BackTrack 5 Wireless Penetration Testing Beginner’s Guide


BackTrack 5 Wireless Penetration Testing Beginner’s Guide
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
$25.50
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
$75.49
save 6%!
Packt
Anytime, Anywhere
Unlimited eBook downloads and up to 50% off the print version!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Reviews
Support
Sample Chapters
  • Learn Wireless Penetration Testing with the most recent version of Backtrack
  • The first and only book that covers wireless testing with BackTrack
  • Concepts explained with step-by-step practical sessions and rich illustrations
  • Written by Vivek Ramachandran ¬– world renowned security research and evangelist, and discoverer of the wireless “Caffe Latte Attack”

Book Details

Language : English
Paperback : 220 pages [ 235mm x 191mm ]
Release Date : September 2011
ISBN : 1849515581
ISBN 13 : 9781849515580
Author(s) : Vivek Ramachandran
Topics and Technologies : All Books, Networking and Servers, Security and Testing, Beginner's Guides, Open Source

Table of Contents

Preface
Chapter 1: Wireless Lab Setup
Chapter 2: WLAN and Its Inherent Insecurities
Chapter 3: Bypassing WLAN Authentication
Chapter 4: WLAN Encryption Flaws
Chapter 5: Attacks on the WLAN Infrastructure
Chapter 6: Attacking the Client
Chapter 7: Advanced WLAN Attacks
Chapter 8: Attacking WPA-Enterprise and RADIUS
Chapter 9: WLAN Penetration Testing Methodology
Appendix A: Conclusion and Road Ahead
Appendix B: Pop Quiz Answers
Index
  • Chapter 1: Wireless Lab Setup
    • Hardware requirements
    • Software requirements
    • Installing BackTrack
    • Time for action – installing BackTrack
    • Setting up the access point
    • Time for action – configuring the access point
    • Setting up the wireless card
    • Time for action – configuring your wireless card
    • Connecting to the access point
    • Time for action – configuring your wireless card
    • Summary
    • Chapter 2: WLAN and Its Inherent Insecurities
      • Revisiting WLAN frames
      • Time for action – creating a monitor mode interface
      • Time for action – sniffing wireless packets
      • Time for action – viewing Management, Control, and Data frames
      • Time for action – sniffing data packets for our network
      • Time for action – packet injection
      • Important note on WLAN sniffing and injection
      • Time for action – experimenting with your Alfa card
      • Role of regulatory domains in wireless
      • Time for action – experimenting with your Alfa card
      • Summary
      • Chapter 3: Bypassing WLAN Authentication
        • Hidden SSIDs
        • Time for action – uncovering hidden SSIDs
        • MAC filters
        • Time for action – beating MAC filters
        • Open Authentication
        • Time for action – bypassing Open Authentication
        • Shared Key Authentication
        • Time for action – bypassing Shared Authentication
        • Summary
        • Chapter 4: WLAN Encryption Flaws
          • WLAN encryption
          • WEP encryption
          • Time for action – cracking WEP
          • WPA/WPA2
          • Time for action – cracking WPA-PSK weak passphrase
          • Speeding up WPA/WPA2 PSK cracking
          • Time for action – speeding up the cracking process
          • Decrypting WEP and WPA packets
          • Time for action – decrypting WEP and WPA packets
          • Connecting to WEP and WPA networks
          • Time for action – connecting to a WEP network
          • Time for action – connecting to a WPA network
          • Summary
          • Chapter 5: Attacks on the WLAN Infrastructure
            • Default accounts and credentials on the access point
            • Time for action – cracking default accounts on the access points
            • Denial of service attacks
            • Time for action – De-Authentication DoS attack
            • Evil twin and access point MAC spoofing
            • Time for action – evil twin with MAC spoofing
            • Rogue access point
            • Time for action – Rogue access point
            • Summary
            • Chapter 6: Attacking the Client
              • Honeypot and Mis-Association attacks
              • Time for action – orchestrating a Mis-Association attack
              • Caffe Latte attack
              • Time for action – conducting the Caffe Latte attack
              • De-Authentication and Dis-Association attacks
              • Time for action – De-Authenticating the client
              • Hirte attack
              • Time for action – cracking WEP with the Hirte attack
              • AP-less WPA-Personal cracking
              • Time for action – AP-less WPA cracking
              • Summary
              • Chapter 7: Advanced WLAN Attacks
                • Man-in-the-Middle attack
                • Time for action – Man-in-the-Middle attack
                • Wireless Eavesdropping using MITM
                • Time for action – wireless eavesdropping
                • Session Hijacking over wireless
                • Time for action – session hijacking over wireless
                • Finding security configurations on the client
                • Time for action – enumerating wireless security profiles
                • Summary
                • Chapter 8: Attacking WPA-Enterprise and RADIUS
                  • Setting up FreeRadius-WPE
                  • Time for action – setting up the AP with FreeRadius-WPE
                  • Attacking PEAP
                  • Time for action – cracking PEAP
                  • Attacking EAP-TTLS
                  • Time for action – cracking EAP-TTLS
                  • Security best practices for Enterprises
                  • Summary
                  • Chapter 9: WLAN Penetration Testing Methodology
                    • Wireless penetration testing
                      • Planning
                      • Discovery
                    • Time for action – discovering wireless devices
                      • Attack
                        • Finding rogue access points
                        • Finding unauthorized clients
                        • Cracking the encryption
                        • Compromising clients
                      • Reporting
                    • Summary
                      • Appendix B: Pop Quiz Answers
                        • Chapter 1, Wireless Lab Setup
                        • Chapter 2, WLAN and its Inherent Insecurities
                        • Chapter 3, Bypassing WLAN Authentication
                        • Chapter 4, WLAN Encryption Flaws
                        • Chapter 5, Attacks on the WLAN Infrastructure
                        • Chapter 6, Attacking the Client
                        • Chapter 7, Advanced WLAN Attacks
                        • Chapter 8, Attacking WPA Enterprise and RADIUS
                        • Chapter 9, Wireless Penetrating Testing Methodology

                        Vivek Ramachandran

                        Vivek Ramachandran is a world renowned security researcher and evangelist. He is the discoverer of the wireless “Caffe Latte Attack” and has delivered presentations in world renowned Information Security conferences such as Defcon and Toorcon in the US. His discoveries and talks have been widely quoted by the International media including - BBC Online, Network World, The Register, Mac World, Computer Online and others. In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. In 2005, he was awarded a team achievement award by Cisco Systems for his work in the 802.1x and Port Security modules. He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal which gets an estimated 100,000 monthly visitors. Vivek is also an accomplished trainer and travels around the world conducting workshops and training sessions for corporates and students. He holds a degree in B.Tech from IIT Guwahati and acts as an advisor to the computer science department’s Security Lab.

                        Submit Errata

                        Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


                        Errata

                        - 3 submitted: last submission 11 Feb 2013

                        Errata type: Typo | Page number: 62

                        "As you saw, it was not trivial to break Open Authentication and connect to the access point." this should be "As you saw, it was trivial to break...".

                         

                        Errata type: Typo | Page number: 57

                        "We will know look at how easy it is to bypass MAC filters." This should read "We will now look...".

                         

                        Errata type: Typo | Page number: 2

                        In the Chapter 2 description,
                        "Most importantly, we will see how client and access point communication works at the packer level by analyzing Management, Control and Data frames. We will then learn about packet injection and packer sniffing in wireless networks, and look at some tools which enable us to do the same"
                        This should read
                        "Most importantly, we will see how client and access point communication works at the packet level by analyzing Management, Control and Data frames. We will then learn about packet injection and packet sniffing...".

                         

                        Sample chapters

                        You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

                        Frequently bought together

                        BackTrack 5 Wireless Penetration Testing Beginner’s Guide +    Cisco Unified Communications Manager 8: Expert Administration Cookbook =
                        50% Off
                        the second eBook
                        Price for both: $48.15

                        Buy both these recommended eBooks together and get 50% off the cheapest eBook.

                        What you will learn from this book

                        • Create a Wireless Lab for conducting experiments
                        • Monitor the air and sniff wireless packets
                        • Bypass WLAN authentication mechanism
                        • Crack WEP/WPA/WPA2 encryption mechanisms
                        • Break into a WLAN network using infrastructure flaws
                        • Break into a Wireless client such as a laptop
                        • Advanced attacks such as Man-in-the-Middle attacks and Evading WIPS
                        • Conduct wireless penetration test in a methodical way

                        In Detail

                        Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes.

                        Backtrack 5 Wireless Penetration Testing Beginner’s Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.

                        This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.

                        There are many interesting and new things that you will learn in this book – War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.

                        If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.

                        Hands-on practical guide with a step-by-step approach to help you get started immediately with Wireless Penetration Testing

                        Approach

                        Written in Packt’s Beginner’s Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along.

                        Who this book is for

                        If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

                        Code Download and Errata
                        Packt Anytime, Anywhere
                        Register Books
                        Print Upgrades
                        eBook Downloads
                        Video Support
                        Contact Us
                        Awards Voting Nominations Previous Winners
                        Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
                        Resources
                        Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software