Home Page Icon
Home Page
Table of Contents for
BackTrack 5 Wireless Penetration Testing
Close
BackTrack 5 Wireless Penetration Testing
by Vivek Ramachandran
BackTrack 5 Wireless Penetration Testing Beginner’s Guide
BackTrack 5 Wireless Penetration Testing
BackTrack 5 Wireless Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Time for action heading
What just happened?
Pop quiz heading
Have a go hero heading
Reader feedback
Customer support
Errata
Piracy
Questions
1. Wireless Lab Setup
Hardware requirements
Software requirements
Installing BackTrack
Time for action installing BackTrack
What just happened?
Have a go hero installing BackTrack on Virtual Box
Setting up the access point
Time for action configuring the access point
What just happened?
Have a go hero configuring the access point to use WEP and WPA
Setting up the wireless card
Time for action configuring your wireless card
What just happened?
Connecting to the access point
Time for action configuring your wireless card
What just happened?
Have a go hero establishing connection in WEP configuration
Pop quiz understanding the basics
Summary
2. WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action creating a monitor mode interface
What just happened?
Have a go hero creating multiple monitor mode interfaces
Time for action sniffing wireless packets
What just happened?
Have a go hero finding different devices
Time for action viewing Management, Control, and Data frames
What just happened?
Have a go hero playing with filters
Time for action sniffing data packets for our network
What just happened?
Have a go hero analyzing data packets
Time for action packet injection
What just happened?
Have a go hero installing BackTrack on Virtual Box
Important note on WLAN sniffing and injection
Time for action experimenting with your Alfa card
What just happened?
Have a go hero sniffing multiple channels
Role of regulatory domains in wireless
Time for action experimenting with your Alfa card
What just happened?
Have a go hero exploring regulatory domains
Pop quiz WLAN packet sniffing and injection
Summary
3. Bypassing WLAN Authentication
Hidden SSIDs
Time for action uncovering hidden SSIDs
What just happened?
Have a go hero selecting Deauthentication
MAC filters
Time for action beating MAC filters
What just happened?
Open Authentication
Time for action bypassing Open Authentication
What just happened?
Shared Key Authentication
Time for action bypassing Shared Authentication
What just happened?
Have a go hero filling up the access point's tables
Pop quiz WLAN authentication
Summary
4. WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action cracking WEP
What just happened?
Have a go hero fake authentication with WEP cracking
WPA/WPA2
Time for action cracking WPA-PSK weak passphrase
What just happened?
Have a go hero trying WPA-PSK cracking with Cowpatty
Speeding up WPA/WPA2 PSK cracking
Time for action speeding up the cracking process
What just happened?
Decrypting WEP and WPA packets
Time for action decrypting WEP and WPA packets
What just happened?
Connecting to WEP and WPA networks
Time for action connecting to a WEP network
What just happened?
Time for action connecting to a WPA network
What just happened?
Pop quiz WLAN encryption flaws
Summary
5. Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action cracking default accounts on the access points
What just happened?
Have a go hero cracking accounts using bruteforce attacks
Denial of service attacks
Time for action De-Authentication DoS attack
What just happened?
Have a go hero Dis-Association attacks
Evil twin and access point MAC spoofing
Time for action evil twin with MAC spoofing
What just happened?
Have a go hero evil twin and channel hopping
Rogue access point
Time for action Rogue access point
What just happened?
Have a go hero Rogue access point challenge
Pop quiz attacks on the WLAN infrastructure
Summary
6. Attacking the Client
Honeypot and Mis-Association attacks
Time for action orchestrating a Mis-Association attack
What just happened?
Have a go hero forcing a client to connect to the Honeypot
Caffe Latte attack
Time for action conducting the Caffe Latte attack
What just happened?
Have a go hero practice makes you perfect!
De-Authentication and Dis-Association attacks
Time for action De-Authenticating the client
What just happened?
Have a go hero Dis-Association attack on the client
Hirte attack
Time for action cracking WEP with the Hirte attack
What just happened?
Have a go hero practice, practice, practice
AP-less WPA-Personal cracking
Time for action AP-less WPA cracking
What just happened?
Have a go hero AP-less WPA cracking
Pop quiz attacking the client
Summary
7. Advanced WLAN Attacks
Man-in-the-Middle attack
Time for action Man-in-the-Middle attack
What just happened?
Have a go hero Man-in-the-Middle over pure wireless
Wireless Eavesdropping using MITM
Time for action wireless eavesdropping
What just happened?
Have a go hero finding Google searches
Session Hijacking over wireless
Time for action session hijacking over wireless
What just happened?
Have a go hero application hijacking challenge
Finding security configurations on the client
Time for action enumerating wireless security profiles
What just happened?
Have a go hero baiting clients
Pop quiz Advanced WLAN Attacks
Summary
8. Attacking WPA-Enterprise and RADIUS
Setting up FreeRadius-WPE
Time for action setting up the AP with FreeRadius-WPE
What just happened?
Have a go hero playing with RADIUS
Attacking PEAP
Time for action cracking PEAP
What just happened?
Have a go hero variations of attack on PEAP
Attacking EAP-TTLS
Time for action cracking EAP-TTLS
What just happened?
Have a go hero EAP-TTLS
Security best practices for Enterprises
Pop quiz attacking WPA-Enterprise and RADIUS
Summary
9. WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Time for action discovering wireless devices
What just happened?
Attack
Finding rogue access points
Time for action finding rogue access points
What just happened?
Finding unauthorized clients
Time for action unauthorized clients
What just happened?
Cracking the encryption
Time for action cracking WPA
What just happened?
Compromising clients
Time for action compromising the clients
What just happened?
Reporting
Pop quiz Wireless Penetration Testing
Summary
A. Conclusion and Road Ahead
Wrapping up
Building an advanced Wi-Fi lab
Staying up-to-date
Conclusion
B. Pop Quiz Answers
Chapter 1, Wireless Lab Setup
Chapter 2, WLAN and its Inherent Insecurities
Chapter 3, Bypassing WLAN Authentication
Chapter 4, WLAN Encryption Flaws
Chapter 5, Attacks on the WLAN Infrastructure
Chapter 6, Attacking the Client
Chapter 7, Advanced WLAN Attacks
Chapter 8, Attacking WPA Enterprise and RADIUS
Chapter 9, Wireless Penetrating Testing Methodology
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Cover
Next
Next Chapter
BackTrack 5 Wireless Penetration Testing
BackTrack 5 Wireless Penetration Testing
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset