BackTrack 5 Wireless Penetration Testing for Beginners, Ebook FREE

commander · 09-01-2012, 10:56 PM

I would like to share a nice ebook on wireless penetration testing using backtrack 5. It is written in way that suits for beginners. I am sure that it will be a great help for beginners who use backtrack 5.
Its free. Just post here and pm me for the link...

Table of Contents

Chapter 1: Wireless Lab Setup

Hardware requirements
Software requirements
Installing BackTrack
Time for action – installing BackTrack
Setting up the access point
Time for action – configuring the access point
Setting up the wireless card
Time for action – configuring your wireless card
Connecting to the access point
Time for action – configuring your wireless card

Chapter 2: WLAN and Its Inherent Insecurities

Revisiting WLAN frames
Time for action – creating a monitor mode interface
Time for action – sniffing wireless packets
Time for action – viewing Management, Control, and Data frames
Time for action – sniffing data packets for our network
Time for action – packet injection
Important note on WLAN sniffing and injection
Time for action – experimenting with your Alfa card
Role of regulatory domains in wireless
Time for action – experimenting with your Alfa card

Chapter 3: Bypassing WLAN Authentication

Hidden SSIDs
Time for action – uncovering hidden SSIDs
MAC filters
Time for action – beating MAC filters
Open Authentication
Time for action – bypassing Open Authentication
Shared Key Authentication
Time for action – bypassing Shared Authentication

Chapter 4: WLAN Encryption Flaws

WLAN encryption
WEP encryption
Time for action – cracking WEP
WPA/WPA2
Time for action – cracking WPA-PSK weak passphrase
Speeding up WPA/WPA2 PSK cracking
Time for action – speeding up the cracking process
Decrypting WEP and WPA packets
Time for action – decrypting WEP and WPA packets
Connecting to WEP and WPA networks
Time for action – connecting to a WEP network
Time for action – connecting to a WPA network

Chapter 5: Attacks on the WLAN Infrastructure

Default accounts and credentials on the access point
Time for action – cracking default accounts on the access points
Denial of service attacks
Time for action – De-Authentication DoS attack
Evil twin and access point MAC spoofing
Time for action – evil twin with MAC spoofing
Rogue access point
Time for action – Rogue access point

Chapter 6: Attacking the Client

Honeypot and Mis-Association attacks
Time for action – orchestrating a Mis-Association attack
Caffe Latte attack
Time for action – conducting the Caffe Latte attack
De-Authentication and Dis-Association attacks
Time for action – De-Authenticating the client
Hirte attack
Time for action – cracking WEP with the Hirte attack
AP-less WPA-Personal cracking
Time for action – AP-less WPA cracking
Summary

Chapter 7: Advanced WLAN Attacks

Man-in-the-Middle attack
Time for action – Man-in-the-Middle attack
Wireless Eavesdropping using MITM
Time for action – wireless eavesdropping
Session Hijacking over wireless
Time for action – session hijacking over wireless
Finding security configurations on the client
Time for action – enumerating wireless security profiles
Summary

Chapter 8: Attacking WPA-Enterprise and RADIUS

Setting up FreeRadius-WPE
Time for action – setting up the AP with FreeRadius-WPE
Attacking PEAP
Time for action – cracking PEAP
Attacking EAP-TTLS
Time for action – cracking EAP-TTLS
Security best practices for Enterprises
Summary

Chapter 9: WLAN Penetration Testing Methodology

Wireless penetration testing
Planning
Discovery
Time for action – discovering wireless devices
Attack
Finding rogue access points
Finding unauthorized clients
Cracking the encryption
Compromising clients
Reporting
Summary