By Nagareshwar Talekar on Oct 31 2011
This month, I am excited to write review on another amazing book – “BackTrack 5 Wireless Penetration Testing”. Written by Vivek Ramachandran – founder of SecurityTube – who is well known for his discovery of Wireless Caffe Latte attack, this book is beyond the words.
Here is the core information about the book,
- Title: BackTrack 5 Wireless Penetration Testing
- Author: Vivek Ramachandran
- Publisher: Packt Publishing
- Pages: 220
- Release Date: September 9, 2011
Here is the table of contents
Chapter 1: Wireless Lab Setup
Chapter 2: WLAN and Its Inherent Insecurities
Chapter 3: Bypassing WLAN Authentication
Chapter 4: WLAN Encryption Flaws
Chapter 5: Attacks on the WLAN Infrastructure
Chapter 6: Attacking the Client
Chapter 7: Advanced WLAN Attacks
Chapter 8: Attacking WPA-Enterprise and RADIUS
Chapter 9: WLAN Penetration Testing Methodology
Appendix A: Conclusion and Road Ahead
Appendix B: Pop Quiz Answers
First chapter starts with the famous line from ‘Abraham Lincoln’ pressing on the importance of setting up the play ground,
If I had eight hours to chop down a tree, I’d spend six hours sharpening my axe.
It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can’t perform most of the attacks.
Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.
It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.
Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform ‘Evil Twin’ attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.
Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.
Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using ‘WPA2-PSK with a strong passphrase’ for smaller/medium size organizations and ‘WPA2-Enterprise with EAP-TLS’ for larger organizations.
Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.
This book is written completely from practical perspective and to get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.
Highlights of the Book
- Very well written and enjoyable to read
- Practical and includes latest stuff from wireless field
- Every attack technique is very well shown with complete technical details and illustrative screenshots.
- Includes action items for reader to explore more and gain more expertise
- Pop Quiz at the end of each chapter ensures that you were not dozing off
After reading this book completely, one thing is sure that you would like to change its title from “Beginners guide” to “Not just Beginners guide”. Even though its his first book, I am amazed with his style of writing and ‘connecting with reader’ mentality making it easier to grasp and enjoyable to read on.
And here comes final verdict,
Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu.
Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.