book

Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition

Name: Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition
ISBN: 9781788831925

by Daniel W. Dieterle, Cameron Buchanan, Vivek Ramachandran

December 2017

Intermediate to advanced

210 pages

4h 31m

English

Packt Publishing

Read now

Unlock full access

Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
Table of Contents
Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and moreWhy subscribe?
Customer Feedback
Preface
What this book covers

What you need for this book
Who this book is for
Sections
Time for action – heading
What just happened?Pop quiz – headingHave a go hero – heading
Conventions
Reader feedback
Customer support
Downloading the example codeDownloading the color images of this bookErrataPiracyQuestions
1. Wireless Lab Setup
Hardware requirements
Software requirements
Installing Kali
Time for action – installing Kali
What just happened?Have a go hero – installing Kali on VirtualBox
Setting up the access point
Time for action – configuring the access point
What just happened?Have a go hero – configuring the access point to use WEP and WPA
Setting up the wireless card
Time for action – configuring your wireless card
What just happened?
Connecting to the access point
Time for action – configuring your wireless card
What just happened?Have a go hero – establishing a connection in a WEP configurationPop quiz – understanding the basics
Summary
2. WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
What just happened?Have a go hero – creating multiple monitor mode interfaces
Time for action – sniffing wireless packets
What just happened?Have a go hero – finding different devices
Time for action – viewing management, control, and data frames
What just happened?Have a go hero – playing with filters
Time for action – sniffing data packets for our network
What just happened?Have a go hero – analyzing data packets
Time for action – packet injection
What just happened?Have a go hero – installing Kali on VirtualBox
Important note on WLAN sniffing and injection
Time for action – experimenting with your adapter
What just happened?Have a go hero – sniffing multiple channelsPop quiz – WLAN packet sniffing and injection
Summary
3. Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
What just happened?Have a go hero – selecting deauthentication
MAC filters
Time for action – beating MAC filters
What just happened?
Open Authentication
Time for action – bypassing Open Authentication
What just happened?
Shared Key Authentication
Time for action – bypassing shared authentication
What just happened?Have a go hero – filling up the access point's tablesPop quiz – WLAN authentication
Summary
4. WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
What just happened?Have a go hero – fake authentication with WEP cracking
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
What just happened?Have a go hero – trying WPA-PSK cracking with Cowpatty
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
What just happened?
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
What just happened?
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
What just happened?
Time for action – connecting to a WPA network
What just happened?Pop quiz – WLAN encryption flaws
Summary
5. Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
What just happened?Have a go hero – cracking accounts using brute-force attacks
Denial of service attacks
Time for action – deauthentication DoS attack
What just happened?Have a go hero – disassociation attacks
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
What just happened?Have a go hero – evil twin and channel hopping
A rogue access point
Time for action – Setting up a rogue access point
What just happened?Have a go hero – rogue access point challengePop quiz – attacks on the WLAN infrastructure
Summary
6. Attacking the Client
Honeypot and Misassociation attacks
Time for action – orchestrating a Misassociation attack
What just happened?Have a go hero – forcing a client to connect to the Honeypot
The Caffe Latte attack
Time for action – conducting the Caffe Latte attack
What just happened?Have a go hero – practise makes you perfect!
Deauthentication and disassociation attacks
Time for action – deauthenticating the client
What just happened?Have a go hero – dissociation attack on the client
The Hirte attack
Time for action – cracking WEP with the Hirte attack
What just happened?Have a go hero – practise, practise, practise
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
What just happened?Have a go hero – AP-less WPA crackingPop quiz – attacking the client
Summary
7. Advanced WLAN Attacks
A Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
What just happened?Have a go hero – MITM over pure wireless
Wireless eavesdropping using MITM
Time for action – wireless eavesdropping
What just happened?
Session hijacking over wireless
Time for action – session hijacking over wireless
What just happened?Have a go hero – application hijacking challenge
Finding security configurations on the client
Time for action – deauthentication attack on the client
What just happened?Have a go hero – baiting clientsPop quiz – advanced WLAN attacks
Summary
8. KRACK Attacks
KRACK attack overviewWhat just happened?
The four-way handshake KRACK attack
Time for action – getting KRACKing
What just happened?
Summary
9. Attacking WPA-Enterprise and RADIUS
Setting up FreeRADIUS-WPE
Time for action – setting up the AP with FreeRADIUS-WPE
What just happened?Have a go hero – playing with RADIUS
Attacking PEAP
Time for action – cracking PEAP
What just happened?Have a go hero – attack variations on PEAP
EAP-TTLS
Security best practices for enterprises
Pop quiz – attacking WPA-Enterprise and RADIUS
Summary
10. WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Attack
Cracking the encryptionAttacking infrastructureCompromising clients
Reporting
Summary
11. WPS and Probes
WPS attacks
Time for action – WPS attack
What just happened?Have a go hero – rate limiting
Probe sniffing
Time for action – collecting data
What just happened?Have a go hero – extension ideas
Summary
A. Pop Quiz Answers
Chapter 1, Wireless Lab SetupPop quiz – understanding the basics
Chapter 2, WLAN and Its Inherent Insecurities
Pop quiz – understanding the basics
Chapter 3, Bypassing WLAN Authentication
Pop quiz – WLAN authentication
Chapter 4, WLAN Encryption Flaws
Pop quiz – WLAN encryption flaws
Chapter 5, Attacks on the WLAN Infrastructure
Pop quiz – attacks on the WLAN infrastructure
Chapter 6, Attacking the Client
Pop quiz – Attacking the Client
Chapter 7, Advanced WLAN Attacks
Pop quiz – advanced WLAN attacks
Chapter 9, Attacking WPA-Enterprise and RADIUS
Pop quiz – attacking WPA-Enterprise and RADIUS
Index

Content preview from Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition

The Caffe Latte attack

In the Honeypot attack, we noticed that clients will continuously probe for SSIDs they have connected to previously. If the client had connected to an access point using WEP, operating systems such as Windows cache and store the WEP key. The next time the client connects to the same access point, the Windows wireless configuration manager automatically uses the stored key.

The Caffe Latte attack was invented by Vivek, one of the authors of this book, and was demonstrated in Toorcon 9, San Diego, USA. The Caffe Latte attack is a WEP attack that allows a hacker to retrieve the WEP key of the authorized network, using just the client. The attack does not require the client to be anywhere close to the authorized WEP network. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Kali Linux: Wireless Penetration Testing Beginner's Guide - Second Edition

Publisher Resources

ISBN: 9781788831925

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition

by Daniel W. Dieterle, Cameron Buchanan, Vivek Ramachandran

The Caffe Latte attack

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.