Book Image

Kali Linux Wireless Penetration Testing Beginner???s Guide - Third Edition

By : Cameron Buchanan, Daniel W. Dieterle, Vivek Ramachandran
Book Image

Kali Linux Wireless Penetration Testing Beginner???s Guide - Third Edition

By: Cameron Buchanan, Daniel W. Dieterle, Vivek Ramachandran

Overview of this book

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.
Table of Contents (21 chapters)
Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface
Index

Time for action – configuring your wireless card


Here we go! Follow these steps to connect your wireless card to the access point:

  1. Let's first see what wireless networks our adapter is currently detecting. Issue the iwlist wlan0 scanning command, and you will find a list of networks in your vicinity:

    Keep scrolling down and you should find the Wireless Lab network in this list. In my setup, it is detected as Cell 05; it may be different in yours. The ESSID field contains the network name.

  2. As multiple access points can have the same SSID, verify that the MAC address mentioned in the preceding Address field matches your access point's MAC. A fast and easy way to get the MAC address is underneath the access point or using web-based GUI settings.

  3. Now, issue the iwconfig wlan0 essid "Wireless Lab" command and then iwconfig wlan0 to check the status. If you have successfully connected to the access point, you should see the MAC address of the access point in the Access Point field in the output of iwconfig.

  4. We know that the access point has a management interface IP address 192.168.0.1 from its manual. Alternately, this is the same as the default router IP address when we run the route –n command. Let's set our IP address in the same subnet by issuing the ifconfig wlan0 192.168.0.2 netmask 255.255.255.0 up command. Verify that the command succeeded by typing ifconfig wlan0 and checking the output.

  5. Now let's ping the access point by issuing the ping 192.168.0.1 command. If the network connection has been set up properly, then you should see the responses from the access point. You can additionally issue an arp –a command to verify that the response is coming from the access point. You should see that the MAC address of the IP 192.168.0.1 is the access point's MAC address we noted earlier. It is important to note that some of the more recent access points might have responses to the Internet Control Message Protocol (ICMP) echo request packets disabled. This is typically done to make the access point secure out of the box with only minimal configuration settings available. In such a case, you can try to launch a browser and access the web interface to verify that the connection is up-and-running:

  6. On the access point, we can verify connectivity by looking at the connection logs. As you can see in the following log, the MAC address of the wireless card 4C:0F:6E:70:BD:CB has been logged making DHCP requests from the router:

What just happened?

We just connected to our access point successfully from Kali using our wireless adapter as the wireless device. We also learned how to verify that a connection has been established at both the wireless client and the access point side.

Have a go hero – establishing a connection in a WEP configuration

Here is a challenging exercise for you: set up the access point in a WEP configuration. For each of these, try establishing a connection with the access point using the wireless adapter. Hint: check the manual for the iwconfig command by typing man iwconfig to see how to configure the card to connect to WEP.

Pop quiz – understanding the basics

Q1. After issuing the ifconfig wlan0 command, how do you verify that the wireless card is up and functional?

Q2. Can we run all our experiments using the Kali live CD alone? Can we not install the CD to the hard drive?

Q3. What does the arp –a command show?

Q4. Which tool should we use in Kali to connect to WPA/WPA2 networks?