Book Image

Kali Linux Cookbook - Second Edition

By : Corey P. Schultz, Bob Perciaccante
Book Image

Kali Linux Cookbook - Second Edition

By: Corey P. Schultz, Bob Perciaccante

Overview of this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals. This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional. Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.
Table of Contents (11 chapters)

Breaking WEP encryption

Wireless administrators recognized that having open networks or networks that rely on MAC address authentication, presented an unacceptable level of risk and therefore over time, there have been many attempts to harden the authentication to wireless networks, each with their own limitations:

  • Wired Equivalent Privacy (WEP) uses the RC4 encryption algorithm and combines the user-defined key with a 24 bit initialization vector (IV). Unfortunately, IV's are reused thus allowing for us to use tools like aircrack-ng to get the original key, giving us access to the target network as an authenticated endpoint.
  • Wi-Fi Protected Access (WPA) comes in several different flavors and is much more secure than WEP. Because it can be used in a manner similar to WEP where a pre-shared key is used (WPA-PSK), tools such as fluxion can recover the pre-shared key, and where...