top of page
Search
jenkinsdiana

Wardriving and Wireless Penetration Testing: A Step-by-Step Ebook for Wi-Fi Security Assessment



In a recent post I asked for book recommendations for offensive security and/or penetration testing aligned certification exams and I received an amazing and somewhat overwhelming response. Thank you! Turns out there are far more books available than I even imagined and I have reading material now for the rest of the year!


Wireless networks are common in enterprise environments, making them a prime target for penetration testers. Additionally, misconfigured wireless networks can be easily cracked, providing penetration testers with a great deal of valuable information about the network and its users. This article explores some of the most widely-used tools for different aspects of wireless network hacking.




Wardriving and wireless penetration testing ebook




After gaining access to a wireless network, a penetration tester needs to perform network sniffing and traffic analysis to take advantage of that visibility. A couple of different options exist for monitoring and dissecting the traffic flowing over wireless networks.


Packet injection enables a penetration tester to inject data into an established network connection. This helps perfrom denial of service (DoS) and man-in-the-middle (MitM) attacks against wireless network users.


In some scenarios, performing wireless network hacking on a laptop would be conspicuous, while a mobile device would be essentially invisible. A few different platforms exist for performing penetration testing against wireless networks from a mobile device.


Kali Linux NetHunter is an open-source version of the Kali Linux operating system for Android devices. It provides several different tools for Wi-Fi hacking and mobile penetration testing, including Wireless 802.11 frame injection and one-click MANA Evil Access Point setup.


Wireless network hacking is an essential skill set for the modern penetration tester. While the tools described in this post are organized into categories, many have functionality that spans multiple different areas. Gaining familiarity with a few different wireless hacking tools can be a valuable investment in an ethical hacking career.


In short, Kismet is a very powerful wireless sniffing tool that is found in Kali Linux. This is an open-source tool very familiar to ethical hackers, computer network security professionals and penetration testers. While it can run on Windows and macOS, most users prefer to run Kismet on Linux because of a bigger range of configurations and drivers available. Wirelessly, Kismet is able to sniff 802.11a/b/g/n traffic.


In either case, Kismet is able to identify wireless network traffic as packets are traversing its antennae, giving hackers the ability to identify potential targets as they move. This is a technique called wardriving and is possible because Kismet is limited solely by the ability of the wireless network interface controller (WNIC) to catch packets based on the range and strength of the WAP(s) broadcasting.


Kismet is also a powerful tool for penetration testers that need to better understand their target and perform wireless LAN discovery. Although it should not be the only tool and technique employed, Kismet is able to identify WAPs in use, SSIDs and the type of encryption used on a network. With this information, penetration testers can use additional open-source tools to gain additional access and privileges into the network.


So how do ethical hackers and penetration testers make use of the data they have captured in Kismet? While there is no one way to move forward, there are three common paths: MAC address spoofing, packet injection and wireless encryption protection (WEP) cracking.


Whether you are in the penetration testing or ethical hacking business, Kismet is a must-have tool to understand and have in your toolbox. It can enable techniques such as wardriving, GPS mapping, network reporting and alerts, and more advanced actions such as packet injection and DOS. 2ff7e9595c


1 view0 comments

Recent Posts

See All

Comments


bottom of page