Backtrack 5 Wireless Penetration Testing Beginner's Guide [Englisch] [Taschenbuch]

An amazing book. This one wastes no time with a long pre-amble or justifying why you'd need to know how to pen-test; it just tells you what you need to know. You're sniffing wireless traffic right from the start, injecting packets by page 40 or so, and then you're off spoofing MAC addreses, cracking WPA (even shared authentication), and doing man-in-the-middle attacks.

This is not a book that explains a lot of theory and then expects you to figure out how to apply it. It's a finely-tuned set of clear, intentional tutorials that explains how to use the tools, how to get results, and then explains what happened and why. It covers some of the basics (like ifconfig, iwconfig, ping, and a little bit about packet specifications), and then moves on to the heavy-lifters like airmon, aireplay, airodump, wireshark, and others.

While all of these tools have tutorials and manuals online, the way they work together is seldomly explained, and even more rarely are they explained with the clarity and focus of this book. The situations the book covers are realistic wireless network setups that you'll find at businesses, cafes, and homes. There are screenshots on nearly everypage, so it doesn't just explain what to do - it actually shows you.

If you're completely new to pen-testing, this book is where you should start. You should try to learn at least a little bit of Linux before delving into this (but you should be learning that anyway) but this book doesn't assume that you are a pro. It guides you through all of the basic essentials, such as setting up a pen-testing lab environment (configuring your access point, making sure your wireless card is open enough to be configured, and so on), and even how to install Backtrack Linux itself. You will need a good lab environment to use this book effectively, so make sure you have access to a router, two laptops with wireless cards (one to use and one to be the victim), and a usb wireless card to perform packet injection (the book recommends the Alfa AWUS036H).

All in all, whether you're learning this stuff because you're angry at the world and want to mess up wireless networks or because you're a sys admin and need to protect your network from intruders, this is easily the best book on the subject I have found. Too many books on this topic assume that the reader is a "security professional" and uses jargon and lingo without explaining anything. This book sits down with you, gives you the information you need, and you get the results that you wanted. Considering that courses from Backtrack's website start at around $750, this book feels like a hack in itself.

Disclaimer: I have received this book from the publisher for special review. And author is good friend of mine. However the review remains genuine and unbiased.

This book is highly technical & written completely from practical perspective. To get the best out of this book you need to parallely follow it up with your own setup as shown in first chapter. And at the end of it, there will be one more Wi-Fi ninja in the air.

Here is the complete chapter by chapter review,

First chapter starts with the famous line from `Abraham Lincoln' pressing on the importance of setting up the play ground,

"If I had eight hours to chop down a tree, I'd spend six hours sharpening my axe."

It lists both hardware/software requirements with 2 Wi-Fi enabled laptops, one injectible Wi-Fi card (Alfa AWUS036H) & a access point. Some more listing of alternative injectible Wi-Fi cards would have been better though. It is often difficult to get the right one especially for those who are outside USA/UK. In my initial days of wardriving, I remember waiting for entire year to get my first injectible USB dongle. And without the right card, you are on the back foot as you can't perform most of the attacks.

Remaining portion of first chapter shows how to install BackTrack, Setting up access point and wireless cards in detail with screenshots. Next one explains in brief about wireless frames and shows how to capture the Wi-Fi packets in the air and inject your own packets using Alfa card.

It goes more interesting with chapter 3 showing how to bypass various wireless security restrictions such as hidden SSIDs, defeating MAC filters, bypassing WEP authentication etc. Next it shows how to really crack those 128 bit WEP keys using aircrack-ng tool. Finally it describes how we can use these cracked WEP/WPA passphrase to decrypt wireless data packets and directly connect to WEP/WPA network.

Chapter 5 explains various Denial of Service (DoS) attacks including De-Authentication, Dis-Association, CTS-RTS attack & spectrum jamming. It also shows how one can perform `Evil Twin' attack against legitimate Access point and how to setup rogue access point to gain backdoor entry into the network.

Often the weakest point lies at the client side, so the chapter 6 goes to describe all those attacks one can perform on wireless clients including Honeypot and Mis-Association attacks, Caffe Latte attack, De-Authenticaton and Dis-Association attacks, Hirte attack, AP-less WPA-Personal cracking etc. Next one shows how to perform wireless based Man-in-the-Middle (MITM) attacks and then use it for sniffing and hijacking of user sessions.

Chapter 8 focuses on WPA-enterprise based attacks such as exploiting the weakness in PEAP, EAP-TLS protocols. It ends with recommendation on secure wireless configuration using `WPA2-PSK with a strong passphrase' for smaller/medium size organizations and `WPA2-Enterprise with EAP-TLS' for larger organizations.

Final chapter touches very briefly on pen testing methodologies and then goes more into wireless pen testing using the attacks explained in previous chapters. It starts with step by step of discovery of wireless devices, finding unauthorized clients, rogue access points and then cracking the wireless encryption using the attacks demonstrated in previous chapters.

Highlights of the Book

* Very well written and enjoyable to read
* Practical and includes latest stuff from wireless field
* Every attack technique is very well shown with complete technical details and illustrative screenshots.
* Includes action items for reader to explore more and gain more expertise
* Pop Quiz at the end of each chapter ensures that you were not dozing off

After reading this book completely, one thing is sure that you would like to change its title from "Beginners guide" to "Not just Beginners guide". Even though its his first book, I am amazed with his style of writing and `connecting with reader' mentality making it easier to grasp and enjoyable to read on.

And here comes the final verdict,

"Written by wireless expert, this book goes beyond the words and highly recommended to anyone willing to master Wi-Fi Kung Fu."

I am slated to teach an ethical hacking class this summer (with a trip to Defcon 20 at the end). I originally planned on using a CEH prep book for a text, but decided to go with a couple of real world hacking texts instead. I wanted to have a mix of vulnerability exploitation and wireless pen testing in the course. I immediately thought of looking at this new book by Vivek (@SecurityTube) for the wireless context. Vivek is the founder of SecurityTube and also the author of a 40+ part video series known as the Wireless Security Megaprimer. This megaprimer serves as a basis for the recently introduced SecurityTube Wireless Security Expert (SWSE) certification.

This book is published by Packt Publishing. I was sent an ebook version of the book. I must say that I really appreciate Packt's way of sending a nice non-DRM version of the book for my evaluation. What's to stop me from reselling the book or handing it down to my students (aside from CISSP mofo code of ethics)? At the bottom of every page there is a statement saying this book was created for my sole usage. As a professor, I really like this solution. So many other publishers refuse to send e-books because they are overly concerned about DRM, and don't realize that I can just as easily scan or copy a paper book to hand out if I'm ethically challenged.

So what's in this book anyway? Vivek starts the book with a chapter telling you how to set up an appropriate lab to do all of the things discussed in the book. His directions are straightforward. Vivek recommends an Alpha wireless adapter. I did all the labs in the book with a Hawking HWU8DD high-gain wireless-G dish adapter that I had available and everything seemed to work well. I'm sure that there are other adapters out there that would also work well for anyone using this book.

In the second chapter, Vivek provides a comprehensive overview of why wifi is inherently insecure. From here he goes on to discuss ways of bypassing authentication. In the fourth chapter, Vivek discusses encryption. The conversation goes well beyond what is wrong with WEP and includes ways to speed up WPA/WPA2 cracking as well.

In chapter 5, Vivek talks about attacking the infrastructure. Topics covered include default accounts and DoS attacks. From here the focus is shifted to attacking the client. Naturally, some attention is given to the Caffe Latte attack against WEP that Vivek discovered some years ago. For the record, I think this is one of the cooler attacks given the ability to attack a network that is potentially miles and miles away.

Chapters 7 & 8 deal with more advanced attacks such as man-in-the-middle and attacks against WPA-Enterprise. While not too many people (at least in the USA) seem to be using WPA-Enterprise, it certainly doesn't hurt to know how to attack it should the need arise.

The final chapter discusses wireless pen testing methodology. Concluding thoughts and answers to pop quizzes are found in the appendices.

What do I like about this book? This book is very approachable. Vivek doesn't assume you are starting this book as a wifi or even networking expert. Anyone with half a clue about how networking and wifi work could successfully learn from this book. The book emphasizes doing over theory. Activities to actually try and see for yourself are everywhere in the book. Instead of droning on and on about the theory of this and that and having some exercises at the the end of the chapters, Vivek says do this and see what happens, now do that, then he discusses what has just been seen. I like his teaching style.

I'm sure someone out there will say "Why should I drop $50 on this book, when it essentially parallels the freely available megaprimer on SecurityTube?" My response to this is: first of all, shame on you. Stop being such a cheapskate. Vivek has obviously put a lot of work into developing an excellent tutorial and the man deserves a little compensation. Secondly, even if you have a problem giving up a few dollars for the book over just watching the video, some times you just want to have a book. It is a lot easier to check or refresh your knowledge on something using the book than it is to try and figure out which of the 40+ videos a topic was discussed in. Because the book essentially parallels the video, I would recommend you read the book and watch the videos, especially if you are going through the book on your own.

Now for the bad news. What didn't I like about this book. I thought about it for a while and nothing really comes to mind. I think this is an excellent book for anyone wanting to learn more about wireless security. When you consider that there are 12+ hours of video available to supplement the book (not that I feel this is necessary) $50 is a good deal for this book.