Free Sample
+ Collection
Code Files

BackTrack 5 Wireless Penetration Testing Beginner’s Guide

Beginner's Guide
Vivek Ramachandran

Master bleeding edge wireless testing techniques with BackTrack 5.
RRP $29.99
RRP $49.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781849515580
Paperback220 pages

About This Book

  • Learn Wireless Penetration Testing with the most recent version of Backtrack
  • The first and only book that covers wireless testing with BackTrack
  • Concepts explained with step-by-step practical sessions and rich illustrations
  • Written by Vivek Ramachandran ¬– world renowned security research and evangelist, and discoverer of the wireless “Caffe Latte Attack”

Who This Book Is For

If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

Table of Contents

Chapter 1: Wireless Lab Setup
Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Chapter 2: WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing Management, Control, and Data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – expermenting with your Alfa card
Role of regulatory domains in wireless
Time for acton – experimenting with your Alfa card
Chapter 3: Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication
Chapter 4: WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Chapter 5: Attacks on the WLANInfrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – De-Authentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
Rogue access point
Time for action – Rogue access point
Chapter 6: Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
Caffe Latte attack
Time for action – conducting the Caffe Latte attack
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Chapter 7: Advanced WLAN Attacks
Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
Session Hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – enumerating wireless security profiles
Chapter 8: Attacking WPA-Enterprise and RADIUS
Setting up FreeRadius-WPE
Time for action – setting up the AP with FreeRadius-WPE
Attacking PEAP
Time for action – cracking PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
Security best practices for Enterprises
Chapter 9: WLAN Penetration Testing Methodology
Wireless penetration testing
Time for action – discovering wireless devices

What You Will Learn

  • Create a Wireless Lab for conducting experiments
  • Monitor the air and sniff wireless packets
  • Bypass WLAN authentication mechanism
  • Crack WEP/WPA/WPA2 encryption mechanisms
  • Break into a WLAN network using infrastructure flaws
  • Break into a Wireless client such as a laptop
  • Advanced attacks such as Man-in-the-Middle attacks and Evading WIPS
  • Conduct wireless penetration test in a methodical way

In Detail

Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes.

Backtrack 5 Wireless Penetration Testing Beginner’s Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.

This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.

There are many interesting and new things that you will learn in this book – War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.

If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.


Read More

Recommended for You

BackTrack 4: Assuring Security by Penetration Testing
$ 29.99
BackTrack – Testing Wireless Network Security
$ 13.99
Kali Linux - Backtrack Evolved: Assuring Security by Penetration Testing [Video]
$ 25.50
Kali Linux Wireless Penetration Testing: Beginner's Guide
$ 35.99