Book Image

BackTrack 5 Wireless Penetration Testing Beginner's Guide

By : Vivek Ramachandran
Book Image

BackTrack 5 Wireless Penetration Testing Beginner's Guide

By: Vivek Ramachandran

Overview of this book

Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner’s Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.There are many interesting and new things that you will learn in this book – War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.
Table of Contents (18 chapters)
BackTrack 5 Wireless Penetration Testing
Credits
About the Author
About the Reviewer
www.PacktPub.com
Preface
Index

Index

A

  • access point
    • setting up / Setting up the access point, Time for action – configuring the access point
    • configuring / Time for action – configuring the access point, What just happened?
    • wireless card, connecting to / Time for action – configuring your wireless card, What just happened?
    • about / Default accounts and credentials on the access point
    • default accounts, cracking on / Time for action – cracking default accounts on the access points, What just happened?
  • accounts
    • cracking, bruteforce attacks used / Have a go hero – cracking accounts using bruteforce attacks
  • advanced Wi-Fi lab
    • building / Building an advanced Wi-Fi lab
  • advanced Wi-Fi lab, requisites
    • directional antennas / Building an advanced Wi-Fi lab
    • Wi-Fi access points / Building an advanced Wi-Fi lab
    • Wi-Fi cards / Building an advanced Wi-Fi lab
    • Wi-Fi enabled devices / Building an advanced Wi-Fi lab
    • Smartphones / Building an advanced Wi-Fi lab
  • airbase-ng command / Time for action – evil twin with MAC spoofing
  • Aircrack-NG site
    • about / Staying up-to-date
  • aircrack-ng tool
    • about / WEP encryption
  • AIRCRACK-NG website
    • about / Hirte attack
  • aireplay-ng tool
    • about / WEP encryption
  • airmon-ng tool
    • about / WEP encryption
  • Airodump-NG
    • about / Revisiting WLAN frames
  • airodump-ng utility / Time for action – beating MAC filters, What just happened?
    • about / WEP encryption
  • Alfa AWUS036H card / Hardware requirements
  • Alfa card / Building an advanced Wi-Fi lab
  • Alfa Networks / Hardware requirements
  • Alfa wireless card
    • setting up / Time for action – configuring your wireless card
  • AP
    • setting up, with FreeRadius-WPE / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS
  • AP-less WPA cracking / Time for action – AP-less WPA cracking, What just happened?
  • application hijacking challenge / Have a go hero – application hijacking challenge
  • Asleap
    • about / Time for action – cracking EAP-TTLS
  • attack phase, wireless penetration testing
    • about / Attack, Time for action – finding rogue access points, What just happened?
    • rogue access points, searching / Time for action – finding rogue access points, What just happened?
    • unauthorized clients, searching / Time for action – unauthorized clients, What just happened?
    • WPA, cracking / Time for action – cracking WPA, What just happened?
    • clients, compromising / Time for action – compromising the clients, What just happened?
  • Authenticator MAC address (Access Point MAC)
    • about / WPA/WPA2
  • Authenticator Nounce (ANounce)
    • about / WPA/WPA2

B

  • BackTrack
    • installing / Time for action – installing BackTrack, What just happened?
    • installing, on Virtual Box / Have a go hero – installing BackTrack on Virtual Box, Have a go hero – installing BackTrack on Virtual Box
    • Radius server, setting up on / Setting up FreeRadius-WPE
  • BackTrack 5 / Software requirements
  • Beacon frames
    • about / Hidden SSIDs
  • best practices, WPA-Enterprise / Security best practices for Enterprises
  • Broadcast De-Authentication packets / What just happened?
  • bruteforce attacks
    • used, for cracking accounts / Have a go hero – cracking accounts using bruteforce attacks

C

  • Caffe Latte attack
    • about / What just happened?, Caffe Latte attack
    • conducting / Time for action – conducting the Caffe Latte attack, What just happened?
  • channel hopping
    • about / Have a go hero – evil twin and channel hopping
  • client
    • de-authenticating / Time for action – De-Authenticating the client, What just happened?
  • clients
    • compromising / Time for action – compromising the clients, What just happened?
  • configuration, access point / Time for action – configuring the access point, What just happened?
  • configuration, wireless card / Time for action – configuring your wireless card
  • connection
    • establishing, in WEP configuration / Have a go hero – establishing connection in WEP configuration
  • control frames
    • viewing / Time for action – viewing Management, Control, and Data frames
  • Cowpatty
    • about / Have a go hero – trying WPA-PSK cracking with Cowpatty

D

  • D-Link DIR-615 access point model / Time for action – cracking default accounts on the access points
  • D-LINK DIR-615 Wireless N Router / Hardware requirements
    • about / Setting up the access point
  • data frames
    • viewing / Time for action – viewing Management, Control, and Data frames
  • data packets
    • sniffing / Time for action – sniffing data packets for our network
    • analyzing / Have a go hero – analyzing data packets
  • De-Authentication attack / Time for action – De-Authentication DoS attack, What just happened?
  • De-Authentication packets
    • about / De-Authentication and Dis-Association attacks
  • Deauthentication attack / Time for action – uncovering hidden SSIDs
  • default accounts
    • cracking, on access points / Time for action – cracking default accounts on the access points, What just happened?
  • default regulatory settings
    • Alfa card, experimenting / Time for acton – experimenting with your Alfa card
  • Denial of Service (DoS) attacks
    • about / Denial of service attacks, Time for action – De-Authentication DoS attack, What just happened?
    • De-Authentication attack / Time for action – De-Authentication DoS attack, What just happened?
    • Dis-Association attacks / Have a go hero – Dis-Association attacks
  • DHCP daemon / Time for action – Rogue access point
  • directional antennas
    • about / Building an advanced Wi-Fi lab
  • Dis-Association attacks
    • about / Have a go hero – Dis-Association attacks
  • discovery phase, wireless penetration testing
    • about / Discovery
  • DNS hijacking
    • about / Session Hijacking over wireless
    • over wireless, using the MITM setup / Time for action – session hijacking over wireless

E

  • EAP-GTC
    • about / Attacking PEAP
  • EAP-MSCHAPv2
    • about / Attacking PEAP
  • EAP-TTLS
    • about / Attacking EAP-TTLS
    • cracking / Time for action – cracking EAP-TTLS, What just happened?
  • eap.conf file / Time for action – cracking PEAP
  • ESSID
    • about / Finding rogue access points
  • Ettercap / Have a go hero – application hijacking challenge
  • evil twin
    • about / Evil twin and access point MAC spoofing
  • evil twin attack
    • about / Time for action – evil twin with MAC spoofing, What just happened?

F

  • fake authentication
    • performing, with WEP cracking / Have a go hero – fake authentication with WEP cracking
  • four-way handshake
    • about / WPA/WPA2
  • four-way WPA handshake / AP-less WPA-Personal cracking
  • FreeRadius
    • about / Setting up FreeRadius-WPE
  • FreeRadius-WPE
    • setting up / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS
    • AP, setting up with / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS

G

  • genpmk tool / Time for action – speeding up the cracking process

H

  • hacker
    • functions / Honeypot and Mis-Association attacks
  • hardware requisites, for wireless lab setup / Hardware requirements
  • hidden SSIDs
    • about / Hidden SSIDs
    • uncovering / Time for action – uncovering hidden SSIDs, What just happened?
  • Hirte attack
    • URL, for info / Hirte attack
    • WEP, cracking with / Time for action – cracking WEP with the Hirte attack, What just happened?
  • Honeypot attacks
    • about / Honeypot and Mis-Association attacks, Caffe Latte attack
  • Hydra
    • about / Have a go hero – cracking accounts using bruteforce attacks

I

  • IEEE 802.11
    • about / WLAN encryption
  • ifconfig command / What just happened?
  • installation, BackTrack
    • about / Time for action – installing BackTrack
    • on Virtual Box / Have a go hero – installing BackTrack on Virtual Box
  • Install BackTrack icon / Time for action – installing BackTrack
  • installing
    • BackTrack / Time for action – installing BackTrack, What just happened?
    • BackTrack, on Virtual Box / Have a go hero – installing BackTrack on Virtual Box
  • iwconfig command / Have a go hero – establishing connection in WEP configuration
  • iwconfig utility / Time for action – connecting to a WEP network
  • iwlist wlan0 scanning command / Time for action – configuring your wireless card

M

  • MAC Address
    • about / Finding rogue access points
  • macchanger utility / Time for action – beating MAC filters
  • macchnager utility / What just happened?
  • MAC filters
    • about / MAC filters
    • beating / Time for action – beating MAC filters, What just happened?
  • MAC spoofing
    • about / Time for action – evil twin with MAC spoofing, What just happened?
  • mailing lists
    • about / Staying up-to-date
  • man-in-the-middle attack / Evil twin and access point MAC spoofing
  • management frames
    • viewing / Time for action – viewing Management, Control, and Data frames
  • Message Integrity Check (MIC) / WPA/WPA2
  • Mis-Association attacks
    • about / Honeypot and Mis-Association attacks
    • orchestrating / Time for action – orchestrating a Mis-Association attack, What just happened?
  • MITM attacks
    • about / Man-in-the-Middle attack
    • simulating / Time for action – Man-in-the-Middle attack
    • over wireless / Have a go hero – Man-in-the-Middle over pure wireless
  • monitor mode interface
    • creating / Time for action – creating a monitor mode interface, What just happened?
  • MSCHAP-v2 / What just happened?
  • multiple monitor mode interfaces
    • creating / Have a go hero – creating multiple monitor mode interfaces

N

  • Non Disclosure Agreement (NDA) / Planning

O

  • Open Authentication
    • about / Open Authentication
    • bypassing / Time for action – bypassing Open Authentication, What just happened?

P

  • packet
    • injecting / Time for action – packet injection, What just happened?
  • packet injection / Hardware requirements
  • packet sniffing / Hardware requirements
  • Pairwise Transient Key (PTK)
    • about / WPA/WPA2
  • Password Based Key Derivation Function (PBKDF2) / WPA/WPA2
  • PEAP
    • about / Attacking PEAP, Wrapping up
    • versions / Attacking PEAP
    • attacking, on Windows client / Time for action – cracking PEAP, What just happened?
    • cracking / Time for action – cracking PEAP, What just happened?
  • PEAPv0 / Attacking PEAP
  • PEAPv1 / Attacking PEAP
  • planning phase, wireless penetration testing
    • about / Planning
    • scope of assessment / Planning
    • effort estimation / Planning
    • legality / Planning
  • Preferred Network List (PNL) / Honeypot and Mis-Association attacks
  • Probe Request packets
    • about / Time for action – orchestrating a Mis-Association attack
  • promiscous mode
    • about / Revisiting WLAN frames

R

  • Radius server
    • about / Setting up FreeRadius-WPE
    • setting up, on BackTrack / Setting up FreeRadius-WPE
  • regulatory domains
    • exploring / Have a go hero – exploring regulatory domains
  • reporting phase, wireless penetration testing / Reporting
  • Rogue access point
    • about / Rogue access point
    • creating / Rogue access point
  • Rogue access point challenge
    • about / Have a go hero – Rogue access point challenge
  • rogue access points
    • searching / Time for action – finding rogue access points, What just happened?
  • route -n command / Time for action – configuring the access point

S

  • security configurations, on client
    • De-Authentication attack / Time for action – enumerating wireless security profiles
  • Security Mode configuration / Time for action – configuring the access point
  • security updates
    • about / Staying up-to-date
    • mailing lists / Staying up-to-date
    • Aircrack-NG site / Staying up-to-date
    • conferences / Staying up-to-date
  • Shared Key Authentication
    • about / Shared Key Authentication
    • bypassing / Shared Key Authentication, Time for action – bypassing Shared Authentication, What just happened?
  • Shared Key Authentication bypass technique
    • about / What just happened?
  • Smart Phones / Software requirements
  • Smartphones
    • about / Building an advanced Wi-Fi lab
  • software requisites, for wireless lab setup / Software requirements
  • SSIDs
    • about / Hidden SSIDs
  • Suppliant MAC address (Wi-Fi Client MAC)
    • about / WPA/WPA2
  • Supplicant Nounce (SNounce)
    • about / WPA/WPA2

T

  • Tablets / Software requirements
  • tablets
    • about / Building an advanced Wi-Fi lab
  • Tcpdump
    • about / Revisiting WLAN frames
  • TKIP
    • about / WPA/WPA2
  • Tshark
    • about / Revisiting WLAN frames
  • tshark utility / Time for action – decrypting WEP and WPA packets

U

  • unauthorized clients
    • searching / Finding unauthorized clients, Time for action – unauthorized clients, What just happened?

V

  • Virtual Box
    • BackTrack, installing on / Have a go hero – installing BackTrack on Virtual Box
    • URL / Have a go hero – installing BackTrack on Virtual Box

W

  • WEP
    • about / WLAN encryption, What just happened?
    • cryptographic weaknesses / WEP encryption
    • cracking / Time for action – cracking WEP, What just happened?, Time for action – Rogue access point, What just happened?
    • cracking, with Hirte attack / Time for action – cracking WEP with the Hirte attack, What just happened?
  • WEP configuration
    • connection, establishing in / Have a go hero – establishing connection in WEP configuration
  • WEP cracking
    • fake authentication, performing with / Have a go hero – fake authentication with WEP cracking
  • WEP encryption
    • about / WEP encryption
  • WEP network
    • connecting to / Time for action – connecting to a WEP network, What just happened?
  • WEP packet
    • decrypting / Time for action – decrypting WEP and WPA packets, What just happened?
  • Wi-Fi access points
    • about / Building an advanced Wi-Fi lab
  • Wi-Fi cards
    • about / Building an advanced Wi-Fi lab
  • WiFishing / What just happened?
  • Windows client
    • PEAP, attacking on / Time for action – cracking PEAP, What just happened?
  • wireless card
    • setting up / Setting up the wireless card, Time for action – configuring your wireless card
    • configuring / Time for action – configuring your wireless card
    • connecting, to access point / Time for action – configuring your wireless card, What just happened?
  • wireless devices
    • discovering / Time for action – discovering wireless devices, What just happened?
  • Wireless Eavesdropping
    • about / Time for action – wireless eavesdropping
  • wireless lab setup
    • hardware requisites / Hardware requirements
    • software requisites / Software requirements
  • wireless packets
    • sniffing / Time for action – sniffing wireless packets
  • wireless penetration testing
    • about / Wireless penetration testing
    • phases / Wireless penetration testing
    • planning phase / Planning
    • discovery phase / Discovery, Time for action – discovering wireless devices, What just happened?
    • attack phase / Attack, Time for action – finding rogue access points, What just happened?
    • reporting phase / Reporting
  • Wireshark
    • about / Revisiting WLAN frames, Time for action – uncovering hidden SSIDs, Time for action – orchestrating a Mis-Association attack
  • WLAN access point
    • about / Default accounts and credentials on the access point
  • WLAN attacks
    • MITM attacks / Man-in-the-Middle attack
    • Wireless Eavesdropping, with MITM / Wireless Eavesdropping using MITM
    • Session Hijacking, over wireless / Session Hijacking over wireless
    • security configurations, finding on client / Finding security configurations on the client
  • WLAN frames
    • about / Revisiting WLAN frames
    • revisiting / Revisiting WLAN frames
    • frame control field / Revisiting WLAN frames
    • type field / Revisiting WLAN frames
    • management frames / Revisiting WLAN frames
    • control frames / Revisiting WLAN frames
    • data frames / Revisiting WLAN frames
    • monitor mode interface, creating / Time for action – creating a monitor mode interface, What just happened?
    • multiple monitor mode interfaces, creating / Have a go hero – creating multiple monitor mode interfaces
    • wireless packets, sniffing / Time for action – sniffing wireless packets
    • different devices, finding / Have a go hero – finding different devices
    • data packets, sniffing / Time for action – sniffing data packets for our network
    • packet, injecting / Time for action – packet injection, What just happened?
    • Alfa card, experimenting with / Time for action – expermenting with your Alfa card, WLAN framesAlfa card, experimenting withWhat just happened?
    • multiple channels, sniffing / Have a go hero – sniffing multiple channels
  • WLAN infrastructure
    • default accounts, cracking on access point / Time for action – cracking default accounts on the access points, What just happened?
    • evil twin attack / Evil twin and access point MAC spoofing, Time for action – evil twin with MAC spoofing, What just happened?
    • access point MAC spoofing / Evil twin and access point MAC spoofing, Time for action – evil twin with MAC spoofing, What just happened?
    • Rogue access point / Rogue access point, Time for action – Rogue access point, What just happened?
    • WEP, cracking / Time for action – Rogue access point, What just happened?
    • Honeypot attacks / Honeypot and Mis-Association attacks, Caffe Latte attack
    • Mis-Association attack, orchestrating / Time for action – orchestrating a Mis-Association attack, What just happened?
    • Caffe Latte attack, conducting / Time for action – conducting the Caffe Latte attack, What just happened?
    • De-Authentication attacks / Time for action – De-Authenticating the client, What just happened?
    • Dis-Association attacks / Time for action – De-Authenticating the client, What just happened?
    • WEP, cracking with Hirte attack / Time for action – cracking WEP with the Hirte attack, What just happened?
  • WLAN injection
    • about / Important note on WLAN sniffing and injection
  • WLANs
    • hidden SSIDs, uncovering / Time for action – uncovering hidden SSIDs, What just happened?
    • MAC filters, beating / Time for action – beating MAC filters, What just happened?
    • Open Authentication, bypassing / Time for action – bypassing Open Authentication, What just happened?
    • Shared Key Authentication, bypassing / Shared Key Authentication, Time for action – bypassing Shared Authentication, What just happened?
    • Denial of Service (DoS) attacks / Denial of service attacks, Time for action – De-Authentication DoS attack, What just happened?
  • WLAN sniffing
    • about / Important note on WLAN sniffing and injection
  • WPA
    • about / WLAN encryption, WPA/WPA2, What just happened?
    • cracking / AP-less WPA-Personal cracking, Time for action – cracking WPA, What just happened?
  • WPA-Enterprise
    • best practices / Security best practices for Enterprises
  • WPA-PSK
    • cracking / AP-less WPA-Personal cracking
  • WPA-PSK Honeypot
    • setting up / Time for action – AP-less WPA cracking
  • WPA-PSK weak passphrase
    • cracking / Time for action – cracking WPA-PSK weak passphrase
  • WPA/WPA2 PSK
    • about / WPA/WPA2
    • cracking, speeding up for / Speeding up WPA/WPA2 PSK cracking, Time for action – speeding up the cracking process, What just happened?
  • WPA2
    • about / What just happened?
  • WPA handshake
    • capturing / Time for action – cracking WPA
  • WPA network
    • connecting to / Time for action – connecting to a WPA network, What just happened?
  • WPA packet
    • decrypting / Time for action – decrypting WEP and WPA packets, What just happened?
  • WPA v1
    • about / WPA/WPA2
  • WPAv2
    • about / WLAN encryption
  • WPA_supplicant
    • about / Time for action – connecting to a WPA network
  • WPE
    • about / Setting up FreeRadius-WPE

X

  • XOR operation / Shared Key Authentication