Book Image

Kali Linux Wireless Penetration Testing Essentials

Book Image

Kali Linux Wireless Penetration Testing Essentials

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Wireless Penetration Testing Essentials
Jul, 2015 | 164 pages
No titles found
Table of Contents (17 chapters)
Kali Linux Wireless Penetration Testing Essentials
Kali Linux Wireless Penetration Testing Essentials
Credits
Credits
Disclaimer
Disclaimer
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Wireless Penetration Testing
Introduction to Wireless Penetration Testing
Phases of penetration testing
Summary
2
Setting Up Your Machine with Kali Linux
Setting Up Your Machine with Kali Linux
Introduction to the Kali Linux distribution
Installing Kali Linux
Wireless adapter setup and configuration
Summary
3
WLAN Reconnaissance
WLAN Reconnaissance
Introduction to 802.11 standard and wireless LAN
Wireless LAN scanning
Wireless scanning with Kismet
Summary
4
WEP Cracking
WEP Cracking
An introduction to WEP
WEP cracking with Aircrack-ng
Summary
5
WPA/WPA2 Cracking
WPA/WPA2 Cracking
An introduction to WPA/WPA2
WPA cracking with the GPU
WPA cracking with automated tools
Summary
6
Attacking Access Points and the Infrastructure
Attacking Access Points and the Infrastructure
Attacks against Wi-Fi Protected Setup
Attacking WPA-Enterprise
Denial of Service attacks
Rogue access points
Attacking AP authentication credentials
Summary
7
Wireless Client Attacks
Wireless Client Attacks
Honeypot access points and Evil Twin attacks
Man-in-the-middle attacks
The Caffe Latte attack
The Hirte attack
Cracking WPA keys without the AP
Summary
8
Reporting and Conclusions
Reporting and Conclusions
The four stages of report writing
The report format
Summary
Conclusions
References
References
Chapter 1 – Introduction to Wireless Penetration Testing
Chapter 2 – Setting Up Your Machine with Kali Linux
Chapter 3 – WLAN Reconnaissance
Chapter 4 – WEP Cracking
Chapter 5 – WPA/WPA2 Cracking
Chapter 6 – Attacking Access Points and the Infrastructure
Chapter 7 – Wireless Client Attacks
Chapter 8 – Reporting and Conclusions
Index
Index

Attacking WPA-Enterprise

WPA-Enterprise, as the name says, is the authentication mode used in enterprise networks.

In WPA-Enterprise, the AP does not authenticate the client as in WPA-Personal mode, but instead delegates it to an Authentication Server (AS) that communicates with the AP through the RADIUS protocol.

The authentication packets exchanged between AP and AS are carried using the Extensible Authentication Protocol (EAP) and specifically the EAP Over LAN (EAPOL), a protocol defined in the 802.1x standard for authentication on wired LANs. The AP (authenticator) acts as a relay that forwards the authentication packets between the two parties, the client (supplicant) and the AS.

EAP is an authentication framework rather than a single protocol and comes in many types, among which the most important are:

  • Lightweight EAP (LEAP)

  • EAP-MD5

  • EAP-TLS

  • EAP-FAST

  • EAP-TTLS

  • PEAP

The last three are the most common EAP types in use by enterprise networks. The authentication process takes place with an EAP-handshake...

Previous Section
End of Section 3
Next Section