BackTrack 5 Wireless Penetration Testing Beginner's Guide
5/5
()
About this ebook
Wireless has become ubiquitous in today's world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost - Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes.
Backtrack 5 Wireless Penetration Testing Beginner's Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.
This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.
There are many interesting and new things that you will learn in this book - War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.
If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.
Hands-on practical guide with a step-by-step approach to help you get started immediately with Wireless Penetration Testing
ApproachWritten in Packt's Beginner's Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along.
Who this book is forIf you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.
Vivek Ramachandran
Vivek Ramachandran is a world renowned security researcher and evangelist. He is the discoverer of the wireless "Caffe Latte Attack" and has delivered presentations in world renowned Information Security conferences such as Defcon and Toorcon in the US. His discoveries and talks have been widely quoted by the International media including - BBC Online, Network World, The Register, Mac World, Computer Online and others. In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. In 2005, he was awarded a team achievement award by Cisco Systems for his work in the 802.1x and Port Security modules. He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal which gets an estimated 100,000 monthly visitors. Vivek is also an accomplished trainer and travels around the world conducting workshops and training sessions for corporates and students. He holds a degree in B.Tech from IIT Guwahati and acts as an advisor to the computer science department's Security Lab.
Related to BackTrack 5 Wireless Penetration Testing Beginner's Guide
Related ebooks
Kali Linux Wireless Penetration Testing: Beginner's Guide Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Mastering Kali Linux for Advanced Penetration Testing Rating: 4 out of 5 stars4/5Building Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsKali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Mastering Modern Web Penetration Testing Rating: 0 out of 5 stars0 ratingsAdvanced Penetration Testing for Highly-Secured Environments - Second Edition Rating: 0 out of 5 stars0 ratingsKali Linux – Assuring Security by Penetration Testing Rating: 3 out of 5 stars3/5Kali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Kali Linux 2 – Assuring Security by Penetration Testing - Third Edition Rating: 0 out of 5 stars0 ratingsNmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsMastering the Nmap Scripting Engine Rating: 0 out of 5 stars0 ratingsKali Linux 2: Windows Penetration Testing Rating: 5 out of 5 stars5/5Kali Linux Cookbook Rating: 4 out of 5 stars4/5Penetration Testing with Raspberry Pi - Second Edition Rating: 5 out of 5 stars5/5Kali Linux Web Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsMastering Wireshark Rating: 2 out of 5 stars2/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsAdvanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Rating: 5 out of 5 stars5/5Building Virtual Pentesting Labs for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Mastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Building a Pentesting Lab for Wireless Networks Rating: 0 out of 5 stars0 ratingsLearning zANTI2 for Android Pentesting Rating: 0 out of 5 stars0 ratingsMastering Kali Linux Wireless Pentesting Rating: 3 out of 5 stars3/5Burp Suite Essentials Rating: 4 out of 5 stars4/5Basic Wifi Hacking Rating: 0 out of 5 stars0 ratings
System Administration For You
Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Arduino: A Quick-Start Beginner's Guide Rating: 4 out of 5 stars4/5Operating Systems DeMYSTiFieD Rating: 0 out of 5 stars0 ratingsLinux: A Comprehensive Guide to Linux Operating System and Command Line Rating: 0 out of 5 stars0 ratingsWordpress 2023 A Beginners Guide : Design Your Own Website With WordPress 2023 Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsNetworking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Git Essentials Rating: 4 out of 5 stars4/5The Complete Powershell Training for Beginners Rating: 0 out of 5 stars0 ratingsPractical Data Analysis Rating: 4 out of 5 stars4/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsLearn PowerShell Scripting in a Month of Lunches Rating: 0 out of 5 stars0 ratingsSummary of Lights Out: by Ted Koppel | Includes Analysis Rating: 0 out of 5 stars0 ratingsLinux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5Improve your skills with Google Sheets: Professional training Rating: 0 out of 5 stars0 ratingsLinux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsPowerShell: A Beginner's Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Learning Linux Shell Scripting Rating: 4 out of 5 stars4/5
Reviews for BackTrack 5 Wireless Penetration Testing Beginner's Guide
1 rating0 reviews
Book preview
BackTrack 5 Wireless Penetration Testing Beginner's Guide - Vivek Ramachandran
Table of Contents
BackTrack 5 Wireless Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Time for action – heading
What just happened?
Pop quiz – heading
Have a go hero – heading
Reader feedback
Customer support
Errata
Piracy
Questions
1. Wireless Lab Setup
Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
What just happened?
Have a go hero – installing BackTrack on Virtual Box
Setting up the access point
Time for action – configuring the access point
What just happened?
Have a go hero – configuring the access point to use WEP and WPA
Setting up the wireless card
Time for action – configuring your wireless card
What just happened?
Connecting to the access point
Time for action – configuring your wireless card
What just happened?
Have a go hero – establishing connection in WEP configuration
Pop quiz – understanding the basics
Summary
2. WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
What just happened?
Have a go hero – creating multiple monitor mode interfaces
Time for action – sniffing wireless packets
What just happened?
Have a go hero – finding different devices
Time for action – viewing Management, Control, and Data frames
What just happened?
Have a go hero – playing with filters
Time for action – sniffing data packets for our network
What just happened?
Have a go hero – analyzing data packets
Time for action – packet injection
What just happened?
Have a go hero – installing BackTrack on Virtual Box
Important note on WLAN sniffing and injection
Time for action – expermenting with your Alfa card
What just happened?
Have a go hero – sniffing multiple channels
Role of regulatory domains in wireless
Time for acton – experimenting with your Alfa card
What just happened?
Have a go hero – exploring regulatory domains
Pop quiz – WLAN packet sniffing and injection
Summary
3. Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
What just happened?
Have a go hero – selecting Deauthentication
MAC filters
Time for action – beating MAC filters
What just happened?
Open Authentication
Time for action – bypassing Open Authentication
What just happened?
Shared Key Authentication
Time for action – bypassing Shared Authentication
What just happened?
Have a go hero – filling up the access point's tables
Pop quiz – WLAN authentication
Summary
4. WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
What just happened?
Have a go hero – fake authentication with WEP cracking
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
What just happened?
Have a go hero – trying WPA-PSK cracking with Cowpatty
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
What just happened?
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
What just happened?
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
What just happened?
Time for action – connecting to a WPA network
What just happened?
Pop quiz – WLAN encryption flaws
Summary
5. Attacks on the WLANInfrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
What just happened?
Have a go hero – cracking accounts using bruteforce attacks
Denial of service attacks
Time for action – De-Authentication DoS attack
What just happened?
Have a go hero – Dis-Association attacks
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
What just happened?
Have a go hero – evil twin and channel hopping
Rogue access point
Time for action – Rogue access point
What just happened?
Have a go hero – Rogue access point challenge
Pop quiz – attacks on the WLAN infrastructure
Summary
6. Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
What just happened?
Have a go hero – forcing a client to connect to the Honeypot
Caffe Latte attack
Time for action – conducting the Caffe Latte attack
What just happened?
Have a go hero – practice makes you perfect!
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
What just happened?
Have a go hero – Dis-Association attack on the client
Hirte attack
Time for action – cracking WEP with the Hirte attack
What just happened?
Have a go hero – practice, practice, practice
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
What just happened?
Have a go hero – AP-less WPA cracking
Pop quiz – attacking the client
Summary
7. Advanced WLAN Attacks
Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
What just happened?
Have a go hero – Man-in-the-Middle over pure wireless
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
What just happened?
Have a go hero – finding Google searches
Session Hijacking over wireless
Time for action – session hijacking over wireless
What just happened?
Have a go hero – application hijacking challenge
Finding security configurations on the client
Time for action – enumerating wireless security profiles
What just happened?
Have a go hero – baiting clients
Pop quiz – Advanced WLAN Attacks
Summary
8. Attacking WPA-Enterprise and RADIUS
Setting up FreeRadius-WPE
Time for action – setting up the AP with FreeRadius-WPE
What just happened?
Have a go hero – playing with RADIUS
Attacking PEAP
Time for action – cracking PEAP
What just happened?
Have a go hero – variations of attack on PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
What just happened?
Have a go hero – EAP-TTLS
Security best practices for Enterprises
Pop quiz – attacking WPA-Enterprise and RADIUS
Summary
9. WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Time for action – discovering wireless devices
What just happened?
Attack
Finding rogue access points
Time for action – finding rogue access points
What just happened?
Finding unauthorized clients
Time for action – unauthorized clients
What just happened?
Cracking the encryption
Time for action – cracking WPA
What just happened?
Compromising clients
Time for action – compromising the clients
What just happened?
Reporting
Pop quiz – Wireless Penetration Testing
Summary
A. Conclusion and Road Ahead
Wrapping up
Building an advanced Wi-Fi lab
Staying up-to-date
Conclusion
B. Pop Quiz Answers
Chapter 1, Wireless Lab Setup
Chapter 2, WLAN and its Inherent Insecurities
Chapter 3, Bypassing WLAN Authentication
Chapter 4, WLAN Encryption Flaws
Chapter 5, Attacks on the WLAN Infrastructure
Chapter 6, Attacking the Client
Chapter 7, Advanced WLAN Attacks
Chapter 8, Attacking WPA Enterprise and RADIUS
Chapter 9, Wireless Penetrating Testing Methodology
Index
BackTrack 5 Wireless Penetration Testing
BackTrack 5 Wireless Penetration Testing
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2011
Production Reference: 1300811
Published by Packt Publishing Ltd.Livery Place35 Livery StreetBirmingham B3 2PB, UK.
ISBN 978-1-849515-58-0
www.packtpub.com
Cover Image by Asher Wishkerman (<a.wishkerman@mpic.de>)
Credits
Author
Vivek Ramachandran
Reviewers
Daniel W. Dieterle
Teofilo Couto
Acquisition Editor
Tarun Singh
Development Editor
Neha Mallik
Technical Editor
Sakina Kaydawala
Project Coordinator
Michelle Quadros
Proofreader
Mario Cecere
Indexers
Tejal Daruwale
Hemangini Bari
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
About the Author
Vivek Ramachandran has been working on Wi-Fi Security since 2003. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema publicly in 2007 at Defcon. In 2011, Vivek was the first to demonstrate how malware could use Wi-Fi to create backdoors, worms, and even botnets.
Earlier, he was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches and was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of http://www.SecurityTube.net/ where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques, and so on. SecurityTube.net receives over 100,000 unique visitors a month.
Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada, and so on. This year he is speaking or training at a number of security conferences, including BlackHat, Defcon, Hacktivity, 44con, HITB-ML, Brucon, Derbycon, HashDays, SecurityZone, SecurityByte, and so on.
I would like to thank my lovely wife for all the help and support during the book's writing process; my parents, grandparents, and sister for believing in me and encouraging me for all these years, and last but not the least, I would like to thank all the users of SecurityTube.net who have always been behind me and supporting all my work. You guys rock!
About the Reviewer
Daniel W Dieterle has over 20 years experience in the IT field. He has provided various levels of support to clients ranging from small businesses to fortune 500 companies. Daniel enjoys computer security, runs the security blog CyberArms (http://cyberarms.wordpress.com/) and is a guest security author on https://Infosecisland.com/.
I would like to thank my beautiful wife and children for graciously giving me the time needed to assist with this book. Without their sacrifice, I would not have been able to be a part of this exciting project.
www.PacktPub.com
Support files, eBooks, discount offers, and more
You might want to visit www.PacktPub.com for support