Cloud & Networking
Reader small image

You're reading from  Kali Linux Cookbook - Second Edition

Product typeBook
Published inSep 2017
Publisher
ISBN-139781784390303
Edition2nd Edition
Tools
Kali Linux
Concepts
Network Security
Right arrow
Authors (2):
Corey Schultz
Corey Schultz
author image
Corey Schultz

Corey P. Schultz is a technologist focusing on security research, Internet of Things, and the impact of technology on education and learning. He has over 20 years of experience in the security industry doing security architecture, penetration testing, incident response, and forensic analysis. Corey is currently a technical solutions architect for Cisco Systems Global Security Sales Organization. He works on a daily basis with large environments on designing and architecting secure enterprise networks. You can also find Corey active on Twitter @cschultz0000, where you can also see his schedule of speaking engagements and appearances.
Read more about Corey Schultz

Bob Perciaccante
Bob Perciaccante
author image
Bob Perciaccante

Bob Perciaccante is seasoned information security practitioner who has been in the security field for almost 20 years. Currently, he is a consulting systems engineer for Cisco Systems in Pennsylvania where he has worked for the last 10 years focusing on network and data security, network access control, and secure network architectures. His primary day-to-day responsibilities focus on designing secure network solutions for his customers and working to train customers and partners on security solution implementations and daily operations to get the most out of their infrastructure. When not involved in security activities, Bob enjoys eclectic hobbies such as working on cars, 3D printing, and camping. Collaborating with his Cisco peer, Corey P. Schultz, this book is his first security publication.
Read more about Bob Perciaccante

View More author details
Right arrow

Wireless Specific Recipes

In this chapter, we will cover the following topics:

  • Scanning for wireless networks
  • Bypassing MAC-based authentication
  • Breaking WEP encryption
  • Obtaining WPA/WPA2 keys
  • Exploiting guest access
  • Rogue AP deployment
  • Using wireless networks to scan and attack internal networks

Introduction

Although all the previous chapters have created a basis for pen testing that works across the spectrum, wireless has its own set of tools that span the pen testing methodology.

  • Scanning for Service Set Identifiers (SSIDs)
  • Scanning for hidden SSIDs
  • Determining security of target SSID
  • Testing for MAC address authentication
  • Cracking Wired Equivalent Privacy (WEP)
  • Cracking Wi-Fi Protected Access (WPA/WPA2)
  • Exploiting guest access
  • Rogue Access Point (AP) deployment
  • Man-in-the-Middle (MITM) wireless attacks
  • Using wireless networks to scan internal networks
  • Using wireless as a vector for network related attacks

Scanning for wireless networks

Wireless networking is very popular due to its ease of use, reduction of cabling, and ease of deployment. Fortunately for us, the very same features that make it easy to use on a day-to-day setting also make it easy to monitor and to perform attacks from areas that do not rely on physical access to the network. Often the wireless signal bleeds into public areas, such as parking lots, adjacent office spaces, shopping malls, and more. Unless the wireless network administrator has taken great pains to limit the wireless coverage to only their facility, it is very likely that you can begin your wireless reconnaissance using a smart phone to identify a good location to set up your Kali Linux platform within the range.

In this section, we will cover how to use airodump-ng to identify the available wireless SSIDs including those that are not set to advertise...

Bypassing MAC-based authentication

In the absence of a truly centralized authentication, or in the event that devices need to connect to a wireless network but are unable to provide authentication credentials, very frequently an open wireless network will be in place that will be configured to only allow specific MAC addresses to connect. This is frequently the case with older devices that were manufactured before it was common to secure wireless networks.

Given how simple MAC authentication is to bypass, it is still used in a surprising number of locations due to the ease of implementation as well as the perception that this it is effective.

Getting ready

In order to complete this recipe, you will need to follow the commands...

Breaking WEP encryption

Wireless administrators recognized that having open networks or networks that rely on MAC address authentication, presented an unacceptable level of risk and therefore over time, there have been many attempts to harden the authentication to wireless networks, each with their own limitations:

  • Wired Equivalent Privacy (WEP) uses the RC4 encryption algorithm and combines the user-defined key with a 24 bit initialization vector (IV). Unfortunately, IV's are reused thus allowing for us to use tools like aircrack-ng to get the original key, giving us access to the target network as an authenticated endpoint.
  • Wi-Fi Protected Access (WPA) comes in several different flavors and is much more secure than WEP. Because it can be used in a manner similar to WEP where a pre-shared key is used (WPA-PSK), tools such as fluxion can recover the pre-shared key, and where...

Obtaining WPA/WPA2 keys

This section will walk you through the process of gathering WPA keys using two different methods:

  • Social engineering through SSID manipulation and social engineering with fluxion
  • Brute force cracking of gathered data using hashcat

Getting ready

In order to complete this recipe, you will need to follow the commands laid out in the section Scanning for wireless networks and place your wireless network adapter into the monitor mode.

You can confirm this by running the following:

root@kali:~/wireless# iw dev

Confirm that the interface wlan0mon is set to type monitor:

How to do it...

...

Exploiting guest access

When guest access is offered, often it is on a shared network with the network you are attempting to infiltrate. There are several different types of wireless guest access offered, each has its own vulnerabilities:

  1. Pre-shared keys: These are generally WEP or WPA PSK's that are intended to keep unauthorized users or devices to a minimum. Unfortunately, these keys are generally known by many people and are very rarely changed.
  1. Captive portal: The guests connect to a wireless network and are automatically redirected to a web page that prompts them for credentials. This may or may not be combined with a pre-shared key.

The most common implementations of guest access include elements of recipes that we have done in previous sections but are stung together and very frequently are labeled as guest networks by their SSID.

...

Rogue AP deployment

In this recipe, we will use wifiphisher to create a rogue, and capture username and passwords from a captive portal that simulates corporate portals.

Since we have covered creating rogue APs and forcing deauthentications in section Cracking WEP Encryption (with airodump-ng/aircrack-ng) and Obtaining WPA/WPA2 Keys (with fluxion), this recipe will focus on the creation of access points that encourage open use and have the ability to gather credentials or deliver malicious payloads.

Getting ready

The tool used in this recipe is not included in the base installation of Kali Linux and must be installed from the command line with the following command:

root@kali:~/wireless# apt-get install wifiphisher
...

Using wireless networks to scan internal networks

Access to a network is the ultimate goal, and the use of wireless networking means that this access is likely easier to gain than through remote access/VPN or through physical access to a network port. Using the recipes in this section, it is highly likely that once you have gained access to the network, you will have done so with the credentials of an authorized user. The next question is: where can you go from here?

In this recipe, we will use some of the tools that we have learned in preceding sections to help identify ways for us to extend the access we have gained so far.

Getting ready

This recipe is built upon the assumption that you have already gained access to the...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 11
Next Chapter
You have been reading a chapter from
Kali Linux Cookbook - Second Edition
Published in: Sep 2017Publisher: ISBN-13: 9781784390303
© 2017 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Corey Schultz

Corey P. Schultz is a technologist focusing on security research, Internet of Things, and the impact of technology on education and learning. He has over 20 years of experience in the security industry doing security architecture, penetration testing, incident response, and forensic analysis. Corey is currently a technical solutions architect for Cisco Systems Global Security Sales Organization. He works on a daily basis with large environments on designing and architecting secure enterprise networks. You can also find Corey active on Twitter @cschultz0000, where you can also see his schedule of speaking engagements and appearances.
Read more about Corey Schultz

author image
Bob Perciaccante

Bob Perciaccante is seasoned information security practitioner who has been in the security field for almost 20 years. Currently, he is a consulting systems engineer for Cisco Systems in Pennsylvania where he has worked for the last 10 years focusing on network and data security, network access control, and secure network architectures. His primary day-to-day responsibilities focus on designing secure network solutions for his customers and working to train customers and partners on security solution implementations and daily operations to get the most out of their infrastructure. When not involved in security activities, Bob enjoys eclectic hobbies such as working on cars, 3D printing, and camping. Collaborating with his Cisco peer, Corey P. Schultz, this book is his first security publication.
Read more about Bob Perciaccante

Other recommended products

Related to this chapter

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing and providing detailed coverage of modern hacking methods and attacks.

BookDec 2017210 pages
Kali Linux Intrusion and Exploitation Cookbook

Kali Linux Intrusion and Exploitation Cookbook

Born from it predecessor, Kali Linux 2.0 is the most popular Linux distribution designed for security professionals who build defensive strategies around their systems with an offensive mindset. This book aims at introducing you to the most common and not -so- common pre-installed penetration testing tools and create custom complex images in the form of easy to follow recipes. Right Information gathering, vulnerability assessment & penetration testing for Web, wired and wireless Network this book will help you get grips on exploiting vulnerabilities in your system and fix those security anomalies in no time.

BookApr 2017512 pages
Network Scanning Cookbook

Network Scanning Cookbook

Network Scanning Cookbook enables a reader to understand how to perform a Network Scan, which includes Discovery, Scanning, Enumeration, Vulnerability detection etc using scanning tools like Nessus and Nmap. If the reader is an auditor, they will be able to determine the security state of the client's network and recommend remediations accordingly.

BookSep 2018304 pages
Learn Penetration Testing

Learn Penetration Testing

A penetration test, also known as a pen test, is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF). This book teaches you various penetration testing techniques in order to become a proficient Penetration tester.

BookMay 2019424 pages
Metasploit 5.0 for Beginners

Metasploit 5.0 for Beginners

Metasploit 5.x for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. You will be able to analyze, identify, and exploit threats and vulnerabilities to secure your IT environment.

BookApr 2020246 pages
Learn Kali Linux 2019

Learn Kali Linux 2019

The current trend of various hacking and security breaches displays how important it has become to pentest your environment, to ensure end point protection. This book will take you through the latest version of Kali Linux to efficiently deal with various crucial security aspects such as confidentiality, integrity, access control and authentication.

BookNov 2019550 pages
Applied Network Security

Applied Network Security

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network.

BookApr 2017350 pages
Metasploit Penetration Testing Cookbook

Metasploit Penetration Testing Cookbook

Metasploit is the world's leading penetration testing tool and helps security and IT professionals find, exploit, and validate vulnerabilities. Metasploit allows penetration testing automation, password auditing, web application scanning, social engineering, post exploitation, evidence collection, and reporting. Metasploit's integration with InsightVM (or Nexpose), Nessus, OpenVas, and other vulnerability scanners provides a validation solution that simplifies vulnerability prioritization and remediation reporting. Teams can collaborate in Metasploit and present their findings in consolidated reports.

BookFeb 2018426 pages
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch

This book is designed to help you learn the basics, it assumes that you have no prior knowledge in hacking, and by the end of it you'll be at a high intermediate level being able launch attacks and hack computer systems just like black-hat hackers do, not only that but you'll also learn how to secure systems from these attacks.

BookJul 2018564 pages5
Metasploit for Beginners

Metasploit for Beginners

Metasploit for Beginners will provide a good starting point to perform penetration testing and identify threats and vulnerabilities to secure your IT environment. This book would help the reader absorb the essential concepts on using Metasploit framework for comprehensive penetration testing. By the end of the book, the reader would feel confident on having gained sufficient hands-on knowledge on effectively utilizing the framework in real world scenarios.

BookJul 2017190 pages
Kali Linux Network Scanning Cookbook

Kali Linux Network Scanning Cookbook

With the ever-increasing amount of data flowing in today’s world, information security has become vital to any application. This is where Kali Linux comes in. Kali Linux focuses mainly on security auditing and penetration testing. This step-by-step cookbook on network scanning trains you in important scanning concepts based on version 2016.2. It will enable you to conquer any network environment through a range of network scanning techniques and will also equip you to script your very own tools.

BookMay 2017634 pages
Kali Linux 2018: Assuring Security by Penetration Testing

Kali Linux 2018: Assuring Security by Penetration Testing

This book is a fully focused, structured book providing guidance on developing practical penetration testing skills by demonstrating cutting-edge hacker tools and techniques. It offers you all of the essential lab preparation and testing procedures that reflect real-world attack scenarios from a business perspective, in today's digital age.

BookOct 2018528 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2