Index

A

• access point
  • setting up / Setting up the access point, Time for action – configuring the access point
  • configuring / Time for action – configuring the access point, What just happened?
  • wireless card, connecting to / Time for action – configuring your wireless card, What just happened?
  • about / Default accounts and credentials on the access point
  • default accounts, cracking on / Time for action – cracking default accounts on the access points, What just happened?
• accounts
  • cracking, bruteforce attacks used / Have a go hero – cracking accounts using bruteforce attacks
• advanced Wi-Fi lab
  • building / Building an advanced Wi-Fi lab
• advanced Wi-Fi lab, requisites
  • directional antennas / Building an advanced Wi-Fi lab
  • Wi-Fi access points / Building an advanced Wi-Fi lab
  • Wi-Fi cards / Building an advanced Wi-Fi lab
  • Wi-Fi enabled devices / Building an advanced Wi-Fi lab
  • Smartphones / Building an advanced Wi-Fi lab
• airbase-ng command / Time for action – evil twin with MAC spoofing
• Aircrack-NG site
  • about / Staying up-to-date
• aircrack-ng tool
  • about / WEP encryption
• AIRCRACK-NG website
  • about / Hirte attack
• aireplay-ng tool
  • about / WEP encryption
• airmon-ng tool
  • about / WEP encryption
• Airodump-NG
  • about / Revisiting WLAN frames
• airodump-ng utility / Time for action – beating MAC filters, What just happened?
  • about / WEP encryption
• Alfa AWUS036H card / Hardware requirements
• Alfa card / Building an advanced Wi-Fi lab
• Alfa Networks / Hardware requirements
• Alfa wireless card
  • setting up / Time for action – configuring your wireless card
• AP
  • setting up, with FreeRadius-WPE / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS
• AP-less WPA cracking / Time for action – AP-less WPA cracking, What just happened?
• application hijacking challenge / Have a go hero – application hijacking challenge
• Asleap
  • about / Time for action – cracking EAP-TTLS
• attack phase, wireless penetration testing
  • about / Attack, Time for action – finding rogue access points, What just happened?
  • rogue access points, searching / Time for action – finding rogue access points, What just happened?
  • unauthorized clients, searching / Time for action – unauthorized clients, What just happened?
  • WPA, cracking / Time for action – cracking WPA, What just happened?
  • clients, compromising / Time for action – compromising the clients, What just happened?
• Authenticator MAC address (Access Point MAC)
  • about / WPA/WPA2
• Authenticator Nounce (ANounce)
  • about / WPA/WPA2

B

• BackTrack
  • installing / Time for action – installing BackTrack, What just happened?
  • installing, on Virtual Box / Have a go hero – installing BackTrack on Virtual Box, Have a go hero – installing BackTrack on Virtual Box
  • Radius server, setting up on / Setting up FreeRadius-WPE
• BackTrack 5 / Software requirements
• Beacon frames
  • about / Hidden SSIDs
• best practices, WPA-Enterprise / Security best practices for Enterprises
• Broadcast De-Authentication packets / What just happened?
• bruteforce attacks
  • used, for cracking accounts / Have a go hero – cracking accounts using bruteforce attacks

C

• Caffe Latte attack
  • about / What just happened?, Caffe Latte attack
  • conducting / Time for action – conducting the Caffe Latte attack, What just happened?
• channel hopping
  • about / Have a go hero – evil twin and channel hopping
• client
  • de-authenticating / Time for action – De-Authenticating the client, What just happened?
• clients
  • compromising / Time for action – compromising the clients, What just happened?
• configuration, access point / Time for action – configuring the access point, What just happened?
• configuration, wireless card / Time for action – configuring your wireless card
• connection
  • establishing, in WEP configuration / Have a go hero – establishing connection in WEP configuration
• control frames
  • viewing / Time for action – viewing Management, Control, and Data frames
• Cowpatty
  • about / Have a go hero – trying WPA-PSK cracking with Cowpatty

D

• D-Link DIR-615 access point model / Time for action – cracking default accounts on the access points
• D-LINK DIR-615 Wireless N Router / Hardware requirements
  • about / Setting up the access point
• data frames
  • viewing / Time for action – viewing Management, Control, and Data frames
• data packets
  • sniffing / Time for action – sniffing data packets for our network
  • analyzing / Have a go hero – analyzing data packets
• De-Authentication attack / Time for action – De-Authentication DoS attack, What just happened?
• De-Authentication packets
  • about / De-Authentication and Dis-Association attacks
• Deauthentication attack / Time for action – uncovering hidden SSIDs
• default accounts
  • cracking, on access points / Time for action – cracking default accounts on the access points, What just happened?
• default regulatory settings
  • Alfa card, experimenting / Time for acton – experimenting with your Alfa card
• Denial of Service (DoS) attacks
  • about / Denial of service attacks, Time for action – De-Authentication DoS attack, What just happened?
  • De-Authentication attack / Time for action – De-Authentication DoS attack, What just happened?
  • Dis-Association attacks / Have a go hero – Dis-Association attacks
• DHCP daemon / Time for action – Rogue access point
• directional antennas
  • about / Building an advanced Wi-Fi lab
• Dis-Association attacks
  • about / Have a go hero – Dis-Association attacks
• discovery phase, wireless penetration testing
  • about / Discovery
• DNS hijacking
  • about / Session Hijacking over wireless
  • over wireless, using the MITM setup / Time for action – session hijacking over wireless

E

• EAP-GTC
  • about / Attacking PEAP
• EAP-MSCHAPv2
  • about / Attacking PEAP
• EAP-TTLS
  • about / Attacking EAP-TTLS
  • cracking / Time for action – cracking EAP-TTLS, What just happened?
• eap.conf file / Time for action – cracking PEAP
• ESSID
  • about / Finding rogue access points
• Ettercap / Have a go hero – application hijacking challenge
• evil twin
  • about / Evil twin and access point MAC spoofing
• evil twin attack
  • about / Time for action – evil twin with MAC spoofing, What just happened?

F

• fake authentication
  • performing, with WEP cracking / Have a go hero – fake authentication with WEP cracking
• four-way handshake
  • about / WPA/WPA2
• four-way WPA handshake / AP-less WPA-Personal cracking
• FreeRadius
  • about / Setting up FreeRadius-WPE
• FreeRadius-WPE
  • setting up / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS
  • AP, setting up with / Time for action – setting up the AP with FreeRadius-WPE, What just happened?, Have a go hero – playing with RADIUS

G

• genpmk tool / Time for action – speeding up the cracking process

H

• hacker
  • functions / Honeypot and Mis-Association attacks
• hardware requisites, for wireless lab setup / Hardware requirements
• hidden SSIDs
  • about / Hidden SSIDs
  • uncovering / Time for action – uncovering hidden SSIDs, What just happened?
• Hirte attack
  • URL, for info / Hirte attack
  • WEP, cracking with / Time for action – cracking WEP with the Hirte attack, What just happened?
• Honeypot attacks
  • about / Honeypot and Mis-Association attacks, Caffe Latte attack
• Hydra
  • about / Have a go hero – cracking accounts using bruteforce attacks

I

• IEEE 802.11
  • about / WLAN encryption
• ifconfig command / What just happened?
• installation, BackTrack
  • about / Time for action – installing BackTrack
  • on Virtual Box / Have a go hero – installing BackTrack on Virtual Box
• Install BackTrack icon / Time for action – installing BackTrack
• installing
  • BackTrack / Time for action – installing BackTrack, What just happened?
  • BackTrack, on Virtual Box / Have a go hero – installing BackTrack on Virtual Box
• iwconfig command / Have a go hero – establishing connection in WEP configuration
• iwconfig utility / Time for action – connecting to a WEP network
• iwlist wlan0 scanning command / Time for action – configuring your wireless card

M

• MAC Address
  • about / Finding rogue access points
• macchanger utility / Time for action – beating MAC filters
• macchnager utility / What just happened?
• MAC filters
  • about / MAC filters
  • beating / Time for action – beating MAC filters, What just happened?
• MAC spoofing
  • about / Time for action – evil twin with MAC spoofing, What just happened?
• mailing lists
  • about / Staying up-to-date
• man-in-the-middle attack / Evil twin and access point MAC spoofing
• management frames
  • viewing / Time for action – viewing Management, Control, and Data frames
• Message Integrity Check (MIC) / WPA/WPA2
• Mis-Association attacks
  • about / Honeypot and Mis-Association attacks
  • orchestrating / Time for action – orchestrating a Mis-Association attack, What just happened?
• MITM attacks
  • about / Man-in-the-Middle attack
  • simulating / Time for action – Man-in-the-Middle attack
  • over wireless / Have a go hero – Man-in-the-Middle over pure wireless
• monitor mode interface
  • creating / Time for action – creating a monitor mode interface, What just happened?
• MSCHAP-v2 / What just happened?
• multiple monitor mode interfaces
  • creating / Have a go hero – creating multiple monitor mode interfaces

N

• Non Disclosure Agreement (NDA) / Planning

O

• Open Authentication
  • about / Open Authentication
  • bypassing / Time for action – bypassing Open Authentication, What just happened?

P

• packet
  • injecting / Time for action – packet injection, What just happened?
• packet injection / Hardware requirements
• packet sniffing / Hardware requirements
• Pairwise Transient Key (PTK)
  • about / WPA/WPA2
• Password Based Key Derivation Function (PBKDF2) / WPA/WPA2
• PEAP
  • about / Attacking PEAP, Wrapping up
  • versions / Attacking PEAP
  • attacking, on Windows client / Time for action – cracking PEAP, What just happened?
  • cracking / Time for action – cracking PEAP, What just happened?
• PEAPv0 / Attacking PEAP
• PEAPv1 / Attacking PEAP
• planning phase, wireless penetration testing
  • about / Planning
  • scope of assessment / Planning
  • effort estimation / Planning
  • legality / Planning
• Preferred Network List (PNL) / Honeypot and Mis-Association attacks
• Probe Request packets
  • about / Time for action – orchestrating a Mis-Association attack
• promiscous mode
  • about / Revisiting WLAN frames

R

• Radius server
  • about / Setting up FreeRadius-WPE
  • setting up, on BackTrack / Setting up FreeRadius-WPE
• regulatory domains
  • exploring / Have a go hero – exploring regulatory domains
• reporting phase, wireless penetration testing / Reporting
• Rogue access point
  • about / Rogue access point
  • creating / Rogue access point
• Rogue access point challenge
  • about / Have a go hero – Rogue access point challenge
• rogue access points
  • searching / Time for action – finding rogue access points, What just happened?
• route -n command / Time for action – configuring the access point

S

• security configurations, on client
  • De-Authentication attack / Time for action – enumerating wireless security profiles
• Security Mode configuration / Time for action – configuring the access point
• security updates
  • about / Staying up-to-date
  • mailing lists / Staying up-to-date
  • Aircrack-NG site / Staying up-to-date
  • conferences / Staying up-to-date
• Shared Key Authentication
  • about / Shared Key Authentication
  • bypassing / Shared Key Authentication, Time for action – bypassing Shared Authentication, What just happened?
• Shared Key Authentication bypass technique
  • about / What just happened?
• Smart Phones / Software requirements
• Smartphones
  • about / Building an advanced Wi-Fi lab
• software requisites, for wireless lab setup / Software requirements
• SSIDs
  • about / Hidden SSIDs
• Suppliant MAC address (Wi-Fi Client MAC)
  • about / WPA/WPA2
• Supplicant Nounce (SNounce)
  • about / WPA/WPA2

T

• Tablets / Software requirements
• tablets
  • about / Building an advanced Wi-Fi lab
• Tcpdump
  • about / Revisiting WLAN frames
• TKIP
  • about / WPA/WPA2
• Tshark
  • about / Revisiting WLAN frames
• tshark utility / Time for action – decrypting WEP and WPA packets

U

• unauthorized clients
  • searching / Finding unauthorized clients, Time for action – unauthorized clients, What just happened?

V

• Virtual Box
  • BackTrack, installing on / Have a go hero – installing BackTrack on Virtual Box
  • URL / Have a go hero – installing BackTrack on Virtual Box

W

• WEP
  • about / WLAN encryption, What just happened?
  • cryptographic weaknesses / WEP encryption
  • cracking / Time for action – cracking WEP, What just happened?, Time for action – Rogue access point, What just happened?
  • cracking, with Hirte attack / Time for action – cracking WEP with the Hirte attack, What just happened?
• WEP configuration
  • connection, establishing in / Have a go hero – establishing connection in WEP configuration
• WEP cracking
  • fake authentication, performing with / Have a go hero – fake authentication with WEP cracking
• WEP encryption
  • about / WEP encryption
• WEP network
  • connecting to / Time for action – connecting to a WEP network, What just happened?
• WEP packet
  • decrypting / Time for action – decrypting WEP and WPA packets, What just happened?
• Wi-Fi access points
  • about / Building an advanced Wi-Fi lab
• Wi-Fi cards
  • about / Building an advanced Wi-Fi lab
• WiFishing / What just happened?
• Windows client
  • PEAP, attacking on / Time for action – cracking PEAP, What just happened?
• wireless card
  • setting up / Setting up the wireless card, Time for action – configuring your wireless card
  • configuring / Time for action – configuring your wireless card
  • connecting, to access point / Time for action – configuring your wireless card, What just happened?
• wireless devices
  • discovering / Time for action – discovering wireless devices, What just happened?
• Wireless Eavesdropping
  • about / Time for action – wireless eavesdropping
• wireless lab setup
  • hardware requisites / Hardware requirements
  • software requisites / Software requirements
• wireless packets
  • sniffing / Time for action – sniffing wireless packets
• wireless penetration testing
  • about / Wireless penetration testing
  • phases / Wireless penetration testing
  • planning phase / Planning
  • discovery phase / Discovery, Time for action – discovering wireless devices, What just happened?
  • attack phase / Attack, Time for action – finding rogue access points, What just happened?
  • reporting phase / Reporting
• Wireshark
  • about / Revisiting WLAN frames, Time for action – uncovering hidden SSIDs, Time for action – orchestrating a Mis-Association attack
• WLAN access point
  • about / Default accounts and credentials on the access point
• WLAN attacks
  • MITM attacks / Man-in-the-Middle attack
  • Wireless Eavesdropping, with MITM / Wireless Eavesdropping using MITM
  • Session Hijacking, over wireless / Session Hijacking over wireless
  • security configurations, finding on client / Finding security configurations on the client
• WLAN frames
  • about / Revisiting WLAN frames
  • revisiting / Revisiting WLAN frames
  • frame control field / Revisiting WLAN frames
  • type field / Revisiting WLAN frames
  • management frames / Revisiting WLAN frames
  • control frames / Revisiting WLAN frames
  • data frames / Revisiting WLAN frames
  • monitor mode interface, creating / Time for action – creating a monitor mode interface, What just happened?
  • multiple monitor mode interfaces, creating / Have a go hero – creating multiple monitor mode interfaces
  • wireless packets, sniffing / Time for action – sniffing wireless packets
  • different devices, finding / Have a go hero – finding different devices
  • data packets, sniffing / Time for action – sniffing data packets for our network
  • packet, injecting / Time for action – packet injection, What just happened?
  • Alfa card, experimenting with / Time for action – expermenting with your Alfa card, WLAN framesAlfa card, experimenting withWhat just happened?
  • multiple channels, sniffing / Have a go hero – sniffing multiple channels
• WLAN infrastructure
  • default accounts, cracking on access point / Time for action – cracking default accounts on the access points, What just happened?
  • evil twin attack / Evil twin and access point MAC spoofing, Time for action – evil twin with MAC spoofing, What just happened?
  • access point MAC spoofing / Evil twin and access point MAC spoofing, Time for action – evil twin with MAC spoofing, What just happened?
  • Rogue access point / Rogue access point, Time for action – Rogue access point, What just happened?
  • WEP, cracking / Time for action – Rogue access point, What just happened?
  • Honeypot attacks / Honeypot and Mis-Association attacks, Caffe Latte attack
  • Mis-Association attack, orchestrating / Time for action – orchestrating a Mis-Association attack, What just happened?
  • Caffe Latte attack, conducting / Time for action – conducting the Caffe Latte attack, What just happened?
  • De-Authentication attacks / Time for action – De-Authenticating the client, What just happened?
  • Dis-Association attacks / Time for action – De-Authenticating the client, What just happened?
  • WEP, cracking with Hirte attack / Time for action – cracking WEP with the Hirte attack, What just happened?
• WLAN injection
  • about / Important note on WLAN sniffing and injection
• WLANs
  • hidden SSIDs, uncovering / Time for action – uncovering hidden SSIDs, What just happened?
  • MAC filters, beating / Time for action – beating MAC filters, What just happened?
  • Open Authentication, bypassing / Time for action – bypassing Open Authentication, What just happened?
  • Shared Key Authentication, bypassing / Shared Key Authentication, Time for action – bypassing Shared Authentication, What just happened?
  • Denial of Service (DoS) attacks / Denial of service attacks, Time for action – De-Authentication DoS attack, What just happened?
• WLAN sniffing
  • about / Important note on WLAN sniffing and injection
• WPA
  • about / WLAN encryption, WPA/WPA2, What just happened?
  • cracking / AP-less WPA-Personal cracking, Time for action – cracking WPA, What just happened?
• WPA-Enterprise
  • best practices / Security best practices for Enterprises
• WPA-PSK
  • cracking / AP-less WPA-Personal cracking
• WPA-PSK Honeypot
  • setting up / Time for action – AP-less WPA cracking
• WPA-PSK weak passphrase
  • cracking / Time for action – cracking WPA-PSK weak passphrase
• WPA/WPA2 PSK
  • about / WPA/WPA2
  • cracking, speeding up for / Speeding up WPA/WPA2 PSK cracking, Time for action – speeding up the cracking process, What just happened?
• WPA2
  • about / What just happened?
• WPA handshake
  • capturing / Time for action – cracking WPA
• WPA network
  • connecting to / Time for action – connecting to a WPA network, What just happened?
• WPA packet
  • decrypting / Time for action – decrypting WEP and WPA packets, What just happened?
• WPA v1
  • about / WPA/WPA2
• WPAv2
  • about / WLAN encryption
• WPA_supplicant
  • about / Time for action – connecting to a WPA network
• WPE
  • about / Setting up FreeRadius-WPE

X

• XOR operation / Shared Key Authentication