Mastering Kali Linux Wireless Pentesting电子书

Mastering Kali Linux Wireless Pentesting

Table of Contents

Mastering Kali Linux Wireless Pentesting

Credits

About the Authors

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Wireless Penetration Testing Fundamentals

Wireless communication

Wireless standards

The 2.4 GHz spectrum

The 5 GHz spectrum

Choosing the right equipment

Supported wireless modes

Wireless adapters

Ralink RT3070

Atheros AR9271

Ralink RT3572

Antennas

Omnidirectional antennas

Patch antennas

Yagi antennas

Kali Linux for the wireless pentester

Downloading Virtual Box

Installing Virtual Box

Kali Linux deployment

Mapping the wireless adapter into Kali

Summary

2. Wireless Network Scanning

Wireless network discovery

802.11 network terminology

802.11 configuration modes

802.11 frames

Management frame

Control frames

Data frames

The scanning phase

Passive scanning

Active scanning

Tools of the trade

Airodump-ng

Adding a location to Airodump-ng with GPS

Visually displaying relationships with Airgraph-ng

Discovering Client Probes with Hoover

WPS discovery with Wash

Kismet

Wireshark

Summary

3. Exploiting Wireless Devices

Attacking the firmware

Authentication bypass

CVE-2013-7282

CVE-2013-6026

CVE-2015-7755

Cross-Site Request Forgery

CVE-2014-5437

CVE-2014-8654

CVE-2013-2645

Remote code execution

CVE-2014-9134

Command injection

CVE-2008-1331

Denial of Service

OSVDB-102605

CVE-2009-3836

Information disclosure

CVE-2014-6621

CVE-2014-6622

CVE-2015-0554

Attacking the services

Attacking Telnet

Attacking SSH

Attacking SNMP

CVE-2014-4863: Arris Touchstone DG950A SNMP information disclosure

CVE-2008-7095: Aruba Mobility Controller SNMP community string dislosure

Attacking SNMP

Attacking UPnP

Discovery

Description

Control

UPnP attacks

CVE-2011-4500

CVE-2011-4499

CVE-2011-4501

CVE-2012-5960

Checks on misconfiguration

Summary

4. Wireless Cracking

Overview of different wireless security protocols

Cracking WPA

WPA Personal

Cracking WPA2

Generating rainbow tables

Generating rainbow tables using genpmk

Generating rainbow tables using airolib-ng

Cracking WPS

Cracking 802.1x using hostapd

Summary

5. Man-in-the-Middle Attacks

MAC address Spoofing/ARP poisoning

Rogue DHCP server

Name resolution spoofing

DNS spoofing

Configuring Ettercap for DNS spoofing

NBNS spoofing

Summary

6. Man-in-the-Middle Attacks Using Evil Twin Access Points

Creating virtual access points with Hostapd

Creating virtual access points with airbase-ng

Session hijacking using Tamper Data

An example of session hijacking

Performing session hijacking using Tamper Data

Credential harvesting

Using Ettercap to spoof DNS

Hosting your fake web page

Web-based malware

Creating malicious payload using msfpayload

Hosting the malicious payload on SET

SSL stripping attack

Setting up SSLstrip

Browser AutoPwn

Setting up Metasploit's Browser Autopwn attack

Summary

7. Advanced Wireless Sniffing

Capturing traffic with Wireshark

Decryption using Wireshark

Decrypting and sniffing WEP-encrypted traffic

Decrypting and sniffing WPA-encrypted traffic

Analyzing wireless packet capture

Determining network relationships and configuration

Extracting the most visited sites

Extracting data from unencrypted protocols

Extracting HTTP objects

Merging packet capture files

Summary

8. Denial of Service Attacks

An overview of DoS attacks

Management and control frames

Authentication flood attack

An attack scenario

Scanning for access points

MDK3 setup for authentication flood

The attack summary

The fake beacon flood attack

MDK3 fake beacon flood with a random SSID

MDK3 fake beacon flood with the selected SSID list

The attack summary

Metasploit's fake beacon flood attack

Configuring packet injection support for Metasploit using lorcon

Creating a monitor mode interface

The Metasploit deauthentication flood attack

Identifying the target access points

Attacking the wireless client and AP using Metasploit

The attack summary

The Metasploit CTS/RTS flood attack

The Metasploit setup for an RTS-CTS attack

The attack summary

Summary

9. Wireless Pentesting from Non-Traditional Platforms

Using OpenWrt for wireless assessments

Installing the aircrack-ng suite on OpenWrt

Using Raspberry Pi for wireless assessments

Accessing Kali Linux from a remote location

Using AutoSSH for reverse shell

Powering and concealing your Raspberry Pi or OpenWrt embedded device

Running Kali on Android phones and tablets

Wireless discovery using Android PCAP

Summary

Index