Book Image

Mastering Kali Linux Wireless Pentesting

By : Brian Sak, Jilumudi Raghu Ram
Book Image

Mastering Kali Linux Wireless Pentesting

By: Brian Sak, Jilumudi Raghu Ram

Overview of this book

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit. This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology. By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.
Table of Contents (16 chapters)
Mastering Kali Linux Wireless Pentesting
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface
Index

Checks on misconfiguration


In this section, we will discuss how we can leverage misconfiguration of network devices, in particular wireless access points. The following checklist can help with finding out misconfiguration issues on wireless access points:

  • Default user credentials on the device: An attacker has a better chance to gain access to the device if the default credentials on the device are not changed. Make sure the passwords set on the device are strong enough to keep an attacker at bay. A brute force attack is still an option for an attacker to crack into the device.

  • DNS settings on the device should reflect the authorized DNS IPs: Usually, attackers try to change the DNS of the device to point to their malicious DNS, thus MITM can be done without much hassle. If a user is trying to visit https://bank.com, the attacker can direct the user to attacker-https://bank.com, which looks and feels the same. Thus, ensure the DNS is pointing to a legitimate DNS server. Malicious DNS IPs in...