Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition
  • Toc
  • feedback
Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition

Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition

By : Cameron Buchanan, Vivek Ramachandran
4.5 (44)
close
Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition

Kali Linux: Wireless Penetration Testing Beginner's Guide, Second Edition

4.5 (44)
By: Cameron Buchanan, Vivek Ramachandran

Overview of this book

If you are a security professional, pentester, or anyone interested in getting to grips with wireless penetration testing, this is the book for you. Some familiarity with Kali Linux and wireless concepts is beneficial.
Table of Contents (13 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Wireless Lab Setup
chevron up
1. Wireless Lab Setup
Hardware requirements
Software requirements
Installing Kali
Time for action – installing Kali
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Summary
2
2. WLAN and its Inherent Insecurities
2. WLAN and its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing management, control, and data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your adapter
The role of regulatory domains in wireless
Time for action – experimenting with your adapter
Summary
3
3. Bypassing WLAN Authentication
3. Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication
Summary
4
4. WLAN Encryption Flaws
4. WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrases
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Summary
5
5. Attacks on the WLAN Infrastructure
5. Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – deauthentication DoS attacks
Evil twin and access point MAC spoofing
Time for action – evil twins and MAC spoofing
A rogue access point
Time for action – cracking WEP
Summary
6
6. Attacking the Client
6. Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
The Caffe Latte attack
Time for action – conducting a Caffe Latte attack
Deauthentication and disassociation attacks
Time for action – deauthenticating the client
The Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
7
7. Advanced WLAN Attacks
7. Advanced WLAN Attacks
A man-in-the-middle attack
Time for action – man-in-the-middle attack
Wireless Eavesdropping using MITM
Time for action – Wireless Eavesdropping
Session hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – deauthentication attacks on the client
Summary
8
8. Attacking WPA-Enterprise and RADIUS
8. Attacking WPA-Enterprise and RADIUS
Setting up FreeRADIUS-WPE
Time for action – setting up the AP with FreeRADIUS-WPE
Attacking PEAP
Time for action – cracking PEAP
EAP-TTLS
Security best practices for Enterprises
Summary
9
9. WLAN Penetration Testing Methodology
9. WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Attack
Reporting
Summary
10
10. WPS and Probes
10. WPS and Probes
WPS attacks
Time for action – WPS attack
Probe sniffing
Time for action – collecting data
Summary
11
A. Pop Quiz Answers
Chapter 1, Wireless Lab Setup
Chapter 2, WLAN and its Inherent Insecurities
Chapter 3, Bypassing WLAN Authentication
Chapter 4, WLAN Encryption Flaws
Chapter 5, Attacks on the WLAN Infrastructure
Chapter 6, Attacking the Client
Chapter 7, Advanced WLAN Attacks
Chapter 8, Attacking WPA-Enterprise and RADIUS
12
Index
Index

Time for action – configuring the access point

Let's begin! We will set the access point up to use Open Authentication with an SSID of Wireless Lab.

Follow these instructions step by step:

  1. Power on the access point and use an Ethernet cable to connect your laptop to one of the access point's Ethernet ports.
  2. Enter the IP address of the access point configuration terminal in your browser. For the TP-Link, it is by default 192.168.1.1. You should consult your access point's setup guide to find its IP address. If you do not have the manuals for the access point, you can also find the IP address by running the route –n command. The gateway IP address is typically the access point's IP. Once you are connected, you should see a configuration portal that looks like this:
    Time for action – configuring the access point
  3. Explore the various settings in the portal after logging in and find the settings related to configuring a new SSID.
  4. Change the SSID to Wireless Lab. Depending on the access point, you may have to reboot it for the settings to change:
    Time for action – configuring the access point
  5. Similarly, find the settings related to Wireless Security and change the setting to Disable Security. Disable Security indicates that it is using Open Authentication mode.
  6. Save the changes to the access point and reboot it if required. Now your access point should be up-and-running with an SSID Wireless Lab.

An easy way to verify this is to use the Wireless Configuration utility on Windows and observe the available networks using the Windows laptop. You should find Wireless Lab as one of the networks in the listing:

Time for action – configuring the access point

What just happened?

We have successfully setup our access point with an SSID Wireless Lab. It is broadcasting its presence and this is being picked up by our Windows laptop and others within the Radio Frequency (RF) range of the access point.

It is important to note that we configured our access point in Open mode, which is the least secure. It is advisable not to connect this access point to the Internet for the time being, as anyone within the RF range will be able to use it to access the Internet.

Have a go hero – configuring the access point to use WEP and WPA

Play around with the configuration options of your access point. Try to get it up-and-running using encryption schemes such as WEP and WPA/WPA2. We will use these modes in later chapters to illustrate attacks against them.

End of Section 7
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete