Introduction

This chapter discusses performing wireless penetration tests using the Auditor Security Collection, which is a Live-System based on KNOPPIX containing over 300 open source security tools. It is distributed freely under the GPL 2.0 license. With no installation whatsoever, the analysis platform is started directly from the CD-ROM and is fully accessible within minutes.The Security Auditor Collection and the newly created BackTrack can be downloaded for free from www.remoteexploit.org. After reading this chapter, you will be able to identify your specific WLAN target and determine what security measures are being used. Based on that information, you will be able to assess the probability of successfully penetrating the network, and determine the correct tools and methodology for successfully compromising your target.

The Auditor Security Collection provides an incredible suite of wireless network discovery and penetration test tools.To perform successful penetration tests against wireless networks, you need to be familiar with the use of many of these tools and their specific roles in the pen testing process.

To attack your target network, you first need to find your target network. Auditor provides two tools for wireless local area network (WLAN) discovery: Kismet and Wellenreiter

After penetration testers have located the target network, many options are open to them, and Auditor provides many of the tools necessary to accomplish attacks based on these options.

Change-Mac can be used to change your client s Media Access Control (MAC) address and bypass MAC address filtering. Both Kismet and Ethereal can be used to determine...