Index

A

• active scanning
  • about / Wireless network discovery
• Advanced Encryption Standard / Cracking WPA2
• airbase-ng
  • Virtual Access Points, creating with / Creating virtual access points with airbase-ng
• aircrack-ng suite
  • installing, on OpenWrt / Installing the aircrack-ng suite on OpenWrt
• Airgraph-ng
  • relationships, displaying with / Visually displaying relationships with Airgraph-ng
• Airodump-ng
  • about / Airodump-ng
  • location, adding to / Adding a location to Airodump-ng with GPS
• Airpwn
  • about / Using OpenWrt for wireless assessments
• Android PCAP
  • using, for wireless discovery / Wireless discovery using Android PCAP
• Android PCAP Capture / Running Kali on Android phones and tablets
• antennas
  • about / Antennas
  • omnidirectional antenna / Omnidirectional antennas
  • patch antennas / Patch antennas
  • yagi antennas / Yagi antennas
• ARP (Address Resolution Protocol)
  • about / MAC address Spoofing/ARP poisoning
• ARP poisoning
  • about / MAC address Spoofing/ARP poisoning
• Atheros AR9271, wireless adapters
  • about / Atheros AR9271
  • ALFA AWUS036NHA model / Atheros AR9271
  • ALFA AWUS036NH model / Atheros AR9271
• authentication bypass, firmware
  • about / Authentication bypass
  • vulnerabilities / Authentication bypass
  • CVE-2013-7282 vulnerability / CVE-2013-7282
  • CVE-2013-6026 vulnerability / CVE-2013-6026
  • CVE-2015-7755 vulnerability / CVE-2015-7755
• authentication flood attack
  • about / Authentication flood attack
  • attack scenario / An attack scenario
  • access points, scanning for / Scanning for access points
  • MDK3 setup / MDK3 setup for authentication flood
  • summary / The attack summary
• AutoSSH
  • using, for reverse shell / Using AutoSSH for reverse shell

B

• Basic Service Set (BSS)
  • about / 802.11 network terminology
  • Basic Service Set Identifier (BSSID) / 802.11 network terminology
  • Service Set Identifier (SSID) / 802.11 network terminology
• Browser AutoPwn
  • about / Browser AutoPwn
  • browser_autopwn attack, setting up / Setting up Metasploit's Browser Autopwn attack
• Brute forcing SSH
  • about / Attacking SSH

C

• 802.11 configuration modes
  • about / 802.11 configuration modes
  • infrastructure mode / 802.11 configuration modes
  • ad hoc mode / 802.11 configuration modes
• Client Probes
  • discovering, with Hoover / Discovering Client Probes with Hoover
• command injection, firmware
  • about / Command injection
  • CVE-2008-1331 vulnerability / CVE-2008-1331
• community string / Attacking SNMP
• Compal Broadband Networks (CBN) / CVE-2014-8654
• control frames
  • about / Management and control frames
• coWPAtty / Generating rainbow tables using genpmk
• credential harvesting
  • about / Credential harvesting
  • DNS, spoofing with Ettercap / Using Ettercap to spoof DNS
  • fake web page, hosting / Hosting your fake web page
• Cross-Site Request Forgery (CSRF), firmware
  • about / Cross-Site Request Forgery
  • CVE-2014-5437 vulnerability / CVE-2014-5437
  • CVE-2014-8654 vulnerability / CVE-2014-8654
  • CVE-2013-2645 vulnerability / CVE-2013-2645
• CVEs (Common Vulnerabilities and Exposures) / Authentication bypass

D

• data
  • extracting, from unencrypted protocols / Extracting data from unencrypted protocols
• Denial of Service, firmware
  • about / Denial of Service
  • OSVDB-102605 vulnerability / OSVDB-102605
  • CVE-2009-3836 vulnerability / CVE-2009-3836
• Denial of Service attacks
  • overview / An overview of DoS attacks
• Display Filters / Analyzing wireless packet capture
• DNS spoofing
  • about / DNS spoofing
• Domain Name System (DNS)
  • about / Extracting the most visited sites
• Dynamic DNS (DDNS) configuration / CVE-2014-8654

E

• Enterprise EAP (Extensible Authentication Protocol) / Cracking 802.1x using hostapd
• equipment, selecting
  • about / Choosing the right equipment
  • supported wireless modes / Supported wireless modes
  • wireless adapters / Wireless adapters
  • antennas / Antennas
• Ettercap
  • configuring, for DNS spoofing / Configuring Ettercap for DNS spoofing
• Eventing
  • about / Control
• Extended Service Set (ESS)
  • about / 802.11 network terminology
  • ESSID / 802.11 network terminology
• Extensible Authentication Protocol over LAN (EAPOL) traffic
  • about / Cracking 802.1x using hostapd

F

• 802.11 Frames
  • about / 802.11 frames
  • Management frames / Management frame
  • control frames / Control frames
  • data frames / Data frames
• fake beacon flood attack
  • about / The fake beacon flood attack
  • MDK3, using with Random SSID / MDK3 fake beacon flood with a random SSID
  • MDK3, using with selected SSID list / MDK3 fake beacon flood with the selected SSID list
  • summary / The attack summary
• firmware
  • about / Attacking the firmware
  • attacking / Attacking the firmware
  • authentication bypass / Authentication bypass
  • Cross-Site Request Forgery (CSRF) / Cross-Site Request Forgery
  • remote code execution / Remote code execution
  • command injection / Command injection
  • Denial of Service / Denial of Service
  • information disclosure / Information disclosure

G

• 2.4 GHz spectrum
  • about / The 2.4 GHz spectrum
• 5 GHz spectrum
  • about / The 5 GHz spectrum

H

• Hoover
  • about / Discovering Client Probes with Hoover
• Hostapd
  • Virtual Access Points, creating with / Creating virtual access points with Hostapd
• HTTP objects
  • extracting / Extracting HTTP objects
• Hypertext Transfer Protocol (HTTP)
  • about / Extracting data from unencrypted protocols

I

• information disclosure, firmware
  • about / Information disclosure
  • CVE-2014-6621 vulnerability / CVE-2014-6621
  • CVE-2014-6622 vulnerability / CVE-2014-6622
  • CVE-2015-0554 vulnerability / CVE-2015-0554
• Intrusion Detection Systems (IDS) / An overview of DoS attacks
• iwconfig command / Mapping the wireless adapter into Kali

K

• Kali
  • running, on Android phones and tablets / Running Kali on Android phones and tablets
• Kali Linux
  • for Wireless Pentester / Kali Linux for the wireless pentester
  • downloading / Downloading Virtual Box
  • installing / Installing Virtual Box
  • VirtualBox deployment / Kali Linux deployment
  • wireless adapter, mapping into / Mapping the wireless adapter into Kali
  • accessing, from remote location / Accessing Kali Linux from a remote location
• Karma
  • about / Using OpenWrt for wireless assessments
• Kismet
  • about / Kismet
  • configuring / Kismet
  • usages / Kismet

L

• Local-Link Multicast Name Resolution (LLMNR)
  • about / NBNS spoofing
• lorcon2 / Metasploit's fake beacon flood attack
• lsusb command / Mapping the wireless adapter into Kali

M

• MAC (Media Access Control)
  • about / MAC address Spoofing/ARP poisoning
• MAC address spoofing
  • about / MAC address Spoofing/ARP poisoning
• Management Frame Protection / An overview of DoS attacks
• Management frames
  • subtypes / Management frame, Management and control frames
  • about / Management frame, Management and control frames
• Management Information Base (MIB) / Attacking SNMP
• Mdk3
  • about / Using OpenWrt for wireless assessments
• Metasploit's fake beacon flood attack
  • packet injection support, configuring with lorcon / Configuring packet injection support for Metasploit using lorcon
  • monitor mode interface, creating / Creating a monitor mode interface
• Metasploit CTS/RTS flood attack
  • about / The Metasploit CTS/RTS flood attack
  • performing / The Metasploit CTS/RTS flood attack
  • Metasploit setup / The Metasploit setup for an RTS-CTS attack
  • summary / The attack summary
• Metasploit deauthentication flood attack
  • about / The Metasploit deauthentication flood attack
  • target access points, identifying / Identifying the target access points
  • wireless client and AP, attacking / Attacking the wireless client and AP using Metasploit
  • summary / The attack summary
• Metasploits fake beacon flood attack
  • about / Metasploit's fake beacon flood attack
• MiniPwner
  • URL / Using OpenWrt for wireless assessments
• misconfiguration
  • issues, identifying / Checks on misconfiguration

N

• 802.11 network terminology
  • about / 802.11 network terminology
  • Basic Service Set (BSS) / 802.11 network terminology
  • Extended Service Set (ESS) / 802.11 network terminology
  • Independent Basic Service Set (IBSS) / 802.11 network terminology
• name resolution spoofing
  • about / Name resolution spoofing
• National Vulnerability Database / Attacking SNMP
• NBNS spoofing
  • about / NBNS spoofing
• NetBIOS Name Service (NBNS)
  • about / NBNS spoofing

O

• omnidirectional antenna
  • about / Omnidirectional antennas
• OpenWrt
  • about / Using OpenWrt for wireless assessments
  • URL / Using OpenWrt for wireless assessments
  • using, for wireless assessments / Using OpenWrt for wireless assessments
  • aircrack-ng suite, installing / Installing the aircrack-ng suite on OpenWrt
• OpenWrt Embedded device
  • powering / Powering and concealing your Raspberry Pi or OpenWrt embedded device
  • concealing / Powering and concealing your Raspberry Pi or OpenWrt embedded device

P

• packet capture files
  • merging / Merging packet capture files
• Pairwise Transient Keys (PTK)
  • about / WPA Personal
• passive scanning
  • about / Wireless network discovery
• patch antennas
  • about / Patch antennas
• phishing
  • about / Credential harvesting
• Physical Address Extension memory / Kali Linux deployment
• Port Mapping / CVE-2014-5437
• Pre-shared Master Key (PMK)
  • about / WPA Personal
• Presentation
  • about / Control

R

• rainbow tables
  • generating / Generating rainbow tables
  • generating, genpmk used / Generating rainbow tables using genpmk
  • generating, airolib-ng used / Generating rainbow tables using airolib-ng
• Ralink RT3070, wireless adapters
  • about / Ralink RT3070
  • examples / Ralink RT3070
  • ALFA AWUS036NH model / Ralink RT3070
  • ALFA AWUS036NEH model / Ralink RT3070
  • Tenda UH151 model / Ralink RT3070
• Ralink RT3572, wireless adapters
  • about / Ralink RT3572
  • ALFA AWUS051NH model / Ralink RT3572
• Raspberry Pi
  • using, for wireless assessments / Using Raspberry Pi for wireless assessments
  • powering / Powering and concealing your Raspberry Pi or OpenWrt embedded device
  • concealing / Powering and concealing your Raspberry Pi or OpenWrt embedded device
• read-only memory (ROM) / Attacking the firmware
• Reaver
  • about / Cracking WPS
• reaver
  • about / Using OpenWrt for wireless assessments
• remote code execution, firmware
  • about / Remote code execution
  • CVE-2014-9134 vulnerability / CVE-2014-9134
• rogue DHCP server
  • about / Rogue DHCP server

S

• scanning phase
  • about / The scanning phase
  • passive scanning / Passive scanning
  • active scanning / Active scanning
• Secure Shell (SSH)
  • about / Attacking SSH
  • attacking / Attacking SSH
• services
  • attacking / Attacking the services
• session hijacking
  • about / Session hijacking using Tamper Data
  • example / An example of session hijacking
  • performing, Tamper Data used / Performing session hijacking using Tamper Data
• SET (Social Engineering Toolkit)
  • about / Credential harvesting
• Simple Mail Transfer Protocol (SMTP) / Extracting HTTP objects
• Simple Network Management Protocol (SNMP)
  • attacking / Attacking SNMP, Attacking SNMP
  • Manager / Attacking SNMP
  • Agent / Attacking SNMP
  • MIB / Attacking SNMP
  • CVE-2014-4863 / CVE-2014-4863: Arris Touchstone DG950A SNMP information disclosure
  • CVE-2008-7095 / CVE-2008-7095: Aruba Mobility Controller SNMP community string dislosure
• SOAP (Simple Object Access Protocol) / Attacking UPnP
• SSL stripping attack
  • about / SSL stripping attack
  • SSLstrip, setting up / Setting up SSLstrip
• Stumbling
  • about / Wireless network discovery

T

• Telnet
  • attacking / Attacking Telnet
  • about / Attacking Telnet
• Temporal Key Integrity Protocol (TKIP)
  • about / Overview of different wireless security protocols
• tools, for trade
  • about / Tools of the trade
  • Airodump-ng / Airodump-ng

U

• Universal Plug and Play (UPnP)
  • about / Attacking UPnP
  • attacking / Attacking UPnP
  • workflow / Attacking UPnP
  • discovery / Discovery
  • description / Description
  • control / Control
• UPnP attacks
  • about / UPnP attacks
  • CVE-2011-4500 / CVE-2011-4500
  • CVE-2011-4499 / CVE-2011-4499
  • CVE-2011-4501 / CVE-2011-4501
  • CVE-2012-5960 / CVE-2012-5960

V

• Virtual Access Points
  • creating, with Hostapd / Creating virtual access points with Hostapd
  • creating, with airbase-ng / Creating virtual access points with airbase-ng
• VirtualBox
  • URL / Downloading Virtual Box

W

• web-based malware
  • about / Web-based malware
  • malicious payload, creating with msfpayload / Creating malicious payload using msfpayload
  • malicious payload, hosting on SET / Hosting the malicious payload on SET
• Wi-Fi Alliance
  • URL / Wireless standards
• Wi-Fi Protected Access (WPA)
  • about / Overview of different wireless security protocols
  • cracking / Cracking WPA
  • WPA Personal / WPA Personal
• Wi-Fi Protected Access II (WPA2)
  • about / Overview of different wireless security protocols, Cracking WPA2
  • cracking / Cracking WPA2
• Wi-Fi Protected Setup (WPS)
  • about / Cracking WPS
  • cracking / Cracking WPS
  • 802.1x, cracking with hostapd / Cracking 802.1x using hostapd
• Wifi Pineapple
  • URL / Using OpenWrt for wireless assessments
• Wired Equivalent Privacy (WEP) / Overview of different wireless security protocols
• Wireless-tools
  • about / Using OpenWrt for wireless assessments
• wireless adapters
  • about / Wireless adapters
  • Ralink RT3070 / Ralink RT3070
  • Atheros AR9271 / Atheros AR9271
  • Ralink RT3572 / Ralink RT3572
• wireless assessments
  • Raspberry Pi, using for / Using Raspberry Pi for wireless assessments
• wireless communication
  • about / Wireless communication
• wireless modes
  • managed mode / Supported wireless modes
  • ad-Hoc mode / Supported wireless modes
  • master mode / Supported wireless modes
  • monitor mode / Supported wireless modes
• wireless network discovery
  • about / Wireless network discovery
• Wireless Provisioning Service (WPS)
  • about / WPS discovery with Wash
  • discovery, with Wash / WPS discovery with Wash
• wireless security protocols
  • about / Overview of different wireless security protocols
• wireless standards
  • about / Wireless standards
  • 2.4 GHz spectrum / The 2.4 GHz spectrum
  • 5 GHz spectrum / The 5 GHz spectrum
• wireless traffic, capturing with Wireshark
  • about / Capturing traffic with Wireshark
  • capture filters, applying / Capturing traffic with Wireshark
  • decryption, Wireshark used / Decryption using Wireshark
  • WEP-encrypted traffic, decrypting / Decrypting and sniffing WEP-encrypted traffic
  • WEP-encrypted traffic, sniffing / Decrypting and sniffing WEP-encrypted traffic
  • WPA-encrypted traffic, decrypting / Decrypting and sniffing WPA-encrypted traffic
  • WPA-encrypted traffic, sniffing / Decrypting and sniffing WPA-encrypted traffic
  • wireless packet capture, analyzing / Analyzing wireless packet capture
  • network relationships and configuration, determining / Determining network relationships and configuration
  • most visited sites, extracting / Extracting the most visited sites
• Wireshark
  • about / Wireshark, Capturing traffic with Wireshark
  • for sniffing on WLAN / Wireshark
  • wireless traffic, capturing with / Capturing traffic with Wireshark
• Wireshark Display Filter Reference
  • URL / Analyzing wireless packet capture
• Wireshark Wiki
  • URL / Analyzing wireless packet capture
• WLAN components
  • about / Wireless communication
  • radio / Wireless communication
  • access points / Wireless communication
• WPA Personal
  • about / WPA Personal
• WPA Pre Shared Key (PSK)
  • about / WPA Personal

Y

• yagi antennas
  • about / Yagi antennas