Book Image

Mastering Kali Linux Wireless Pentesting

By : Brian Sak, Jilumudi Raghu Ram
Book Image

Mastering Kali Linux Wireless Pentesting

By: Brian Sak, Jilumudi Raghu Ram

Overview of this book

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing. It gives access to a large collection of security-related tools for professional security testing - some of the major ones being Nmap, Aircrack-ng, Wireshark, and Metasploit. This book will take you on a journey where you will learn to master advanced tools and techniques to conduct wireless penetration testing with Kali Linux. You will begin by gaining an understanding of setting up and optimizing your penetration testing environment for wireless assessments. Then, the book will take you through a typical assessment from reconnaissance, information gathering, and scanning the network through exploitation and data extraction from your target. You will get to know various ways to compromise the wireless network using browser exploits, vulnerabilities in firmware, web-based attacks, client-side exploits, and many other hacking methods. You will also discover how to crack wireless networks with speed, perform man-in-the-middle and DOS attacks, and use Raspberry Pi and Android to expand your assessment methodology. By the end of this book, you will have mastered using Kali Linux for wireless security assessments and become a more effective penetration tester and consultant.

Related Content you might be interested in

Current Title:

Small book image
Mastering Kali Linux Wireless Pentesting
Brian Sak | Jilumudi Raghu Ram
Feb, 2016 | 310 pages
No titles found
Table of Contents (16 chapters)
Mastering Kali Linux Wireless Pentesting
Mastering Kali Linux Wireless Pentesting
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Wireless Penetration Testing Fundamentals
Wireless Penetration Testing Fundamentals
Wireless communication
Wireless standards
Choosing the right equipment
Kali Linux for the wireless pentester
Summary
2
Wireless Network Scanning
Wireless Network Scanning
Wireless network discovery
802.11 network terminology
The scanning phase
Tools of the trade
Summary
3
Exploiting Wireless Devices
Exploiting Wireless Devices
Attacking the firmware
Attacking the services
Attacking SNMP
Attacking UPnP
Checks on misconfiguration
Summary
4
Wireless Cracking
Wireless Cracking
Overview of different wireless security protocols
Cracking WPA
Summary
5
Man-in-the-Middle Attacks
Man-in-the-Middle Attacks
MAC address Spoofing/ARP poisoning
Rogue DHCP server
Name resolution spoofing
DNS spoofing
Configuring Ettercap for DNS spoofing
NBNS spoofing
Summary
6
Man-in-the-Middle Attacks Using Evil Twin Access Points
Man-in-the-Middle Attacks Using Evil Twin Access Points
Creating virtual access points with Hostapd
Creating virtual access points with airbase-ng
Session hijacking using Tamper Data
Credential harvesting
Web-based malware
SSL stripping attack
Browser AutoPwn
Summary
7
Advanced Wireless Sniffing
Advanced Wireless Sniffing
Capturing traffic with Wireshark
Extracting data from unencrypted protocols
Merging packet capture files
Summary
8
Denial of Service Attacks
Denial of Service Attacks
An overview of DoS attacks
Management and control frames
Authentication flood attack
The fake beacon flood attack
Metasploit's fake beacon flood attack
The Metasploit deauthentication flood attack
The Metasploit CTS/RTS flood attack
Summary
9
Wireless Pentesting from Non-Traditional Platforms
Wireless Pentesting from Non-Traditional Platforms
Using OpenWrt for wireless assessments
Using Raspberry Pi for wireless assessments
Accessing Kali Linux from a remote location
Using AutoSSH for reverse shell
Powering and concealing your Raspberry Pi or OpenWrt embedded device
Running Kali on Android phones and tablets
Wireless discovery using Android PCAP
Summary
Index
Index

About the Authors

Brian Sak, CCIE #14441 (Security), is a 20-year information security veteran who currently works as a technical solutions architect for Cisco Systems. At Cisco Systems, he is engaged in solution development, and he consults with Cisco partners to help them build and improve their processes and services in the areas of big data analytics and digitization. Prior to joining Cisco Systems, Brian performed security consulting, penetration testing, and security assessment services for large financial institutions, US government agencies, and enterprises in the Fortune 500. In addition to numerous security and industry certifications, he has a bachelor's of science degree in information technology, with an emphasis on information security, and a master's of science degree in information security and assurance. He is also a contributor to The Center for Internet Security and other publications by Packt and Cisco Press.

I would like to thank my amazing wife, Cindy, and children, Caden and Maya, for all the love and support that enabled me to take the time to make this book a reality. Thank you for allowing me to pursue yet another "special project" that eats into our already limited family time. I would also like to thank the fine folks at Packt Publishing for taking the chance and allowing your technical reviewer to step up and author the remaining content of this book. I know it was a risk to ask your pit crew, "Is there anyone out there who wants to go fast?" and for that, I am extremely grateful.

Jilumudi Raghu Ram is a security analyst with over 5 years of experience in the information security domain, with a strong knowledge of incident response, digital forensics, network security, infrastructure penetration testing, and Secure configuration audits. He has conducted security audits for more than 70 networks, both internal and external, re-audits, secure configuration reviews, and server audits (Linux and Windows) for various organizations. One of his major clients has been the Government of India, where his team was responsible for conducting penetration testing assignments for various government bodies, as well as preparing vulnerability assessment and penetration testing reports, and supporting the clients to fix those vulnerabilities.

Raghu Ram's areas of expertise include incident response, digital forensics, threat research, penetration testing, vulnerability assessment, dynamic malware analysis, intrusion detection systems, and security operations monitoring.

Raghu Ram has written various articles related to information security in the Hindu Group magazine Frontline. He also maintains his own website dedicated to Penetration Testing - www.wirelesspentest.com

I am greatly indebted to my mother, Bhuvaneswari, and brother, Yuva Kishore Reddy, for bringing me up and giving me the freedom to follow my passions. I would also like to thank UshaSree and my uncles Karunananda Reddy, Ganapathi Reddy, and Pratap Kumar Reddy for helping me to continue my studies.

Previous Section
Next Chapter