Kali Linux Wireless Penetration Testing: Beginner's Guide

Master wireless testing techniques to survey and attack wireless networks with Kali Linux

Kali Linux Wireless Penetration Testing: Beginner's Guide

This ebook is included in a Mapt subscription
Vivek Ramachandran, Cameron Buchanan

1 customer reviews
Master wireless testing techniques to survey and attack wireless networks with Kali Linux
$35.99
$44.99
RRP $35.99
RRP $44.99
eBook
Print + eBook
Subscribe and access every Packt eBook & Video.
 
  • 4,000+ eBooks & Videos
  • 40+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Code Files
Preview in Mapt

Book Details

ISBN 139781783280414
Paperback214 pages

Book Description

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes.

Kali Linux Wireless Penetration Testing Beginner's Guide presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. Learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.

Table of Contents

Chapter 1: Wireless Lab Setup
Hardware requirements
Software requirements
Installing Kali
Time for action – installing Kali
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Summary
Chapter 2: WLAN and its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing management, control, and data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your adapter
The role of regulatory domains in wireless
Time for action – experimenting with your adapter
Summary
Chapter 3: Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication
Summary
Chapter 4: WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrases
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Summary
Chapter 5: Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – deauthentication DoS attacks
Evil twin and access point MAC spoofing
Time for action – evil twins and MAC spoofing
A rogue access point
Time for action – cracking WEP
Summary
Chapter 6: Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
The Caffe Latte attack
Time for action – conducting a Caffe Latte attack
Deauthentication and disassociation attacks
Time for action – deauthenticating the client
The Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
Chapter 7: Advanced WLAN Attacks
A man-in-the-middle attack
Time for action – man-in-the-middle attack
Wireless Eavesdropping using MITM
Time for action – Wireless Eavesdropping
Session hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – deauthentication attacks on the client
Summary
Chapter 8: Attacking WPA-Enterprise and RADIUS
Setting up FreeRADIUS-WPE
Time for action – setting up the AP with FreeRADIUS-WPE
Attacking PEAP
Time for action – cracking PEAP
EAP-TTLS
Security best practices for Enterprises
Summary
Chapter 9: WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Attack
Reporting
Summary
Chapter 10: WPS and Probes
WPS attacks
Time for action – WPS attack
Probe sniffing
Time for action – collecting data
Summary

What You Will Learn

  • Create a wireless lab for your experiments
  • Sniff out wireless packets and hidden networks
  • Capture and crack WPA-2 keys
  • Discover hidden SSIDs
  • Explore the ins and outs of wireless technologies
  • Sniff probe requests and track users through SSID history
  • Attack radius authentication systems
  • Sniff wireless traffic and collect interesting data
  • Decrypt encrypted traffic with stolen keys

Authors

Table of Contents

Chapter 1: Wireless Lab Setup
Hardware requirements
Software requirements
Installing Kali
Time for action – installing Kali
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Summary
Chapter 2: WLAN and its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing management, control, and data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your adapter
The role of regulatory domains in wireless
Time for action – experimenting with your adapter
Summary
Chapter 3: Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication
Summary
Chapter 4: WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrases
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Summary
Chapter 5: Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – deauthentication DoS attacks
Evil twin and access point MAC spoofing
Time for action – evil twins and MAC spoofing
A rogue access point
Time for action – cracking WEP
Summary
Chapter 6: Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
The Caffe Latte attack
Time for action – conducting a Caffe Latte attack
Deauthentication and disassociation attacks
Time for action – deauthenticating the client
The Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
Chapter 7: Advanced WLAN Attacks
A man-in-the-middle attack
Time for action – man-in-the-middle attack
Wireless Eavesdropping using MITM
Time for action – Wireless Eavesdropping
Session hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – deauthentication attacks on the client
Summary
Chapter 8: Attacking WPA-Enterprise and RADIUS
Setting up FreeRADIUS-WPE
Time for action – setting up the AP with FreeRADIUS-WPE
Attacking PEAP
Time for action – cracking PEAP
EAP-TTLS
Security best practices for Enterprises
Summary
Chapter 9: WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Attack
Reporting
Summary
Chapter 10: WPS and Probes
WPS attacks
Time for action – WPS attack
Probe sniffing
Time for action – collecting data
Summary

Book Details

ISBN 139781783280414
Paperback214 pages
Read More
From 1 reviews

Read More Reviews