Kali Linux Wireless Penetration Testing Beginner's Guide -Third

Cover
Copyright
Credits
Disclaimer
About the Authors
About the Reviewer
www.PacktPub.com
Customer Feedback
Table of Contents
Preface
Chapter 1: Wireless Lab Setup
	Hardware requirements
	Software requirements
	Installing Kali
	Time for action – installing Kali
	Setting up the access point
	Time for action – configuring the access point
	Setting up the wireless card
	Time for action – configuring your wireless card
	Connecting to the access point
	Time for action – configuring your wireless card
	Summary
Chapter 2: WLAN and Its Inherent Insecurities
	Revisiting WLAN frames
	Time for action – creating a monitor mode interface
	Time for action – sniffing wireless packets
	Time for action – viewing management, control, and data frames
	Time for action – sniffing data packets for our network
	Time for action – packet injection
	Important note on WLAN sniffing and injection
	Time for action – experimenting with your adapter
	Summary
Chapter 3: Bypassing WLAN Authentication
	Hidden SSIDs
	Time for action – uncovering hidden SSIDs
	MAC filters
	Time for action – beating MAC filters
	Open Authentication
	Time for action – bypassing Open Authentication
	Shared Key Authentication
	Time for action – bypassing shared authentication
	Summary
Chapter 4: WLAN Encryption Flaws
	WLAN encryption
	WEP encryption
	Time for action – cracking WEP
	WPA/WPA2
	Time for action – cracking WPA-PSK weak passphrase
	Speeding up WPA/WPA2 PSK cracking
	Time for action – speeding up the cracking process
	Decrypting WEP and WPA packets
	Time for action – decrypting WEP and WPA packets
	Connecting to WEP and WPA networks
	Time for action – connecting to a WEP network
	Time for action – connecting to a WPA network
	Summary
Chapter 5: Attacks on the WLAN Infrastructure
	Default accounts and credentials on the access point
	Time for action – cracking default accounts on the access points
	Denial of service attacks
	Time for action – deauthentication DoS attack
	Evil twin and access point MAC spoofing
	Time for action – evil twin with MAC spoofing
	A rogue access point
	Time for action – Setting up a rogue access point
	Summary
Chapter 6: Attacking the Client
	Honeypot and Misassociation attacks
	Time for action – orchestrating a Misassociation attack
	The Caffe Latte attack
	Time for action –  conducting the Caffe Latte attack
	Deauthentication and disassociation attacks
	Time for action – deauthenticating the client
	The Hirte attack
	Time for action – cracking WEP with the Hirte attack
	AP-less WPA-Personal cracking
	Time for action – AP-less WPA cracking
	Summary
Chapter 7: Advanced WLAN Attacks
	A Man-in-the-Middle attack
	Time for action – Man-in-the-Middle attack
	Wireless eavesdropping using MITM
	Time for action –  wireless eavesdropping
	Session hijacking over wireless
	Time for action – session hijacking over wireless
	Finding security configurations on the client
	Time for action – deauthentication attack on the client
	Summary
Chapter 8: KRACK Attacks
	KRACK attack overview
	The four-way handshake KRACK attack
	Time for action – getting KRACKing
	Summary
Chapter 9: Attacking WPA-Enterprise and RADIUS
	Setting up FreeRADIUS-WPE
	Time for action – setting up the AP with FreeRADIUS-WPE
	Attacking PEAP
	Time for action – cracking PEAP
	EAP-TTLS
	Security best practices for enterprises
	Summary
Chapter 10: WLAN Penetration Testing Methodology
	Wireless penetration testing
	Planning
	Discovery
	Attack
		Cracking the encryption
		Attacking infrastructure
		Compromising clients
	Reporting
	Summary
Chapter 11: WPS and Probes
	WPS attacks
	Time for action – WPS attack
	Probe sniffing
	Time for action – collecting data
	Summary
Appendix: Pop Quiz Answers
	Chapter 1, Wireless Lab Setup
	Chapter 2, WLAN and its Inherent Insecurities
	Chapter 3, Bypassing WLAN Authentication
	Chapter 4, WLAN Encryption Flaws
	Chapter 5, Attacks on the WLAN Infrastructure
	Chapter 6, Attacking the Client
	Chapter 7, Advanced WLAN Attacks
	Chapter 8, Attacking WPA-Enterprise and RADIUS
Index