Since their introduction to the market less than 20 years ago, wireless networks have grown exponentially and become ubiquitous, not only in the enterprises but everywhere else—all kinds of public places (coffee shops, restaurants, shopping malls, stations, and airports), open-air free Wi-Fi zones, and private homes.
Like all other technologies, their spread has led to a growing need for assessing and improving their security, as a vulnerable wireless network offers an easy way for an attacker to access and attack the whole network, as we will see through this book.
For these reasons, the process of the security assessment of wireless networks, also called wireless penetration testing, has become an essential part of more general network penetration testing.
In this book, we explore the whole process of performing wireless penetration tests with the renowned security distribution of Kali Linux, analyzing each phase, from the initial planning to the final reporting. We cover the basic theory of wireless security (protocols, vulnerabilities, and attacks) but mainly focus on the practical aspects, using the valuable, free, and open source tools provided by Kali Linux for wireless penetration testing.
Chapter 1, Introduction to Wireless Penetration Testing, presents the general concepts of penetration testing and covers its four main phases with a particular focus on wireless networks.
The chapter explains how to agree and plan a penetration test with the customer and gives a high-level view on the information collection, attack execution, and report writing phases of the process.
Chapter 2, Setting Up Your Machine with Kali Linux, introduces the Kali Linux distribution and the included tools that are specifically designed for wireless penetration testing. Then we see the hardware requirements for its installation, the different installation methods, and also cover, step by step, installation in a VirtualBox machine, supplying the relative screenshot for every step.
After installing Kali Linux, the chapter exposes the features that the wireless adapter must meet to be suitable for our purposes and how to practically test these requisites.
Chapter 3, WLAN Reconnaissance, discusses the discovery or information gathering phase of wireless penetration testing. It begins with the basic theory of the 802.11 standard and wireless local area networks (WLANs) and then covers the concept of wireless scanning that is the process of identifying and gathering information about wireless networks.
We then learn how to use the tools included in Kali Linux to perform wireless network scanning, showing practical examples.
Chapter 4, WEP Cracking, speaks about the WEP security protocol, analyzing its design, its vulnerabilities and the various attacks that have been developed against it.
The chapter illustrates how command-line tools and automated tools can be used to perform different variants of these attacks to crack the WEP key, demonstrating that WEP is an insecure protocol and should never be used!
Chapter 5, WPA/WPA2 Cracking, starts with the description of WPA/WPA2 cracking, its design and features, and shows that it is secure. We see that WPA can be susceptible to attacks only if weak keys are used. In this chapter, we cover the various tools to run brute force and dictionary attacks to crack WPA keys. Also, recent and effective techniques for WPA cracking such as GPU and cloud computing are covered.
Chapter 6, Attacking Access Points and the Infrastructure, covers attacks targeting WPA-Enterprise, access points, and the wired network infrastructure. It introduces WPA-Enterprise, the different authentication protocols it uses and explains how to identify them with a packet analyzer. Then, it covers the tools and techniques to crack the WPA-Enterprise key.
The other attacks covered in the chapter are the Denial of Service attack against access points, forcing the de-authentication of the connected clients, the rogue access point attack and the attack against the default authentication credentials of access points.
Chapter 7, Wireless Client Attacks, covers attacks targeting isolated wireless clients to recover the WEP and the WPA keys and illustrates how to set up a fake access point to impersonate a legitimate one and lure clients to connect to it (an Evil Twin attack). Once the client is connected to the fake access point, we show how to conduct the so-called Man-in-the-middle attacks using the tools available with Kali Linux.
Chapter 8, Reporting and Conclusions, discusses the last phase of a penetration test, which is the reporting phase, explaining its essential concepts and focusing, in particular, on the reasons and purposes of a professional and well-written report.
The chapter describes the stages of the report writing process, from its planning to its revision, and the typical professional report format.
Appendix, References, lists out all the references in a chapter-wise format. We also cover the main tools included in Kali Linux to document the findings of the penetration test.
The book requires a laptop with enough hard disk space and RAM memory to install and execute the Kali Linux operating system and a wireless adapter, preferably an external USB one, that is suitable for wireless penetration testing. More detailed information about these requirements are exposed in Chapter 2, Setting Up Your Machine with Kali Linux.
No prior experience with Kali Linux and wireless penetration testing is required, but familiarity with Linux and basic networking concepts is recommended.
This book is for penetration testers, information security professionals, system and network administrators, as well as Linux and IT security enthusiasts who want to get started with or improve their knowledge and practical skills of wireless penetration testing, using Kali Linux and its tools.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows:
"First we execute airmon-ng start wlan0 to put the interface in monitor mode"
Any command-line input or output is written as follows:
# aireplay-ng --chopchop -b 08:7A:4C:83:0C:E0 -h 1C:4B:D6:BB:14:06 mon0
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on the New button on the toolbar menu and the wizard is started."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come cross any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.