Book Review: BT5 Wireless Penetration Testing

BT5 Wireless Penetration TestingFinally, I found some time to write my review of another book: “BackTrack 5 Wireless Penetration Testing“. The book was written by Vivek Ramachadran. Good coincidence? Vivek was present during the last edition of BruCON and gave a workshop called “Wi-Fi malware for fun and profit“. Being quite busy during the conference, I didn’t have lot of free time to attend workshops. This book was a good opportunity to learn new stuff…

Wireless networks have something “exciting” from a security perspective: Everybody use them daily even if we agree that lot of them are completely insecure. Everything has been said, tested and … exploited!

Let’s review the book! The first chapter starts with the classic steps to build your own lab (Reminder: never test your attacks against a network you don’t own). Then a chapter is dedicated to a review the bases of Wireless networks: the different types of frames, how to sniff and inject packets.

The chapters three and four explain how to bypass Wireless authentication mechanisms. First, simple protections like hidden SSID, MAC filtering and shared-key authentication. Then, classic encryption protocols (WEB, WPA, WPA2). Protocols are reviewed (how they work) then an attack scenario is described step by step. Maybe the most important conclusion of this chapter is:

WPA/WPA2 is cryptographically un-crackable currently, however, under special circumstances, such as when a weak passphrase is chosen in WPA/WPA2-PSK, it is possible to retrieve the passphrase using dictionary attacks.

The fifth chapter focuses on the Wireless infrastructure: How to attack the access points (DoS, MAC spoofing and rogue access points). After the infrastructure, the next chapters (seven & height) address the client: honeypot attacks, the Caffe Latte attack (created by Vivek himselve), MitM attacks and sessions hijacking. The chapter nine covers WPA-enterprise (with RADIUS authentication). Finally, the last chapter is a big resume: How to conduct a pentest using all the techniques describe previously.

What did I learn by reading this book? I’m just a dump occasional aircrack-ng user. I already cracked some WEP & WPA keys during audits or in labs, no more no less. In fact they are plenty of interesting options and techniques to stress-test Wireless networks (always without breaking any law of course!). Regarding the way the book is organized, I liked the numerous screenshots! All commands are described with copy of screens. It’s written like a recipe. Just follow all the steps! If your job requires knowledges of Wireless network security, this book is a must!

More information about the book here.

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *