]
09-01-2012, 06:56 PM
I would like to share a nice ebook on wireless penetration testing using backtrack 5. It is written in way that suits for beginners. I am sure that it will be a great help for beginners who use backtrack 5.
Its free. Just post here and pm me for the link...
Its free. Just post here and pm me for the link...
Table of Contents
Chapter 1: Wireless Lab Setup
Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card
Chapter 2: WLAN and Its Inherent Insecurities
Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing Management, Control, and Data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your Alfa card
Role of regulatory domains in wireless
Time for action – experimenting with your Alfa card
Chapter 3: Bypassing WLAN Authentication
Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication
Chapter 4: WLAN Encryption Flaws
WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network
Chapter 5: Attacks on the WLAN Infrastructure
Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – De-Authentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
Rogue access point
Time for action – Rogue access point
Chapter 6: Attacking the Client
Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
Caffe Latte attack
Time for action – conducting the Caffe Latte attack
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary
Chapter 7: Advanced WLAN Attacks
Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
Session Hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – enumerating wireless security profiles
Summary
Chapter 8: Attacking WPA-Enterprise and RADIUS
Setting up FreeRadius-WPE
Time for action – setting up the AP with FreeRadius-WPE
Attacking PEAP
Time for action – cracking PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
Security best practices for Enterprises
Summary
Chapter 9: WLAN Penetration Testing Methodology
Wireless penetration testing
Planning
Discovery
Time for action – discovering wireless devices
Attack
Finding rogue access points
Finding unauthorized clients
Cracking the encryption
Compromising clients
Reporting
Summary
Quote:The Alchemist Wrote:
Here's the virus scan result :[To see links please register here]
