BackTrack 5 Wireless Penetration Testing Beginner's Guide
Master bleeding edge wireless testing techniques with BackTrack 5.
1st Edition
Published on 13. January 2025
220 pages
978-1-84951-559-7 (ISBN)
Description
Master bleeding edge wireless testing techniques with BackTrack 5.Key Features - Learn Wireless Penetration Testing with the most recent version of Backtrack
- The first and only book that covers wireless testing with BackTrack
- Concepts explained with step-by-step practical sessions and rich illustrations
- Written by Vivek Ramachandran ¬¨'Äì world renowned security research and evangelist, and discoverer of the wireless 'ÄúCaffe Latte Attack'Äù
Book DescriptionWireless has become ubiquitous in today'Äôs world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost 'Äì Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner'Äôs Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.There are many interesting and new things that you will learn in this book 'Äì War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.What you will learn - Create a Wireless Lab for conducting experiments
- Monitor the air and sniff wireless packets
- Bypass WLAN authentication mechanism
- Crack WEP/WPA/WPA2 encryption mechanisms
- Break into a WLAN network using infrastructure flaws
- Break into a Wireless client such as a laptop
- Advanced attacks such as Man-in-the-Middle attacks and Evading WIPS
- Conduct wireless penetration test in a methodical way
Who this book is forIf you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.
- The first and only book that covers wireless testing with BackTrack
- Concepts explained with step-by-step practical sessions and rich illustrations
- Written by Vivek Ramachandran ¬¨'Äì world renowned security research and evangelist, and discoverer of the wireless 'ÄúCaffe Latte Attack'Äù
Book DescriptionWireless has become ubiquitous in today'Äôs world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost 'Äì Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner'Äôs Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.There are many interesting and new things that you will learn in this book 'Äì War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.What you will learn - Create a Wireless Lab for conducting experiments
- Monitor the air and sniff wireless packets
- Bypass WLAN authentication mechanism
- Crack WEP/WPA/WPA2 encryption mechanisms
- Break into a WLAN network using infrastructure flaws
- Break into a Wireless client such as a laptop
- Advanced attacks such as Man-in-the-Middle attacks and Evading WIPS
- Conduct wireless penetration test in a methodical way
Who this book is forIf you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.
All prices
More details
Other editions
Additional editions
Vivek Ramachandran
Backtrack 5 Wireless Penetration Testing Beginner's Guide
Book
09/2011
Packt Publishing
€62.40
Shipment within 3-4 weeks
Person
Ramachandran Vivek :
Vivek Ramachandran has been working on Wi-Fi security since 2003. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema, publicly in 2007 at DEF CON. In 2011, he was the first to demonstrate how malware could use Wi-Fi to create backdoors, worms, and even botnets. Earlier, Vivek was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches, and he was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net, where he routinely posts videos on Wi-Fi security, assembly language, exploitation techniques, and so on. SecurityTube.net receives over 100,000 unique visitors a month. Vivek's work on wireless security has been quoted in BBC Online, InfoWorld, MacWorld, The Register, IT World Canada, and so on. This year, he will speak or train at a number of security conferences, including Blackhat, DEF CON, Hacktivity, 44con, HITB-ML, BruCON Derbycon, Hashdays, SecurityZone, and SecurityByte.
Vivek Ramachandran has been working on Wi-Fi security since 2003. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema, publicly in 2007 at DEF CON. In 2011, he was the first to demonstrate how malware could use Wi-Fi to create backdoors, worms, and even botnets. Earlier, Vivek was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches, and he was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of SecurityTube.net, where he routinely posts videos on Wi-Fi security, assembly language, exploitation techniques, and so on. SecurityTube.net receives over 100,000 unique visitors a month. Vivek's work on wireless security has been quoted in BBC Online, InfoWorld, MacWorld, The Register, IT World Canada, and so on. This year, he will speak or train at a number of security conferences, including Blackhat, DEF CON, Hacktivity, 44con, HITB-ML, BruCON Derbycon, Hashdays, SecurityZone, and SecurityByte.
Content
- Intro
- BackTrack 5 Wireless Penetration Testing
- Table of Contents
- BackTrack 5 Wireless Penetration Testing
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Support files, eBooks, discount offers, and more
- Why Subscribe?
- Free Access for Packt account holders
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Time for action - heading
- What just happened?
- Pop quiz - heading
- Have a go hero - heading
- Reader feedback
- Customer support
- Errata
- Piracy
- Questions
- 1. Wireless Lab Setup
- Hardware requirements
- Software requirements
- Installing BackTrack
- Time for action - installing BackTrack
- What just happened?
- Have a go hero - installing BackTrack on Virtual Box
- Setting up the access point
- Time for action - configuring the access point
- What just happened?
- Have a go hero - configuring the access point to use WEP and WPA
- Setting up the wireless card
- Time for action - configuring your wireless card
- What just happened?
- Connecting to the access point
- Time for action - configuring your wireless card
- What just happened?
- Have a go hero - establishing connection in WEP configuration
- Pop quiz - understanding the basics
- Summary
- 2. WLAN and Its Inherent Insecurities
- Revisiting WLAN frames
- Time for action - creating a monitor mode interface
- What just happened?
- Have a go hero - creating multiple monitor mode interfaces
- Time for action - sniffing wireless packets
- What just happened?
- Have a go hero - finding different devices
- Time for action - viewing Management, Control, and Data frames
- What just happened?
- Have a go hero - playing with filters
- Time for action - sniffing data packets for our network
- What just happened?
- Have a go hero - analyzing data packets
- Time for action - packet injection
- What just happened?
- Have a go hero - installing BackTrack on Virtual Box
- Important note on WLAN sniffing and injection
- Time for action - expermenting with your Alfa card
- What just happened?
- Have a go hero - sniffing multiple channels
- Role of regulatory domains in wireless
- Time for acton - experimenting with your Alfa card
- What just happened?
- Have a go hero - exploring regulatory domains
- Pop quiz - WLAN packet sniffing and injection
- Summary
- 3. Bypassing WLAN Authentication
- Hidden SSIDs
- Time for action - uncovering hidden SSIDs
- What just happened?
- Have a go hero - selecting Deauthentication
- MAC filters
- Time for action - beating MAC filters
- What just happened?
- Open Authentication
- Time for action - bypassing Open Authentication
- What just happened?
- Shared Key Authentication
- Time for action - bypassing Shared Authentication
- What just happened?
- Have a go hero - filling up the access point's tables
- Pop quiz - WLAN authentication
- Summary
- 4. WLAN Encryption Flaws
- WLAN encryption
- WEP encryption
- Time for action - cracking WEP
- What just happened?
- Have a go hero - fake authentication with WEP cracking
- WPA/WPA2
- Time for action - cracking WPA-PSK weak passphrase
- What just happened?
- Have a go hero - trying WPA-PSK cracking with Cowpatty
- Speeding up WPA/WPA2 PSK cracking
- Time for action - speeding up the cracking process
- What just happened?
- Decrypting WEP and WPA packets
- Time for action - decrypting WEP and WPA packets
- What just happened?
- Connecting to WEP and WPA networks
- Time for action - connecting to a WEP network
- What just happened?
- Time for action - connecting to a WPA network
- What just happened?
- Pop quiz - WLAN encryption flaws
- Summary
- 5. Attacks on the WLANInfrastructure
- Default accounts and credentials on the access point
- Time for action - cracking default accounts on the access points
- What just happened?
- Have a go hero - cracking accounts using bruteforce attacks
- Denial of service attacks
- Time for action - De-Authentication DoS attack
- What just happened?
- Have a go hero - Dis-Association attacks
- Evil twin and access point MAC spoofing
- Time for action - evil twin with MAC spoofing
- What just happened?
- Have a go hero - evil twin and channel hopping
- Rogue access point
- Time for action - Rogue access point
- What just happened?
- Have a go hero - Rogue access point challenge
- Pop quiz - attacks on the WLAN infrastructure
- Summary
- 6. Attacking the Client
- Honeypot and Mis-Association attacks
- Time for action - orchestrating a Mis-Association attack
- What just happened?
- Have a go hero - forcing a client to connect to the Honeypot
- Caffe Latte attack
- Time for action - conducting the Caffe Latte attack
- What just happened?
- Have a go hero - practice makes you perfect!
- De-Authentication and Dis-Association attacks
- Time for action - De-Authenticating the client
- What just happened?
- Have a go hero - Dis-Association attack on the client
- Hirte attack
- Time for action - cracking WEP with the Hirte attack
- What just happened?
- Have a go hero - practice, practice, practice
- AP-less WPA-Personal cracking
- Time for action - AP-less WPA cracking
- What just happened?
- Have a go hero - AP-less WPA cracking
- Pop quiz - attacking the client
- Summary
- 7. Advanced WLAN Attacks
- Man-in-the-Middle attack
- Time for action - Man-in-the-Middle attack
- What just happened?
- Have a go hero - Man-in-the-Middle over pure wireless
- Wireless Eavesdropping using MITM
- Time for action - wireless eavesdropping
- What just happened?
- Have a go hero - finding Google searches
- Session Hijacking over wireless
- Time for action - session hijacking over wireless
- What just happened?
- Have a go hero - application hijacking challenge
- Finding security configurations on the client
- Time for action - enumerating wireless security profiles
- What just happened?
- Have a go hero - baiting clients
- Pop quiz - Advanced WLAN Attacks
- Summary
- 8. Attacking WPA-Enterprise and RADIUS
- Setting up FreeRadius-WPE
- Time for action - setting up the AP with FreeRadius-WPE
- What just happened?
- Have a go hero - playing with RADIUS
- Attacking PEAP
- Time for action - cracking PEAP
- What just happened?
- Have a go hero - variations of attack on PEAP
- Attacking EAP-TTLS
- Time for action - cracking EAP-TTLS
- What just happened?
- Have a go hero - EAP-TTLS
- Security best practices for Enterprises
- Pop quiz - attacking WPA-Enterprise and RADIUS
- Summary
- 9. WLAN Penetration Testing Methodology
- Wireless penetration testing
- Planning
- Discovery
- Time for action - discovering wireless devices
- What just happened?
- Attack
- Finding rogue access points
- Time for action - finding rogue access points
- What just happened?
- Finding unauthorized clients
- Time for action - unauthorized clients
- What just happened?
- Cracking the encryption
- Time for action - cracking WPA
- What just happened?
- Compromising clients
- Time for action - compromising the clients
- What just happened?
- Reporting
- Pop quiz - Wireless Penetration Testing
- Summary
- A. Conclusion and Road Ahead
- Wrapping up
- Building an advanced Wi-Fi lab
- Staying up-to-date
- Conclusion
- B. Pop Quiz Answers
- Chapter 1, Wireless Lab Setup
- Chapter 2, WLAN and its Inherent Insecurities
- Chapter 3, Bypassing WLAN Authentication
- Chapter 4, WLAN Encryption Flaws
- Chapter 5, Attacks on the WLAN Infrastructure
- Chapter 6, Attacking the Client
- Chapter 7, Advanced WLAN Attacks
- Chapter 8, Attacking WPA Enterprise and RADIUS
- Chapter 9, Wireless Penetrating Testing Methodology
- Index
