
This video provides an overview of the entire course.
We will discover the methods and techniques along with some meanings behind the different wireless network signals.
Exploiting and learning about the 2.4GHz Wireless Frequencies
Discovering the powers behind the 5.0GHz Wireless Frequencies
While using a regular Wireless card will get us by with this course, we can take a huge advantage of the Wi-Fi Pineapple and discover some of the powers behind this amazing antenna.
Explore Wi-Fi Pineapple
Is your target a little out of your wireless cards reach? With a Yagi antenna, you don’t have that issue… Unless they are extremely far away. When setup properly, a Yagi antenna can reach up to 1500 kilometres away.
Investigate the Yagi Antenna
Now we have seen some of these awesome tools, we have watched Mr. Robot at least 100 times, and have seen the Hackers trilogy, it is time to start learning. What better way to do that than with Kali Linux!
Install and set up Kali Linux
When we attempt to crack a password (Wireless | Server | Website | Phone | ETC.) We need Dictionary of Passwords. This will allow us to insert several different passwords in a text file and use that document later on in our arguments against our target.
Create a custom Password Dictionary
We know that Wi-Fi networks are connected by either WEP/WPS/WPA/WPA2, however, do we understand those security protocols? Don’t worry, in this section we will be learning about each of them.
Discover the WEP Security Protocols
Learn what WPS Security is
Explorethe WPA/WPA2 security protocols
Alright, so we have our Kali Linux installed, and we want to connect to the internet. But we don’t have any. What should we do? With Kali, we can scan to see who has internet around us.
Use WIFITE to scan for targets around us to connect us to the internet
So, we have found our target Wi-Fi, and we have built our own Password Dictionary, now what? We will now need to see if we can crack the password for our target.
Crack Wi-Fi Passwords with WIFITE
So, we have the password of our network SSID. Now what do we do? Simply put, we connect to the desired network the same way you would connect to your home network. Then we can start surfing the internet.
Connect to our target SSID with cracked password
Do you have a hunch about your neighbour? Anything unusual going on? After connecting to his Wi-Fi network, we can use WireShark to help us intercept his traffic to see what is going on.
Intercept internet traffic connections with WireShark
While there are a few different ways we can search for different wireless networks, we can easily do so with the GUI. This is the typical way that people search and connect to wireless networks.
Search for Wireless networks
Want to feel like a real hacker and read the terminal like a pro? We can do that by utilizing a script that will allow us to search for wireless networks on our terminal.
Use WIFITE to search for wireless networks in the terminal
So we are connected to our target, what fun can we do? The first thing we are able to do is perform a MitM attack in which puts us in between 2 people talking to each other. This allows us to intercept their conversation to inquire personal information.
Allow network to translate IP to MAC address
Watch the network traffic
Request all URLs sniffed from HTTP traffic from CLF
But don’t we already have a solid internet connection with our target? Yes, yes we do. However, our target may also be hosting a private network (Hidden SSID) that they don’t want the public to know about. Wonder what is on that network?
Search for hidden SSID networks
Before we crack any wireless network, we must first learn how to setup our network card to handle the requests and monitor the SSIDS.
Get our network card setup to monitor networks
Now that we have our computer setup, we can start off by searching for different WEP Networks in the area. This is done by setting our wireless card to monitor status.
Useairodump-ng to set our wireless card to monitor status
Scanning for wireless networks in our area
By selecting our target to hack, we can then move onto cracking their wifi password. This can be done by using either the default password dictionaries that comes with Kali, or with our own dictionary we created.
Crack WEP passwords with help from airocrack-ng
By utilizing URLSnarf, we can intercept the HTTP connection requests that are stored inside of the CFL. This will help us understand who our target is and what they do.
Intercept our victims traffic by utilizing URLSnarfer
First thing is first, we need to configure our wireless network card to monitor the networks. Doing this helps us search for wireless networks in the area.
Set up our computer to start looking for WPS networks
So our “Lab” is now setup and ready to start scanning. The first thing we will be doing is performing a -wps scan using wifite. This will allow us to scope out only the WPS encrypted networks in our area.
Scan for WPS networks using WIFITE
It all comes down to this! We have setup our lab to monitor mode, and have scoped out our target. We have also created our own Password Dictionary files. Now we can use WIFITE with AirCrack-NG in order to brute force our way past the password.
UseAirCrack-NG with WIFITE in order to Brute Force the Password
Congratulations! You have now hacked your way into your target’s Wi-Fi network. Now what? Well, one thing we can do is intercept their internet connections to see what they do online. We can do this by using EtterCap.
UtilizeEtterCap in order to intercept our targets network connections
Like all great hackers, we pave the way of our setup. This means we will be using a few tools to setup our wireless card in order to monitor and record our network connections to start the hacking process.
Set up our wireless card for monitoring
We will begin by performing a simple search using WIFITE in order to help us scan the area to select our target. By using WIFITE we are able to see a list of WPA/WPA2 enabled wireless networks within our area.
Search for WPA/WPA2 networks using WIFITE
With our password dictionary in place and our aircrack-ng ready to launch, let’s start cracking this password! With these types of passwords, often using Uppercase, Lowercase, Numbers, and even Symbols, we can take a break. Sleep for the night.
Hack our way past the WPA/WPA2 Passwords with AirCrack-NG
We are going to be utilizing WireShark in order to help us sniff out some of the packets that our target is using. By looking at the packets, and doing some minor recon work, we can see more clearly who are target is and what they enjoy doing.
Sniff our target for any packets using WireShark
This video will give you an overview about the course.
So we don’t have a spare computer laying around to install this amazing OS on, not a problem. We are going to be looking into installing a VirtualBox to help us setup a virtual desktop on our computer.
Install VirtualBox
Create a new virtual computer
We will now download Kali Linux and install that OS on our virtual machine we had setup. Once we have Kali installed on our virtual computer, we will take a look at it and get ourselves accustomed to this operating system.
Download and Install Kali Linux
Play around with Kali Linux
In this video, you will learn about the Penetration testing and will show you how to get started using Kali Linux.
Update the Kali
Explore the terminal
View the browser and looking at the menu
While we are performing our password attacks, we are going to be needing a password text file. Instead of utilizing the default password text file during our testing, we will create our own dictionary of passwords we can use.
Create a password dictionary
Does your target run WordPress? If so we can easily take advantage of different.
Exploit Usernames associated with our target
Crack passwords of the usernames we extracted from our target
Log into the WordPress website using the correct credentials we collected
So we have been challenged with a web-based application and need to test it for vulnerabilities. Not a problem. This section we will learn how to exploit that web app using Burp Suite.
Web-Based application testing with Burp Suite
With that web-based application, we will discover how to scan that web app to see if there are any penetration marks that we can use to work our way into any possible back-doors, and other information that we can use to attack our target.
Pen Testing with XSSER to find vulnerabilities
While scanning the website is one task that everyone usually tends to go for, I personally will be showing you my favourite task, viewing the websites source code. We can either download the website directly to our computer, or external storage device, or view it live.
View the source code offline
View the source code live
Throwing testing packages and viewing the source code is a great place to start, we will need to check to see if that web-based application has any open and weak ports that we can use.
Utilize Wireshark to help us with port snooping
While extracting all of this useful information is a great practice, we will need to learn more about who we are dealing with. This can be for a personal reason, or maybe we have been asked to learn all we can about the website owner.
Use an online service, MXToolBox to help us extract information from our target
One of the easiest methods to do is test our targeted server for any SQL Injection vulnerabilities. This will allow us to throw SQL Injections to the server for a variety of things.
Test server with SQLMap for vulnerabilities
Search vulnerabilities using SQLNinja
Sometimes our servers are vulnerable to JSP Shell attacks, and if our targeted server is indeed vulnerable to JSP Shell, we should test and document it for future reference.
Utilize JBoss-AutoPWN to test for vulnerabilities
Assuming that our target has open ports for SSH, FTP, or other types of remote connection, we can attempt to brute force our way past the login credentials to gain access to the server.
Brute forcing passwords using Cain and Abel
Test Passwords with John the Ripper
In this video, you will learn how to use the PunkSPIDER.
Find security measures and weaknesses
Highlight every single option available in PunkSPIDER
This is extremely important as there are numerous programs that are target could be running. If there is an outdated software, we can view the reports on that specific version to see if there are any vulnerabilities.
Scan for outdated software using Nikto
This is an attack in which a host with no authority is directing a domain name server and all of the requests. This allows a hacker to redirect all of the DNS requests, thus the traffic as well, to another machine.
Manipulate DNS Traffic By using Ettercap
Reconnaissance is a crucial part of our ethical hacking pen testing. Recon is the process of gathering all of the required information needed in order to determine the best strategy for hacking our target.
Perform a Recon using Sparta
Utilizing a Social Engineering Toolkit (SET), we can create a false login page and have the credentials stored onto our designated location. This allows us to steal login details of users.
Create a login page using SET
Deploy Virtual Server
Send Login page to victim
One of the hardest methods of SEA is gaining access to the physical location. Sometimes our clients will ask us to gain physical access to a section of a building. This can be accomplished, if you have proper people skills and can read people.
Learn to read people
Figure the best method to talk to someone
Gain access to the building
We have seen on countless hacking movies that the hacker will call the target to extract some type of information. And still to this day, that method is frequently used. We will talk about how to carry out this SEA.
Discover which person and sector to talk to
While many people don’t realize this, but email is one of the greatest methods of extracting information about a company. An email contains the IP Address and the MX directory of the companies email provider. Plus we can use this method to service our SET section.
View IP Address from email
In this video, you will learn about the Harvester: Social Gathering.
Find the target
Exploit the target by means of emails
Extract the data directly from Kali Linux
If you are inside of a company, chances are they have their own hidden wireless network. If they do, that is our golden ticket! We will learn how to view those hidden networks, and then crack their passwords.
Search for those hidden SSID’s using ArioDump
So we have a SSID we can connect too, now what? This section we will learn how to hack those wireless passwords using a few different techniques. We will be using our created PWD List for this.
Explore the password hacking
Look into the brute forcing application Air-crack
Use ‘pwd.txt’ dictionary
In this video, you will learn about the John the ripper
Explore alternate way of brute forcing
Pass through dictionaries
While connected to our network, we need to do something instead of Google or Facebook. We are going to learn how to intercept incoming and outgoing traffic on our connected network.
Use Wireshark to intercept and read incoming/outgoing traffic
We have a domain name to test, not an IP. How can we extract the IP information? We will be utilizing the PING command in order to pull that information. Then we will perform an NS Look Up test to find out more information.
Ping domain name to get IP Address of target
Utilize NS Lookup to extract information about our target
This is a two part section. We will first dive into the IP WhoIS report, and then follow up with the domain name WhoIs. This is helpful to see if the domain admin is the same as the server admin, and we can extract other forms of information using these techniques.
Search IP Address WhoIS
Search Domain Name WhoIS
Often overlooked, but we will be looking at the websites background. Much like your background report, we will need to see what all the creators have done to the website, and when they did it.
Perform a background history report using Netcraft
Another overlooked aspect, is searching for email accounts and social media accounts. This will be helpful as we can get an insight to who works there, and helps us with our SEA.
Learn how to use the Harvester
While performing a Recon, typically our motions are visible to the website, or servers, admins. In this section, we will learn how to perform a stealthy approach by using a protected network.
Protect network using VPN
Perform a Stealth Recon using Nmap
Much like we showed on our wireless intercepting, we will be looking at incoming and outgoing connections for the targeted website.
Learn how to intercept website traffic using Wireshark
Now that we have performed our hacks and attacks, we need to generate a report to present to our employer. This should give them some details about your exploits, how you did them, and options on how to fix them.
Design the report and adding proper content
This video provides an overview of the entire course.
We know that Wi-Fi networks are connected by either WEP/WPS/WPA/WPA2, however, do we understand those security protocols? Don’t worry, in this section we will be learning about each of them.
Discover the WEP security protocols
Learn what WPS security is
Explore the WPA/WPA2 security protocols
Alright, so we have our Kali Linux installed, and we want to connect to the internet. But we don’t have any. What should we do? With Kali, we can scan to see who has internet around us.
Use Wifite to scan for targets around us to connect us to the internet
When we attempt to crack a password (Wireless | Server | Website | Phone | and so on) We need Dictionary of Passwords. This will allow us to insert several different passwords in a text file and use that document later on in our arguments against our target.
Create a custom password dictionary
So, we have found our target Wi-Fi, and we have built our own Password Dictionary, now what? We will now need to see if we can crack the password for our target.
Crack Wi-Fi Passwords with Wifite
We will be focusing on different options that are available in Wireshark that are extremely useful during a penetration test or during a forensics analysis.
Use Wireshark on a specific adapter and viewing the communications between devices
Analyse the network traffic data and harvesting the valuable information
We will be working towards getting the network miner work on the kali Linux and also we will look at the options that are available in windows version of network miner.
Install Network miner to Kali Linux
Analyse the packets for valuable and sensitive information
How to we analyse the packets and network traffic while performing the MiTM attacks, we will be exploring the tool DarkStat which pretty much provides the details that are required for a penetration tester during the attack.
Run DarkStat
Analyse the data from DarkStat to perform further attacks
So, we have packets how do we analyse the wireless packets without having them go through lots of manual eye ball?
Use Kismet to scan for the wireless network
Perform analysis on the wireless network using kismet
Store the files from kismet on the local storage to perform further lateral attacks
What is the MiTM attacks? How to perform such attacks.
Utilise multiple tools to achieve an objective of sniffing the confidential information in network transit
How do we successfully extrack confidential information from the victim? Spoofing the devices/services on the network by using ARP.
Perform the Man in The Middle Attacks by poising the network or the gateway
Use Ettercap GUI to perform ArpSpoof attack to capture the credentials over the network
So we are connected to our target, what fun can we do? The first thing we are able to do is perform a MitM attack in which puts us in between 2 people talking to each other. This allows us to intercept their conversation to inquire personal information.
Use driftnet to capture the wireless network traffic
By utilizing URLSnarf, we can intercept the HTTP connection requests that are stored inside of the CFL. This will help us understand who our target is and what they do.
Intercept our victims traffic by utilizing URLSnarfer
Today’s easy threat to every organisation or individual is the intentional or unintendedly getting DoS attacks.
Learn the different types of DoS
How does a volume based denial of service is performed? How easy it is to launch an attack. The easy way of launching this type of attack is to use the inbuilt kali tools and measured bits per second.
Use hping3 to perform this attack on the target network
Perform UDP floods, ICMP floods and Spoofed Packet floods
How does a protocol based Denial of Service is different from volume based and how easy is to launch this type of attack.
Utilise the inbuilt kali tools we would launch the attacks but measure in packets per second
Use hping3 to perform this attack on the target system
Launch multiple instances SYN floods, fragmented packet attacks, Ping of Death, Smurf DDoS
Application Layer Attacks has been quite often in pretty much every application that is exposed on the internet
Perform ALA based DoS by using existing tools in the Kali Linux
Use the existing tools in Kali Linux such as DirBuster, Burpsuite we will launch the ALA Based attacks
Perform low-and-slow attacks, GET/POST floods
First thing is first, we need to understand how does Bluetooth work and what technologies are involved in Bluetooth.
Understand the difference between different wireless technologies
So now you know how does the Bluetooth works, It is time for us to explore and find the difference devices that are available within the range.
Scan for Bluetooth devices using Bluelog
Unlike brute-forcing or performing a scan on complete IP subnet. What do we do for Bluetooth?
Utilise the redFang to identify non discoverable devices
Use redFang to perform scan for non-discoverable Bluetooth devices
Finally, Once we have found out all the available Bluetooth devices around us, what is next? Spoof your identity and make a communication to the target.
Utilize Spooftooph to change the name and address of the device and hide your identity in plain sight
Unlike Denial Of Service attacks, how the attackers smack the Bluetooth devices.
Create our own custom script to perform the same
Using l2ping to conduct Denial of Service attack called as Bluesmack on the target device
We will now begin perform an advanced step of steal the information using Bluetooth.
Communicate to the device and then extract the phonebook details
Utilise the bluesnarfer in kali linux to perform bluesnarfing attack
Art of phishing in Computers is achieved by sending one email to unintended readers and having to wait for them to fill in the details.
Use bluejack to perform Bluetooth Phishing by sending
BlueJacking our way into all available Bluetooth in range
How does the Hackers control information by exploiting vulnerabilities or by planting a backdoor bugs!
Learn how to bug a Bluetooth device
Download bluebugger and compile it
Use bluebugger to extract phonebook and dial numbers
Kali Linux is rated as the #1 security operating system for hackers. With the Linux operating system and its core structure based on Debian, it comes jam-packed with all the tools you need to penetration-test your websites. Kali Linux has gained popularity over the last few years with the rise of hacker groups (Anonymous, Lizard Squad, Ghost Squad Hackers, and others).
Kali Linux was built for hackers, by hackers. It is a Debian-based Linux distribution designed primarily for Penetration Testing and Digital Forensics. It gives access to a large collection of security-related tools for professional security testing.
This comprehensive 3-in-1 course is a step-by-step approach via real-world attack scenarios to help you master wireless penetration testing techniques. Throughout this course, you’ll explore new products to add to your ethical pen testing tool belt, including antennas, Android devices, and laptops. Learn how to use high-powered antennas to search and reach wireless networks from afar, and then use a variety of tools to find hidden wireless networks and crack passwords.
Contents and Overview
This training program includes 3 complete courses, carefully chosen to give you the most comprehensive training possible.
The first course, Kali Linux 2017 Wireless Penetration Testing for Beginners, covers enhancing your wireless penetration testing skills with Kali Linux 2017. Kali Linux was built for hackers, by hackers. Throughout this course, we will be discussing new products to add to your ethical pen testing tool belt, including antennas, Android devices, and laptops. Use high-powered antennas to search and reach wireless networks from afar, and then utilize a variety of tools to find hidden wireless networks and crack passwords. The end goal of this course is to be able to connect to a wireless network, by utilizing various tools and software programs, and hack into wireless networks, even if they are protected by the WEP/WPS/WPA/WPA2 security protocols.
The second course, Kali Linux Penetration Testing Recipes, covers ethical hacking to penetrate your target. This course covers several great resources within Kali Linux and you'll use them to perform a full website and server vulnerability test, brute-force your way past passwords, search for back-doors, and other tasks. Finally, you'll create a professional report and hand it to your client.
The third course, Kali Linux Advanced Wireless Penetration Testing, covers testing your wireless network's security and mastering advanced wireless penetration techniques using Kali Linux. In this course, you will be discussing the different variety of tools and techniques to find hidden wireless networks and Bluetooth devices. Learn how to enumerate the wireless network, cracking passwords, getting connected to any vulnerable wireless network and Bluetooth device. All the exercise in this course will be hands-on throughout this training. The end goal of this course is to be able to connect, enumerate, and extract information to any wireless-enabled device and network by utilizing various tools and software programs.
By the end of the course, you’ll be able to test your wireless network's security and master the advanced wireless penetration techniques using Kali Linux.
About the Authors
Aubrey Love was born and raised in Texas USA, he has achieved several certifications for programming in various languages. He has designed and developed custom websites, set up servers, and secured websites and servers using Nginx/Apache, Fail2Ban, and other Utilities. Working with companies of all shapes and sizes, using WordPress and Custom Sites, it is a fun and fascinating world out there for a programmer! He serves as a freelance programmer by day, and an Author by night.
A certified website master, avid hacktivist, and active journalist, Aubrey started his programming career on a Commodore Vic-20, on which he built his first Hello World app. He has built several websites, mobile apps, and Windows applications. On his journeys, he has been a Linux system administrator, ethical hacker, website master, mobile developer, application creator, and game developer.
Vijay Kumar Velu is a passionate information security practitioner, author, speaker, and blogger. He is currently working as associate director in one of the Big4 based in Malaysia. He has more than 11 years of IT industry experience, is a licensed penetration tester, and has specialized in providing technical solutions to a variety of cyber problems, ranging from simple security configuration reviews to cyber threat intelligence and incident response. He also holds multiple security qualifications, including Certified Ethical Hacker, EC-council Certified Security Analyst, and Computer Hacking Forensics Investigator. Vijay has been invited to speak at the National Cyber Security Summit (NCSS), Indian Cyber Conference (InCyCon), Open Cloud Conference, and other ethical hacking conferences held in India, and he has also delivered multiple guest lectures and training on the importance of information security at various business schools in India. He has authored a book entitled Mobile Application Penetration Testing, and also reviewed Learning Android Forensics, Packt Publishing. For the information security community, Vijay serves as a member of the board in Kuala Lumpur for Cloud Security Alliance (CSA) and the chair member of the National Cyber Defense and Research Center (NCDRC) in India. Outside work, he enjoys playing music and doing charity. Vijay is an early adopter of technology and always listens to any crazy ideas—so if you have an innovative idea, product, or service, do not hesitate to drop him a line.