Wireless lab Setup
Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Chapter 2:
WLAN and Its Inherent
Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing Management,
Control, and Data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your Alfa card
Role of regulatory domains in wireless
Time for action – experimenting with your Alfa card
Chapter 3:
Bypassing WLAN
Authentication
Hidden SSIDs
Time for action – uncovering hidden
SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open
Authentication
Shared Key Authentication
Time for action – bypassing Shared
Authentication
Chapter 4:
WLAN Encryption
Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and
WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Chapter 5:
Attacks on the WLAN
Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – De-Authentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
Rogue access point
Time for action – Rogue access point
Chapter 6:
Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-
Association attack
Caffe Latte attack
Time for action – conducting the Caffe
Latte attack
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
Hirte attack
Time for action – cracking WEP with the
Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
Chapter 7:
Advanced WLAN
Attacks
Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
Session Hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – enumerating wireless security profiles
Summary
Chapter 8:
Attacking WPA-Enterprise and RADIUS
Setting up FreeRadius-WPE
Time for action – setting up the AP with
FreeRadius-WPE
Attacking PEAP
Time for action – cracking PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
Security best practices for Enterprises
Summary
Chapter 9:
WLAN Penetration
Testing Methodology
Wireless penetration testing
Planning
Discovery
Time for action – discovering wireless devices
Attack
Finding rogue access points
Finding unauthorized clients
Cracking the encryption
Compromising clients
Reporting
Summary
DOWNLOAD HERE
.png)
0 comments:
Post a Comment