did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9781597491112

Wardriving And Wireless Penetration Testing

by ; ; ;
  • ISBN13:

    9781597491112

  • ISBN10:

    159749111X

  • Format: Paperback
  • Copyright: 1/1/2007
  • Publisher: Elsevier Science
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
  • Complimentary 7-Day eTextbook Access - Read more
    When you rent or buy this book, you will receive complimentary 7-day online access to the eTextbook version from your PC, Mac, tablet, or smartphone. Feature not included on Marketplace Items.
List Price: $51.95 Save up to $34.41
  • Buy New
    $51.69
    Add to Cart Free Shipping Icon Free Shipping

    PRINT ON DEMAND: 2-4 WEEKS. THIS ITEM CANNOT BE CANCELLED OR RETURNED.

    7-Day eTextbook Access 7-Day eTextbook Access

Supplemental Materials

What is included with this book?

Summary

In this book, five recognized experts in the wireless security field have put together a guide to help you learn how to analyze wireless networks through wardriving and penetration testing. Each has contributed material that matches the strengths with various operating systems and techniques used to analyze wireless networks, resulting in a powerful guide to assess wireless networks while leveraging these free tools with low-cost supporting hardware.

Author Biography

Chris Hurley is a Senior Penetration Tester working in the Washington, DC Frank Thornton is the President and CEO of Blackthorn Systems Russ Rogers is the President and CEO of Security Horizon, Inc. Daniel Connelly is a Penetration Tester working for a federal agency in the Washington, DC Brian Baker is a Penetration Tester working in the Washington, DC

Table of Contents

Introduction to WarDriving and Penetration Testing
1(30)
Introduction
2(1)
WarDriving
2(1)
The Origins of WarDriving
3(2)
Definition
3(1)
The Terminology History of WarDriving
3(1)
WarDriving Misconceptions
4(1)
The Truth about WarDriving
4(1)
The Legality of WarDriving
5(1)
Tools of the Trade or ``What Do I Need?''
5(9)
Getting the Hardware
6(1)
The Laptop Setup
6(1)
The PDA or Handheld Setup
7(1)
Choosing a Wireless NIC
8(1)
Types of Wireless NICs
9(2)
Other Cards
11(1)
External Antennas
11(1)
Connecting Your Antenna to Your Wireless NIC
12(1)
GPS
13(1)
Putting It All Together
14(6)
Disabling the Transmission Control Protocol/Internet Protocol Stack in Windows
15(2)
Disabling the TCP/IP Stack on an iPAQ
17(2)
A Brief History of Wireless Security
19(1)
Penetration Testing
20(5)
Understanding WLAN Vulnerabilities
21(1)
Penetration Testing Wireless Networks
21(1)
Target Identification
22(1)
Attacks
23(2)
Tools for Penetration Testing
25(1)
Conclusion and What to Expect From this Book
26(1)
Solutions Fast Track
27(2)
Frequently Asked Questions
29(2)
Understanding Antennas and Antenna Theory
31(32)
Introduction
32(3)
Wavelength and Frequency
32(3)
Terminology and Jargon
35(8)
Radio Signal
36(1)
Noise
36(1)
Decibels
37(2)
Gain
39(1)
Attenuation
39(1)
Signal-to-noise Ratio
40(1)
Multipath
40(1)
Diversity
40(1)
Impedance
41(1)
Polarization
41(1)
Cable
42(1)
Connectors
43(1)
Differences Between Antenna Types
43(10)
Omnidirectional Antennas
44(1)
Omnidirectional Signal Patterns
44(2)
Directional Antennas
46(1)
Directional Antenna Types
47(1)
Grid
47(1)
Panel
48(1)
Waveguide
48(1)
Bi-Quad
49(1)
Yagi Antenna
50(3)
Directional Signal Patterns
53(1)
Other RF Devices
53(6)
RF Amplifiers
53(1)
Attenuators
54(1)
How to Choose an Antenna for WarDriving or Penetration Testing
55(1)
WarDriving Antennas
56(1)
Security Audit/Rogue Hunt and Open Penetration Testing
57(1)
``Red Team'' Penetration Test
57(1)
Where to Purchase WiFi Antennas
58(1)
Summary
59(1)
Solutions Fast Track
59(1)
Frequently Asked Questions
60(3)
WarDriving With Handheld Devices and Direction Finding
63(30)
Introduction
64(1)
WarDriving with a Sharp Zaurus
64(15)
Installing and Configuring Kismet
65(4)
Configuring the Wireless Card to Work with Kismet
69(3)
Starting Kismet on the Zaurus
72(1)
Using a GPS with the Zaurus
73(2)
Starting GPSD
75(1)
Using a Graphical Front End with Kismet
76(2)
Using an External WiFi Card with a Zaurus
78(1)
WarDriving with MiniStumbler
79(8)
Wireless Ethernet Cards that Work with MiniStumbler
80(1)
MiniStumbler Installation
81(1)
Running MiniStumbler
82(3)
MiniStumbler Menus and Tool Icons
85(1)
Using a GPS with MiniStumbler
86(1)
Direction Finding with a Handheld Device
87(3)
Summary
90(1)
Solutions Fast Track
91(1)
Frequently Asked Questions
92(1)
WarDriving and Penetration Testing with Windows
93(26)
Introduction
94(1)
WarDriving with NetStumbler
94(5)
How NetStumbler Works
94(2)
NetStumbler Installation
96(3)
Running NetStumbler
99(9)
NetStumbler Menus and Tool Icons
105(2)
Toolbar Icons
107(1)
Wireless Penetration Testing with Windows
108(9)
AirCrack-ng
109(3)
Determining Network Topology
112(1)
Network View
112(5)
Summary
117(1)
Solutions Fast Track
117(1)
Frequently Asked Questions
118(1)
WarDriving and Penetration Testing with Linux
119(34)
Introduction
120(1)
Preparing Your System to WarDrive
120(11)
Preparing the Kernel
120(1)
Preparing the Kernel for Monitor Mode
120(3)
Preparing the Kernel for a Global Positioning System
123(1)
Installing the Proper Tools
124(1)
Installing Kismet
125(1)
Installing GPSD
126(1)
Configuring Your System to WarDrive
127(4)
WarDriving with Linux and Kismet
131(7)
Starting Kismet
131(2)
Using the Kismet Interface
133(1)
Understanding the Kismet Options
133(4)
Using a Graphical Front End
137(1)
Wireless Penetration Testing Using Linux
138(12)
WLAN Discovery
140(1)
WLAN Discovery Using Public Source Information
140(1)
WLAN Encryption
141(1)
Attacks
141(1)
Attacks Against WEP
141(1)
Attacks Against WPA
142(1)
Attacks Against LEAP
143(1)
Attacking the Network
144(1)
MAC Address Spoofing
144(1)
Deauthentication with Void11
145(1)
Cracking WEP with the Aircrack Suite
146(2)
Cracking WPA with the CoWPAtty
148(1)
Association with the Target Network
148(2)
Summary
150(1)
Solutions Fast Track
151(1)
Frequently Asked Questions
152(1)
WarDriving and Wireless Penetration Testing with OS X
153(30)
Introduction
154(1)
WarDriving with KisMAC
154(16)
Starting KisMAC and Initial Configuration
154(1)
Configuring the KisMAC Preferences
155(1)
Scanning Options
156(1)
Filter Options
156(1)
Sound Preferences
157(3)
Traffic
160(1)
KisMAC Preferences
160(2)
Mapping WarDrives with KisMAC
162(1)
Importing a Map
162(4)
WarDriving with KisMAC
166(1)
Using the KisMAC Interface
167(3)
Penetration Testing with OS X
170(6)
Attacking WLAN Encryption with KisMAC
171(1)
Attacking WEP with KisMAC
171(2)
Reinjection
173(1)
Attacking WPA with KisMAC
174(1)
Other Attacks
175(1)
Bruteforce Attacks Against 40-bit WEP
175(1)
Wordlist Attacks
175(1)
Other OS X Tools for WarDriving and WLAN Testing
176(2)
Summary
178(1)
Solutions Fast Track
178(2)
Frequently Asked Questions
180(3)
Wireless Penetration Testing Using a Bootable Linux Distribution
183(36)
Introduction
184(1)
Core Technologies
185(8)
WLAN Discovery
185(1)
Choosing the Right Antenna
186(1)
WLAN Encryption
187(1)
WEP
188(1)
WPA/WPA2
188(1)
EAP
189(1)
VPN
189(1)
Attacks
189(1)
Attacks Against WEP
189(2)
Attacks Against WPA
191(1)
Attacks Against LEAP
191(1)
Attacks Against VPN
192(1)
Open Source Tools
193(15)
Footprinting Tools
193(1)
Intelligence Gathering Tools
194(1)
User's Network Newsgroups
194(1)
Google (Internet Search Engines)
194(1)
Scanning Tools
195(1)
Wellenreiter
195(3)
Kismet
198(2)
Enumeration Tools
200(1)
Vulnerability Assessment Tools
201(2)
Exploitation Tools
203(1)
MAC Address Spoofing
203(1)
Deauthentication with Void11
203(2)
Cracking WEP with the Aircrack Suite
205(3)
Cracking WPA with CoWPAtty
208(1)
Case Study
208(6)
Case Study Cracking WEP
209(3)
Case Study: Cracking WPA-PSK
212(2)
Further Information
214(1)
Additional GPSMap Map Servers
215(1)
Solutions Fast Track
215(2)
Frequently Asked Questions
217(2)
Mapping WarDrives
219(28)
Introduction
220(1)
Using the Global Positioning System Daemon with Kismet
220(6)
Installing GPSD
220(3)
Starting GPSD
223(1)
Starting GPSD with Serial Data Cable
223(2)
Starting GPSD with USB Data Cable
225(1)
Configuring Kismet for Mapping
226(1)
Enabling GPS Support
226(1)
Mapping WarDrives with GPSMAP
227(4)
Creating Maps with GPSMAP
227(4)
Mapping WarDrives with StumbVerter
231(13)
Installing StumbVerter
231(4)
Generating a Map With StumbVerter
235(1)
Exporting NetStumbler Files for Use with StumbVerter
235(2)
Importing Summary Files to MapPoint with StumbVerter
237(5)
Saving Maps with StumbVerter
242(2)
Summary
244(1)
Solutions Fast Track
245(1)
Frequently Asked Questions
246(1)
Using Man-in-the-Middle Attacks to Your Advantage
247(36)
Introduction
248(2)
What is a MITM Attack?
248(1)
MITM Attack Design
248(1)
The Target---AP(s)
248(1)
The Victim---Wireless Client(s)
248(1)
The MITM Attack Platform
249(1)
MITM Attack Variables
249(1)
Hardware for the Attack---Antennas, Amps, WiFi Cards
250(5)
The Laptop
251(1)
Wireless Network Cards
251(1)
Choosing the Right Antenna
252(1)
Amplifying the Wireless Signal
253(1)
Other Useful Hardware
254(1)
Identify and Compromise the Target Access Point
255(2)
Identify the Target
255(1)
Compromising the Target
255(2)
The MITM Attack Laptop Configuration
257(12)
The Kernel Configuration
258(1)
Obtaining the Kernel Source
258(1)
Configure and Build the Kernel
258(3)
Setting Up the Wireless Interfaces
261(1)
wlan0 - Connecting to the Target Network
261(1)
wlan1 - Setting up the AP
261(1)
IP Forwarding and NAT Using Iptables
262(1)
Installing Iptables and IP Forwarding
263(1)
Establishing the NAT Rules
264(1)
Dnsmasq
265(1)
Installing Dnsmasq
265(1)
Configuring Dnsmasq
265(2)
Apache Hypertext Preprocessor and Virtual Web Servers
267(2)
Clone the Target Access Point and Begin the Attack
269(9)
Establish Wireless Connectivity and Verify Services are Started
269(1)
Start the Wireless Interface
269(1)
Verify Connectivity to the Target Access Point
270(1)
Verify Dnsmasq is Running
270(1)
Verify Iptables is Started and View the Running Rule Sets
271(1)
Deauthenticate Clients Connected to the Target Access Point
272(1)
Wait for the Client to Associate to Your Access Point
272(1)
Identify Target Web Applications
273(1)
Spoof the Application
274(1)
Using wget to Download the Target Web Page
274(1)
Modify the Page
274(2)
Redirect Web Traffic Using Dnsmasq
276(2)
Summary
278(1)
Solutions Fast Track
278(3)
Frequently Asked Questions
281(2)
Using Custom Firmware for Wireless Penetration Testing
283(36)
Choices for Modifying the Firmware on a Wireless Access Point
284(1)
Software Choices
284(1)
HyperWRT
284(1)
DD-WRT
284(1)
OpenWRT
284(1)
Hardware Choices
285(1)
Installing OpenWRT on a Linksys WRT54G
285(11)
Downloading the Source
286(1)
Installation and How Not to Create a Brick
287(1)
Installation via the Linksys Web Interface
288(2)
Installation via the TFTP Server
290(3)
Command Syntax and Usage
293(3)
Configuring and Understanding the OpenWRT Network Interfaces
296(2)
Installing and Managing Software Packages for OpenWRT
298(4)
Finding and Installing Packages
299(3)
Uninstalling Packages
302(1)
Enumeration and Scanning from the WRT54G
302(4)
Nmap
302(2)
Netcat
304(1)
Tcpdump
304(2)
Installation and Configuration of a Kismet Drone
306(4)
Installing the Package
306(1)
Configuring the Kismet Drone
307(1)
Making the Connection and Scanning
307(3)
Installing Aircrack to Crack a WEP Key
310(4)
Mounting a Remote File System
310(1)
Installing the Aircrack Tools
311(3)
Summary
314(1)
Solutions Fast Track
315(3)
Frequently Asked Questions
318(1)
Wireless Video Testing
319(24)
Introduction
320(1)
Why Wireless Video?
320(1)
Let's Talk Frequency
320(1)
Let's Talk Format
320(1)
Let's Talk Terms
321(1)
Wireless Video Technologies
321(6)
Video Baby Monitors
322(2)
Security Cameras
324(1)
X10.com
324(1)
D-Link
325(1)
Others
326(1)
Tools for Detection
327(12)
Finding the Signal
327(1)
Scanning Devices
328(1)
ICOM IC-R3
329(5)
X10 Accessories
334(2)
WCS-99
336(2)
The Spy Finder
338(1)
Summary
339(1)
Solutions Fast Track
339(2)
Frequently Asked Questions
341(2)
Appendix A Solutions Fast Track
343(18)
Appendix B Device Driver Auditing
361(24)
Introduction
362(1)
Why Should You Care
363(3)
What is a Device Driver?
366(17)
Windows
367(1)
OS X
367(1)
Linux
368(1)
Setting Up a Test Environment
368(1)
WiFi
369(1)
Bluetooth
370(1)
Testing the Drivers
371(1)
WiFi
372(6)
Bluetooth
378(2)
Looking to the Future
380(3)
Summary
383(2)
Index 385

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program