Download as PDF, PPTX
Uploaded byHenrik Jacobsen
Pentesting
This document provides an overview of pentesting and related topics presented by Henrik Jacobsen. It begins with introductions and disclaimers, then covers WiFi networking basics. Next it discusses using a WiFi Pineapple for penetration testing and demonstrates rogue networking and WPS hacking. It concludes with an introduction to using Kali Linux for security assessments.
EducationâŠ
More Related Content
Pentesting
- 1.
- 2. I AM NOTA NETWORK SPECIALIST, NOR AM I EDUCATED IN NETWORKING. Henrik Jacobsen DISCLAIMER
- 3. ABOUT ME HENRIK JACOBSEN âžAge: 32 or 100000 âž Graduate in computer science, computer scientist âž 7Âœ+ years experiance with software development âž Currently: Prosa - as Political Consultant âž Mantra: KISS! âž Interested in Pentesting and Privacy/ Encryption!
- 4. TODAYS TOPICS âž WiFi101 âž Pen testing by using a pineapple with demoes âž Learning vulnerabilities in practice âž Rogue networking in practice âž WPS hacking âž Intro to kali Linux
- 5. WIFI 101 BASIC UNDERSTANDINGOF IEEE 802.11 / WIFI ON 2.4 GHZ âž operating in 3 modes: Master, managed and monitor. âž Radio Frequenze MONitor - RFMON, passively monitor âž Protocols: 802.11a/b/g/n/ac - frequenzy(Channel 1: 2.4 GHZ to 2.422 GHZ, etc.), data rate, bandwidth(upper and lower frequenscies og channel), modulation (OFDM - Orthogonal Frequenzy-division Multiplexing / digital encoding technic) and range.
- 6. WIFI 101 CHANNELS:1-14 âž Channel1-13 allowed in EU âž 1-6-11 are not overlapping. âž Note: Always try use non-overlapping than your surrounding / neighbours
- 7. WIFI 101 FRAMES, FRAMESTRUCTURE AND FRAME TYPES âž Everything transmitted by 802.11 is in frame form âž MAC header, Payload and frame check sequence âž Control-, Data- and Management Frames: âž Beacon, Probe, Association and Authentication Frames.
- 8. WIFI PINEAPPLE âž Startedon Fon router âž Developed to the new version âž Has the most popular tools fromâš Kali linux pre-installed. âž A lot easier to use and low power-âš consumption makes it ideal to hideâš and then track or hack.
- 9. A PENETRATION TEST,OR SOMETIMES PENTEST, IS AN ATTACK ON A COMPUTER SYSTEM THAT LOOKS FOR SECURITY WEAKNESSES, Wikipedia - Link:https://en.wikipedia.org/wiki/Penetration_test PENTESTING
- 11. ROGUE NETWORKING âž Inthe demo showen before. âž Intelligence gathering, and then deploying networks. âž If the Pineapple deploy a network that is un-encrypted, then WiFi equipment will connect to pineapple. âž OR - via kali linux, making Evil Twin attack.âš (cloning the target AP SSID, Deauth clients and then HiJacking them).
- 12. LEARNING VULNERABILITIES INPRACTICE HOW TO SECURE YOUR NETWORK?!? âž Use WPA2 encryption, it's not bullet proff - but it works. âž Use complex WiFi Key - like a real password. âž Disable WPS "Wi-Fi Protected Setup". âž Change the SSID to some none related to you and different from router brand. âž Consider MAC ïŹltering. âž Regular check logs and settings.
- 13. A ROGUE ACCESSPOINT IS A WIRELESS ACCESS POINT THAT HAS BEEN INSTALLED ON A SECURE NETWORK WITHOUT EXPLICIT AUTHORIZATION FROM A LOCAL NETWORK ADMINISTRATOR. Wikipedia - Link:https://en.wikipedia.org/wiki/Rogue_access_point ROGUE ACCESS POINT
- 14. WPS HACKING âž Onlypossible on AP's from 2006 to 2012 âž Bully or Reaver will get the PIN on 3-6 hour. âž Pineapple can run both. âž Kali linux has both installed âž WASH can detect all WPS enabled networks in your area
- 15. KALI LINUX WHAT ISKALI LINUX? âž Formerly known as BackTrack - based on ubuntu âž Debian-derived digital forensics and pentesting OS âž Preloaded with over 300 penetration-testing programs âž Highlights: Metasploit, Aircrack-ng, Wireshark, Airodump- ng, kismet and Social Engineering Toolkit.
- 17.