BackTrack 5 Wireless Penetration Testing Beginner's Guide [Paperback]

Vivek Ramachandran (Author)

Book Description

Publication Date: September 9, 2011 | ISBN-10: 1849515581 | ISBN-13: 978-1849515580

Written in Packt's Beginner's Guide format, you can easily grasp the concepts and understand the techniques to perform wireless attacks in your lab. Every new attack is described in the form of a lab exercise with rich illustrations of all the steps associated. You will practically implement various attacks as you go along. If you are an IT security professional or a security consultant who wants to get started with wireless testing with Backtrack, or just plain inquisitive about wireless security and hacking, then this book is for you. The book assumes that you have familiarity with Backtrack and basic wireless concepts.

Editorial Reviews

About the Author

Vivek Ramachandran

Vivek Ramachandran is a world renowned security researcher and evangelist. He is the discoverer of the wireless "Caffe Latte Attack" and has delivered presentations in world renowned Information Security conferences such as Defcon and Toorcon in the US. His discoveries and talks have been widely quoted by the International media including - BBC Online, Network World, The Register, Mac World, Computer Online and others.

In 2006, Microsoft declared Vivek as one of the winners of the Microsoft Security Shootout Contest held in India among an estimated 65,000 participants. In 2005, he was awarded a team achievement award by Cisco Systems for his work in the 802.1x and Port Security modules.

He is well known in the hacking and security community as the founder of SecurityTube.net , a free video based computer security education portal which gets an estimated 100,000 monthly visitors.

Vivek is also an accomplished trainer and travels around the world conducting workshops and training sessions for corporates and students. He holds a degree in B.Tech from IIT Guwahati and acts as an advisor to the computer science department's Security Lab.

Product Details

• Paperback: 220 pages
• Publisher: Packt Publishing (September 9, 2011)
• Language: English
• ISBN-10: 1849515581
• ISBN-13: 978-1849515580
• Product Dimensions: 7.5 x 0.4 x 9.2 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (39 customer reviews)
• Amazon Best Sellers Rank: #157,006 in Books (See Top 100 in Books)
  • #28 in Books > Computers & Technology > Networking > Wireless Networks
  • #45 in Books > Computers & Technology > Operating Systems > Linux > Networking & System Administration

Most Helpful Customer Reviews

34 of 36 people found the following review helpful

5.0 out of 5 stars A Must-Have Tutorial on Backtrack 5 and Its Tools September 26, 2011

By Seth

Format:Paperback

An amazing book. This one wastes no time with a long pre-amble or justifying why you'd need to know how to pen-test; it just tells you what you need to know. You're sniffing wireless traffic right from the start, injecting packets by page 40 or so, and then you're off spoofing MAC addreses, cracking WPA (even shared authentication), and doing man-in-the-middle attacks.

This is not a book that explains a lot of theory and then expects you to figure out how to apply it. It's a finely-tuned set of clear, intentional tutorials that explains how to use the tools, how to get results, and then explains what happened and why. It covers some of the basics (like ifconfig, iwconfig, ping, and a little bit about packet specifications), and then moves on to the heavy-lifters like airmon, aireplay, airodump, wireshark, and others.

While all of these tools have tutorials and manuals online, the way they work together is seldomly explained, and even more rarely are they explained with the clarity and focus of this book. The situations the book covers are realistic wireless network setups that you'll find at businesses, cafes, and homes. There are screenshots on nearly everypage, so it doesn't just explain what to do - it actually shows you.

If you're completely new to pen-testing, this book is where you should start. You should try to learn at least a little bit of Linux before delving into this (but you should be learning that anyway) but this book doesn't assume that you are a pro. It guides you through all of the basic essentials, such as setting up a pen-testing lab environment (configuring your access point, making sure your wireless card is open enough to be configured, and so on), and even how to install Backtrack Linux itself. You will need a good lab environment to use this book effectively, so make sure you have access to a router, two laptops with wireless cards (one to use and one to be the victim), and a usb wireless card to perform packet injection (the book recommends the Alfa AWUS036H).

All in all, whether you're learning this stuff because you're angry at the world and want to mess up wireless networks or because you're a sys admin and need to protect your network from intruders, this is easily the best book on the subject I have found. Too many books on this topic assume that the reader is a "security professional" and uses jargon and lingo without explaining anything. This book sits down with you, gives you the information you need, and you get the results that you wanted. Considering that courses from Backtrack's website start at around $750, this book feels like a hack in itself.

21 of 22 people found the following review helpful

5.0 out of 5 stars Best book to master Wi-Fi Kung Fu October 31, 2011

By Nagareshwar Talekar

Format:Paperback

Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.

This book is highly technical & written completely from practical perspective. To get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.

Here is the complete chapter by chapter review,

First chapter starts with the famous line from `Abraham Lincoln' pressing on the importance of setting up the play ground,

"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."

It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can't perform most of the attacks.

Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.

It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.

Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform `Evil Twin' attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.

Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.

Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using `WPA2-PSK with a strong passphrase' for smaller/medium size organizations and `WPA2-Enterprise with EAP-TLS' for larger organizations.

Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.

Highlights of the Book

* Very well written and enjoyable to read
* Practical and includes latest stuff from wireless field
* Every attack technique is very well shown with complete technical details and illustrative screenshots.
* Includes action items for reader to explore more and gain more expertise
* Pop Quiz at the end of each chapter ensures that you were not dozing off

After reading this book completely, one thing is sure that you would like to change its title from "Beginners guide" to "Not just Beginners guide". Even though its his first book, I am amazed with his style of writing and `connecting with reader' mentality making it easier to grasp and enjoyable to read on.

And here comes the final verdict,

"Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu."

18 of 21 people found the following review helpful

2.0 out of 5 stars Not What I Expected March 31, 2012

By R. Gravell

Format:Paperback|Amazon Verified Purchase

I was very disappointed with the content of this book, and in some cases that was my fault for having incorrect expectations about the content, and other times it was the book's fault (blame can be spread to the author, proofreader, etc.). I had expected theory based coverage of many of the tools present in the Backtrack distribution, along with examples of what they exploit and how to implement them. What I got was coverage mostly of the aircrack suite (along with a few other tools supplementing it along the way) that was based largely upon copying the code that was on the page while changing a few variables. There is plenty of implementation of the attacks, but the space in the book could have been far better used.

As another reviewer pointed out, the pages regularly consist of 50-90% screenshots of commands being run and the resulting output. In general I think this is a good idea, as it lets the reader know exactly what the command should look like when it is typed in and what they should expect to see for output. This is taken to ridiculous extremes, such as when the author instructs to change the wireless protection on the AP, there are repeated screenshots of his setup. Maybe the first one had purpose, but showing it every time is just padding.

And for as little content I feel was covered in the book, there sure was a lot of padding, and I mean beyond the "make sure packets are being collected by running Wireshark" with an accompanying picture of a Wireshark capture (repeatedly). De-authentication attacks are used twice prior to being introduced as a means of a DoS attack, and yet instead of covering something new (such as the Dis-Association attack which is left to the reader to figure out on their own) the author decides to plow through and describe how to send de-authentication packets for a third time. Using aircrack to implement the Caffe-Latte and Hirte attacks are both covered separately, despite the fact that they differ by a single command line argument. It genuinely baffles me why the author chose to recover extremely similar attacks and in some cases the exact same material, while leaving others as assignments for the reader.

I am also a bit confused about the level of experience the reader is expected to have before entering. While the book clearly says it is for beginners and the vast majority of its material is presented at a good hand-holding pace for beginners (not an insult at all), there are other times when knowledge is assumed that I am not sure it is safe to be assumed. When I bought a book on Wireshark, it assumed the reader had knowledge of packet structure, yet still gave a very thorough chapter to covering the vital aspects in case the reader was not familiar. This book for beginners assumes a knowledge of how WLAN frames are organized, and gives a cursory 2 pages to explaining it for the uninitiated. In a section on creating network bridges, the ability to use WLAN's on both sides of the bridge is mentioned and left for the reader to implement themselves. However, I have found it to be very different from the method required by ethernet that is covered in the book, and a helpful weblink would have been great if the author did not see fit to actually cover the steps himself.

And there is my criticism with the book. It hammers home and repeats concepts which are mostly summed up as "type exactly what is on the page" and skips over the cryptographic and networking theory, as well as techniques that are constantly mentioned but never actually covered beyond leaving them as an exercise for the reader. I am not opposed to doing external research, but when I feel that I could have just done the research (mostly via aircrack-ng.org) and gained the same practical knowledge of how to implement the attacks as well as a more firm understanding of the theory behind them, I cannot say I am happy to have spent $50 on this book.

Again, not all of this falls on the author or the book, as some of it was that my expectations were not in line with what was presented. A lot of topics are covered, a handful of tools (notably aircrack and Wireshark) are given varying degrees of coverage. There are helpful links to get to other material, and the pacing is great for a beginner. But for $50 I expect a lot more content, and a lot less repetition and unnecessary pictures.