Book Image

Mastering Kali Linux Wireless Pentesting

By : Sak, Raghu Ram
Book Image

Mastering Kali Linux Wireless Pentesting

By: Sak, Raghu Ram

Overview of this book

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit. This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology. By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.
Table of Contents (11 chapters)
10
Index

Attacking the services

Most wireless devices host a common set of services for management. Typically, a web server component can be found on every wireless device for web-based management of the device. These web interfaces will sometimes suffer from common web application security flaws. Testing the web component for OWASP Top 10 can reveal if there are any security flaws in the application stack on the AP. Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and Denial of Service are the most common vulnerabilities among wireless devices. Services like HTTP for web management, SNMP for network management, and SSH or Telnet for remote access are commonly found on the devices. Setting these services with weak passwords or leaving the default credentials on can be easily attacked by an attacker using a brute force attack. If not properly configured, these services can be misused by an attacker to gain access to the device.

In this section, we will discuss how we can leverage...