Wireless Hacking Resources – Ethical Hacking Reference

4 Jul

Wireless Hacking Resources

In today’s “Quickies” from Almost humor, you will find this one didn’t turn out to be such a quick one after all, but instead a large resource list for ethical wireless hacking…
I happen to be working on my Ethical Hacking Certification and I’m specializing in Wireless Security.

So in today’s entry of  Wireless Hacking Resources – Ethical Hacking Reference, I’m going to share some of my most needed notes and links with you in the following categories:

  • Making contact with wireless organizations
  • Finding local wireless user groups
  • Shopping for wireless tools

Wireless networking is evolving extremely fast. To keep your company and yourself current, you will need to keep up to date on developing

standards and tools. Reading books gets you started, but learning is a life-long experience. I have listed some organizations and tools to help.


You may want to find out how knowledgeable you are. The best way to do that is

to take a certification test. Following are two organizations that certify individuals

on this material.

  • Certified Wireless Network Professional Program: www.cwnp.com

General Resources

The Internet is a valuable resource. However, using it is like trying to get a sip

of water from a fire hose. So you need to damper the flow of information. We

have found that the following sites provide useful information on wireless on

a recurring basis. They also have free subscription mailing lists.

Hacker Stuff

Sun Tzu in the “Art of War” writes that you must understand your enemy to

defeat your enemy. Learning about your enemy is a good tactic. When you

can put yourself in the mindset of your enemy then you can truly understand

your enemy. There are many good “hacker” sites available to you. Following

are several sites that will help you understand crackers.

Wireless Organizations

There are two wireless organizations that you need to acquaint yourself with.

These are the IEEE and the Wi-Fi Alliance. The former concerns itself with setting

standards for wireless, and the latter certifies that WLAN equipment

meets the standards set by the former.

Institute of Electrical and Electronics Engineers (IEEE): www.ieee.org

The pertinent wireless standards: 802.11, 802.11a,

802.11b, 802.11g, and 802.11i. These standards are all the creations of the

Institute of Electrical and Electronic Engineers (IEEE). The IEEE leads the

way in developing open standards for Wireless Local Area Networks

(Wireless LANs), Wireless Personal Area Networks (Wireless PANs), and

Wireless Metropolitan Area Networks (Wireless MANs). You can compare

and contrast the 802.11 wireless standards for “over the air” to the 802.3

Ethernet standards for “over the wire.”

Wi-Fi Alliance (formerly WECA):  www.wifialliance.com

Formed in 1999, the Wi-Fi Alliance is a nonprofit association that certifies the

interoperability of wireless Local Area Network products that are based on

IEEE 802.11 specifications. The Wi-Fi Alliance has over 200 member companies

from around the world — and has certified over 1,000 devices. All the

equipment used in the making of this book (for example) was tested and

certified by the Wi-Fi Alliance — and without animal testing!

Local Wireless Groups

Should you really want to get serious about wireless ethical hacking, you’ll

need to immerse yourself in the culture. Hook up with other wireless aficionados,

who can turn you on to new tools and point you to useful whitepapers

and other resources. Wireless grassroots organizations are springing up like

crabgrass across the world. You can meet like-minded wireless buffs and do

some networking — the social kind. Here is a sampling of wireless user groups:

  • Bay Area Wireless Users Group (BAWUG), Bay Area, CA, US: www.bawug.org
  • BC Wireless, Vancouver, Vancouver Island and Prince Rupert, BC, CA:


  • Capital Area Wireless Network, Northern Virginia, VA, US: www.cawnet.org/
  • Orange County California Wireless Users Group, Brea, CA, US:


  • Salt Lake Area Wireless Users Group (SLWUG), Salt Lake City, UT, US:


  • San Diego Wireless Users Group, San Diego, CA, US: www.sdwug.org
  • Southern California Wireless Users Group, Southern California, CA,

US: www.socalwug.org

  • The Toronto Wireless User Group (TorWUG), Toronto, ON, CA:


If you can’t find your location from this list, then try the following sites to find a user group near you:

Security Awareness and Training

You may find that getting management and staff to pay attention to information security is at best a difficult task. You are not alone. Fortunately the following companies can help you get the message across in your organization.

Wireless Tools

We have described many tools — showing where to get them, classifying, and summarizing them. If you are just starting out,

the tools listed here make a nice shopping list. If you are getting married,

you can register at http://hackersrus.com. Ethical-hacking tools also make great

anniversary gifts for those two-hacker households.

General tools

We have grouped tools into specific categories. But some of them defied categorization.

But rather than lose these excellent tools you can use:

Vulnerability databases

You will need to understand the vulnerabilities associated with your particular

hardware and software. During the planning process, you will use this

information to determine the exact tests to perform. Following are some wellknown

vulnerability database sites.

Linux distributions

Since many wireless testing tools only run on UNIX, Linux or BSD, you will

need to become familiar with one of these platforms. You can purchase a

commercial product like SuSe or Red Hat Linux, but this is overkill for our

purposes. So instead use one of the following freeware Linux distributions.

Software emulators

If you want to run more than one operating system at a time on the same

hardware or want to paste from one operating system to another, then you

will want to consider a software emulation product. Following are some of

the better-known products.

RF prediction software

RF prediction software helps you simulate the radiation pattern of an access

point without having to physically install one. So as a tester you use the same

software to predict where you may find a signal. Following are three such

software programs.

RF monitoring

You can use software to monitor signal strength and bit error rate. Of course,

tools like Kismet or NetStumbler give you signal strength, but they don’t do it

as well as the following tools.


You can spend a lot of money on an antenna. However, you need not spend

all that money. You can build one yourself or acquire one for a pretty reasonable

sum. Following are three sites to help you acquire an economical

antenna for your ethical-hacking work.

You can find a very good reference page for antennae at www.wardrive.net/general/antenna.


A very useful tool for your wireless ethical-hacking kit is a wardriving or network

discovery program. Fortunately for you, there is an overabundance of

tools as the following list shows.

Wireless IDS/IPS vendors

Wireless IDS/IPS products are necessary whether you support wireless networking

or not in your organization. If you do support wireless, then you

need a tool to protect your network. If you don’t have wireless, then you need

a tool to ensure you don’t. Following are some IDS/IPS products.

Wireless sniffers

You know that old saw: a picture is worth a thousand words. Well, the message

from the saw applies to ethical hacking. Show someone his password

that you captured because it wasn’t encrypted, and he gets it. Following are

some packet capture tools.

WEP/WPA cracking

If we had a dollar for every time someone said she’s OK because she uses

WEP or WPA, we would retire to a nice island in the Caribbean. The following tools should show them that they are not OK.

Cracking passwords

There are tools that will grab packets, look for passwords, and provide them to you. Following are some of these very desirable tools.

Crack only passwords that you have the authority to crack. Cracking other passwords could end you up in jail.

Dictionary files and word lists

Most password crackers take a list of words or a dictionary and encrypt the

words and then compare them to the password file. So you need to get different

dictionaries or wordlists. Following are five good sources for dictionaries

and wordlists.

Gathering IP addresses and SSIDs

Many wireless security books recommend that you turn off SSID broadcasting

as a control. However, you can use one of the following programs to get the

SSID even when they do.

LEAP crackers

EAP is touted as the solution to the WEP authentication problem. However EAP

has its own problems. Following are three tools you can use to crack LEAP.

Network mapping

After you connect to an access point, you will want to map the network.

You will want to know how many servers you can find and what operating

system the server is running. Following are some tools to help you map

your network.

Network scanners

Network scanners help you identify applications running on the systems on your network. You may find these applications on servers and network

devices alike. Following are some that we have used.


What do YOU think?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s