This is a multiple part series for someone new to wireless hacking, with pictures and videos..
Introduction To Kali and WiFi Pen Testing
How to Install Kali Linux
Kali Linux and Reaver
Getting a Handshake and a Data Capture, WPA Dictionary Attack
Using Aircrack and a Dictionary to Crack a WPA Data Capture
Cracking a WPA Capture with the GPU using HashCat
Next Creating a Dictionary / Wordlist with Crunch Part 8
Introduction To Kali and WiFi Pen Testing
Kali Linux is the evolution of Backtrack a notorious Digital Forensic and Intrusion Detection software suite with a whole lot of tools for Penetration Testing. Offensive Security, the creators of Backtrack and Kali Linux, decided to incorporate many new changes to what was then to be called Backtrack 6. Since it had been completely built from scratch up and many new changes added it was given a new name, Kali Linux.
If you have by chance seen or used Backtrack before the commands are the same but there are some differences. For example Kali Linux is based on Debian instead of Ubuntu, also there is no longer a /pentest directory as in Backtrack 5.
Prior knowledge is not needed with this tutorial series as it is setup for the beginner or someone new to wireless penetration testing. Basically if you have never used Backtrack or Kali Linux before all you really need to know is that Kali Linux is the best software to use for Digital Forensics, Intrusion Detection, and Penetration Testing.
Kali Linux is the operating system being used, but as for the commands and cracks a software suite bundled into Kali Linux is what will be used called Aircrack-ng. This is a software bundle that was specifically designed and coded to exploit wireless vulnerabilities.
Three hacks will be the main focus in this series, WPA dictionary attack, WPA Reaver attack, and WEP.
Talking about WEP encryption on routers has become dated but it is still seen sometimes and is a good way to learn the basics for someone new to penetration testing. After learning WEP the more difficult cracks such as Reaver and dictionary attacks will be easier to understand.
Also there is no point and click options. Learning commands and typing them in a terminal window is a must, but the commands are easy to learn or written down.
One thing to mention also is that a internal wireless network adapter will not work with Kali Linux and wireless penetration testing. This is not because the adapter is not supported it may or may not be. It is because most wireless chipsets do not support packet injections or the things required to do a wireless attack.
The examples in this tutorial will be using the [easyazon_link identifier=”B003YIFHJY” locale=”US” tag=”wireleshackt-20″]Alfa AWUS036NH[/easyazon_link] USB adapter. Other adapters work also but must be compatible with Kali Linux, click here for a list of Kali USB adapters.
Setting up a Penetration Testing Environment
Setting up a testing environment for penetration testing is suggested. The following things would work well for testing.
1…A computer that can run Kali Linux and do the attacks.
2…A USB wireless adapter that is compatible with Kali Linux.
3…Routers for testing on, more the better.
4…Another device that can connect to the router such as a computer, tablet, smartphone and so on.
Setting up a testing environment is ideal for many reasons. Mainly because of the legalities of penetration testing on someone else network which is illegal. Also being able to have access to different routers and setting them up will give added insight later on.
Built in wireless cards don’t work with Kali Linux at least not for penetration testing so buying a compatible USB adapter / dongle will be necessary. For the examples in this tutorial the Alfa AWUS036NH USB adapter is used but there are many more that also work with Kali Linux.
Click here to see Top Kali Linux compatible USB adapters.
When looking for a USB adapter for Kali Linux, the main thing to look for is the chipset the wireless USB adapter uses. Here are chipsets known to work with Kali Linux.
1. Atheros AR9271 â€“ IEEE 802.11B/G/N
2. Ralink RT3070 â€“ IEEE 802.11B/G/N
3. Realtek RTL8187L- IEEE 802.11B/G
The 8187 chipset was good but adapters with this chipset are only wireless G and becoming dated, so if possible go with the other chipsets.
Buying multiple routers to play with is also a good idea. There are plenty to be found at yard sales and swap meets on the cheap. Different manufactures do different things and have different setups so some have a weakness another will not. For example sometimes when the pins Reaver throws at a router are thrown to fast it will cause some routers to crash much like a Denial of Service attack does against a server, but once this is known Reaver has commands to slow down a attack.
Connecting to the router with another device can be anything from a smartphone to a laptop. Basically capturing the encrypted data being transferred between the devices and the router wirelessly is what is needed. Getting close to a real world environment is the goal.
Next How to Install Kali Linux