PacktLib: BackTrack 5 Wireless Penetration Testing Beginner’s Guide

BackTrack 5 Wireless Penetration Testing

Credits

About the Author

About the Reviewer

www.PacktPub.com

Preface

Wireless Lab Setup

Hardware requirements

Software requirements

Installing BackTrack

Time for action – installing BackTrack

Setting up the access point

Time for action – configuring the access point

Setting up the wireless card

Time for action – configuring your wireless card

Connecting to the access point

Time for action – configuring your wireless card

Summary

WLAN and Its Inherent Insecurities

Revisiting WLAN frames

Time for action – creating a monitor mode interface

Time for action – sniffing wireless packets

Time for action – viewing Management, Control, and Data frames

Time for action – sniffing data packets for our network

Time for action – packet injection

Important note on WLAN sniffing and injection

Time for action – expermenting with your Alfa card

Role of regulatory domains in wireless

Time for acton – experimenting with your Alfa card

Summary

Bypassing WLAN Authentication

Hidden SSIDs

Time for action – uncovering hidden SSIDs

MAC filters

Time for action – beating MAC filters

Open Authentication

Time for action – bypassing Open Authentication

Shared Key Authentication

Time for action – bypassing Shared Authentication

Summary

WLAN Encryption Flaws

WLAN encryption

WEP encryption

Time for action – cracking WEP

WPA/WPA2

Time for action – cracking WPA-PSK weak passphrase

Speeding up WPA/WPA2 PSK cracking

Time for action – speeding up the cracking process

Decrypting WEP and WPA packets

Time for action – decrypting WEP and WPA packets

Connecting to WEP and WPA networks

Time for action – connecting to a WEP network

Time for action – connecting to a WPA network

Summary

Attacks on the WLANInfrastructure

Default accounts and credentials on the access point

Time for action – cracking default accounts on the access points

Denial of service attacks

Time for action – De-Authentication DoS attack

Evil twin and access point MAC spoofing

Time for action – evil twin with MAC spoofing

Rogue access point

Time for action – Rogue access point

Summary

Attacking the Client

Honeypot and Mis-Association attacks

Time for action – orchestrating a Mis-Association attack

Caffe Latte attack

Time for action – conducting the Caffe Latte attack

De-Authentication and Dis-Association attacks

Time for action – De-Authenticating the client

Hirte attack

Time for action – cracking WEP with the Hirte attack

AP-less WPA-Personal cracking

Time for action – AP-less WPA cracking

Summary

Advanced WLAN Attacks

Man-in-the-Middle attack

Time for action – Man-in-the-Middle attack

Wireless Eavesdropping using MITM

Time for action – wireless eavesdropping

Session Hijacking over wireless

Time for action – session hijacking over wireless

Finding security configurations on the client

Time for action – enumerating wireless security profiles

Summary

Attacking WPA-Enterprise and RADIUS

Setting up FreeRadius-WPE

Time for action – setting up the AP with FreeRadius-WPE

Attacking PEAP

Time for action – cracking PEAP

Attacking EAP-TTLS

Time for action – cracking EAP-TTLS

Security best practices for Enterprises

Summary

WLAN Penetration Testing Methodology

Wireless penetration testing

Time for action – discovering wireless devices

Summary

Conclusion and Road Ahead

Conclusion and Road Ahead

Conclusion and Road Ahead

Conclusion and Road Ahead

Conclusion and Road Ahead

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Pop Quiz Answers

Index