Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Kali Linux Wireless Penetration Testing Beginner???s Guide
  • Table Of Contents Toc
  • Feedback & Rating feedback
Kali Linux Wireless Penetration Testing Beginner???s Guide

Kali Linux Wireless Penetration Testing Beginner???s Guide

By : Dieterle, Cameron Buchanan, Vivek Ramachandran
4.6 (12)
Buy this Book
close
close
Kali Linux Wireless Penetration Testing Beginner???s Guide

Kali Linux Wireless Penetration Testing Beginner???s Guide

4.6 (12)
By: Dieterle, Cameron Buchanan, Vivek Ramachandran
Buy this Book

Overview of this book

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.
Table of Contents (14 chapters)
close
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Time for action – heading
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Wireless Lab Setup
1. Wireless Lab Setup
Hardware requirements
Software requirements
Installing Kali
Time for action – installing Kali
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Summary
2
2. WLAN and Its Inherent Insecurities
2. WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing management, control, and data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your adapter
Summary
3
3. Bypassing WLAN Authentication
3. Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing shared authentication
Summary
4
4. WLAN Encryption Flaws
chevron up
4. WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Summary
5
5. Attacks on the WLAN Infrastructure
5. Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – deauthentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
A rogue access point
Time for action – Setting up a rogue access point
Summary
6
6. Attacking the Client
6. Attacking the Client
Honeypot and Misassociation attacks
Time for action – orchestrating a Misassociation attack
The Caffe Latte attack
Time for action – conducting the Caffe Latte attack
Deauthentication and disassociation attacks
Time for action – deauthenticating the client
The Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
7
7. Advanced WLAN Attacks
7. Advanced WLAN Attacks
A Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless eavesdropping using MITM
Time for action – wireless eavesdropping
Session hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – deauthentication attack on the client
Summary
8
8. KRACK Attacks
8. KRACK Attacks
KRACK attack overview
The four-way handshake KRACK attack
Time for action – getting KRACKing
Summary
9
9. Attacking WPA-Enterprise and RADIUS
9. Attacking WPA-Enterprise and RADIUS
Setting up FreeRADIUS-WPE
Time for action – setting up the AP with FreeRADIUS-WPE
Attacking PEAP
Time for action – cracking PEAP
EAP-TTLS
Security best practices for enterprises
Summary
10
10. WLAN Penetration Testing Methodology
10. WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Attack
Reporting
Summary
11
11. WPS and Probes
11. WPS and Probes
WPS attacks
Time for action – WPS attack
Probe sniffing
Time for action – collecting data
Summary
12
A. Pop Quiz Answers
Chapter 1, Wireless Lab Setup
Chapter 2, WLAN and Its Inherent Insecurities
Chapter 3, Bypassing WLAN Authentication
Chapter 4, WLAN Encryption Flaws
Chapter 5, Attacks on the WLAN Infrastructure
Chapter 6, Attacking the Client
Chapter 7, Advanced WLAN Attacks
Chapter 9, Attacking WPA-Enterprise and RADIUS
13
Index
Index

Time for action – cracking WPA-PSK weak passphrase

Follow the given instructions to get started:

  1. Let's first connect to our access point Wireless Lab and set the access point to use WPA-PSK. We will set the WPA-PSK passphrase to abcdefgh so that it is vulnerable to a dictionary attack:

  2. We start airodump-ng with the following command so that it starts capturing and storing all packets for our network:

    airodump-ng --bssid 00:21:91:D2:8E:25 --channel 11 --write WPACrackingDemo wlan0mon

    The following screenshot shows the output:

  3. Now, we can wait for a new client to connect to the access point so that we can capture the four-way WPA handshake, or we can send a broadcast deauthentication packet to force clients to reconnect. We do the latter to speed things up. The same thing can happen again with the unknown channel error. Again, use --ignore-negative-one. This can also require more than one attempt:

  4. As soon as we capture a WPA handshake, the airodump-ng tool will indicate it in the top-right corner...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 11
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY