Attacking the services
Most wireless devices host a common set of services for management. Typically, a web server component can be found on every wireless device for web-based management of the device. These web interfaces will sometimes suffer from common web application security flaws. Testing the web component for OWASP Top 10 can reveal if there are any security flaws in the application stack on the AP. Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and Denial of Service are the most common vulnerabilities among wireless devices. Services like HTTP for web management, SNMP for network management, and SSH or Telnet for remote access are commonly found on the devices. Setting these services with weak passwords or leaving the default credentials on can be easily attacked by an attacker using a brute force attack. If not properly configured, these services can be misused by an attacker to gain access to the device.
In this section, we will discuss how we can leverage...