39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner’s Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.There are many interesting and new things that you will learn in this book – War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 163
Veröffentlichungsjahr: 2011
Ähnliche
Table of Contents
BackTrack 5 Wireless Penetration Testing
BackTrack 5 Wireless Penetration Testing
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2011
Production Reference: 1300811
Published by Packt Publishing Ltd.Livery Place35 Livery StreetBirmingham B3 2PB, UK.
ISBN 978-1-849515-58-0
www.packtpub.com
Cover Image by Asher Wishkerman (<[email protected]>)
Credits
Author
Vivek Ramachandran
Reviewers
Daniel W. Dieterle
Teofilo Couto
Acquisition Editor
Tarun Singh
Development Editor
Neha Mallik
Technical Editor
Sakina Kaydawala
Project Coordinator
Michelle Quadros
Proofreader
Mario Cecere
Indexers
Tejal Daruwale
Hemangini Bari
Production Coordinator
Arvindkumar Gupta
Cover Work
Arvindkumar Gupta
About the Author
Vivek Ramachandran has been working on Wi-Fi Security since 2003. He discovered the Caffe Latte attack and also broke WEP Cloaking, a WEP protection schema publicly in 2007 at Defcon. In 2011, Vivek was the first to demonstrate how malware could use Wi-Fi to create backdoors, worms, and even botnets.
Earlier, he was one of the programmers of the 802.1x protocol and Port Security in Cisco's 6500 Catalyst series of switches and was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He is best known in the hacker community as the founder of http://www.SecurityTube.net/ where he routinely posts videos on Wi-Fi Security, Assembly Language, Exploitation Techniques, and so on. SecurityTube.net receives over 100,000 unique visitors a month.
Vivek's work on wireless security has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada, and so on. This year he is speaking or training at a number of security conferences, including BlackHat, Defcon, Hacktivity, 44con, HITB-ML, Brucon, Derbycon, HashDays, SecurityZone, SecurityByte, and so on.
I would like to thank my lovely wife for all the help and support during the book's writing process; my parents, grandparents, and sister for believing in me and encouraging me for all these years, and last but not the least, I would like to thank all the users of SecurityTube.net who have always been behind me and supporting all my work. You guys rock!
About the Reviewer
Daniel W Dieterle has over 20 years experience in the IT field. He has provided various levels of support to clients ranging from small businesses to fortune 500 companies. Daniel enjoys computer security, runs the security blog CyberArms (http://cyberarms.wordpress.com/) and is a guest security author on https://Infosecisland.com/.
I would like to thank my beautiful wife and children for graciously giving me the time needed to assist with this book. Without their sacrifice, I would not have been able to be a part of this exciting project.
www.PacktPub.com
Support files, eBooks, discount offers, and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Preface
Wireless Networks have become ubiquitous in today's world. Millions of people use them worldwide every day at their homes, offices, and public hotspots to log on to the Internet and do both personal and professional work. Even though wireless makes life incredibly easy and gives us such great mobility, it comes with its risks. In recent times, insecure wireless networks have been exploited to break into companies, banks, and government organizations. The frequency of these attacks has only intensified, as the network administrators are still clueless on how to secure wireless in a robust and foolproof way.
BackTrack5WirelessPenetrationTesting: Beginner's Guide is aimed at helping the reader understand the insecurities associated with wireless networks, and how to conduct penetration tests to find and plug them. This is an essential read for those who would like to conduct security audits on wireless networks and always wanted a step-by-step practical guide for the same. As every wireless attack explained in this book is immediately followed by a practical demo, the learning is very complete.
We have chosen BackTrack5 as the platform to test all the wireless attacks in this book. BackTrack, as most of you may already be aware, is the world's most popular penetration testing distribution. It contains hundreds of security and hacking tools, some of which we will use in this course of this book.
What this book covers
Chapter 1, Wireless Lab Setup, introduces dozens of exercises that we will be doing in this book. In order to be able to try them out, the reader will need to set up a wireless lab. This chapter focuses on how to create a wireless testing lab using off the shelf hardware and open source software. We will first look at the hardware requirements which include wireless cards, antennas, access points, and other Wi-Fi-enabled devices, then we will shift our focus to the software requirements which include the operating system, Wi-Fi drivers, and security tools. Finally, we will create a test bed for our experiments and verify different wireless configurations on it.
Chapter 2, WLAN and its Inherent Insecurities, focuses on the inherent design flaws in wireless networks which makes them insecure out-of-the-box. We will begin with a quick recap of the 802.11 WLAN protocols using a network analyzer called Wireshark. This will give us a practical understanding about how these protocols work. Most importantly, we will see how client and access point communication works at the packer level by analyzing Management, Control and Data frames. We will then learn about packet injection and packer sniffing in wireless networks, and look at some tools which enable us to do the same.
Chapter 3, Bypassing WLAN Authentication, talks about how to break a WLAN authentication mechanism! We will go step-by-step and explore how to subvert Open and Shared Key authentications. In course of this, you will learn how to analyze wireless packets and figure out the authentication mechanism of the network. We will also look at how to break into networks with Hidden SSID and MAC Filtering enabled. These are two common mechanisms employed by network administrators to make wireless networks more stealthy and difficult to penetrate, however, these are extremely simple to bypass.
Chapter 4, WLAN Encryption Flaws, discusses one of the most vulnerable parts of the WLAN protocol are the Encryption schemas—WEP, WPA, and WPA2. Over the past decade, hackers have found multiple flaws in these schemas and have written publically available software to break them and decrypt the data. Even though WPA/WPA2 is secure by design, misconfiguring those opens up security vulnerabilities, which can be easily exploited. In this chapter, we will understand the insecurities in each of these encryption schemas and do practical demos on how to break them.
Chapter 5, Attacks on the WLAN Infrastructure, shifts our focus to WLAN infrastructure vulnerabilities. We will look at the vulnerabilities created due to both configuration and design problems. We will do practical demos of attacks such as access point MAC spoofing, bit flipping and replay attacks, rogue access points, fuzzing, and denial of service. This chapter will give the reader a solid understanding of how to do a penetration test of the WLAN infrastructure.
Chapter 6, Attacking the Client, opens your eyes if you have always believed that wireless client security was something you did not have to worry about! Most people exclude the client from their list when they think about WLAN security. This chapter will prove beyond doubt why the client is just as important as the access point when penetrating testing a WLAN network. We will look at how to compromise the security using client side attacks such as mis-association, Caffe Latte, disassociation, ad-hoc connections, fuzzing, honeypots, and a host of others.
Chapter 7, Advanced WLAN Attacks, looks at more advanced attacks as we have already covered most of the basic attacks on both the infrastructure and the client. These attacks typically involve using multiple basic attacks in conjunction to break security in more challenging scenarios. Some of the attacks which we will learn include wireless device fingerprinting, man-in-the-middle over wireless, evading wireless intrusion detection and prevention systems, rogue access point operating using custom protocol, and a couple of others. This chapter presents the absolute bleeding edge in wireless attacks out in the real world.
Chapter 8, Attacking WPA Enterprise and RADIUS, graduates the user to the next level by introducing him to advanced attacks on WPA-Enterprise and the RADIUS server setup. These attacks will come in handy when the reader has to perform a penetration test on a large Enterprise networks which rely on WPA-Enterprise and RADIUS authentication to provide them with security. This is probably as advanced as Wi-Fi attacks can get in the real world.
Chapter 9, Wireless Penetrating Testing Methodology, is where all the learning from the previous chapters comes together, and we will look at how to do a wireless penetration test in a systematic and methodical way. We will learn about the various phases of penetration testing—planning, discovery, attack and reporting, and apply it to wireless penetration testing. We will also understand how to propose recommendations and best practices after a wireless penetration test.
Appendix A, Conclusion and Road Ahead, concludes the book and leaves the user with some pointers for further reading and research.
What you need for this book
To follow and recreate the practical exercises in this book, you will need two laptops with built-in Wi-Fi cards, an Alfa AWUS036H USB wireless Wi-Fi adapter, BackTrack 5, and some other hardware and software. We have detailed this in Chapter 1, Wireless Lab Setup.
As an alternative to the two laptop setup, you could also create a Virtual Machine housing BackTrack 5 and connect the card to it over the USB interface. This will help you get started with using this book much faster, but we would recommend a dedicated machine running BackTrack 5 for actual assessments in the field.
As a prerequisite, readers should be aware of the basics of wireless networks. This includes having prior knowledge about the basics of the 802.11 protocol and client access point communication. Though we will briefly touch upon some of this when we set up the lab, it is expected that the user is already aware of these concepts.
