Kali Linux Wireless Penetration Testing Cookbook E-Book

BIRMINGHAM - MUMBAI

Kali Linux Wireless Penetration Testing Cookbook

Copyright © 2017 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: December 2017

Production reference: 1121217

ISBN 978-1-78355-408-9

www.packtpub.com

Credits

Author

Sean-Philip Oriyano

Copy Editor

Safis Editing

Reviewer

Ahmad Muammar WK

Project Coordinator

Virginia Dias

Commissioning Editor

Kartikey Pandey

Proofreader

Safis Editing

Acquisition Editor

Rahul Nair

Indexer

Pratik Shirodkar

Content Development Editor

Sharon Raj

Graphics

Tania Dutta

Technical Editor

Prashant Chaudhari

Production Coordinator

Arvindkumar Gupta

Disclaimer

The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.

About the Author

Sean-Philip Oriyano is a longtime security professional. Over the past 25 years, he has divided his time between performing security research, consulting, and delivering training in the fields of both general IT and cyber security. In addition, he is a best-selling author with many years of experience in both digital and print media. Sean has published several books over the past decade and has expanded his reach further by appearing on TV and radio shows. Additionally, Sean is a Chief Warrant Officer and Unit Commander specializing in cyber security training, development, and strategy. As a CWO, he is recognized as a SME in his field and is frequently called upon to provide expertise, training, and mentoring wherever needed.

Acknowledgments

Zillions, that's the number of people I feel I should be acknowledging at this point. I don’t have that much space, so if I leave you out, I humbly apologize.

Erica, thanks for your assistance in helping me in testing and evaluating different wireless technologies.

Lot's of you at Packt, especially Sharon and Rahul.  This book would not have been possible without either of you helping me to keep on task.

Don’t think I can forget you, Jason and Ms. Aran.

Again, for anyone I left out I apologize; however, thanks for all your assistance.

About the Reviewer

Ahmad Muammar WK is an IT security consultant and penetration tester. He holds Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), and eLearnSecurity Mobile Application Penetration Tester (eMAPT)  certifications. He is the founder of ECHO, one of the oldest Indonesian IT security communities, and is also a founder of IDSECCONF, the biggest annual security conference in Indonesia. He is also a reviewer of Kali Linux Cookbook, Willie L. Pritchett and David De Smet, Packt Publishing; Kali Linux Network Scanning Cookbook, Justin Hutchens, Packt Publishing; and Kali Linux Network Scanning Cookbook Second Edition, Michael Hixon, Justin Hutchens Packt Publishing.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com. Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy.

Get in touch with us at [email protected] for more details. At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

>

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Customer Feedback

Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1783554088.

If you'd like to join our team of regular reviewers, you can email us at [email protected]. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!

Table of Contents

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

Kali Linux and Wireless Networking

Introduction

Getting started with Kali

Installing Kali Linux

Getting ready

How to do it...

Virtualized versus physical

Pre-installation checklist

Choosing an installation option

Hard drive selection

Network cards and wireless

Installing Kali Linux on a PC

Getting ready

How to do it...

Installing Kali in a virtual environment

Getting ready

How to do it...

Updating Kali Linux

How to do it...

Preparing for wireless pentesting

How to do it...

There's more...

Bluetooth adapters

Attacking Access Controls

Introduction

Types of access control attacks

Working with war driving

Getting ready

How to do it...

Mapping access points and increasing accuracy

Getting ready

How to do it...

Creating a rogue access point

Getting ready

How to do it...

Evading MAC filtering with MAC spoofing

Getting ready

How to do it...

Identifying promiscuous clients

Getting ready

How to do it...

Attacking Integrity Controls

Introduction

Types of attack

Sniffing on a wireless network

How does sniffing work?

Getting ready

How to do it...

Working with monitor mode and packet injection

Getting ready

How to do it...

Performing a data replay

Getting ready

How to do it...

Cracking WEP

Getting ready

How to do it...

Phase one – configuring monitor mode

Phase two – packet injection

Phase three – capturing IVs

Phase four – performing a fake authentication

Phase five – ARP replay mode

Phase six – obtaining the WEP key

Attacking Confidentiality

Introduction

Types of attack

Creating an evil twin

Getting ready

How to do it...

Step one – monitor mode airmon-ng

Step two – airdump-ng

Step three – create a new AP with the same SSID and MAC address

Step four – forcing a reconnect

Step five – power up

Man-in-the-middle with wireless

Getting ready

How to do it...

Cracking WEP

Getting ready

Step one – monitor mode airmon-ng

Step two – airdump-ng

Step three – airdump-ng and traffic capture

Step four – replay that traffic

Step five – crack that traffic

Attacking Availability

Introduction

Types of attack

Executing a deauthentication flood

Getting ready

How to do it...

Detecting beacon frames

Getting ready

How to do it...

Spoofing beacon frames

Getting ready

How to do it...

Creating a beacon flood

Getting ready

ARP cache poisoning

Getting ready

Authentication Attacks

Attacks against authentication

Types of attack

WEP attacks

Getting ready

How to do it...

WPA and WPA2 attacks

Getting ready

How to do it...

Attacking WPS

Getting ready

How to do it...

Bluetooth Attacks

Introduction

A brief history of Bluetooth

A look at the technology

Bluetooth in operation

Bluetooth protocol stack

Vulnerabilities in Bluetooth

Selecting the Bluetooth hardware

Types of attack

Bluesmacking

Getting ready

How to do it...

Bluejacking

Getting ready

How to do it...

Bluesnarfing

Getting ready

How to do it...

Preface

More and more organizations are moving toward wireless networks, and Wi-Fi is a popular choice. The security of wireless networks is more important than ever before due to the widespread usage of Wi-Fi networks. This book has recipes that will enable you to maximize the success of your wireless network testing using the advanced ethical hacking features of Kali Linux. 

What this book covers

Chapter 1, Kali Linux and Wireless Networking, is an introduction to the world of Kali Linux and how it is used to perform wireless penetration testing.

Chapter 2,  Attacking Access Controls, focuses on what access controls are possible in wireless network and how these controls can be subverted.

Chapter 3,  Attacking Integrity Controls, explains the main components that have an effect on integrity and how these controls can be subverted.

Chapter 4,  Attacking Confidentiality, deals with the value of confidentiality in wireless networks and how it can be compromised and altered to intercept data and gather confidential information.

Chapter 5, Attacking Availability, focuses on the importance of availability within wireless networks and how availability can be affected to impact the operation of any wireless device or network.

Chapter 6, Authentication Attacks, concentrates on how authentication works within wireless networks and what can be done to attack, degrade, or shut down authentication components.

Chapter 7, Bluetooth Attacks, focuses on Bluetooth technology and how it can be attacked using similar concepts to wireless, as well as some new techniques.

What you need for this book

To code all the sample in the book, you will need to configure Kali Linux on your system.

Who this book is for

This book is designed for those who are familiar with networking technology and basic security concepts and are interested in assessing wireless devices and networks.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it…, How it works…, There's more…, and See also). To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "Create a new user for JIRA in the database and grant the user access to the jiradb database we just created using the following command"

Any command-line input or output is written as follows:

giskismet ­-x Kismet-DATE.netxml ­-q "select * from wireless" ­-o wardrive.kml

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Select System info from the Administration panel."

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors .

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.

Kali Linux and Wireless Networking

In this chapter, we will cover the following recipes:

Installing Kali Linux

Installing Kali Linux on a PC

Installing Kali Linux in a virtual environment

Updating Kali Linux

Preparing for wireless pentesting

Introduction

In today's world, one of the most common ways to share information is through the use of wireless communications. Wi-Fi is used in many locations, including the home, the workplace, airports, coffee shops, retail shops, and many other areas too numerous to name.

With the popularity of this type of communication, it is a forgone conclusion that there is a lot of valuable information that is traversing these networks. It is due to this information and the inherent weaknesses in these networks that they are common targets for those wishing to steal access, or information, or both.

In this book, our intention is twofold, with one objective being to introduce you to the tools in Kali Linux designed to audit wireless network, and the other to show some of the different attacks that are possible. This approach will serve to give you not only information on the attacks and how they work, but also give you valuable insight into reducing the likelihood or effectiveness of these attacks.

Getting started with Kali

Kali Linux is intended for both those who will perform pentesting and forensics; however in this book, we will be focusing on the former more than the latter. In fact, on the topic of pentesting, we will be focusing on using only those tools used to test and breach the security of wireless networks or devices.

In order to get the most out of this book and understand how it is used to penetrate wireless networks, you should have some basic skills in place to make things easier. It is expected that if you are going to start this journey into auditing wireless networks you should, at the very least, have the following skills:

Good understanding of the TCP/IP protocol and IPv4

Knowledge of the

Open Systems Interconnect

 (

OSI

) model

Understanding of network frame types (that is, IEEE 802.3, 802.11, and so on)

Knowledge of radio frequencies and technologies is helpful, but optional

Experience setting up and working with wireless devices and networks

Hands-on experience working with Kali Linux is helpful, but we will fill in the gaps in your knowledge along the way

Experience working with virtualization is optional if you intend to make use of it for hosting your setup

Experience troubleshooting networks

Comfort using the command line

Again, of these last few points, lack of them will not hurt you, but possessing them will go a long way in helping you both in this book and in your pentesting career.

Installing Kali Linux

Preparing to install Kali Linux onto a computer system is similar to other OS you may have encountered, starting with ensuring you have the right system requirements.

Getting ready

To get things started, let's look at the minimum hardware requirements that you will need to have in place to even get the product to install:

Minimum of 10 GB hard drive space for the Kali OS

For i386 and amd64 systems 512 MB of RAM

CD/DVD drive or USB boot support

An active internet connection is desirable

Again, keep in mind what is listed here represents the bare bones minimum and you will want to exceed these by as wide a margin as possible to ensure decent to excellent performance. Personally, I would recommend having at least 4 GB of RAM, if not more (I personally have 8 GB or 16 GB in the systems I use respectively, but I have used 4 GB of memory in the past and been fine).

How to do it...

Once you have confirmed or upgraded your system's hardware as needed you now need to choose how you will install Kali. Kali offers several different ways to install and run the product each having its own benefits, but also with their own drawbacks as well. However, for this book we will assume one of two options, these being physical installation on a PC and within a virtual environment.

Virtualized versus physical

The question of using virtualization instead of installing directly on a system is one issue that you should consider. Virtualization is a common option that has been employed for many years by organizations large and small, with many organizations using it liberally for various needs. For many the driving force for moving to virtualization can be many factors, including consolidation of systems, saving power, optimizing hardware usage, isolation of applications and systems, ease of management as well as testing just to name a few.

However, for a penetration tester, the use of virtualization tends to be a bit different.

One of the motives on the pentester side is being able to run your testing environment in different configurations on top of a host. For example, running Microsoft Windows as a host with one or more Kali environments running as guests in a virtualized environment on top of the system allows for consolidation, along with the ability to have specialized configurations as needed.

Another reason for the move to virtualization is to make use of what is known as isolation or sandboxing. Basically, this means that the guest system is separated from the host system allowing both access off of system to the network and internet without letting the two potentially interfere with one another. This would be vital in situations when the tools and skills being used in the guest may have the ability to harm or compromise the host or other systems.

Of course, you don't get something for nothing and not everything is ideal in every situation and virtualization is not any different. One area which can prove problematic is in relation to hardware support. In some cases, physical devices may not be able to function in the way you need them to function due to the virtualization technology. One example is wireless networking and Bluetooth; these technologies may require that Kali is run directly on the hardware instead of within a virtual environment. While this limitation is not common it can be frustrating. Of course, I would be remiss if I didn't mention that there are workarounds and it is possible to get some hardware options to work in a virtualized environment that wouldn't otherwise, but these workarounds can be very complex and specialized, and are beyond the scope of this work.

Pre-installation checklist

Much like many operating systems which are available, Kali has some unique and specific points that need to be considered in order to make the installation proceed properly. Fortunately, Kali keeps its installation requirements fairly simple, but there are definitely things that could impact your experience and make Kali operate in a less than stellar manner.

To make sure we get the optimal installation and performance, here is an example of a checklist of items to consider:

Will you install Kali to the hard drive or will you run it from removable media?

How much memory is currently on the system? More memory makes for a better experience and better performing Kali system. On my own personal system, I run with 8 GB and Kali runs beautifully. If you run Kali off of something other than the hard drive, more memory may allow for better performance as more of Kali can be kept in memory.

What applications will you be running? If you will be installing additional applications into Kali, you may need to adjust your configuration to account for their inclusion. Some utilities require special hardware (such as wireless devices) to be present in order to function properly. If you rely on these functions or will use them in the future, ensure that all your hardware is compatible or can be upgraded.

What type of hard drive do you have? I have run Kali off of both traditional drives and SSD and, of the two, SSDs run much better and make for a more satisfying experience and performance.

Software support for your favorite applications and devices is very broad with Kali and has only increased over time. Applications have been included with Kali which cover many uses and situations you may run into, but you can add to this as needed.

Choosing an installation option

After we have assessed our system's suitability for an installation of Kali we now need to consider how it will be installed. It is likely that more than a fair share of you reading this book will have extensive experience in a Windows environment and, as such, you will have almost always installed an OS to a hard drive directly. However, as we just learned Kali, offers additional installation options. We now need to make a determination of which path we are going to take in regards to installation location.

Let's look at the main options and what makes each a good choice or bad choice:

Installing to a flash drive without persistence

: This is a suitable installation method if you wish to use Kali to perform forensics, as it will not alter the host and therefore not affect potential evidence on the system. It is also a very suitable installation method if you wish to have Kali assist you with network or host troubleshooting. It may also be ideal if you want to have a portable environment that you can run on any system without having to worry about changes to the host or to the flash drive itself.

Installing to a flash drive with persistence

: This installation method is suitable for situations where you want to be able to carry Kali with you for troubleshooting, forensics or to have a portable pentesting kit, but you wish to be able to save files and make changes to the system without losing those changes every time you shut the system down.

Installing to a hard drive

: This is extremely popular and useful because it offers the best performance, since the files don't need to be loaded into memory each boot. This installation also offers the ability to save files and make changes without losing either upon reboot. It is ideal if you want to have a system that retains changes, especially if you tend to tweak a system to your own needs.

Installing as a virtualized environment

: This option is just like installing to a hard drive except the OS is being installed into a virtualized environment that allows changes to the Kali guest.

Running from a CD or DVD

: I've included this here because this is another option similar to installing Kali to a non-persistent flash drive. This tends to be slower in operation than any other method covered here.

If very specific hardware, such as high-powered graphics cards, will be used for cracking passwords, it is recommended that the installation of Kali Linux be installed on a desktop computer. If there is a need to carry the operating system from customer site to customer site, or there is a desire to test wireless devices, a laptop is recommended. The installation of the operating system is the same for laptop and desktop computers.

Hard drive selection

One of the areas you don't want to cut corners on when choosing a system for Kali is that of the hard drive. It is usually a good idea to get a drive that has at least 150 GB of space, but you should consider drives larger than this if possible, as you will undoubtedly install other tools that aren't included in Kali (not to mention the data you generate will take up space as well).

Keep in mind that, as a penetration tester, you will be not just asked, but required to keep your findings confidential and, for many tests, this means wiping the hard drive to be safe. While it is possible to clean an installed OS so it is returned to its base or original unaltered state, you still may want to wipe the drive. The suggestion would be to set up the system the way you desire then image it so you can effectively wipe a drive then restore your original image at will. Always keep in mind that losing control of or leaking information is something that will not only upset your client, but open you up to lawsuits, loss of reputation, loss of career, and bad karma. Basically, take the proper precautions with the data you have gathered both during and after a test.

Network cards and wireless

Something you need to consider with Kali is how you will be connecting to networks as well as what types of tests you may be performing. Namely, what we are considering in this section is your choice of network interface, that is, wired or wireless. Wireless is a common inclusion on just about any class of device you will run into today (or those made in the last 10 years). On the other hand, wired network connections on devices have become less common with many notebooks and laptops dropping them altogether.

In the case of wireless networking, you may find that many of the wireless network cards which are either included in your device or are added via other means such as USB will work with Kali without issue or can be corrected by acquiring the right drivers from the manufacturer. The following figure shows one example of a popular USB wireless network adapter:

The other form of wireless you may perform some testing with is Bluetooth, in which case you probably will need to acquire an additional adapter for this purpose. The reason for purchasing another adapter is that fact that Bluetooth, by default, only extends out to 30 feet or 10 meters in range. If you need greater range to enable the scanning of a larger area you can acquire an Industrial Bluetooth adapter which extends scanning range to 1000' or more. 

Installing Kali Linux on a PC