What do you get with Print?

Instant access to your digital eBook copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

BackTrack 5 Wireless Penetration Testing Beginner's Guide

Chapter 1. Wireless Lab Setup

Note

"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."

Abraham Lincoln, 16th US President

Behind every successful execution is hours or days of preparation, and Wireless Penetration testing is no exception. In this chapter, we will create a wireless lab that we will use for our experiments in this book. Consider this lab as your preparation arena before you dive into the real-world penetration testing!

Wireless Penetration testing is a practical subject and it is important to first setup a lab where we can try out all the different experiments in this book in a safe and controlled environment. It is important that you set up this lab first before proceeding ahead in this book.

In this chapter, we shall look at the following:

Hardware and software requirements
BackTrack 5 installation
Setting up an access point and configuring it
Installing the wireless card
Testing connectivity between the laptop and the access point

So let the games begin!

Time for action – installing BackTrack

BackTrack is relatively simple to install. We will run BackTrack by booting it as a Live DVD and then install it on the hard drive.

Perform the following instructions step-by-step:

Burn the BackTrack ISO (we are using the BackTrack 5 KDE 32-Bit edition) that you have downloaded into a bootable DVD.
Boot the laptop with this DVD and select the option BackTrack Text – Default Boot Text Mode from the boot menu:
If booting was successful then you should see the familiar BackTrack screen:
You can boot into the graphical mode by entering startx on the command prompt. Enjoy the boot music! Once you are in the GUI, your screen should resemble the following:
Now click on the Install BackTrack icon to the top-left of the desktop. This will launch the BackTrack installer as shown next:
This installer is similar to the GUI-based installers of most Linux systems and should be simple to follow. Select the appropriate options in each screen and start the installation process. Once the installation is done, restart the machine as prompted, and remove the DVD.
Once the machine restarts, it will present you with a login screen. Type in the login as "root" and password as "toor". You should now be logged into your installed version of BackTrack. Congratulations!

I will be changing the desktop theme and some settings for this book. Feel free to use your own themes and color settings!

What just happened?

We have successfully installed BackTrack on the laptop! We will use this laptop as the penetration tester's laptop for all other experiments in this book.

Have a go hero – installing BackTrack on Virtual Box

We can also install BackTrack within virtualization software such as Virtual Box. For readers who might not want to dedicate a full laptop to BackTrack, this is the best option. The installation process of BackTrack in Virtual Box is exactly the same. The only difference is the pre-setup, which you will have to create in Virtual Box. Have a go at it! You can download Virtual Box from http://www.virtualbox.org.

One of the other ways we can install and use BackTrack is via USB drives. This is particularly useful if you do not want to install on the hard drive but still want to store persistent data on your BackTrack instance, such as scripts and new tools. We would encourage you to try this out as well!

Time for action – configuring the access point

Let us begin! We will set the access point up to use Open Authentication with an SSID of "Wireless Lab".

Follow these instructions step-by-step:

Power on the access point and use an Ethernet cable to connect your laptop to one of the access point's Ethernet ports.
Enter the IP address of the access point configuration terminal in your browser. For the DIR-615, it is given to be 192.168.0.1 in the manual. You should consult your access point's setup guide to find its IP address. If you do not have the manuals for the access point, you can also find the IP address by running the route –n command. The gateway IP address is typically the access point's IP. Once you are connected, you should see a configuration portal which looks like this:
Explore the various settings in the portal after logging in and find the settings related to configuring a new SSID.
Change the SSID to Wireless Lab. Depending on the access point, you may have to reboot it for the settings to change:
Similarly, find the settings related to Authentication and change the setting to Open Authentication. In my case, the Security Mode configuration of None indicates that it is using Open Authentication mode.
Save the changes to the access point and reboot it, if required. Now your access point should be up and running with an SSID Wireless Lab.

An easy way to verify this is to use the Wireless Configuration utility on Windows and observe the available networks using the Windows Laptop. You should find Wireless Lab as one of the networks in the listing:

What just happened?

We have successfully set up our access point with an SSID Wireless Lab. It is broadcasting its presence and this is being picked up by our Windows laptop and others within the Radio Frequency (RF) range of the access point.

It is important to note that we have configured our access point in Open mode, which is the least secure. It is advisable not to connect this access point to the Internet for the time being, as anyone within the RF range will be able to use it to access the Internet.

Have a go hero – configuring the access point to use WEP and WPA

Play around with the configuration options of your access point. Try to see if you can get it up and running using encryption schemes such as WEP and WPA/WPA2. We will use these modes in the later chapters to illustrate attacks against them.

Time for action – configuring your wireless card

Here we go! Follow these steps to connect your wireless card to the access point:

Let us first see what wireless networks our Alfa card is currently detecting. Issue the command iwlist wlan0 scanning and you will find a list of networks in your vicinity:
Keep scrolling down and you should find the Wireless Lab network in this list. In my setup, it is detected as Cell 05, it may be different in yours. The ESSID field contains the network name:
As multiple access points can have the same SSID, verify that the MAC address mentioned in the Address field above matches your access point's MAC. A fast and easy way to get the MAC address is underneath the access point or using the web-based GUI settings.
Now, issue the command iwconfig wlan0 essid "Wireless Lab" and then iwconfig wlan0 to check the status. If you have successfully connected to the access point, you should see the MAC address of the access point in the Access Point: field in the output of iwconfig, as shown in the following screenshot:
We know the access point has a management interface IP address "192.168.0.1" from its manual. Alternatively, this is the same as the default router IP address when we run the route –n command. Let's set our IP address in the same subnet by issuing the command ifconfig wlan0 192.168.0.2 netmask 255.255.255.0 up. Verify the command succeeded by typing ifconfig wlan0 and checking the output:
Now let's ping the access point by issuing the command ping 192.168.0.1. If the network connection has been set up properly, then you should see the responses from the access point. You can additionally issue an arp –a to verify that the response is coming from the access point. You should see that the MAC address of the IP 192.168.0.1 is the access point's MAC address we have noted earlier. It is important to note that some of the more recent access points might have response to ICMP Echo Request packets disabled. This is typically done to make the access point secure out-of-the-box with only the bare minimum configuration settings available. In such a case, you could try to launch a browser and access the web interface to verify that the connection is up and running.
On the access point, we can verify the connectivity by looking at the connection logs. As you can see in the following log, the MAC address of the wireless card 00:c0:ca:3a:bd:93 has been logged:

What just happened?

We just connected to our access point successfully from BackTrack using our Alfa wireless card as the wireless device. We also learnt how to verify that a connection has been established at both the wireless client and the access point side.

Have a go hero – establishing connection in WEP configuration

Here is a challenging exercise for you—set up the access point in WEP configuration. For each of these, try establishing a connection with the access point using the wireless adapter. Hint: Check the manual for the iwconfig command by typing man iwconfig for how to configure the card to connect to WEP.

Pop quiz – understanding the basics

After issuing the command ifconfig wlan0 up, how do you verify the wireless card is up and functional?
Can we run all our experiments using the BackTrack live CD alone? And not install it to the hard drive?
What does the command arp –a show?
Which tool should we use in BackTrack to connect to WPA/WPA2 networks?

Key benefits

Learn Wireless Penetration Testing with the most recent version of Backtrack

The first and only book that covers wireless testing with BackTrack

Concepts explained with step-by-step practical sessions and rich illustrations

Written by Vivek Ramachandran ¬¨‚Äì world renowned security research and evangelist, and discoverer of the wireless ‚ÄúCaffe Latte Attack‚Äù

Description

Wireless has become ubiquitous in today‚Äôs world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost ‚Äì Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner‚Äôs Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.This book will take you through the basic concepts in Wireless and creating a lab environment for your experiments to the business of different lab sessions in wireless security basics, slowly turn on the heat and move to more complicated scenarios, and finally end your journey by conducting bleeding edge wireless attacks in your lab.There are many interesting and new things that you will learn in this book ‚Äì War Driving, WLAN packet sniffing, Network Scanning, Circumventing hidden SSIDs and MAC filters, bypassing Shared Authentication, Cracking WEP and WPA/WPA2 encryption, Access Point MAC spoofing, Rogue Devices, Evil Twins, Denial of Service attacks, Viral SSIDs, Honeypot and Hotspot attacks, Caffe Latte WEP Attack, Man-in-the-Middle attacks, Evading Wireless Intrusion Prevention systems and a bunch of other cutting edge wireless attacks.If you were ever curious about what wireless security and hacking was all about, then this book will get you started by providing you with the knowledge and practical know-how to become a wireless hacker.

Who is this book for?

If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

What you will learn

Create a Wireless Lab for conducting experiments

Monitor the air and sniff wireless packets

Bypass WLAN authentication mechanism

Crack WEP/WPA/WPA2 encryption mechanisms

Break into a WLAN network using infrastructure flaws

Break into a Wireless client such as a laptop

Advanced attacks such as Man-in-the-Middle attacks and Evading WIPS

Conduct wireless penetration test in a methodical way

What do you get with Print?

Instant access to your digital eBook copy whilst your Print order is Shipped

Paperback book shipped to your preferred address

Download this book in EPUB and PDF formats

Access this title in our online reader with advanced features

DRM FREE - Read whenever, wherever and however you want

Frequently bought together

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

$65.99

$54.99

BackTrack 5 Wireless Penetration Testing Beginner's Guide

$54.99

Total $ 175.97

Filter reviews by

All

Amazon verified reviews

Make War Oct 03, 2014

Excellent

Amazon Verified review

GK Feb 28, 2012

This book should be a template for how other tech books should be written; to the point and full of useful (real world) examples and exercises. Another great thing about this book (in my experience) was that it did not assume too much or too little knowledge on the subject from me. Just enough for beginners to start with and build throughout the book, and enough for anyone not an expert on the subject to learn from.Highly Recommended.

Seth Sep 26, 2011

An amazing book. This one wastes no time with a long pre-amble or justifying why you'd need to know how to pen-test; it just tells you what you need to know. You're sniffing wireless traffic right from the start, injecting packets by page 40 or so, and then you're off spoofing MAC addreses, cracking WPA (even shared authentication), and doing man-in-the-middle attacks.This is not a book that explains a lot of theory and then expects you to figure out how to apply it. It's a finely-tuned set of clear, intentional tutorials that explains how to use the tools, how to get results, and then explains what happened and why. It covers some of the basics (like ifconfig, iwconfig, ping, and a little bit about packet specifications), and then moves on to the heavy-lifters like airmon, aireplay, airodump, wireshark, and others.While all of these tools have tutorials and manuals online, the way they work together is seldomly explained, and even more rarely are they explained with the clarity and focus of this book. The situations the book covers are realistic wireless network setups that you'll find at businesses, cafes, and homes. There are screenshots on nearly everypage, so it doesn't just explain what to do - it actually shows you.If you're completely new to pen-testing, this book is where you should start. You should try to learn at least a little bit of Linux before delving into this (but you should be learning that anyway) but this book doesn't assume that you are a pro. It guides you through all of the basic essentials, such as setting up a pen-testing lab environment (configuring your access point, making sure your wireless card is open enough to be configured, and so on), and even how to install Backtrack Linux itself. You will need a good lab environment to use this book effectively, so make sure you have access to a router, two laptops with wireless cards (one to use and one to be the victim), and a usb wireless card to perform packet injection (the book recommends the Alfa AWUS036H).All in all, whether you're learning this stuff because you're angry at the world and want to mess up wireless networks or because you're a sys admin and need to protect your network from intruders, this is easily the best book on the subject I have found. Too many books on this topic assume that the reader is a "security professional" and uses jargon and lingo without explaining anything. This book sits down with you, gives you the information you need, and you get the results that you wanted. Considering that courses from Backtrack's website start at around $750, this book feels like a hack in itself.

Andrew Smith Feb 23, 2013

This book covers pretty much everything you would need to know in order to perform a professional wifi pentest. Wireless hacking is pretty easy to do relative to a number of other things you would do in the world of offensive security mainly due to the fact that you need not have any programming experience to pull it off.Much of it is simply a matter of memorizing the proper terminal commands and knowing when to use them, and this book covers this perfectly. Some of the things included in this book are:-How to install BackTrack 5 and set up a hack lab-General information on WLAN frames and the 802.11 protocol system-Some basic use of Wireshark to collect information on the network or area you are in (you'll know why https is important)-Cracking WEP, WPA, WPA2, and even getting past things like MAC filtering-Denial of service attacks (a complete jackass could really abuse this information if they are in a coffee shop)And so on. I won't go into too much detail except to say that this book can be used by anyone with no prior BackTrack experience so long as they are willing to set some time aside to try the things in this book. It truly gets right to the point about how to perform an attack first (so impatience is less of a problem) and then explaining why you ended up with the result that you got (if the attack was done correctly).For anyone interested in BackTrack, Wifi cracking, or hacking in general, this book is a must have!

Nickg Sep 30, 2011

BackTrack 5 Wireless Penetration Testing Beginner's Guide is the perfect book for beginners and novices to dive into the wireless security field. Vivek Ramachandran (the Author) is an amazing teacher with a vast amount of knowledge on technology, networking, security and wireless. Vivek speaks at multiple security conferences every year and also discovered one of the wireless vulnerabilities and attacks used in the book called the "Caffe Latte Attack".The book starts you off with a quick introduction to wireless and security, then steps you through setting up a home lab with links to what software and hardware you will need. Cost is not an issue, with free virtualization software (VMware & Sun); anyone can setup a quick home lab. Chances are you already have a wireless router and laptop, so the only cost is this book and an external usb wireless card ($40 if that!) After the setup, BOOM; you are on your way to testing and hacking in your own home lab. The book guides you through hands on exercises to insure what you learn sticks with you. Also, every chapter has a review and questions to test what you have learned.Before I knew it, I was halfway through the book, not wanting to put it down. The tools you will learn are airmon-ng, aireplay-ng, airodump-ng, aircrack-ng and wireshark to name a few. You will use these tools to capture wireless packets, crack wep, wpa/wpa2 and also learn some linux command line.Wireless security is not a part of my job function, but learning about security and wireless is a hobby of mine. I am very glad to have found this book and after purchasing the ebook version, I may go back and purchase a hard copy to leave on my desk. :)If you have not visited securitytube.net (founded by Vivek), please do and purchase this book! BackTrack 5 Wireless Penetration Testing Beginner's Guide

BackTrack 5 Wireless Penetration Testing Beginner's Guide: Master bleeding edge wireless testing techniques with BackTrack 5.

What do you get with Print?

BackTrack 5 Wireless Penetration Testing Beginner's Guide

Chapter 1. Wireless Lab Setup

Note

Hardware requirements

Software requirements

Installing BackTrack

Time for action – installing BackTrack

What just happened?

Have a go hero – installing BackTrack on Virtual Box

Setting up the access point

Time for action – configuring the access point

What just happened?

Have a go hero – configuring the access point to use WEP and WPA

Setting up the wireless card

Time for action – configuring your wireless card

What just happened?

Connecting to the access point

Time for action – configuring your wireless card

What just happened?

Have a go hero – establishing connection in WEP configuration

Pop quiz – understanding the basics

Summary

Page 1 of 12

Key benefits

Description

Who is this book for?

What you will learn

Product Details

What do you get with Print?

Product Details

Frequently bought together

Table of Contents

Recommendations for you

Customer reviews

Filter reviews by

People who bought this also bought

About the author

FAQs

BackTrack 5 Wireless Penetration Testing Beginner's Guide: Master bleeding edge wireless testing techniques with BackTrack 5.

What do you get with Print?

Contact Details

Shipping Address

Billing Address

Key benefits

Description

Who is this book for?

What you will learn

Product Details

What do you get with Print?

Contact Details

Shipping Address

Billing Address

Product Details

Packt Subscriptions

Frequently bought together

Table of Contents

Recommendations for you

Customer reviews

Filter reviews by

People who bought this also bought

About the author

FAQs