclusion, participants will continue to have access to the sandboxed environment until the end of the day to test their skills by scanning, locating, and hacking two WEP access points without connected client (according to instructor’s guidance discussed during the workshop). The tentative schedule for day 2 of the workshop (times are EST) will be as follows:
Interested in participating in this workshop?
Fill out the application form here: https://pitt.co1.qualtrics.com/jfe/form/SV_6QevqD8ZgsaUPOJ
If you have questions, email Ahmed Ibrahim at [email protected] with subject line "DSU Workshop for Educators".
6. Post Workshop Analysis
The workshop had 29 participants from 14 states. Out of those, 24 participants submitted a post workshop survey. The following analysis is based on the information provided by those who filled out the post workshop survey.
In the application form, participants were asked to self-report their confidence in (a) scanning for wireless networks, (b) cracking a WEP access point that has connected clients, (c) cracking a WEP access point that has no connected clients, and (d) cracking a WPA2 access point that has connected clients by choosing from five values: definitely not (value 1), probably not (value 2), might or might not (value 3), probably yes (value 4), definitely yes (value 5).
After the workshop, participants were asked to self-report their confidence for the same four skills in a post workshop survey. The differences in the self-reported confidence responses for the four questions are shown below. Blue bars represent the average of the values reported in the application form while the green bars represent the average of the values reported in the post workshop survey.
Below are responses, from the survey, to a question which says "What helped you learn and achieve your goals in this workshop?".
"I think this was one of the best hands-on hacking based workshop (on cybersecurity education) that I have attended so far; it was very well planned, supported and guided, so that everything ran smoothly over a virtual zoom meeting setup (without major issues). Kudos to the workshop host & lead - Ahmed!"
"The hands-on activities were tremendous in aiding my comprehension of this material. Also, being permitted to engage with questions and discussions was a great benefit."
"The instructor provided amazingly detailed steps to what, otherwise, would have been a complicated setup process. The details in the hands-on exercises are perfect for leveraging into our existing classes."
"Class was run at a good, flexible pace, not 'Drinking from the firehose'."
"Hands on lab engagement with the equipment and the CTF, overall awesomely done!"
"Everything was very well laid out and easy to follow. Everything from the gifs in the instructions to the CTF. Repetition was helpful. Q & A in a live environment was also very helpful."
"The setup was very conducive for learning because the hosts were live virtual machines (not simulated). Also the repetition and instant feedback helped correct incorrect answers."
"The knowledge and expertise of the instructor. His presentation style is awesome...he asks for feedback, listens to students and esponds - also asks for additional feedback from students. Just an excellent presenter and instructor"
"The hand-on exercises were absolutely the primary aspect of the workshop that helped me learn. In conjunction with the lectures, which were outstanding, the number and level of exercises also contributed to my learning."
"The hands on labs were awesome!"
"Clearly presented objectives, excellent instructional design and delivery."
"Ahmed is a great instructor. His additional resources were phenomenal - CTF site, personal website with resources. He fostered a great remote session with all of us. I felt really comfortable with all the other participants."
"Just about everything - the resources, the discussions, the hands-on."
"Ahmed is an excellent instructor and comes across the video medium quite well. His transparency made this easy to follow."