Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux Wireless Penetration Testing Beginner???s Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kali Linux Wireless Penetration Testing Beginner???s Guide

Kali Linux Wireless Penetration Testing Beginner???s Guide

By : Dieterle, Cameron Buchanan, Vivek Ramachandran
4.6 (12)
Buy this Book
close
close
Kali Linux Wireless Penetration Testing Beginner???s Guide

Kali Linux Wireless Penetration Testing Beginner???s Guide

4.6 (12)
By: Dieterle, Cameron Buchanan, Vivek Ramachandran
Buy this Book

Overview of this book

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Time for action – heading
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Free Chapter
1
1. Wireless Lab Setup
chevron up
Icon
1. Wireless Lab Setup
Icon
Hardware requirements
Icon
Software requirements
Icon
Installing Kali
Icon
Time for action – installing Kali
Icon
Setting up the access point
Icon
Time for action – configuring the access point
Icon
Setting up the wireless card
Icon
Time for action – configuring your wireless card
Icon
Connecting to the access point
Icon
Time for action – configuring your wireless card
Icon
Summary
2
2. WLAN and Its Inherent Insecurities
Icon
2. WLAN and Its Inherent Insecurities
Icon
Revisiting WLAN frames
Icon
Time for action – creating a monitor mode interface
Icon
Time for action – sniffing wireless packets
Icon
Time for action – viewing management, control, and data frames
Icon
Time for action – sniffing data packets for our network
Icon
Time for action – packet injection
Icon
Important note on WLAN sniffing and injection
Icon
Time for action – experimenting with your adapter
Icon
Summary
3
3. Bypassing WLAN Authentication
Icon
3. Bypassing WLAN Authentication
Icon
Hidden SSIDs
Icon
Time for action – uncovering hidden SSIDs
Icon
MAC filters
Icon
Time for action – beating MAC filters
Icon
Open Authentication
Icon
Time for action – bypassing Open Authentication
Icon
Shared Key Authentication
Icon
Time for action – bypassing shared authentication
Icon
Summary
4
4. WLAN Encryption Flaws
Icon
4. WLAN Encryption Flaws
Icon
WLAN encryption
Icon
WEP encryption
Icon
Time for action – cracking WEP
Icon
WPA/WPA2
Icon
Time for action – cracking WPA-PSK weak passphrase
Icon
Speeding up WPA/WPA2 PSK cracking
Icon
Time for action – speeding up the cracking process
Icon
Decrypting WEP and WPA packets
Icon
Time for action – decrypting WEP and WPA packets
Icon
Connecting to WEP and WPA networks
Icon
Time for action – connecting to a WEP network
Icon
Time for action – connecting to a WPA network
Icon
Summary
5
5. Attacks on the WLAN Infrastructure
Icon
5. Attacks on the WLAN Infrastructure
Icon
Default accounts and credentials on the access point
Icon
Time for action – cracking default accounts on the access points
Icon
Denial of service attacks
Icon
Time for action – deauthentication DoS attack
Icon
Evil twin and access point MAC spoofing
Icon
Time for action – evil twin with MAC spoofing
Icon
A rogue access point
Icon
Time for action – Setting up a rogue access point
Icon
Summary
6
6. Attacking the Client
Icon
6. Attacking the Client
Icon
Honeypot and Misassociation attacks
Icon
Time for action – orchestrating a Misassociation attack
Icon
The Caffe Latte attack
Icon
Time for action – conducting the Caffe Latte attack
Icon
Deauthentication and disassociation attacks
Icon
Time for action – deauthenticating the client
Icon
The Hirte attack
Icon
Time for action – cracking WEP with the Hirte attack
Icon
AP-less WPA-Personal cracking
Icon
Time for action – AP-less WPA cracking
Icon
Summary
7
7. Advanced WLAN Attacks
Icon
7. Advanced WLAN Attacks
Icon
A Man-in-the-Middle attack
Icon
Time for action – Man-in-the-Middle attack
Icon
Wireless eavesdropping using MITM
Icon
Time for action – wireless eavesdropping
Icon
Session hijacking over wireless
Icon
Time for action – session hijacking over wireless
Icon
Finding security configurations on the client
Icon
Time for action – deauthentication attack on the client
Icon
Summary
8
8. KRACK Attacks
Icon
8. KRACK Attacks
Icon
KRACK attack overview
Icon
The four-way handshake KRACK attack
Icon
Time for action – getting KRACKing
Icon
Summary
9
9. Attacking WPA-Enterprise and RADIUS
Icon
9. Attacking WPA-Enterprise and RADIUS
Icon
Setting up FreeRADIUS-WPE
Icon
Time for action – setting up the AP with FreeRADIUS-WPE
Icon
Attacking PEAP
Icon
Time for action – cracking PEAP
Icon
EAP-TTLS
Icon
Security best practices for enterprises
Icon
Summary
10
10. WLAN Penetration Testing Methodology
Icon
10. WLAN Penetration Testing Methodology
Icon
Wireless penetration testing
Icon
Planning
Icon
Discovery
Icon
Attack
Icon
Reporting
Icon
Summary
11
11. WPS and Probes
Icon
11. WPS and Probes
Icon
WPS attacks
Icon
Time for action – WPS attack
Icon
Probe sniffing
Icon
Time for action – collecting data
Icon
Summary
12
A. Pop Quiz Answers
Icon
Chapter 1, Wireless Lab Setup
Icon
Chapter 2, WLAN and Its Inherent Insecurities
Icon
Chapter 3, Bypassing WLAN Authentication
Icon
Chapter 4, WLAN Encryption Flaws
Icon
Chapter 5, Attacks on the WLAN Infrastructure
Icon
Chapter 6, Attacking the Client
Icon
Chapter 7, Advanced WLAN Attacks
Icon
Chapter 9, Attacking WPA-Enterprise and RADIUS
13
Index
Icon
Index

Time for action – configuring the access point

Let's begin! We will set the access point up to use Open Authentication (OAuth) with an SSID of Wireless Lab.

Follow these instructions step by step:

  1. Power on the access point, and use an Ethernet cable to connect your laptop to one of the access point's Ethernet ports.
  2. Enter the IP address of the access point configuration terminal in your browser. For TP-Link, it is by default 192.168.1.1. You should consult your access point's setup guide to find its IP address. If you do not have the manuals for the access point, you can also find the IP address by running the route –n command. The gateway IP address is typically the access point's IP. Once you are connected, you should see a configuration portal that looks like the following TP-LINK Wireless N Router WR841N emblazoned screenshot:
    Time for action – configuring the access point
  3. Explore the various settings in the portal after logging in, and find the settings related to configuring a new SSID.
  4. Change the SSID to Wireless Lab. Depending on the access point, you may have to reboot it for the settings to change.
  5. Similarly, find the settings related to Wireless Security and change the setting to Disable Security. Disable Security indicates that it is using the Open Authentication mode.
    Time for action – configuring the access point
  6. Save the changes to the access point and reboot it, if required. Now your access point should be up-and-running with an SSID, Wireless Lab.

An easy way to verify this is to use the wireless configuration utility in Windows and observe the available networks using the Windows laptop. You should find Wireless Lab as one of the networks in the listing:

Time for action – configuring the access point

What just happened?

We have successfully set up our access point with an SSID, Wireless Lab. It is broadcasting its presence, and this is being picked up by our Windows laptop and others within the Radio Frequency (RF) range of the access point.

Important to note is that we configured our access point in the Open mode, which is the least secure. It is advisable not to connect this access point to the internet for the time being, as anyone within the RF range will be able to use it to access the internet.

Have a go hero – configuring the access point to use WEP and WPA

Play around with the configuration options of your access point. Try to get it up-and-running using encryption schemes such as WEP and WPA/WPA2. We will use these modes in later chapters to illustrate attacks against them.

End of Section 7
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY