Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Kali Linux Wireless Penetration Testing Beginner???s Guide
Kali Linux Wireless Penetration Testing Beginner???s Guide

Kali Linux Wireless Penetration Testing Beginner???s Guide: Master wireless testing techniques to survey and attack wireless networks with Kali Linux, including the KRACK attack , Third Edition

Arrow left icon
Profile Icon Vivek Ramachandran Profile Icon Dieterle Profile Icon Cameron Buchanan
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (12 Ratings)
Paperback Dec 2017 210 pages 3rd Edition
eBook
Mex$447.98 Mex$639.99
Paperback
Mex$799.99
Subscription
Free Trial
Arrow left icon
Profile Icon Vivek Ramachandran Profile Icon Dieterle Profile Icon Cameron Buchanan
Arrow right icon
Free Trial
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (12 Ratings)
Paperback Dec 2017 210 pages 3rd Edition
eBook
Mex$447.98 Mex$639.99
Paperback
Mex$799.99
Subscription
Free Trial
eBook
Mex$447.98 Mex$639.99
Paperback
Mex$799.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux Wireless Penetration Testing Beginner???s Guide

Chapter 1. Wireless Lab Setup

 

"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."

 
 --Abraham Lincoln, 16th US President

Behind every successful execution is hours or days of preparation, and wireless penetration testing is no exception. In this chapter, we will create a wireless lab that we will use for our experiments in this book. Consider this lab as your preparation arena before you dive into real-world penetration testing!

Wireless penetration testing is a practical subject, and it is important to first set up a lab, where we can try out all the different experiments in this book in a safe and controlled environment. It is important that you set up this lab first before moving on in this book.

In this chapter, we will take a look at the following:

  • Hardware and software requirements
  • Installing Kali
  • Setting up an access point and configuring it
  • Installing the wireless card
  • Testing connectivity between the laptop and the access point

So let the games begin!

Hardware requirements

We will need the following hardware to set up the wireless lab:

  • Two laptops with internal Wi-Fi cards: We will use one of the laptops as the victim in our lab and the other as the penetration tester's laptop. Though almost any laptop would fit this profile, laptops with at least 3 GB RAM are desirable. This is because we may be running a lot of memory-intensive software in our experiments.
  • One wireless adapter (optional): Depending on the wireless card of your laptop, we may need a USB Wi-Fi card that can support packet injection and packet sniffing, which is supported by Kali. The best choice seems to be the Alfa AWUS036H card from Alfa Networks, as Kali supports this out of the box. This is available on www.amazon.com for a retail price of £18 at the time of writing. An alternative option is the Edimax EW-7711UAN, which is smaller and, marginally, cheaper.
  • One access point: Any access8 point that supports WEP/WPA/WPA2 encryption standards would fit the bill. I will be using a TP-LINK TL-WR841N Wireless router for the purpose of illustration in this book. You can purchase it from www.amazon.com for a retail price of around £20 at the time of writing.
  • An internet connection: This will come in handy for performing research, downloading software, and for some of our experiments.

Software requirements

We will need the following software to set up the wireless lab:

  • Kali: This software can be downloaded from the official website located at http://www.kali.org. The software is open source, and you should be able to download it directly from the website.
  • Windows XP/Vista/7/10: You will need any one of Windows XP, Windows Vista, Windows 7, or Windows 10 installed on one of the laptops. This laptop will be used as the victim machine for the rest of the book.

Note

Important to note is that even though we are using a Windows-based OS for our tests, the techniques learnt can be applied to any Wi-Fi-capable devices, such as smartphones and tablets, among others.

Installing Kali

Let's now quickly take a look at how to get up and running with Kali.

Kali will be installed on the laptop that will serve as the penetration tester's machine for the rest of the book.

Time for action – installing Kali

Kali is relatively simple to install. We will run Kali by booting it as a live DVD, and then install it on the hard drive.

Perform the following instructions step by step:

  1. Burn the Kali ISO (we are using the Kali 32-bit ISO) you downloaded, onto a bootable DVD.
  2. Boot the laptop with this DVD and select the option Install from Boot menu:
    Time for action – installing Kali
  3. If booting was successful, then you should see an awesome retro screen as shown in the following screenshot:
    Time for action – installing Kali
  4. This installer is similar to the GUI-based installers of most Linux systems and should be simple to follow. Select the appropriate options on every screen and start the installation process. Once the installation is done, restart the machine as prompted and remove the DVD.
  5. Once the machine restarts, a login screen will be displayed. Log in as root and the password is whatever you set it to during the installation process. You should now be logged into your installed version of Kali. Congratulations!
  6. I will change the desktop theme and some settings for this book. Feel free to use your own themes and color settings!

What just happened?

We have successfully installed Kali on the laptop! We will use this laptop as the penetration tester's laptop for all other experiments in this book.

Have a go hero – installing Kali on VirtualBox

We can also install Kali within virtualization software such as VirtualBox. If you don't want to dedicate a full laptop to Kali, this is the best option. Kali's installation process in VirtualBox is exactly the same. The only difference is the pre-setup, which you will have to create in VirtualBox. Have a go at it! You can download VirtualBox from http://www.virtualbox.org.

One of the other ways in which we can install and use Kali is via USB drives. This is particularly useful if you do not want to install on the hard drive, but still want to store persistent data, such as scripts and new tools, on your Kali instance. We encourage you to try this out as well!

Setting up the access point

Now we will set up the access point. As mentioned earlier, we will be using the TP-LINK TL-WR841N Wireless router for all the experiments in this book. However, feel free to use any other access point. The basic principles of operation and usage remain the same.

Time for action – configuring the access point

Let's begin! We will set the access point up to use Open Authentication (OAuth) with an SSID of Wireless Lab.

Follow these instructions step by step:

  1. Power on the access point, and use an Ethernet cable to connect your laptop to one of the access point's Ethernet ports.
  2. Enter the IP address of the access point configuration terminal in your browser. For TP-Link, it is by default 192.168.1.1. You should consult your access point's setup guide to find its IP address. If you do not have the manuals for the access point, you can also find the IP address by running the route –n command. The gateway IP address is typically the access point's IP. Once you are connected, you should see a configuration portal that looks like the following TP-LINK Wireless N Router WR841N emblazoned screenshot:
    Time for action – configuring the access point
  3. Explore the various settings in the portal after logging in, and find the settings related to configuring a new SSID.
  4. Change the SSID to Wireless Lab. Depending on the access point, you may have to reboot it for the settings to change.
  5. Similarly, find the settings related to Wireless Security and change the setting to Disable Security. Disable Security indicates that it is using the Open Authentication mode.
    Time for action – configuring the access point
  6. Save the changes to the access point and reboot it, if required. Now your access point should be up-and-running with an SSID, Wireless Lab.

An easy way to verify this is to use the wireless configuration utility in Windows and observe the available networks using the Windows laptop. You should find Wireless Lab as one of the networks in the listing:

Time for action – configuring the access point

What just happened?

We have successfully set up our access point with an SSID, Wireless Lab. It is broadcasting its presence, and this is being picked up by our Windows laptop and others within the Radio Frequency (RF) range of the access point.

Important to note is that we configured our access point in the Open mode, which is the least secure. It is advisable not to connect this access point to the internet for the time being, as anyone within the RF range will be able to use it to access the internet.

Have a go hero – configuring the access point to use WEP and WPA

Play around with the configuration options of your access point. Try to get it up-and-running using encryption schemes such as WEP and WPA/WPA2. We will use these modes in later chapters to illustrate attacks against them.

Setting up the wireless card

Setting up our wireless adapter is much easier than the access point. The advantage is that Kali supports this card out of the box and ships with all requisite device drivers to enable packet injection and packet sniffing.

Time for action – configuring your wireless card

We will be using the wireless adapter with the penetration tester's laptop.

Follow these instructions step by step to set up your card:

  1. Plug in the card to one of the Kali laptop's USB ports and boot it. Once you log in, open a console terminal and type in iwconfig. Your screen should look as follows:
    Time for action – configuring your wireless card

    As you can see, wlan0 is the wireless interface created for the wireless adapter.

    Type in ifconfig wlan0 up to bring the interface up. Then, type in ifconfig wlan0 to see the current state of the interface:

    Time for action – configuring your wireless card
  2. The MAC address 00:c0:ca:3e:bd:93 should look like the MAC address written under your Alfa card. I am using the Edimax that gives me the preceding MAC address 80:1f:02:8f:34:d5. This is a quick check to ensure that you have enabled the correct interface.

What just happened?

Kali ships with all the required drivers for the Alfa and Edimax adapters out of the box. As soon as the machine booted, the adapter was recognized and was assigned the network interface wlan0. Now our wireless adapter is up and functional!

Connecting to the access point

Now we will take a look at how to connect to the access point using the wireless adapter. Our access point has an SSID, Wireless Lab and does not use any authentication.

Time for action – configuring your wireless card

Here we go! Follow these steps to connect your wireless card to the access point:

  1. Let's first see what wireless networks our adapter is currently detecting. Issue the iwlist wlan0 scanning command, and you will find a list of networks in your vicinity:
    Time for action – configuring your wireless card

    Keep scrolling down and you should find the Wireless Lab network in this list. In my setup, it is detected as Cell 05; it may be different in yours. The ESSID field contains the network name.

  2. As multiple access points can have the same SSID, verify that the MAC address mentioned in the preceding Address field matches your access point's MAC. A fast and easy way to get the MAC address is underneath the access point or using web-based GUI settings.
  3. Now, issue the iwconfig wlan0 essid "Wireless Lab" command and then iwconfig wlan0 to check the status. If you have successfully connected to the access point, you should see the MAC address of the access point in the Access Point field in the output of iwconfig.
  4. We know that the access point has a management interface IP address 192.168.0.1 from its manual. Alternately, this is the same as the default router IP address when we run the route –n command. Let's set our IP address in the same subnet by issuing the ifconfig wlan0 192.168.0.2 netmask 255.255.255.0 up command. Verify that the command succeeded by typing ifconfig wlan0 and checking the output.
  5. Now let's ping the access point by issuing the ping 192.168.0.1 command. If the network connection has been set up properly, then you should see the responses from the access point. You can additionally issue an arp –a command to verify that the response is coming from the access point. You should see that the MAC address of the IP 192.168.0.1 is the access point's MAC address we noted earlier. It is important to note that some of the more recent access points might have responses to the Internet Control Message Protocol (ICMP) echo request packets disabled. This is typically done to make the access point secure out of the box with only minimal configuration settings available. In such a case, you can try to launch a browser and access the web interface to verify that the connection is up-and-running:
    Time for action – configuring your wireless card
  6. On the access point, we can verify connectivity by looking at the connection logs. As you can see in the following log, the MAC address of the wireless card 4C:0F:6E:70:BD:CB has been logged making DHCP requests from the router:
    Time for action – configuring your wireless card

What just happened?

We just connected to our access point successfully from Kali using our wireless adapter as the wireless device. We also learned how to verify that a connection has been established at both the wireless client and the access point side.

Have a go hero – establishing a connection in a WEP configuration

Here is a challenging exercise for you: set up the access point in a WEP configuration. For each of these, try establishing a connection with the access point using the wireless adapter. Hint: check the manual for the iwconfig command by typing man iwconfig to see how to configure the card to connect to WEP.

Pop quiz – understanding the basics

Q1. After issuing the ifconfig wlan0 command, how do you verify that the wireless card is up and functional?

Q2. Can we run all our experiments using the Kali live CD alone? Can we not install the CD to the hard drive?

Q3. What does the arp –a command show?

Q4. Which tool should we use in Kali to connect to WPA/WPA2 networks?

Summary

This chapter provided you with detailed instructions on how to set up your own wireless lab. Also, in the process, you learned the basic steps do the following:

  • Installing Kali on your hard drive and exploring other options such as virtual machines and USBs
  • Configuring your access point over the web interface
  • Understanding and using several commands to configure and use your wireless card
  • Verifying the connection state between the wireless client and the access point

Gaining confidence in configuring the system is important for you. If you aren't confident, it is advisable that you repeat the preceding examples a couple of times. In later chapters, we will design more complicated scenarios.

In the next chapter, you will learn about inherent design-based insecurities in the WLANs design. We will use the network analyzer tool, Wireshark, to understand these concepts in a practical way.

Left arrow icon Right arrow icon

Key benefits

  • • Learn wireless penetration testing with Kali Linux
  • • Detect hidden wireless networks and discover their names
  • • Explore advanced Wi-Fi hacking techniques including rogue access point hosting and probe sniffing
  • • Develop your encryption cracking skills and gain an insight into the methods used by attackers and the underlying technologies that facilitate these attacks

Description

As wireless networks become ubiquitous in our lives, wireless penetration testing has become a key skill in the repertoire of the professional penetration tester. This has been highlighted again recently with the discovery of the KRACK attack which enables attackers to potentially break into Wi-Fi networks encrypted with WPA2. The Kali Linux security distribution comes with a myriad of tools used for networking attacks and detecting security loopholes. Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition has been updated to Kali Linux 2017.3 with the latest methodologies, including full coverage of the KRACK attack and how to defend against it. The book presents wireless pentesting from the ground up, introducing all elements of penetration testing with each new technology. You'll learn various wireless testing methodologies by example, from the basics of wireless routing and encryption through to detailed coverage of hacking methods and attacks such as the Hirte and Caffe Latte.

Who is this book for?

Kali Linux Wireless Penetration Testing Beginner's Guide, Third Edition is suitable for anyone who wants to learn more about pentesting and how to understand and defend against the latest wireless network attacks.

What you will learn

  • • Understand the KRACK attack in full detail
  • • Create a wireless lab for your experiments
  • • Sniff out wireless packets, hidden networks, and SSIDs
  • • Capture and crack WPA-2 keys
  • • Sniff probe requests and track users through their SSID history
  • • Attack radius authentication systems
  • • Sniff wireless traffic and collect interesting data
  • • Decrypt encrypted traffic with stolen keys

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 28, 2017
Length: 210 pages
Edition : 3rd
Language : English
ISBN-13 : 9781788831925
Vendor :
Offensive Security
Category :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 28, 2017
Length: 210 pages
Edition : 3rd
Language : English
ISBN-13 : 9781788831925
Vendor :
Offensive Security
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Mex$85 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just Mex$85 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total Mex$ 2,605.97
Digital Forensics with Kali Linux
Mex$902.99
Kali Linux Wireless Penetration Testing Beginner???s Guide
Mex$799.99
Kali Linux Wireless Penetration Testing Cookbook
Mex$902.99
Total Mex$ 2,605.97 Stars icon
Banner background image

Table of Contents

13 Chapters
1. Wireless Lab Setup Chevron down icon Chevron up icon
2. WLAN and Its Inherent Insecurities Chevron down icon Chevron up icon
3. Bypassing WLAN Authentication Chevron down icon Chevron up icon
4. WLAN Encryption Flaws Chevron down icon Chevron up icon
5. Attacks on the WLAN Infrastructure Chevron down icon Chevron up icon
6. Attacking the Client Chevron down icon Chevron up icon
7. Advanced WLAN Attacks Chevron down icon Chevron up icon
8. KRACK Attacks Chevron down icon Chevron up icon
9. Attacking WPA-Enterprise and RADIUS Chevron down icon Chevron up icon
10. WLAN Penetration Testing Methodology Chevron down icon Chevron up icon
11. WPS and Probes Chevron down icon Chevron up icon
A. Pop Quiz Answers Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(12 Ratings)
5 star 75%
4 star 8.3%
3 star 16.7%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Amazon Customer Sep 16, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
For basic technical fact it's amazing book
Amazon Verified review Amazon
Ninos I. Jul 14, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Sehr lehrreiches Buch, mit step für step Erklärungen für nahezu alle WiFi hacks
Amazon Verified review Amazon
M Jan 25, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I would definitely recommend this book. It is well explained and easy to follow.
Amazon Verified review Amazon
Sandesh More Nov 24, 2018
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really a good book with great contents ....Really helpful for beginner's
Amazon Verified review Amazon
A. Marx Jan 24, 2021
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Wenn man sein Kali schon am Laufen hat und den passenden Wirelessadapter hat (z.B. von Alfa) dann kann es losgehen. Man sollte nicht erwarten, dass man alle Netzwerke in der Nachbarschaft mitlesen kann. Aber man bekommt eine gute Anleitung, was man sehen kann und was andere sehen könn(t)en.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.