In this lab, you will perform three different activities. The first lab will be about wireless security, the second lab will be about IoT devices, and the third lab will be about mobile applications.

Assume that a security tester captured the wireless WPA traffic in a penetration testing project by using the Aircrack-ng tool. In this lab, you will use the same tool to crack the encrypted WPA passphrase inside the captured traffic file (These passphrases are used to join the wireless network; a routine for many of us)

1) Log in to Kali Linux on the Netlab environment.

2) Open a terminal window by clicking the terminal icon on the taskbar.

3) Type ls -l and see that there is a capture file named wpa.cap.

This is the file brought by your colleague; now you will try to crack the WPA passphrase. You will use the aircrack-ng tool to perform cracking. You will also need a dictionary file. Your colleague recommended you to use the rockforyou.txt.gz file as the dictionary. The file is stored under /usr/share/wordlists. First of all, you need to extract the dictionary file from the archive.

5) Type aircrack-ng -w /usr/share/wordlists/rockyou.txt wpa.cap in the terminal window to crack the passphrase

Take a screenshot of the terminal window showing the cracked WPA passphrase.

Section-2: Finding Specific IoT Devices at a Specific Location

In this lab, you will perform one of the most popular searches that have been performed on Shodan. Shodan indexes many different kinds of IoT devices and industrial control systems (also known as SCADA systems). There are many IP cameras indexed by Shodan. You will perform a quick search for IP cameras.

Use your computer to complete this lab.

Mobile applications developed for Android are files with APK extension. You don't see these files as you open Play Store app from your mobile phone and install the applications. It is straightforward to obtain APK files, though. For example, you can download a Chrome extension named " APK Downloader for Google Play Store" and download the setup file of any mobile application to your computer. Mobile app security is just another essential domain of cybersecurity. Many security researchers and application security engineers discover vulnerabilities by analyzing APK files, such as hardcoded credentials, flaws in the authentication mechanism, accessing source code files, allowing code tampering, etc.

In this lab, you will perform reverse-engineering on an intentionally vulnerable APK file and access the source code. You will complete this lab in Kali VM installed on your computer.

1) Open Kali VM hosted on your computer

2) Before starting reverse-engineering, you need to install the tools used in reverse engineering

3) Open a terminal window on Kali

4) Install dex2jar by typing sudo apt-get install dex2jar

5) Type root password as kali

dex2jar converts an APK file to a JAR file to allow the file to be decompiled.

Weekly Learning and Reflection 

In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.