Degree: BSc Computing (Computer Networks and Cybersecurity)
Project title: Attack Formulation and Compromise of a Home Network
This project investigated the security of consumer networking equipment by testing it against a selection of cyber-attacks. In preparation for this activity, research was carried out into penetration tools, network attacks such as MitM (Man-in-the-Middle) and DDoS (Distributed Denial of Service), password cracking (e.g. brute force, hash guessing and rainbow tables, as well as password capturing through keyloggers and network sniffing), and the various methods to achieve these attacks. By researching various attacks and attempting to implement a selection of them on existing hardware, the vulnerability of said hardware to the selected attacks can be ascertained.
The experiment consists of 3 attacks including a dictionary attack on a network WiFi password utilising de-authentication frames to obtain the 4-way handshake and conduct offline password cracking. Next, a second password cracking attack on a router login form utilising THC hydra to perform a dictionary attack and finally an ARP poisoning and DNS spoofing attack used to direct a victim to a cloned website and obtain their login credentials. The experiment found vulnerability to every attack in the testing scenario and this resulted in all login credentials being obtained.
The first attack was run 3 times and found the correct password in an average of 34724206.6 attempts and an average time of 6 hours, 41 minutes and 1 second. The second attack was also run 3 times and found the correct router username and password in 72706 attempts (out of a possible 252042 attempts) in all 3 cases. Finally, the third attack resulted in a successful ARP poisoning that allowed the victims traffic to be viewed by the attacker. Additionally, a successfully spoofed DNS response allowed the attacker to serve the victim a cloned website that was identical to the genuine article and collect the login credentials entered by the victim.
Click/tap on image to view as PDF.