FREE Copy of “Wireless Hacking Exposed”
There has been a thread going on the WiFiSec mailing list at SecurityFocus the past couple days about Wi-Fi testing on a Mac.
My friend and colleague, Joshua Wright weighed in with his tremendous expertise with the following post:
Johnny Cache, Vinnie Liu and I are just putting the finishing touches on
Hacking Exposed Wireless, 2nd Edition. It’s available for pre-order on
Amazon, and should be shipping in the middle of July (http://amzn.to/d4D2SU). In this fully-revised book we present step-by-step help for implementing multiple attacks against 802.11, Bluetooth, ZigBee and DECT, with countermeasures for each attack.
Pertinent to this discussion is Johnny’s chapter “Bridging the Airgap on
OS X” where he illustrated an example of compromising a remote OS X box
and leveraging it to attack local wireless networks. In this discussion
he talks about the OS X “airport” utility.
The airport utility is located at
/System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport.
In 10.6 systems, you can use this tool to initiate a monitor-mode
packet capture saving to a libpcap file, as well as active scanning and
other interesting functions. During a packet capture with the airport
utility, the Airport icon on the task bar will turn into what we decided
is the “Eye of Sauron”.
While Windows Vista and 7 have native monitor-mode support in drivers,
there are no native tools, forcing us to rely on the NetMon package.
Fortunately with OS X, we have the native airport utility.
Some of Johnny’s scripts and tools from this chapter have been put
online at www.hackingexposedwireless.com. I’ll continue to post
materials there this week, as well as the free online chapters providing
in-depth analysis of 802.11, Bluetooth (including attacks against
Simple, Secure Pairing) and RF fundamentals.
–Josh
I can tell you from taking Josh’s Wireless Ethical Hacking, Penetration Testing, and Defenses course through the SANS Institute, that he *definitely* knows his stuff, and therefore, this book is a must read.
I think this book is such a must read, that I am giving away a copy for FREE. Leave a comment with your best Wi-Fi Pentesting Tip. I’ll choose the best one a week from today (July 1st) and I’ll pre-order this book on your behalf.
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3477/3463037125_247575d1f3_m.jpg)
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3598/3463037145_924738ec38_m.jpg)
![[Slashdot]](https://i0.wp.com/slashdot.org/favicon.ico){kind=small}
![[Digg]](https://i0.wp.com/digg.com/favicon.ico){kind=small}
![[Reddit]](https://i0.wp.com/reddit.com/favicon.ico){kind=small}
![[del.icio.us]](https://i0.wp.com/images.del.icio.us/static/img/delicious.small.gif){kind=small}
![[Facebook]](https://i0.wp.com/www.facebook.com/favicon.ico){kind=small}
![[Technorati]](https://i0.wp.com/technorati.com/favicon.ico){kind=small}
![[Google]](https://i0.wp.com/www.google.com/favicon.ico){kind=small}
![[StumbleUpon]](https://i0.wp.com/www.stumbleupon.com/favicon.ico){kind=small}
WiFi Jedi.com 
Hi Doug,
Nice initiative. I got the 1st edition and it rocks, can’t wait for second ed., I pre-ordered it on Amazon a while ago. You are lucky to have Josh Wright as friend, quite brilliant individual. I own a MacBook Pro and glad to read the new book edition will cover OS X.
To PenTest WPA2 secured wireless networks, setup a honeypot AP and a Free-RADIUS WPE (wifi pwnage edition by Josh Wright) to harvest EAP/MS-CHAP credential hashes from improperly secured client devices which are not validating the RADIUS server. Then use John the Ripper or similar password cracking tool to crack the user password using a dictionary attack.
Sniffing probe request from stations and analyzing this information for:
* Finding potential targets for Karma attacks.
* Finding stations that connects to other wireless networks(Hotspots, etc).
* Finding stations with Windows XP OS, searching for Probe Requests that has the SSID IE set with random data[1].
* Finding possible relations between stations.
Through this analysis we could find other networks where potential targets could be found or attack stations using a Karma attack.
[1] – http://www.theta44.org/karma/aawns.pdf
[…] you haven’t been following along, I ran a contest over the past week for the best wireless pen testing tip or […]
[…] such person is Andrew VonNagy, who participated in one of my contests offering a “Free Copy of Wireless Hacking Exposed” in exchange for the best wireless pen testing […]