Home Page Icon
Home Page
Table of Contents for
Index
Close
Index
by Brian Sak, Jilumudi Raghu Ram
Mastering Kali Linux Wireless Pentesting
Mastering Kali Linux Wireless Pentesting
Table of Contents
Mastering Kali Linux Wireless Pentesting
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
1. Wireless Penetration Testing Fundamentals
Wireless communication
Wireless standards
The 2.4 GHz spectrum
The 5 GHz spectrum
Choosing the right equipment
Supported wireless modes
Wireless adapters
Ralink RT3070
Atheros AR9271
Ralink RT3572
Antennas
Omnidirectional antennas
Patch antennas
Yagi antennas
Kali Linux for the wireless pentester
Downloading Virtual Box
Installing Virtual Box
Kali Linux deployment
Mapping the wireless adapter into Kali
Summary
2. Wireless Network Scanning
Wireless network discovery
802.11 network terminology
802.11 configuration modes
802.11 frames
Management frame
Control frames
Data frames
The scanning phase
Passive scanning
Active scanning
Tools of the trade
Airodump-ng
Adding a location to Airodump-ng with GPS
Visually displaying relationships with Airgraph-ng
Discovering Client Probes with Hoover
WPS discovery with Wash
Kismet
Wireshark
Summary
3. Exploiting Wireless Devices
Attacking the firmware
Authentication bypass
CVE-2013-7282
CVE-2013-6026
CVE-2015-7755
Cross-Site Request Forgery
CVE-2014-5437
CVE-2014-8654
CVE-2013-2645
Remote code execution
CVE-2014-9134
Command injection
CVE-2008-1331
Denial of Service
OSVDB-102605
CVE-2009-3836
Information disclosure
CVE-2014-6621
CVE-2014-6622
CVE-2015-0554
Attacking the services
Attacking Telnet
Attacking SSH
Attacking SNMP
CVE-2014-4863: Arris Touchstone DG950A SNMP information disclosure
CVE-2008-7095: Aruba Mobility Controller SNMP community string dislosure
Attacking SNMP
Attacking UPnP
Discovery
Description
Control
UPnP attacks
CVE-2011-4500
CVE-2011-4499
CVE-2011-4501
CVE-2012-5960
Checks on misconfiguration
Summary
4. Wireless Cracking
Overview of different wireless security protocols
Cracking WPA
WPA Personal
Cracking WPA2
Generating rainbow tables
Generating rainbow tables using genpmk
Generating rainbow tables using airolib-ng
Cracking WPS
Cracking 802.1x using hostapd
Summary
5. Man-in-the-Middle Attacks
MAC address Spoofing/ARP poisoning
Rogue DHCP server
Name resolution spoofing
DNS spoofing
Configuring Ettercap for DNS spoofing
NBNS spoofing
Summary
6. Man-in-the-Middle Attacks Using Evil Twin Access Points
Creating virtual access points with Hostapd
Creating virtual access points with airbase-ng
Session hijacking using Tamper Data
An example of session hijacking
Performing session hijacking using Tamper Data
Credential harvesting
Using Ettercap to spoof DNS
Hosting your fake web page
Web-based malware
Creating malicious payload using msfpayload
Hosting the malicious payload on SET
SSL stripping attack
Setting up SSLstrip
Browser AutoPwn
Setting up Metasploit's Browser Autopwn attack
Summary
7. Advanced Wireless Sniffing
Capturing traffic with Wireshark
Decryption using Wireshark
Decrypting and sniffing WEP-encrypted traffic
Decrypting and sniffing WPA-encrypted traffic
Analyzing wireless packet capture
Determining network relationships and configuration
Extracting the most visited sites
Extracting data from unencrypted protocols
Extracting HTTP objects
Merging packet capture files
Summary
8. Denial of Service Attacks
An overview of DoS attacks
Management and control frames
Authentication flood attack
An attack scenario
Scanning for access points
MDK3 setup for authentication flood
The attack summary
The fake beacon flood attack
MDK3 fake beacon flood with a random SSID
MDK3 fake beacon flood with the selected SSID list
The attack summary
Metasploit's fake beacon flood attack
Configuring packet injection support for Metasploit using lorcon
Creating a monitor mode interface
The Metasploit deauthentication flood attack
Identifying the target access points
Attacking the wireless client and AP using Metasploit
The attack summary
The Metasploit CTS/RTS flood attack
The Metasploit setup for an RTS-CTS attack
The attack summary
Summary
9. Wireless Pentesting from Non-Traditional Platforms
Using OpenWrt for wireless assessments
Installing the aircrack-ng suite on OpenWrt
Using Raspberry Pi for wireless assessments
Accessing Kali Linux from a remote location
Using AutoSSH for reverse shell
Powering and concealing your Raspberry Pi or OpenWrt embedded device
Running Kali on Android phones and tablets
Wireless discovery using Android PCAP
Summary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Summary
Index
A
active scanning
about /
Wireless network discovery
Advanced Encryption Standard /
Cracking WPA2
airbase-ng
Virtual Access Points, creating with /
Creating virtual access points with airbase-ng
aircrack-ng suite
installing, on OpenWrt /
Installing the aircrack-ng suite on OpenWrt
Airgraph-ng
relationships, displaying with /
Visually displaying relationships with Airgraph-ng
Airodump-ng
about /
Airodump-ng
location, adding to /
Adding a location to Airodump-ng with GPS
Airpwn
about /
Using OpenWrt for wireless assessments
Android PCAP
using, for wireless discovery /
Wireless discovery using Android PCAP
Android PCAP Capture /
Running Kali on Android phones and tablets
antennas
about /
Antennas
omnidirectional antenna /
Omnidirectional antennas
patch antennas /
Patch antennas
yagi antennas /
Yagi antennas
ARP (Address Resolution Protocol)
about /
MAC address Spoofing/ARP poisoning
ARP poisoning
about /
MAC address Spoofing/ARP poisoning
Atheros AR9271, wireless adapters
about /
Atheros AR9271
ALFA AWUS036NHA model /
Atheros AR9271
ALFA AWUS036NH model /
Atheros AR9271
authentication bypass, firmware
about /
Authentication bypass
vulnerabilities /
Authentication bypass
CVE-2013-7282 vulnerability /
CVE-2013-7282
CVE-2013-6026 vulnerability /
CVE-2013-6026
CVE-2015-7755 vulnerability /
CVE-2015-7755
authentication flood attack
about /
Authentication flood attack
attack scenario /
An attack scenario
access points, scanning for /
Scanning for access points
MDK3 setup /
MDK3 setup for authentication flood
summary /
The attack summary
AutoSSH
using, for reverse shell /
Using AutoSSH for reverse shell
B
Basic Service Set (BSS)
about /
802.11 network terminology
Basic Service Set Identifier (BSSID) /
802.11 network terminology
Service Set Identifier (SSID) /
802.11 network terminology
Browser AutoPwn
about /
Browser AutoPwn
browser_autopwn attack, setting up /
Setting up Metasploit's Browser Autopwn attack
Brute forcing SSH
about /
Attacking SSH
C
802.11 configuration modes
about /
802.11 configuration modes
infrastructure mode /
802.11 configuration modes
ad hoc mode /
802.11 configuration modes
Client Probes
discovering, with Hoover /
Discovering Client Probes with Hoover
command injection, firmware
about /
Command injection
CVE-2008-1331 vulnerability /
CVE-2008-1331
community string /
Attacking SNMP
Compal Broadband Networks (CBN) /
CVE-2014-8654
control frames
about /
Management and control frames
coWPAtty /
Generating rainbow tables using genpmk
credential harvesting
about /
Credential harvesting
DNS, spoofing with Ettercap /
Using Ettercap to spoof DNS
fake web page, hosting /
Hosting your fake web page
Cross-Site Request Forgery (CSRF), firmware
about /
Cross-Site Request Forgery
CVE-2014-5437 vulnerability /
CVE-2014-5437
CVE-2014-8654 vulnerability /
CVE-2014-8654
CVE-2013-2645 vulnerability /
CVE-2013-2645
CVEs (Common Vulnerabilities and Exposures) /
Authentication bypass
D
data
extracting, from unencrypted protocols /
Extracting data from unencrypted protocols
Denial of Service, firmware
about /
Denial of Service
OSVDB-102605 vulnerability /
OSVDB-102605
CVE-2009-3836 vulnerability /
CVE-2009-3836
Denial of Service attacks
overview /
An overview of DoS attacks
Display Filters /
Analyzing wireless packet capture
DNS spoofing
about /
DNS spoofing
Domain Name System (DNS)
about /
Extracting the most visited sites
Dynamic DNS (DDNS) configuration /
CVE-2014-8654
E
Enterprise EAP (Extensible Authentication Protocol) /
Cracking 802.1x using hostapd
equipment, selecting
about /
Choosing the right equipment
supported wireless modes /
Supported wireless modes
wireless adapters /
Wireless adapters
antennas /
Antennas
Ettercap
configuring, for DNS spoofing /
Configuring Ettercap for DNS spoofing
Eventing
about /
Control
Extended Service Set (ESS)
about /
802.11 network terminology
ESSID /
802.11 network terminology
Extensible Authentication Protocol over LAN (EAPOL) traffic
about /
Cracking 802.1x using hostapd
F
802.11 Frames
about /
802.11 frames
Management frames /
Management frame
control frames /
Control frames
data frames /
Data frames
fake beacon flood attack
about /
The fake beacon flood attack
MDK3, using with Random SSID /
MDK3 fake beacon flood with a random SSID
MDK3, using with selected SSID list /
MDK3 fake beacon flood with the selected SSID list
summary /
The attack summary
firmware
about /
Attacking the firmware
attacking /
Attacking the firmware
authentication bypass /
Authentication bypass
Cross-Site Request Forgery (CSRF) /
Cross-Site Request Forgery
remote code execution /
Remote code execution
command injection /
Command injection
Denial of Service /
Denial of Service
information disclosure /
Information disclosure
G
2.4 GHz spectrum
about /
The 2.4 GHz spectrum
5 GHz spectrum
about /
The 5 GHz spectrum
H
Hoover
about /
Discovering Client Probes with Hoover
Hostapd
Virtual Access Points, creating with /
Creating virtual access points with Hostapd
HTTP objects
extracting /
Extracting HTTP objects
Hypertext Transfer Protocol (HTTP)
about /
Extracting data from unencrypted protocols
I
information disclosure, firmware
about /
Information disclosure
CVE-2014-6621 vulnerability /
CVE-2014-6621
CVE-2014-6622 vulnerability /
CVE-2014-6622
CVE-2015-0554 vulnerability /
CVE-2015-0554
Intrusion Detection Systems (IDS) /
An overview of DoS attacks
iwconfig command /
Mapping the wireless adapter into Kali
K
Kali
running, on Android phones and tablets /
Running Kali on Android phones and tablets
Kali Linux
for Wireless Pentester /
Kali Linux for the wireless pentester
downloading /
Downloading Virtual Box
installing /
Installing Virtual Box
VirtualBox deployment /
Kali Linux deployment
wireless adapter, mapping into /
Mapping the wireless adapter into Kali
accessing, from remote location /
Accessing Kali Linux from a remote location
Karma
about /
Using OpenWrt for wireless assessments
Kismet
about /
Kismet
configuring /
Kismet
usages /
Kismet
L
Local-Link Multicast Name Resolution (LLMNR)
about /
NBNS spoofing
lorcon2 /
Metasploit's fake beacon flood attack
lsusb command /
Mapping the wireless adapter into Kali
M
MAC (Media Access Control)
about /
MAC address Spoofing/ARP poisoning
MAC address spoofing
about /
MAC address Spoofing/ARP poisoning
Management Frame Protection /
An overview of DoS attacks
Management frames
subtypes /
Management frame
,
Management and control frames
about /
Management frame
,
Management and control frames
Management Information Base (MIB) /
Attacking SNMP
Mdk3
about /
Using OpenWrt for wireless assessments
Metasploit's fake beacon flood attack
packet injection support, configuring with lorcon /
Configuring packet injection support for Metasploit using lorcon
monitor mode interface, creating /
Creating a monitor mode interface
Metasploit CTS/RTS flood attack
about /
The Metasploit CTS/RTS flood attack
performing /
The Metasploit CTS/RTS flood attack
Metasploit setup /
The Metasploit setup for an RTS-CTS attack
summary /
The attack summary
Metasploit deauthentication flood attack
about /
The Metasploit deauthentication flood attack
target access points, identifying /
Identifying the target access points
wireless client and AP, attacking /
Attacking the wireless client and AP using Metasploit
summary /
The attack summary
Metasploits fake beacon flood attack
about /
Metasploit's fake beacon flood attack
MiniPwner
URL /
Using OpenWrt for wireless assessments
misconfiguration
issues, identifying /
Checks on misconfiguration
N
802.11 network terminology
about /
802.11 network terminology
Basic Service Set (BSS) /
802.11 network terminology
Extended Service Set (ESS) /
802.11 network terminology
Independent Basic Service Set (IBSS) /
802.11 network terminology
name resolution spoofing
about /
Name resolution spoofing
National Vulnerability Database /
Attacking SNMP
NBNS spoofing
about /
NBNS spoofing
NetBIOS Name Service (NBNS)
about /
NBNS spoofing
O
omnidirectional antenna
about /
Omnidirectional antennas
OpenWrt
about /
Using OpenWrt for wireless assessments
URL /
Using OpenWrt for wireless assessments
using, for wireless assessments /
Using OpenWrt for wireless assessments
aircrack-ng suite, installing /
Installing the aircrack-ng suite on OpenWrt
OpenWrt Embedded device
powering /
Powering and concealing your Raspberry Pi or OpenWrt embedded device
concealing /
Powering and concealing your Raspberry Pi or OpenWrt embedded device
P
packet capture files
merging /
Merging packet capture files
Pairwise Transient Keys (PTK)
about /
WPA Personal
passive scanning
about /
Wireless network discovery
patch antennas
about /
Patch antennas
phishing
about /
Credential harvesting
Physical Address Extension memory /
Kali Linux deployment
Port Mapping /
CVE-2014-5437
Pre-shared Master Key (PMK)
about /
WPA Personal
Presentation
about /
Control
R
rainbow tables
generating /
Generating rainbow tables
generating, genpmk used /
Generating rainbow tables using genpmk
generating, airolib-ng used /
Generating rainbow tables using airolib-ng
Ralink RT3070, wireless adapters
about /
Ralink RT3070
examples /
Ralink RT3070
ALFA AWUS036NH model /
Ralink RT3070
ALFA AWUS036NEH model /
Ralink RT3070
Tenda UH151 model /
Ralink RT3070
Ralink RT3572, wireless adapters
about /
Ralink RT3572
ALFA AWUS051NH model /
Ralink RT3572
Raspberry Pi
using, for wireless assessments /
Using Raspberry Pi for wireless assessments
powering /
Powering and concealing your Raspberry Pi or OpenWrt embedded device
concealing /
Powering and concealing your Raspberry Pi or OpenWrt embedded device
read-only memory (ROM) /
Attacking the firmware
Reaver
about /
Cracking WPS
reaver
about /
Using OpenWrt for wireless assessments
remote code execution, firmware
about /
Remote code execution
CVE-2014-9134 vulnerability /
CVE-2014-9134
rogue DHCP server
about /
Rogue DHCP server
S
scanning phase
about /
The scanning phase
passive scanning /
Passive scanning
active scanning /
Active scanning
Secure Shell (SSH)
about /
Attacking SSH
attacking /
Attacking SSH
services
attacking /
Attacking the services
session hijacking
about /
Session hijacking using Tamper Data
example /
An example of session hijacking
performing, Tamper Data used /
Performing session hijacking using Tamper Data
SET (Social Engineering Toolkit)
about /
Credential harvesting
Simple Mail Transfer Protocol (SMTP) /
Extracting HTTP objects
Simple Network Management Protocol (SNMP)
attacking /
Attacking SNMP
,
Attacking SNMP
Manager /
Attacking SNMP
Agent /
Attacking SNMP
MIB /
Attacking SNMP
CVE-2014-4863 /
CVE-2014-4863: Arris Touchstone DG950A SNMP information disclosure
CVE-2008-7095 /
CVE-2008-7095: Aruba Mobility Controller SNMP community string dislosure
SOAP (Simple Object Access Protocol) /
Attacking UPnP
SSL stripping attack
about /
SSL stripping attack
SSLstrip, setting up /
Setting up SSLstrip
Stumbling
about /
Wireless network discovery
T
Telnet
attacking /
Attacking Telnet
about /
Attacking Telnet
Temporal Key Integrity Protocol (TKIP)
about /
Overview of different wireless security protocols
tools, for trade
about /
Tools of the trade
Airodump-ng /
Airodump-ng
U
Universal Plug and Play (UPnP)
about /
Attacking UPnP
attacking /
Attacking UPnP
workflow /
Attacking UPnP
discovery /
Discovery
description /
Description
control /
Control
UPnP attacks
about /
UPnP attacks
CVE-2011-4500 /
CVE-2011-4500
CVE-2011-4499 /
CVE-2011-4499
CVE-2011-4501 /
CVE-2011-4501
CVE-2012-5960 /
CVE-2012-5960
V
Virtual Access Points
creating, with Hostapd /
Creating virtual access points with Hostapd
creating, with airbase-ng /
Creating virtual access points with airbase-ng
VirtualBox
URL /
Downloading Virtual Box
W
web-based malware
about /
Web-based malware
malicious payload, creating with msfpayload /
Creating malicious payload using msfpayload
malicious payload, hosting on SET /
Hosting the malicious payload on SET
Wi-Fi Alliance
URL /
Wireless standards
Wi-Fi Protected Access (WPA)
about /
Overview of different wireless security protocols
cracking /
Cracking WPA
WPA Personal /
WPA Personal
Wi-Fi Protected Access II (WPA2)
about /
Overview of different wireless security protocols
,
Cracking WPA2
cracking /
Cracking WPA2
Wi-Fi Protected Setup (WPS)
about /
Cracking WPS
cracking /
Cracking WPS
802.1x, cracking with hostapd /
Cracking 802.1x using hostapd
Wifi Pineapple
URL /
Using OpenWrt for wireless assessments
Wired Equivalent Privacy (WEP) /
Overview of different wireless security protocols
Wireless-tools
about /
Using OpenWrt for wireless assessments
wireless adapters
about /
Wireless adapters
Ralink RT3070 /
Ralink RT3070
Atheros AR9271 /
Atheros AR9271
Ralink RT3572 /
Ralink RT3572
wireless assessments
Raspberry Pi, using for /
Using Raspberry Pi for wireless assessments
wireless communication
about /
Wireless communication
wireless modes
managed mode /
Supported wireless modes
ad-Hoc mode /
Supported wireless modes
master mode /
Supported wireless modes
monitor mode /
Supported wireless modes
wireless network discovery
about /
Wireless network discovery
Wireless Provisioning Service (WPS)
about /
WPS discovery with Wash
discovery, with Wash /
WPS discovery with Wash
wireless security protocols
about /
Overview of different wireless security protocols
wireless standards
about /
Wireless standards
2.4 GHz spectrum /
The 2.4 GHz spectrum
5 GHz spectrum /
The 5 GHz spectrum
wireless traffic, capturing with Wireshark
about /
Capturing traffic with Wireshark
capture filters, applying /
Capturing traffic with Wireshark
decryption, Wireshark used /
Decryption using Wireshark
WEP-encrypted traffic, decrypting /
Decrypting and sniffing WEP-encrypted traffic
WEP-encrypted traffic, sniffing /
Decrypting and sniffing WEP-encrypted traffic
WPA-encrypted traffic, decrypting /
Decrypting and sniffing WPA-encrypted traffic
WPA-encrypted traffic, sniffing /
Decrypting and sniffing WPA-encrypted traffic
wireless packet capture, analyzing /
Analyzing wireless packet capture
network relationships and configuration, determining /
Determining network relationships and configuration
most visited sites, extracting /
Extracting the most visited sites
Wireshark
about /
Wireshark
,
Capturing traffic with Wireshark
for sniffing on WLAN /
Wireshark
wireless traffic, capturing with /
Capturing traffic with Wireshark
Wireshark Display Filter Reference
URL /
Analyzing wireless packet capture
Wireshark Wiki
URL /
Analyzing wireless packet capture
WLAN components
about /
Wireless communication
radio /
Wireless communication
access points /
Wireless communication
WPA Personal
about /
WPA Personal
WPA Pre Shared Key (PSK)
about /
WPA Personal
Y
yagi antennas
about /
Yagi antennas
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset