Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Kali Linux Wireless Penetration Testing Essentials
Kali Linux Wireless Penetration Testing Essentials

Kali Linux Wireless Penetration Testing Essentials: Plan and execute penetration tests on wireless networks with the Kali Linux distribution

€22.99 €15.99
Book Jul 2015 164 pages 1st Edition
eBook
€22.99 €15.99
Print
€28.99
Subscription
€14.99 Monthly
eBook
€22.99 €15.99
Print
€28.99
Subscription
€14.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jul 30, 2015
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785280856
Category :
Security
Concepts :
Penetration Testing
Tools :
Kali Linux (Intermediate)
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Wireless Penetration Testing Essentials

Chapter 1. Introduction to Wireless Penetration Testing

In this chapter, we are going to cover the key concepts of the penetration testing process, with particular reference to wireless penetration testing.

Penetration testing is the process of simulating attacks against a system or a network to point out its misconfigurations, weaknesses, or security vulnerabilities and their relative exploits that could be used by real attackers to gain access to the system or network.

The process of identifying and evaluating vulnerabilities is called vulnerability assessment and it is sometimes used as a synonym for penetration testing, but they are actually distinct processes; indeed, penetration testing generally includes vulnerability assessment and also the successive attack phase to practically exploit the vulnerabilities that are found. In some cases, depending on the scope of the penetration test, a full vulnerability assessment is not required as the penetration test may only focus on specific vulnerabilities to attack.

A penetration test can be external or internal. An external penetration test (sometimes also referred as a black box penetration test) tries to simulate a real external attack, with no prior information about the target systems and networks being given to penetration testers, while an internal penetration test (also referred as white box) is performed by penetration testers who are given access as insiders and try to exploit the network vulnerabilities to increase their privileges and do things they are not authorized to do, for example, launching man-in-the-middle attacks, as we will see in Chapter 7, Wireless Client Attacks.

In this book, we are mainly going to focus on external penetration testing.

Phases of penetration testing

The process of penetration testing can be divided into four main phases or stages, which are as follows:

  • Planning

  • Discovery

  • Attack

  • Reporting

A useful guideline for the penetration testing process and methodology that describes these phases in detail is the NIST CSRC SP800-115 Technical Guide to Information Security Testing and Assessment (see the reference section 1.1 of the appendix) at http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf.

A scheme of the four phases penetration testing methodology is represented in the following diagram, taken from the preceding publication that was just referenced:

We are now going to explore each of the four phases.

The planning phase

The planning phase is a crucial part of penetration testing, though it is not always given the importance that it should have. In this phase, we define the scope and the so-called rules of engagement of a penetration test, as a result of an agreement between the penetration testers and the client that will be formalized in a contract between the two parties. It must be clear that a penetration tester should never operate without a contract or outside the scope and the rules of engagement established in the contract, because otherwise he/she could stumble into serious legal troubles. The scope is about which networks to test and the goals and objectives the client wants to achieve with the penetration test.

In this, we need to consider, for example, the area to scan for wireless networks, the coverage range of the signal of the networks to test, and their size in terms of the number of clients that will supposedly be connected. We also define the objectives of the test, such as specific vulnerabilities that should be assessed and their priorities; whether rogue and hidden access points should be enumerated and whether wireless attacks against clients should be conducted.

The rules of engagement include, among others, the estimated timeline and the days and times when to perform the test, the legal authorization from the client, the format of the report to produce, payment terms, and a nondisclosure agreement clause, according to which the results of the test are kept confidential by the testers.

Note

Worksheets for defining the scope and rules of engagement are available at the links provided with references 1.4 and 1.5 in the appendix (registration to the SANS Institute website is required).

Once the scope and rules of engagement are established, the penetration testing team defines the resources and the tools to employ for test execution.

The discovery phase

In the discovery phase, we collect as much information as possible about the networks that are in the scope of the penetration test. This phase is also called the information gathering phase and it is very important because it precisely defines the targets of our test and allows to collect detailed information about them and to expose their potential vulnerabilities.

In particular, for our scope, we would collect information such as:

  • Hidden networks and rogue access points

  • Clients connected to the networks

  • The type of authentication used by the networks; we would like to find out networks, which are open or use WEP, and therefore, are vulnerable

  • The area outside of the organization's perimeter reachable by wireless signals

The discovery phase could be realized through two main types of wireless network scanning, active and passive. Active scanning implies sending out probe request packets to identify visible access points, while passive scanning means capturing and analyzing all wireless traffic and also allowing to uncover hidden access points.

We will see more about wireless scanning and how to use the wireless scanners included in Kali Linux, such as airmon, airodump, and Kismet, to carry out the discovery phase of wireless penetration testing in Chapter 3, WLAN Reconnaissance.

The attack phase

The attack phase is the most practical part of the penetration testing process, where we try to exploit the vulnerabilities identified in the discovery phase to gain access to the target networks.

This is called the exploitation subphase and in our case could involve attempting to crack authentication keys to connect to the network, setting up rogue and honeypot access points and directly attacking clients to recover the keys. The next stage (if required in the contract) is referred to as post-exploitation and involves attacking the network and the infrastructure after we have gained access to it, for example, taking control of the access points and performing man-in-the-middle attacks against the clients.

It is worth repeating that we should never conduct attacks that are not explicitly required in the contract. Moreover, the attack phase should be performed according to the terms and modalities established with the client, defined in the rules of engagement. For example, if the targets are production systems or networks, we could agree with the client to conduct such attacks outside the working hours, as wireless connectivity and the services provided may be disrupted.

We will cover the attack phase from Chapter 4, WEP Cracking to Chapter 7, Wireless Client Attacks.

The reporting phase

Reporting is the final phase of penetration testing. The previous phases are very important because they are where we plan and execute the test but it is still important to communicate its results and findings in an effective manner to the client. The report is useful as a reference point for defining countermeasures and mitigation activities to address the identified vulnerabilities. It is usually formed by two major sections, the executive summary and the technical report.

The executive summary

The executive summary is a high-level summary of the objectives, methods and findings of the test and it is mainly intended for the non-technical management. Thus, the summary should be written in a clear language and using an understandable terminology, avoiding too many technical terms and expressions.

The executive summary should include:

  • A description of the objectives of the test

  • An overview and description of the issues found

  • A definition of the security risk profile of the client organization

  • A plan for the remediation of the vulnerabilities found and to mitigate the risk

  • Recommendations to improve the organization's security posture

The technical report

The technical report includes an in-depth description of the penetration test and detailed information about the findings of the discovery and attack phases, as well as an assessment of the risk that the identified vulnerabilities entail for the client and a plan for risk mitigation. Thus, the technical report covers the same as the executive summary but from a technical point of view and it is addressed mainly to IT executives that should then apply the remediation activities provided in the report.

We will cover the reporting phase in Chapter 8, Reporting and Conclusions.

Summary

In this chapter, we introduced wireless penetration testing and provided a brief description of the four main phases in which it is divided: planning, discovery, attack, and reporting.

In the next chapter, we will see how to install Kali Linux on your computer and we will examine the requisites that your wireless adapter must meet to get started with wireless penetration testing.

Left arrow icon

Page 1 of 3

Right arrow icon

Key benefits

What you will learn

Explore the penetration testing methodology and its various phases Install Kali Linux on your laptop and configure the wireless adapter Scan and enumerate wireless LANs and point out their vulnerabilities Understand the WEP security protocol and the techniques to crack the authentication keys and break it Become proficient with the WPA/WPA2 protocol and use Kali Linux tools to attack it Attack the access points and take control of the wireless network Launch advanced attacks against clients Produce stunning and effective reports

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jul 30, 2015
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785280856
Category :
Security
Concepts :
Penetration Testing
Tools :
Kali Linux (Intermediate)

Table of Contents

17 Chapters
Kali Linux Wireless Penetration Testing Essentials Chevron down icon Chevron up icon
Kali Linux Wireless Penetration Testing Essentials
Credits Chevron down icon Chevron up icon
Credits
Disclaimer Chevron down icon Chevron up icon
Disclaimer
About the Author Chevron down icon Chevron up icon
About the Author
About the Reviewers Chevron down icon Chevron up icon
About the Reviewers
www.PacktPub.com Chevron down icon Chevron up icon
www.PacktPub.com
Preface Chevron down icon Chevron up icon
Preface
Introduction to Wireless Penetration Testing Chevron down icon Chevron up icon
Introduction to Wireless Penetration Testing
Phases of penetration testing
Summary
Setting Up Your Machine with Kali Linux Chevron down icon Chevron up icon
Setting Up Your Machine with Kali Linux
Introduction to the Kali Linux distribution
Installing Kali Linux
Wireless adapter setup and configuration
Summary
WLAN Reconnaissance Chevron down icon Chevron up icon
WLAN Reconnaissance
Introduction to 802.11 standard and wireless LAN
Wireless LAN scanning
Wireless scanning with Kismet
Summary
WEP Cracking Chevron down icon Chevron up icon
WEP Cracking
An introduction to WEP
WEP cracking with Aircrack-ng
Summary
WPA/WPA2 Cracking Chevron down icon Chevron up icon
WPA/WPA2 Cracking
An introduction to WPA/WPA2
WPA cracking with the GPU
WPA cracking with automated tools
Summary
Attacking Access Points and the Infrastructure Chevron down icon Chevron up icon
Attacking Access Points and the Infrastructure
Attacks against Wi-Fi Protected Setup
Attacking WPA-Enterprise
Denial of Service attacks
Rogue access points
Attacking AP authentication credentials
Summary
Wireless Client Attacks Chevron down icon Chevron up icon
Wireless Client Attacks
Honeypot access points and Evil Twin attacks
Man-in-the-middle attacks
The Caffe Latte attack
The Hirte attack
Cracking WPA keys without the AP
Summary
Reporting and Conclusions Chevron down icon Chevron up icon
Reporting and Conclusions
The four stages of report writing
The report format
Summary
Conclusions
References Chevron down icon Chevron up icon
References
Chapter 1 – Introduction to Wireless Penetration Testing
Chapter 2 – Setting Up Your Machine with Kali Linux
Chapter 3 – WLAN Reconnaissance
Chapter 4 – WEP Cracking
Chapter 5 – WPA/WPA2 Cracking
Chapter 6 – Attacking Access Points and the Infrastructure
Chapter 7 – Wireless Client Attacks
Chapter 8 – Reporting and Conclusions
Index Chevron down icon Chevron up icon
Index

Recommendations for you

Left arrow icon
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Mar 2023 362
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
Dec 2020 550
ebook
eBook
  • ebook eBook $16.99
  • print Print $30.99
$16.99 $24.99
$30.99
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Feb 2023 618
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Aug 2023 314
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Jul 2023 350
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Jul 2023 328
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Jul 2023 572
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
Mar 2022 654
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $44.99
$27.98 $39.99
$49.99
$44.99
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
May 2023 720
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Nov 2021 340
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Sep 2022 570
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Aug 2022 816
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Sep 2021 280
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Pentesting Web Applications: Testing real time web apps [Video]
Pentesting Web Applications: Testing real time web apps [Video]
Nov 2017
video
Video
  • video Video $130.99
$130.99
Right arrow icon

Authors (3)

Left arrow icon
Profile icon Aaron C Johns
Aaron Johns currently works for Intrasect Technologies as an IT Specialist. He provides support for over 160 clients. His work roles include maintaining business networks and security policies to increase operational efficiencies and reduce costs. Aaron also publishes videos and books for Packt Publishing, one of the most prolific and fast-growing tech book publishers in the world. He has also filmed several independent videos. Aaron started broadcasting YouTube videos in 2007. In 2009, he was offered a partnership with YouTube. He has provided security awareness to over 1.2 million viewers and 6,300 subscribers. As of today, Aaron still serves as a Technology Partner for YouTube. He is also in partnership with Symantec Corporation and Check Point Software Technologies Ltd. You'll also find Aaron as a guest or interviewed as a security professional on several YouTube videos and podcasts. His qualifications and certifications include a bachelor's degree from International Business College where he majored in network administration as well as several industry certifications such as WCSP-XTM. To find out more, you can visit his website at http://www.aaronjohns.com/.
Read more
See other products by Aaron C Johns
Profile icon Justin Hutchens
Justin Hutchens currently works as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He has filled numerous different roles in the Information Technology field to include network design, system development, database administration and network security. He has previously written articles on forensic analysis and ethical hacking and has been published in both eForensics Magazine and Hakin9 Magazine. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator).
Read more
See other products by Justin Hutchens
Profile icon Marco Alamanni
Marco Alamanni has professional experience working as a Linux system administrator and Information Security analyst in banks and financial institutions. He holds a BSc in Computer Science and an MSc in Information Security. His interests in information technology include ethical hacking, digital forensics, malware analysis, Linux, and programming, among other things. He also collaborates with IT magazines to write articles about Linux and IT security. He has used Kali Linux on various occasions to conduct incident response and forensics in his professional activity, besides using it for penetration testing purposes. He is also the author of Kali Linux Wireless Penetration Testing Essentials published by Packt Publishing.  I would like to thank Packt Publishing for having offered me this exciting project and all the people I have worked with during its realization for their guide and support. A big thank goes to my family, in general, and in particular to my wife Candice and my sons, Niccol and Fabio Antonio, for their love and encouragement. This course is dedicated to the memory of a dear and special person, Maria Vitteri, that will always remain in our thoughts and in our hearts. https://it.linkedin.com/in/marco-alamanni-7b68a218 https://www.packtpub.com/networking-and-servers/kali-linux-wireless-penetration-testing-essentials https://www.amazon.com/Linux-Wireless-Penetration-Testing-Essentials/dp/1785280856/ref=sr_1_1?ie=UTF8&qid=1469531127&sr=8-1&keywords=Kali+Linux+Marco http://www.marcoalamanni.com/
Read more
See other products by Marco Alamanni
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.