Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition电子书

Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition

Table of Contents

Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition

Credits

Disclaimer

About the Authors

About the Reviewer

www.PacktPub.com

eBooks, discount offers, and more

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Time for action – heading

What just happened?

Pop quiz – heading

Have a go hero – heading

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Wireless Lab Setup

Hardware requirements

Software requirements

Installing Kali

Time for action – installing Kali

What just happened?

Have a go hero – installing Kali on VirtualBox

Setting up the access point

Time for action – configuring the access point

What just happened?

Have a go hero – configuring the access point to use WEP and WPA

Setting up the wireless card

Time for action – configuring your wireless card

What just happened?

Connecting to the access point

Time for action – configuring your wireless card

What just happened?

Have a go hero – establishing a connection in a WEP configuration

Pop quiz – understanding the basics

Summary

2. WLAN and Its Inherent Insecurities

Revisiting WLAN frames

Time for action – creating a monitor mode interface

What just happened?

Have a go hero – creating multiple monitor mode interfaces

Time for action – sniffing wireless packets

What just happened?

Have a go hero – finding different devices

Time for action – viewing management, control, and data frames

What just happened?

Have a go hero – playing with filters

Time for action – sniffing data packets for our network

What just happened?

Have a go hero – analyzing data packets

Time for action – packet injection

What just happened?

Have a go hero – installing Kali on VirtualBox

Important note on WLAN sniffing and injection

Time for action – experimenting with your adapter

What just happened?

Have a go hero – sniffing multiple channels

Pop quiz – WLAN packet sniffing and injection

Summary

3. Bypassing WLAN Authentication

Hidden SSIDs

Time for action – uncovering hidden SSIDs

What just happened?

Have a go hero – selecting deauthentication

MAC filters

Time for action – beating MAC filters

What just happened?

Open Authentication

Time for action – bypassing Open Authentication

What just happened?

Shared Key Authentication

Time for action – bypassing shared authentication

What just happened?

Have a go hero – filling up the access point's tables

Pop quiz – WLAN authentication

Summary

4. WLAN Encryption Flaws

WLAN encryption

WEP encryption

Time for action – cracking WEP

What just happened?

Have a go hero – fake authentication with WEP cracking

WPA/WPA2

Time for action – cracking WPA-PSK weak passphrase

What just happened?

Have a go hero – trying WPA-PSK cracking with Cowpatty

Speeding up WPA/WPA2 PSK cracking

Time for action – speeding up the cracking process

What just happened?

Decrypting WEP and WPA packets

Time for action – decrypting WEP and WPA packets

What just happened?

Connecting to WEP and WPA networks

Time for action – connecting to a WEP network

What just happened?

Time for action – connecting to a WPA network

What just happened?

Pop quiz – WLAN encryption flaws

Summary

5. Attacks on the WLAN Infrastructure

Default accounts and credentials on the access point

Time for action – cracking default accounts on the access points

What just happened?

Have a go hero – cracking accounts using brute-force attacks

Denial of service attacks

Time for action – deauthentication DoS attack

What just happened?

Have a go hero – disassociation attacks

Evil twin and access point MAC spoofing

Time for action – evil twin with MAC spoofing

What just happened?

Have a go hero – evil twin and channel hopping

A rogue access point

Time for action – Setting up a rogue access point

What just happened?

Have a go hero – rogue access point challenge

Pop quiz – attacks on the WLAN infrastructure

Summary

6. Attacking the Client

Honeypot and Misassociation attacks

Time for action – orchestrating a Misassociation attack

What just happened?

Have a go hero – forcing a client to connect to the Honeypot

The Caffe Latte attack

Time for action – conducting the Caffe Latte attack

What just happened?

Have a go hero – practise makes you perfect!

Deauthentication and disassociation attacks

Time for action – deauthenticating the client

What just happened?

Have a go hero – dissociation attack on the client

The Hirte attack

Time for action – cracking WEP with the Hirte attack

What just happened?

Have a go hero – practise, practise, practise

AP-less WPA-Personal cracking

Time for action – AP-less WPA cracking

What just happened?

Have a go hero – AP-less WPA cracking

Pop quiz – attacking the client

Summary

7. Advanced WLAN Attacks

A Man-in-the-Middle attack

Time for action – Man-in-the-Middle attack

What just happened?

Have a go hero – MITM over pure wireless

Wireless eavesdropping using MITM

Time for action – wireless eavesdropping

What just happened?

Session hijacking over wireless

Time for action – session hijacking over wireless

What just happened?

Have a go hero – application hijacking challenge

Finding security configurations on the client

Time for action – deauthentication attack on the client

What just happened?

Have a go hero – baiting clients

Pop quiz – advanced WLAN attacks

Summary

8. KRACK Attacks

KRACK attack overview

What just happened?

The four-way handshake KRACK attack

Time for action – getting KRACKing

What just happened?

Summary

9. Attacking WPA-Enterprise and RADIUS

Setting up FreeRADIUS-WPE

Time for action – setting up the AP with FreeRADIUS-WPE

What just happened?

Have a go hero – playing with RADIUS

Attacking PEAP

Time for action – cracking PEAP

What just happened?

Have a go hero – attack variations on PEAP

EAP-TTLS

Security best practices for enterprises

Pop quiz – attacking WPA-Enterprise and RADIUS

Summary

10. WLAN Penetration Testing Methodology

Wireless penetration testing

Planning

Discovery

Attack

Cracking the encryption

Attacking infrastructure

Compromising clients

Reporting

Summary

11. WPS and Probes

WPS attacks

Time for action – WPS attack

What just happened?

Have a go hero – rate limiting

Probe sniffing

Time for action – collecting data

What just happened?

Have a go hero – extension ideas

Summary

A. Pop Quiz Answers

Chapter 1, Wireless Lab Setup

Pop quiz – understanding the basics

Chapter 2, WLAN and Its Inherent Insecurities

Pop quiz – understanding the basics

Chapter 3, Bypassing WLAN Authentication

Pop quiz – WLAN authentication

Chapter 4, WLAN Encryption Flaws

Pop quiz – WLAN encryption flaws

Chapter 5, Attacks on the WLAN Infrastructure

Pop quiz – attacks on the WLAN infrastructure

Chapter 6, Attacking the Client

Pop quiz – Attacking the Client

Chapter 7, Advanced WLAN Attacks

Pop quiz – advanced WLAN attacks

Chapter 9, Attacking WPA-Enterprise and RADIUS

Pop quiz – attacking WPA-Enterprise and RADIUS

Index