Kali Linux Wireless penetration

Wireless network is ubiquitous in our life and wireless penetration testing has become an important skill for security practitioners. And with the advent of a KRACK attack, which can be used by an attacker to breach a WiFi network that uses WPA2 encryption, wireless penetration testing is once again in the spotlight. Kali Linux comes with a number of tools for detecting security vulnerabilities and can be used to perform a variety of network testing tasks.
The book provides a comprehensive update to the emerging methodologies, covering the principles of a KRACK attack and the methods to defend against it. This book explains the knowledge of wireless penetration testing from the ground up, introduces all the relevant content of each penetration testing technology, and demonstrates the methodology of wireless testing with a large number of cases. The reader will learn the basics of wireless routing and encryption, as well as the details of various cracking methods and attacks such as Hirte and Caffe Latted.
Contents of the Book:
Fully understand the KRACK attack;
Create a wireless test environment;
Sniffing wireless packets, hidden networks and SSIDs;
Capture and crack WPA2 keys;
Sniff probe requests and track users through their SSID history;
The RADIUS authentication system is attacked.
Sniff wireless traffic to collect data of interest;
Decrypt encrypted traffic using stolen keys.
Content abstract
This introductory guide to penetration testing in the wireless space is fully updated for Kali Linux 2017.3 and aims to help readers understand the various security vulnerabilities associated with wireless networks and how penetration testing can be used to find and plug them.
The book is divided into 11 chapters, including how to build a wireless network testing environment using off-the-shelf hardware and open source software, WLAN and its inherent security risks, ways to circumvent WLAN verification, understanding the drawbacks of WLAN encryption, how to take advantage of these drawbacks to solve WLAN encryption, how to conduct penetration testing of WLAN infrastructure, and how to use WLAN encryption to test WLAN infrastructure. And how to launch various wireless client attacks to compromise network security. In addition, it covers today's cutting-edge wireless attack methods, new methods of KRACK attack, attacking WPA-Enterprise and RADIUS, the principles of WLAN penetration testing, and WPS brute force attacks and detection-sniffing attacks.
This book is for readers who are interested in wireless penetration testing and have a basic knowledge of wireless networks.
Author's brief introduction
Cameron Buchanan is a penetration testing practitioner and amateur writer who has done penetration testing work for many clients in various industries around the world. Cameron previously served in the Royal Air Force (RAF). In his spare time, he likes to do "stupid things", such as trying to make something fly, getting electrocuted, and taking a dip in ice water. He is married and lives in London.
Vivek Ramachandran has been working on WiFi security since 2003. He discovered the Caffe Latte attack, cracked the WEP Cloaking (a WEP protection scheme), and publicly released it at DEF CON in 2007. In 2011, he demonstrated how malware could be used to create backdoors, worms and even botnets through WiFi.
Previously, Vivek worked for Cisco as a programmer of 802.1x protocol and port Security features for the 6500 Catalyst series switches, and was one of the winners of the Microsoft Security Shootout in India. He is well known in the hacker community and posts videos about WiFi security, assembly language, and hacking techniques.
Vivek's achievements in wireless security have been covered by several media outlets (BBC Online, InfoWorld, MacWorld, The Register and IT World Canada, among others). This year, he will be speaking and training at several security conferences (Blackhat, DEF CON, Hacktivity, 44con, HITB-ML, BruCON Derbycon, Hashdays, SecurityZone and SecurityByte, among others).
directory
Chapter 1 Build wireless experimental environment 1
1.1 Hardware Requirements 2
1.2 Software Requirements 2
1.3 Installing Kali 3
1.4 Hands-on experiment - Install Kali 3
Experiment Description 5
Try to break through - install Kali 5 in VirtualBox
1.5 Configuring AP 5
1.6 Hands-on experiment - Configure wireless AP 6
Experiment Description 8
Try to break through - Configure AP, enable WEP and WPA 8
1.7 Configuring a Wireless NIC 8
1.8 Hands-on Experiment - Configuring a wireless NIC 8
Experiment Description 9
1.9 Connecting to AP 9
1.10 Hands-on Experiment - Configure a wireless NIC 10
Experiment Description 12
Try to break through - Establish a wireless network connection in WEP mode 12
Pop Quiz - Mastering the Basics 12
1.11 Summary 13
Chapter 2 WLAN and Its Inherent Pitfalls 14
2.1 Revisiting WLAN Frame 15
2.2 Hands-on Experiment - Create an interface running in monitoring mode 17
Experiment Description 20
Try to break out - Create multiple interfaces in monitor mode 20
2.3 Hands-on experiment -- Capture wireless packet 20
Experiment Description 22
Try to break through - Discover other devices 22
2.4 Hands-on experiment -- Viewing management, control and data frame 23
Experiment Description 25
Try breaking out - Play with Wireshark Filters 26
2.5 Hands-on Experiment - Data Packet Theft in Experimental Environment 27
Experiment Description 28
Try to break through - Analyze packet 29
2.6 Hands-on Experiment - Packet Injection 29
Experiment Description 30
Try breaking through -- aireplay-ng tool with other options 30
2.7 Important Matters related to WLAN packet capture and injection
2.8 Hands-on experiment - Set a wireless NIC 31
Experiment Description 32
Attempt to break through - Multi-channel Packet Capture 32
In-class quiz - WLAN packet capture and injection 32
2.9 Summary 33
Chapter 3 Circumventing WLAN authentication 35
3.1 Hidden SSID 35
3.2 Hands-on experiment -- Discover hidden SSID 36
Experimental Description 41
Try to break through -- Targeted de-validation 41
3.3 MAC Filter 41
3.4 Hands-on Experiment - Defeat MAC filter 42
Experimental Description 44
3.5 Open Validation 45
3.6 Hands-on Experiments -- Bypassing open validation 45
Experimental Description 46
3.7 Shared Key Verification (SKA) 46
3.8 Hands-on Experiments -- Bypassing shared validation 47
Experimental Description 52
Common sense breakthrough - Fill the wireless client table 52 saved by the AP
In-class quiz -- WLAN Verification 52
3.9 Summary 53
Chapter 4 WLAN Encryption Vulnerabilities 54
4.1 WLAN Encryption 54
4.2 WEP encryption 55
4.3 Hands-on experiment -- Crack WEP 55
Experimental Instructions 62
Attempt to break through - Spoofing verification with WEP cracking attacks 63
4.4 WPA WPA2 63
4.5 Hands-on Experiment - Crack WPA-PSK weak password 66
Experimental Description 70
Try to break through - Try to crack WPA-PSK 71 with Cowpatty
4.6 Cracking WPA WPA2 PSK 71
4.7 Hands-on experiment -- Speed up the cracking progress
Description of Experiment 73
4.8 Decrypt WEP and WPA packets 73
4.9 Hands-on experiment - Decrypt WEP and WPA packet 74
Experiment Description 75
4.10 Connecting to WEP and WPA networks 75
4.11 Hands-on Experiment -- Connect to WEP network 76
Experimental Description 76
4.12 Hands-on Experiment -- Connect to WPA network 76
Description of Experiment 77
In-class quiz -- WLAN Encryption Vulnerability 77
4.13 Summary 78
Chapter 5 Attacking the WLAN Infrastructure 79
5.1 Exploit the holes in the default AP account and default "Pass" 79
5.2 Hands-on Experiment - Crack the default AP account 80
Experimental Description 80
Try to break through - break into an account by brute force 81
5.3 Denial of Service Attack 81
5.4 Hands-on Experiment - Disverify the DoS attack 81
Description of Experiment 84
Try to break through 84
5.5 evil twin and AP MAC Address Spoofing Attacks 85
5.6 Hands-on Experiment - evil twin Attack with MAC Address Spoofing 85
Experimental Description 88
Try to Break out -- evil twin and channel hopping Attack 89
5.7 Rogue AP 89
5.8 Hands-on experiment - Set up rogue AP 89
Experimental Description 92
Try to break through - the building of the difficult Rogue AP 92
In-class Quiz -- Attacking the WLAN Infrastructure 92
5.9 Summary 93
Chapter 6 Attacking Wireless Clients 94
6.1 Honeypot and misassociation Attack 95
6.2 Hands-on Experiment - Launch false association Attack 95
Experiment Description 100
Try to break through - force wireless clients to connect to Honeypot 100
6.3 Caffe Latte attacks 100
6.4 Hands-on Experiment - Launch Caffe Latte Attack 101
Experimental Description 103
Common sense breakthrough - practice makes real knowledge! 103
6.5 Disverifying and Disassociating Attacks 104
6.6 Hands-on Experiment - Unauthenticate the wireless client 104
Experimental Description 107
Attempt Breakthrough - Cancel association attack against wireless clients 107
6.7 Hirte Attack 107
6.8 Hands-on Experiment -- Launch WEP Hack Hirte Attack 108
Experimental Description 109
Try to break through - Practice, Practice, Practice 110
6.9 Crack WPA-Personal 110 without touching the AP
6.10 Hands-on Experiment - Crack WPA 111 without touching AP
Experimental Instructions 113
Attempt a breakthrough - Crack WPA 113 without touching the AP
Quiz in class - Attacking Wireless client 113
6.11 Summary 114
Chapter 7 Advanced WLAN Attacks 115
7.1 Man-in-the-Middle Attack 115
7.2 Hands-on Experiment -- Man-in-the-Middle Attack 116
Experimental Description 120
Attempt to break through - Launch MITM attack over pure wireless network 120
7.3 Wireless Network Eavesdropping based on MITM 121
7.4 Hands-on Experiment - Wireless Network Eavesdropping 121
Experiment Description 123
7.5 Session Hijacking Attacks on Wireless Networks 123
7.6 Hands-on Experiment - Session Hijacking in Wireless Network 124
Experimental Description 127
Attempt to Break through - High difficulty application hijack 128
7.7 Understanding the security configuration of a wireless client for a wireless network 128
7.8 Hands-on Experiment - Launch the De-validation attack 129 for wireless clients
Experiment Description 132
Try to break 132
In-class Quiz - Advanced WLAN Attack 132
7.9 Summary 133
Chapter 8 KRACK Attack 134
8.1 Overview of KRACK Attacks 134
Experimental Description 136
8.2 Four Handshake KRACK Attack 136
8.3 Hands-on Experiment - Launch KRACK 137
Experimental Description 141
8.4 Summary 142
Chapter 9 Attacks WPA-Enterprise and RADIUS 143
9.1 Installing FreeRADIUS-WPE 143
9.2 Hands-on experiment -- Setting up AP and FreeRADIUS-WPE 144
Experimental Description 147
Try to break through - Play RADIUS 147
9.3 Attacking PEAP 148
9.4 Hands-on Experiment - Crack PEAP 148
Experimental Description 151
Attempt to break through - Mutant attack 151 against PEAP
9.5 EAP-TTLS 151
9.6 WPA-Enterprise Security Best Practices 152
Quiz in class - Attack WPA-Enterprise and RADIUS 152
9.7 Summary 153
Chapter 10 WLAN Penetration Testing 154
10.1 Wireless Penetration Test 154
10.2 Planning Phase 155
10.3 Discovery Phase 156
10.4 Attack Phase 156
10.4.1 Cracking Encryption 157
10.4.2 Attacking Wireless Network Infrastructure 158
10.4.3 Attacking a Wireless Client 158
10.5 Report phase 158
10.6 Summary 159
Chapter 11 WPS and Detection 160
11.1 WPS Attack 160
11.2 Hands-on Experiment - WPS Attack 161
Description of Experiment 164
Attempt to breach - Rate limit 165
11.3 Probe sniffing 165
11.4 Hands-on Experiment - Data Collection 166
Experimental Description 170
Try to break through -- Open your mind
11.5 Summary 171
Pop quiz answer 172