You are previewing Kali Linux Wireless Penetration Testing Essentials.
O'Reilly logo
Kali Linux Wireless Penetration Testing Essentials

Book Description

Plan and execute penetration tests on wireless networks with the Kali Linux distribution

In Detail

Kali Linux is the most popular distribution dedicated to penetration testing that includes a set of free, open source tools.

This book introduces you to wireless penetration testing and describes how to conduct its various phases. After showing you how to install Kali Linux on your laptop, you will verify the requirements of the wireless adapter and configure it. Next, the book covers the wireless LAN reconnaissance phase, explains the WEP and WPA/WPA2 security protocols and demonstrates practical attacks against them using the tools provided in Kali Linux, Aircrack-ng in particular. You will then discover the advanced and latest attacks targeting access points and wireless clients and learn how to create a professionally written and effective report.

What You Will Learn

  • Explore the penetration testing methodology and its various phases

  • Install Kali Linux on your laptop and configure the wireless adapter

  • Scan and enumerate wireless LANs and point out their vulnerabilities

  • Understand the WEP security protocol and the techniques to crack the authentication keys and break it

  • Become proficient with the WPA/WPA2 protocol and use Kali Linux tools to attack it

  • Attack the access points and take control of the wireless network

  • Launch advanced attacks against clients

  • Produce stunning and effective reports

  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you.

    Table of Contents

    1. Kali Linux Wireless Penetration Testing Essentials
      1. Table of Contents
      2. Kali Linux Wireless Penetration Testing Essentials
      3. Credits
      4. Disclaimer
      5. About the Author
      6. About the Reviewers
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      9. 1. Introduction to Wireless Penetration Testing
        1. Phases of penetration testing
          1. The planning phase
          2. The discovery phase
          3. The attack phase
          4. The reporting phase
            1. The executive summary
            2. The technical report
        2. Summary
      10. 2. Setting Up Your Machine with Kali Linux
        1. Introduction to the Kali Linux distribution
        2. Installing Kali Linux
          1. Installation on a virtual machine
            1. Creating a new virtual machine
            2. Installation steps
        3. Wireless adapter setup and configuration
          1. Requirements of the wireless adapter
          2. Wireless card configuration
            1. Testing the adapter for wireless penetration testing
            2. Troubleshooting
        4. Summary
      11. 3. WLAN Reconnaissance
        1. Introduction to 802.11 standard and wireless LAN
          1. 802.11 frames, types, and subtypes
          2. Infrastructure mode and wireless access points
          3. Wireless security
        2. Wireless LAN scanning
          1. Configuring the wireless adapter in monitor mode
          2. Wireless scanning with airodump-ng
        3. Wireless scanning with Kismet
        4. Summary
      12. 4. WEP Cracking
        1. An introduction to WEP
          1. Attacks against WEP
        2. WEP cracking with Aircrack-ng
          1. Cracking the WEP key with connected clients
          2. Cracking the WEP key without connected clients
            1. The Fragmentation and ChopChop attacks
            2. Forging and injecting ARP request frames
          3. WEP cracking with automated tools
          4. WEP cracking with Fern WiFi Cracker
        3. Summary
      13. 5. WPA/WPA2 Cracking
        1. An introduction to WPA/WPA2
          1. Attacking the WPA
          2. WPA cracking with Aircrack-ng
          3. WPA cracking with Cowpatty
        2. WPA cracking with the GPU
          1. Pyrit
          2. oclHashcat
        3. WPA cracking with automated tools
          1. Wifite
        4. Summary
      14. 6. Attacking Access Points and the Infrastructure
        1. Attacks against Wi-Fi Protected Setup
          1. Reaver
        2. Attacking WPA-Enterprise
          1. Setting up a WPA-Enterprise network
          2. Attacks targeting EAP
            1. Attacking PEAP
        3. Denial of Service attacks
          1. DoS attacks with MDK3
        4. Rogue access points
        5. Attacking AP authentication credentials
        6. Summary
      15. 7. Wireless Client Attacks
        1. Honeypot access points and Evil Twin attacks
          1. The Evil Twin attack in practice
        2. Man-in-the-middle attacks
          1. Ghost phisher
        3. The Caffe Latte attack
        4. The Hirte attack
        5. Cracking WPA keys without the AP
        6. Summary
      16. 8. Reporting and Conclusions
        1. The four stages of report writing
          1. Report planning
          2. Information collection
          3. Documentation tools
          4. Writing the first draft
          5. Review and finalization
        2. The report format
          1. The executive summary
          2. The technical report
        3. Summary
        4. Conclusions
      17. A. References
        1. Chapter 1 – Introduction to Wireless Penetration Testing
        2. Chapter 2 – Setting Up Your Machine with Kali Linux
        3. Chapter 3 – WLAN Reconnaissance
        4. Chapter 4 – WEP Cracking
        5. Chapter 5 – WPA/WPA2 Cracking
        6. Chapter 6 – Attacking Access Points and the Infrastructure
        7. Chapter 7 – Wireless Client Attacks
        8. Chapter 8 – Reporting and Conclusions
      18. Index