Search icon Close icon
Search icon
Subscription
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Home > Security > Kali Linux Wireless Penetration Testing Essentials
Back Security
Kali Linux Wireless Penetration Testing Essentials
Kali Linux Wireless Penetration Testing Essentials

Kali Linux Wireless Penetration Testing Essentials: Plan and execute penetration tests on wireless networks with the Kali Linux distribution

€14.99 per month
Book Jul 2015 164 pages 1st Edition
eBook
€22.99 €15.99
Print
€28.99
Subscription
€14.99 Monthly
eBook
€22.99 €15.99
Print
€28.99
Subscription
€14.99 Monthly

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 30, 2015
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785280856
Category :
Security
Concepts :
Penetration Testing
Tools :
Kali Linux (Intermediate)
Estimated delivery fee Deliver to Finland

Premium 7 - 10 business days

€26.95
(Includes tracking information)
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Wireless Penetration Testing Essentials

Chapter 1. Introduction to Wireless Penetration Testing

In this chapter, we are going to cover the key concepts of the penetration testing process, with particular reference to wireless penetration testing.

Penetration testing is the process of simulating attacks against a system or a network to point out its misconfigurations, weaknesses, or security vulnerabilities and their relative exploits that could be used by real attackers to gain access to the system or network.

The process of identifying and evaluating vulnerabilities is called vulnerability assessment and it is sometimes used as a synonym for penetration testing, but they are actually distinct processes; indeed, penetration testing generally includes vulnerability assessment and also the successive attack phase to practically exploit the vulnerabilities that are found. In some cases, depending on the scope of the penetration test, a full vulnerability assessment is not required as the penetration test may only focus on specific vulnerabilities to attack.

A penetration test can be external or internal. An external penetration test (sometimes also referred as a black box penetration test) tries to simulate a real external attack, with no prior information about the target systems and networks being given to penetration testers, while an internal penetration test (also referred as white box) is performed by penetration testers who are given access as insiders and try to exploit the network vulnerabilities to increase their privileges and do things they are not authorized to do, for example, launching man-in-the-middle attacks, as we will see in Chapter 7, Wireless Client Attacks.

In this book, we are mainly going to focus on external penetration testing.

Phases of penetration testing

The process of penetration testing can be divided into four main phases or stages, which are as follows:

  • Planning

  • Discovery

  • Attack

  • Reporting

A useful guideline for the penetration testing process and methodology that describes these phases in detail is the NIST CSRC SP800-115 Technical Guide to Information Security Testing and Assessment (see the reference section 1.1 of the appendix) at http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf.

A scheme of the four phases penetration testing methodology is represented in the following diagram, taken from the preceding publication that was just referenced:

We are now going to explore each of the four phases.

The planning phase

The planning phase is a crucial part of penetration testing, though it is not always given the importance that it should have. In this phase, we define the scope and the so-called rules of engagement of a penetration test, as a result of an agreement between the penetration testers and the client that will be formalized in a contract between the two parties. It must be clear that a penetration tester should never operate without a contract or outside the scope and the rules of engagement established in the contract, because otherwise he/she could stumble into serious legal troubles. The scope is about which networks to test and the goals and objectives the client wants to achieve with the penetration test.

In this, we need to consider, for example, the area to scan for wireless networks, the coverage range of the signal of the networks to test, and their size in terms of the number of clients that will supposedly be connected. We also define the objectives of the test, such as specific vulnerabilities that should be assessed and their priorities; whether rogue and hidden access points should be enumerated and whether wireless attacks against clients should be conducted.

The rules of engagement include, among others, the estimated timeline and the days and times when to perform the test, the legal authorization from the client, the format of the report to produce, payment terms, and a nondisclosure agreement clause, according to which the results of the test are kept confidential by the testers.

Note

Worksheets for defining the scope and rules of engagement are available at the links provided with references 1.4 and 1.5 in the appendix (registration to the SANS Institute website is required).

Once the scope and rules of engagement are established, the penetration testing team defines the resources and the tools to employ for test execution.

The discovery phase

In the discovery phase, we collect as much information as possible about the networks that are in the scope of the penetration test. This phase is also called the information gathering phase and it is very important because it precisely defines the targets of our test and allows to collect detailed information about them and to expose their potential vulnerabilities.

In particular, for our scope, we would collect information such as:

  • Hidden networks and rogue access points

  • Clients connected to the networks

  • The type of authentication used by the networks; we would like to find out networks, which are open or use WEP, and therefore, are vulnerable

  • The area outside of the organization's perimeter reachable by wireless signals

The discovery phase could be realized through two main types of wireless network scanning, active and passive. Active scanning implies sending out probe request packets to identify visible access points, while passive scanning means capturing and analyzing all wireless traffic and also allowing to uncover hidden access points.

We will see more about wireless scanning and how to use the wireless scanners included in Kali Linux, such as airmon, airodump, and Kismet, to carry out the discovery phase of wireless penetration testing in Chapter 3, WLAN Reconnaissance.

The attack phase

The attack phase is the most practical part of the penetration testing process, where we try to exploit the vulnerabilities identified in the discovery phase to gain access to the target networks.

This is called the exploitation subphase and in our case could involve attempting to crack authentication keys to connect to the network, setting up rogue and honeypot access points and directly attacking clients to recover the keys. The next stage (if required in the contract) is referred to as post-exploitation and involves attacking the network and the infrastructure after we have gained access to it, for example, taking control of the access points and performing man-in-the-middle attacks against the clients.

It is worth repeating that we should never conduct attacks that are not explicitly required in the contract. Moreover, the attack phase should be performed according to the terms and modalities established with the client, defined in the rules of engagement. For example, if the targets are production systems or networks, we could agree with the client to conduct such attacks outside the working hours, as wireless connectivity and the services provided may be disrupted.

We will cover the attack phase from Chapter 4, WEP Cracking to Chapter 7, Wireless Client Attacks.

The reporting phase

Reporting is the final phase of penetration testing. The previous phases are very important because they are where we plan and execute the test but it is still important to communicate its results and findings in an effective manner to the client. The report is useful as a reference point for defining countermeasures and mitigation activities to address the identified vulnerabilities. It is usually formed by two major sections, the executive summary and the technical report.

The executive summary

The executive summary is a high-level summary of the objectives, methods and findings of the test and it is mainly intended for the non-technical management. Thus, the summary should be written in a clear language and using an understandable terminology, avoiding too many technical terms and expressions.

The executive summary should include:

  • A description of the objectives of the test

  • An overview and description of the issues found

  • A definition of the security risk profile of the client organization

  • A plan for the remediation of the vulnerabilities found and to mitigate the risk

  • Recommendations to improve the organization's security posture

The technical report

The technical report includes an in-depth description of the penetration test and detailed information about the findings of the discovery and attack phases, as well as an assessment of the risk that the identified vulnerabilities entail for the client and a plan for risk mitigation. Thus, the technical report covers the same as the executive summary but from a technical point of view and it is addressed mainly to IT executives that should then apply the remediation activities provided in the report.

We will cover the reporting phase in Chapter 8, Reporting and Conclusions.

Summary

In this chapter, we introduced wireless penetration testing and provided a brief description of the four main phases in which it is divided: planning, discovery, attack, and reporting.

In the next chapter, we will see how to install Kali Linux on your computer and we will examine the requisites that your wireless adapter must meet to get started with wireless penetration testing.

Left arrow icon

Page 1 of 3

Right arrow icon

Key benefits

What you will learn

Explore the penetration testing methodology and its various phases Install Kali Linux on your laptop and configure the wireless adapter Scan and enumerate wireless LANs and point out their vulnerabilities Understand the WEP security protocol and the techniques to crack the authentication keys and break it Become proficient with the WPA/WPA2 protocol and use Kali Linux tools to attack it Attack the access points and take control of the wireless network Launch advanced attacks against clients Produce stunning and effective reports

What do you get with a Packt Subscription?

Free for first 7 days. $15.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 30, 2015
Length 164 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781785280856
Category :
Security
Concepts :
Penetration Testing
Tools :
Kali Linux (Intermediate)
Estimated delivery fee Deliver to Finland

Premium 7 - 10 business days

€26.95
(Includes tracking information)

Table of Contents

17 Chapters
Kali Linux Wireless Penetration Testing Essentials Chevron down icon Chevron up icon
Kali Linux Wireless Penetration Testing Essentials
Credits Chevron down icon Chevron up icon
Credits
Disclaimer Chevron down icon Chevron up icon
Disclaimer
About the Author Chevron down icon Chevron up icon
About the Author
About the Reviewers Chevron down icon Chevron up icon
About the Reviewers
www.PacktPub.com Chevron down icon Chevron up icon
www.PacktPub.com
Preface Chevron down icon Chevron up icon
Preface
1. Introduction to Wireless Penetration Testing Chevron down icon Chevron up icon
Introduction to Wireless Penetration Testing
Phases of penetration testing
Summary
2. Setting Up Your Machine with Kali Linux Chevron down icon Chevron up icon
Setting Up Your Machine with Kali Linux
Introduction to the Kali Linux distribution
Installing Kali Linux
Wireless adapter setup and configuration
Summary
3. WLAN Reconnaissance Chevron down icon Chevron up icon
WLAN Reconnaissance
Introduction to 802.11 standard and wireless LAN
Wireless LAN scanning
Wireless scanning with Kismet
Summary
4. WEP Cracking Chevron down icon Chevron up icon
WEP Cracking
An introduction to WEP
WEP cracking with Aircrack-ng
Summary
5. WPA/WPA2 Cracking Chevron down icon Chevron up icon
WPA/WPA2 Cracking
An introduction to WPA/WPA2
WPA cracking with the GPU
WPA cracking with automated tools
Summary
6. Attacking Access Points and the Infrastructure Chevron down icon Chevron up icon
Attacking Access Points and the Infrastructure
Attacks against Wi-Fi Protected Setup
Attacking WPA-Enterprise
Denial of Service attacks
Rogue access points
Attacking AP authentication credentials
Summary
7. Wireless Client Attacks Chevron down icon Chevron up icon
Wireless Client Attacks
Honeypot access points and Evil Twin attacks
Man-in-the-middle attacks
The Caffe Latte attack
The Hirte attack
Cracking WPA keys without the AP
Summary
8. Reporting and Conclusions Chevron down icon Chevron up icon
Reporting and Conclusions
The four stages of report writing
The report format
Summary
Conclusions
References Chevron down icon Chevron up icon
References
Chapter 1 – Introduction to Wireless Penetration Testing
Chapter 2 – Setting Up Your Machine with Kali Linux
Chapter 3 – WLAN Reconnaissance
Chapter 4 – WEP Cracking
Chapter 5 – WPA/WPA2 Cracking
Chapter 6 – Attacking Access Points and the Infrastructure
Chapter 7 – Wireless Client Attacks
Chapter 8 – Reporting and Conclusions
Index Chevron down icon Chevron up icon
Index

Recommendations for you

Left arrow icon
CompTIA Security+ SY0-701 Certification Guide
CompTIA Security+ SY0-701 Certification Guide
Jan 2024 622 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €33.99
€17.99 €26.99
€33.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Apr 2024 828 pages
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Mastering Microsoft Intune
Mastering Microsoft Intune
Mar 2024 822 pages
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Cybersecurity Architect's Handbook
Cybersecurity Architect's Handbook
Mar 2024 494 pages
ebook
eBook
  • ebook eBook €24.99
  • print Print €44.99
€24.99 €35.99
€44.99
Cybersecurity Strategies and Best Practices
Cybersecurity Strategies and Best Practices
May 2024 252 pages
ebook
eBook
  • ebook eBook €20.98
  • print Print €37.99
€20.98 €29.99
€37.99
Endpoint Detection and Response Essentials
Endpoint Detection and Response Essentials
May 2024 170 pages
ebook
eBook
  • ebook eBook €15.99
  • print Print €29.99
€15.99 €23.99
€29.99
Security Monitoring with Wazuh
Security Monitoring with Wazuh
Apr 2024 322 pages
ebook
eBook
  • ebook eBook €17.99
  • print Print €33.99
€17.99 €26.99
€33.99
Critical Infrastructure Security
Critical Infrastructure Security
May 2024 270 pages
ebook
eBook
  • ebook eBook €20.98
  • print Print €37.99
€20.98 €29.99
€37.99
Implementing Palo Alto Networks Prisma® Access
Implementing Palo Alto Networks Prisma® Access
May 2024 346 pages
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Keycloak - Identity and Access Management for Modern Applications
Keycloak - Identity and Access Management for Modern Applications
Jul 2023 350 pages
Full star icon 5
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Kali Linux Wireless Penetration Testing Essentials
Kali Linux Wireless Penetration Testing Essentials
Jul 2015 164 pages
ebook
eBook
  • ebook eBook €15.99
  • print Print €28.99
€15.99 €22.99
€28.99
Privilege Escalation Techniques
Privilege Escalation Techniques
Nov 2021 340 pages
Full star icon 5
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
Cybersecurity Career Master Plan
Cybersecurity Career Master Plan
Sep 2021 280 pages
ebook
eBook
  • ebook eBook €20.98
  • print Print €37.99
  • audiobook Audiobook €24.99
€20.98 €29.99
€37.99
€24.99
Mastering Windows Security and Hardening
Mastering Windows Security and Hardening
Aug 2022 816 pages
Full star icon 5
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
€22.99 €32.99
€41.99
The Ultimate Kali Linux Book
The Ultimate Kali Linux Book
Feb 2022 742 pages
Full star icon 5
ebook
eBook
  • ebook eBook €22.99
  • print Print €41.99
  • audiobook Audiobook €34.99
€22.99 €32.99
€41.99
€34.99
Cybersecurity – Attack and Defense Strategies
Cybersecurity – Attack and Defense Strategies
Sep 2022 570 pages
Full star icon 5
ebook
eBook
  • ebook eBook €16.99
  • print Print €30.99
€16.99 €24.99
€30.99
Right arrow icon

Authors (3)

Left arrow icon
Profile icon Aaron C Johns
Aaron Johns currently works for Intrasect Technologies as an IT Specialist. He provides support for over 160 clients. His work roles include maintaining business networks and security policies to increase operational efficiencies and reduce costs. Aaron also publishes videos and books for Packt Publishing, one of the most prolific and fast-growing tech book publishers in the world. He has also filmed several independent videos. Aaron started broadcasting YouTube videos in 2007. In 2009, he was offered a partnership with YouTube. He has provided security awareness to over 1.2 million viewers and 6,300 subscribers. As of today, Aaron still serves as a Technology Partner for YouTube. He is also in partnership with Symantec Corporation and Check Point Software Technologies Ltd. You'll also find Aaron as a guest or interviewed as a security professional on several YouTube videos and podcasts. His qualifications and certifications include a bachelor's degree from International Business College where he majored in network administration as well as several industry certifications such as WCSP-XTM. To find out more, you can visit his website at http://www.aaronjohns.com/.
Read more
See other products by Aaron C Johns
Profile icon Justin Hutchens
Justin Hutchens currently works as an intrusion detection specialist, network vulnerability analyst and malware forensic investigator for a large enterprise network with over 55,000 networked systems. He has filled numerous different roles in the Information Technology field to include network design, system development, database administration and network security. He has previously written articles on forensic analysis and ethical hacking and has been published in both eForensics Magazine and Hakin9 Magazine. He currently holds a Bachelor’s degree in Information Technology and multiple professional information security certifications, to include OSCP (Offensive Security Certified Professional), CISSP (Certified Information Systems Security Professional), CNDA (Certified Network Defense Architect), CEH (Certified Ethical Hacker), ECSA (EC-Council Certified Security Analyst) and CHFI (Computer Hacking Forensic Investigator).
Read more
See other products by Justin Hutchens
Profile icon Marco Alamanni
Marco Alamanni has professional experience working as a Linux system administrator and Information Security analyst in banks and financial institutions. He holds a BSc in Computer Science and an MSc in Information Security. His interests in information technology include ethical hacking, digital forensics, malware analysis, Linux, and programming, among other things. He also collaborates with IT magazines to write articles about Linux and IT security. He has used Kali Linux on various occasions to conduct incident response and forensics in his professional activity, besides using it for penetration testing purposes. He is also the author of Kali Linux Wireless Penetration Testing Essentials published by Packt Publishing.  I would like to thank Packt Publishing for having offered me this exciting project and all the people I have worked with during its realization for their guide and support. A big thank goes to my family, in general, and in particular to my wife Candice and my sons, Niccol and Fabio Antonio, for their love and encouragement. This course is dedicated to the memory of a dear and special person, Maria Vitteri, that will always remain in our thoughts and in our hearts. https://it.linkedin.com/in/marco-alamanni-7b68a218 https://www.packtpub.com/networking-and-servers/kali-linux-wireless-penetration-testing-essentials https://www.amazon.com/Linux-Wireless-Penetration-Testing-Essentials/dp/1785280856/ref=sr_1_1?ie=UTF8&qid=1469531127&sr=8-1&keywords=Kali+Linux+Marco http://www.marcoalamanni.com/
Read more
See other products by Marco Alamanni
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.