This given tutorial is a only for the educational purpose. The Author or Website is not responsible for any damage or loss due to reason of experiment.
The majority of specific IT security literature sources would
list the available tools and appropriate commands and call it a day. We call it
an early caffeinated morning. Knowing the basics of wireless networking and
which tools to use to discover access points, dump the traffic, crack WEP, and
so on is not enough. In fact, it only brings the attacker to the "script kiddie"
level, whereas a wireless security professional should be far above it. You
should understand how the protocols involved
and the available attack methodologies work (something that is slowly uncovered
through this book). Apart from that, you should also have a precise calculated
plan of your penetration testing procedure, taking into account all known
peculiarities of the network you are after.
The "Rig"
By now, a
penetration testing kit should be properly assembled and tested on your lab WLAN
to avoid any unpleasant surprises (unresolved symbols when inserting the
modules, card service version incompatibility, unreliable pigtails, etc.) in
accordance with the almighty Murphy's Law.
If you are serious about your business, your kit is likely to
include the following components:
-
A laptop with a double PCMCIA card slot and Linux/BSD (or both) properly configured and running.
-
Several PCMCIA client cards with external antenna connectors and different chipsets:
-
Cisco Aironet for efficient wireless traffic discovery and easy-to-perform multichannel traffic logging and analysis
-
Prism for WEP cracking, including traffic injection cracking acceleration; DoS via FakeAP, Wnet, or AirJack; Layer 1 man-in-the-middle attacks with HostAP and a second Prism chipset card (!); Layer 2 man-in-the-middle attacks with AirJack and Hermes chipset card; or Layer 2 man-in-the-middle attacks using Wnet, HostAP mode, and a second Prism chipset card on the OpenBSD platform
-
Hermes/Orinoco for WEP cracking excluding traffic injection cracking acceleration and Layer 2 man-in-the-middle attacks using AirJack and a Prism chipset card
-
Atheros chipset card for 802.11a security auditing
-
-
At least two external antennas (an omnidirectional and high-gain directional) with all appropriate connectors and possibly a mounting tripod.
-
Specific wireless security tools of your choice set and ready. You must be able to perform the following:
-
Network discovery and traffic logging in the RFMON mode
-
Wireless traffic decoding and analysis
-
WEP cracking and 802.1x brute-forcing (where applicable)
-
Custom Layer 2 frame generation and traffic injection
-
Setting at least one of your cards to act as a rogue access point
-
Optional toolkit components might include the following:
-
A GPS receiver plugged into your laptop's serial port
-
A PDA loaded with Kismet or Wellenreiter and some signal strength monitoring utility
-
More antennas, including semidirectionals
-
Spare batteries
-
Amplifier(s)
-
A rogue wireless backchannel device if you plan to test wireless and physical security. The best example of such a device is a preconfigured small 802.11 USB client that can be quickly and covertly planted on the back of one of the company servers or workstations.
-
Maps of the area (electronic or paper)
-
Binoculars (to spot antennas on roofs, etc.)
-
Transportation means (feet, car, bike, boat, plane, zeppelin, or hot air balloon)
Before doing anything, test that you can capture and decode
traffic, crack WEP, and transmit frames (sniff them out) in the testing lab
network conditions. Pay special attention to the antenna connectors and their
resilience to moving the equipment around. When you are sure that everything
works as intended and will work as intended in the field, you can proceed to the
next phase. This phase does not involve driving, walking, sailing, or flying
around the tested site with protruding antennas. It involves thinking and
"Googling."
Happy Reading lol :)
No comments:
Post a Comment