Microsoft Introduces a New Feature and hackers Exploit it . Well that has become the trend of information security industry . In this post HackingLoops brings you The HOSTED AP Feature of Microsoft Windows (Windows 7 and above) and how a Hacker can Exploit it once gains access to any of the Network computers .
Microsoft , with Windows 7 , introduces a new feature known as the wireless hosted network, available on all systems with an installed wireless LAN card .With the hosted network feature, using a single WiFi adapter on a Windows 7 machine, a software-based access point (AP) can be created by visualizing .
What is Hosted AP ?
The hosted network feature is simple : Allows to have a software Access Point on a windows Machine with a hardware WiFi adapter . With the hosted AP feature , windows machine using a single Wi-Fi adapter on a Windows 7 machine, a software-based access point (AP) can be created . This software AP is created by virtualizing the physical adapter. This makes it possible to host multiple interfaces of WiFi on the same physical adapter. The hosted network works with all wireless cards that are Windows 7 ready, with no extra installation.
Tutorial : Set up a Soft Access point in Windows machine
Commands to set up HOSTED AP :
- netsh wlan set hosted network mode = allow ssid = Network_Name key = PASSPHRASE
- netsh wlan start hosted network
#Basically what this simple command does is that it helps the windows to multiplex between AP and Client Mode with the same Wifi card .
Hackers View :
Lets say that the attacker to the windows machine , through a Trojan or my personal favorite Metasploit , if has a Shell Access to the exploited system (command prompt access) then can run these commands and activate the Software access points on the exploited system .
Consider a Scenario where the attacker exploits a system in the Organization Network , now if the attacker activates the Hosted AP in this machine , there is no need to create a backdoor in the operating system . This Hosted AP will itself act as a backdoor . Now the attacker can create this Hosted AP as a Fake or Twin Access point within the organization premises and each legitimate client when connects to this Rouge AP will be in reach of the Attacker or Hacker at the network Level (this is called network level connectivity) . Once the Attacker gets the network level connectivity with Legitimate Clients of an Organization he can do lots and lots of Network attacks on these clients e.g : ssl strip attack , Man in the Middle attack , DNS poisioning attack and what not .
Hence the whole secure network of the organization is no longer secure and completely open to attacks .