O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition

Book Description

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition presents wireless pentesting from the ground up, and has been updated with the latest methodologies, including full coverage of the KRACK attack.

About This Book

  • Learn wireless penetration testing with Kali Linux
  • Detect hidden wireless networks and discover their names
  • Explore advanced Wi-Fi hacking techniques including rogue access point hosting and probe sniffing
  • Develop your encryption cracking skills and gain an insight into the methods used by attackers and the underlying technologies that facilitate these attacks

Who This Book Is For

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless network attacks.

What You Will Learn

  • Understand the KRACK attack in full detail
  • Create a wireless lab for your experiments
  • Sniff out wireless packets, hidden networks, and SSIDs
  • Capture and crack WPA-2 keys
  • Sniff probe requests and track users through their SSID history
  • Attack radius authentication systems
  • Sniff wireless traffic and collect interesting data
  • Decrypt encrypted traffic with stolen keys

In Detail

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes.

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.

Style and approach

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is a practical, hands-on guide to modern wi-fi network hacking. It covers both the theory and practice of wireless pentesting, offering detailed, real-world coverage of the latest vulnerabilities and attacks.

Table of Contents

  1. Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
    1. Table of Contents
    2. Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
    3. Credits
    4. Disclaimer
    5. About the Authors
    6. About the Reviewer
    7. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    8. Customer Feedback
    9. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Sections
      5. Time for action – heading
        1. What just happened?
        2. Pop quiz – heading
        3. Have a go hero – heading
      6. Conventions
      7. Reader feedback
      8. Customer support
        1. Downloading the example code
        2. Downloading the color images of this book
        3. Errata
        4. Piracy
        5. Questions
    10. 1. Wireless Lab Setup
      1. Hardware requirements
      2. Software requirements
      3. Installing Kali
      4. Time for action – installing Kali
        1. What just happened?
        2. Have a go hero – installing Kali on VirtualBox
      5. Setting up the access point
      6. Time for action – configuring the access point
        1. What just happened?
        2. Have a go hero – configuring the access point to use WEP and WPA
      7. Setting up the wireless card
      8. Time for action – configuring your wireless card
        1. What just happened?
      9. Connecting to the access point
      10. Time for action – configuring your wireless card
        1. What just happened?
        2. Have a go hero – establishing a connection in a WEP configuration
        3. Pop quiz – understanding the basics
      11. Summary
    11. 2. WLAN and Its Inherent Insecurities
      1. Revisiting WLAN frames
      2. Time for action – creating a monitor mode interface
        1. What just happened?
        2. Have a go hero – creating multiple monitor mode interfaces
      3. Time for action – sniffing wireless packets
        1. What just happened?
        2. Have a go hero – finding different devices
      4. Time for action – viewing management, control, and data frames
        1. What just happened?
        2. Have a go hero – playing with filters
      5. Time for action – sniffing data packets for our network
        1. What just happened?
        2. Have a go hero – analyzing data packets
      6. Time for action – packet injection
        1. What just happened?
        2. Have a go hero – installing Kali on VirtualBox
      7. Important note on WLAN sniffing and injection
      8. Time for action – experimenting with your adapter
        1. What just happened?
        2. Have a go hero – sniffing multiple channels
        3. Pop quiz – WLAN packet sniffing and injection
      9. Summary
    12. 3. Bypassing WLAN Authentication
      1. Hidden SSIDs
      2. Time for action – uncovering hidden SSIDs
        1. What just happened?
        2. Have a go hero – selecting deauthentication
      3. MAC filters
      4. Time for action – beating MAC filters
        1. What just happened?
      5. Open Authentication
      6. Time for action – bypassing Open Authentication
        1. What just happened?
      7. Shared Key Authentication
      8. Time for action – bypassing shared authentication
        1. What just happened?
        2. Have a go hero – filling up the access point's tables
        3. Pop quiz – WLAN authentication
      9. Summary
    13. 4. WLAN Encryption Flaws
      1. WLAN encryption
      2. WEP encryption
      3. Time for action – cracking WEP
        1. What just happened?
        2. Have a go hero – fake authentication with WEP cracking
      4. WPA/WPA2
      5. Time for action – cracking WPA-PSK weak passphrase
        1. What just happened?
        2. Have a go hero – trying WPA-PSK cracking with Cowpatty
      6. Speeding up WPA/WPA2 PSK cracking
      7. Time for action – speeding up the cracking process
        1. What just happened?
      8. Decrypting WEP and WPA packets
      9. Time for action – decrypting WEP and WPA packets
        1. What just happened?
      10. Connecting to WEP and WPA networks
      11. Time for action – connecting to a WEP network
        1. What just happened?
      12. Time for action – connecting to a WPA network
        1. What just happened?
        2. Pop quiz – WLAN encryption flaws
      13. Summary
    14. 5. Attacks on the WLAN Infrastructure
      1. Default accounts and credentials on the access point
      2. Time for action – cracking default accounts on the access points
        1. What just happened?
        2. Have a go hero – cracking accounts using brute-force attacks
      3. Denial of service attacks
      4. Time for action – deauthentication DoS attack
        1. What just happened?
        2. Have a go hero – disassociation attacks
      5. Evil twin and access point MAC spoofing
      6. Time for action – evil twin with MAC spoofing
        1. What just happened?
        2. Have a go hero – evil twin and channel hopping
      7. A rogue access point
      8. Time for action – Setting up a rogue access point
        1. What just happened?
        2. Have a go hero – rogue access point challenge
        3. Pop quiz – attacks on the WLAN infrastructure
      9. Summary
    15. 6. Attacking the Client
      1. Honeypot and Misassociation attacks
      2. Time for action – orchestrating a Misassociation attack
        1. What just happened?
        2. Have a go hero – forcing a client to connect to the Honeypot
      3. The Caffe Latte attack
      4. Time for action – conducting the Caffe Latte attack
        1. What just happened?
        2. Have a go hero – practise makes you perfect!
      5. Deauthentication and disassociation attacks
      6. Time for action – deauthenticating the client
        1. What just happened?
        2. Have a go hero – dissociation attack on the client
      7. The Hirte attack
      8. Time for action – cracking WEP with the Hirte attack
        1. What just happened?
        2. Have a go hero – practise, practise, practise
      9. AP-less WPA-Personal cracking
      10. Time for action – AP-less WPA cracking
        1. What just happened?
        2. Have a go hero – AP-less WPA cracking
        3. Pop quiz – attacking the client
      11. Summary
    16. 7. Advanced WLAN Attacks
      1. A Man-in-the-Middle attack
      2. Time for action – Man-in-the-Middle attack
        1. What just happened?
        2. Have a go hero – MITM over pure wireless
      3. Wireless eavesdropping using MITM
      4. Time for action – wireless eavesdropping
        1. What just happened?
      5. Session hijacking over wireless
      6. Time for action – session hijacking over wireless
        1. What just happened?
        2. Have a go hero – application hijacking challenge
      7. Finding security configurations on the client
      8. Time for action – deauthentication attack on the client
        1. What just happened?
        2. Have a go hero – baiting clients
        3. Pop quiz – advanced WLAN attacks
      9. Summary
    17. 8. KRACK Attacks
      1. KRACK attack overview
        1. What just happened?
      2. The four-way handshake KRACK attack
      3. Time for action – getting KRACKing
        1. What just happened?
      4. Summary
    18. 9. Attacking WPA-Enterprise and RADIUS
      1. Setting up FreeRADIUS-WPE
      2. Time for action – setting up the AP with FreeRADIUS-WPE
        1. What just happened?
        2. Have a go hero – playing with RADIUS
      3. Attacking PEAP
      4. Time for action – cracking PEAP
        1. What just happened?
        2. Have a go hero – attack variations on PEAP
      5. EAP-TTLS
      6. Security best practices for enterprises
        1. Pop quiz – attacking WPA-Enterprise and RADIUS
      7. Summary
    19. 10. WLAN Penetration Testing Methodology
      1. Wireless penetration testing
      2. Planning
      3. Discovery
      4. Attack
        1. Cracking the encryption
        2. Attacking infrastructure
        3. Compromising clients
      5. Reporting
      6. Summary
    20. 11. WPS and Probes
      1. WPS attacks
      2. Time for action – WPS attack
        1. What just happened?
        2. Have a go hero – rate limiting
      3. Probe sniffing
      4. Time for action – collecting data
        1. What just happened?
        2. Have a go hero – extension ideas
      5. Summary
    21. A. Pop Quiz Answers
      1. Chapter 1, Wireless Lab Setup
        1. Pop quiz – understanding the basics
      2. Chapter 2, WLAN and Its Inherent Insecurities
        1. Pop quiz – understanding the basics
      3. Chapter 3, Bypassing WLAN Authentication
        1. Pop quiz – WLAN authentication
      4. Chapter 4, WLAN Encryption Flaws
        1. Pop quiz – WLAN encryption flaws
      5. Chapter 5, Attacks on the WLAN Infrastructure
        1. Pop quiz – attacks on the WLAN infrastructure
      6. Chapter 6, Attacking the Client
        1. Pop quiz – Attacking the Client
      7. Chapter 7, Advanced WLAN Attacks
        1. Pop quiz – advanced WLAN attacks
      8. Chapter 9, Attacking WPA-Enterprise and RADIUS
        1. Pop quiz – attacking WPA-Enterprise and RADIUS
    22. Index