內容介紹
Part0:幼稚園篇
卷1 無線基礎知識掃盲...........................................7
1.1 什麼是無線網路.........................................7
1.1.1 狹義無線網路....................................7
1.1.2 廣義無線網路....................................9
1.2 蓬勃發展的無線城市....................................11
1.3 無線安全及Hacking技術的發展..........................12
卷2 常見無線網路設備..........................................15
2.1 認識無線路由器........................................15
2.2 了解無線網卡..........................................16
2.3 走近天線..............................................17
2.4 其它..................................................18
卷3 搭建自己的無線網路........................................19
3.1 WEP基礎..............................................19
3.1.1 關於WEP......................................19
3.1.2 WEP及其漏洞..................................20
3.1.3 WEP的改進....................................20
3.2 WEP加密設定和連線....................................21
3.2.1 配置無線路由器.................................21
3.2.2 Windows下客戶端設定...........................22
3.2.3 Linux下客戶端設定..............................23
3.3 WPA基礎.............................................26
3.3.1 WPA簡介......................................26
3.3.2 WPA分類......................................26
3.3.3 WPA的改進....................................27
3.3.4 WPA 2簡介....................................28
3.3.5 WPA面臨日的安全問題..........................28
3.3.6 關於Windows下WPA2支持性....................28
3.4 WPA-PSK加密設定和連線...............................28
3.4.1 配置無線路由器.................................29
3.4.2 Windows下客戶端設定..........................30
3.4.3 Linux下客戶端設定.............................30
卷4 無線黑客環境準備..........................................32
4.1 適合的無線網卡........................................32
4.1.1 無線網卡的選擇.................................32
4.1.2 無線網卡的晶片.................................33
4.1.3 總結整理.......................................34
4.2 必備作業系統..........................................35
4.2.1 BackTrack4 Linux...............................35
4.2.2 Slitaz Aircrack-ng Live CD.......................36
4.2.3 WiFiSlax.......................................37
4.2.4 WiFiWay.......................................37
4.2.5 其它Live CD...................................38
4.3 Vmware虛擬機下無線攻防測試環境搭建...............................39
4.3.1 建立全新的無線攻防測試用虛擬機.............................39
4.3.2 對無線攻防測試用虛擬機進行基本配置.........................41
4.3.3 了解你的無線攻防測試環境BT4...............................43
4.4 打造隨身碟版無線攻防環境................................44
Part1:國小篇
卷5 搞定WEP加密..............................................50
5.1 破解須知..............................................50
5.2 WEP破解利器——Aircrack-ng...........................50
5.2.1 什麼是Aircrack-ng..............................50
5.2.2 輕鬆安裝Aircrack-ng............................51
5.3 BT4下破解WEP加密...................................53
5.3.1 破解WEP加密實戰..............................53
5.3.2 WEP破解常見問題小結..........................59
5.4 全自動傻瓜工具SpoonWEP2..............................60
5.4.1 關於SpoonWEP的分類...........................60
5.4.2 SpoonWEP2實戰................................61
卷6 搞定WPA-PSK加密..........................................63
6.1 第二個破解須知........................................63
6.2 WPA破解利器——Cowpatty.............................64
6.2.1 什麼是Cowpatty................................64
6.2.2 輕鬆安裝Cowpatty..............................64
6.3 BT4下破解WPA-PSK加密..............................66
6.3.1 破解WPA-PSK加密實戰.........................66
6.3.2 使用Cowpatty破解WPA-PSK加密..............................69
6.3.3 WPA-PSK破解常見問題小結.....................70
6.4 全自動傻瓜工具SpoonWPA..............................71
卷7 自己動手,製作破解專用字典.................................74
7.1 製作破解專用字典......................................74
7.2 BackTrack2/3/4下默認字典位置.........................75
7.3 將字典上傳至Linux下的方法.............................76
卷8 升級進階必學技能..........................................81
8.1 突破MAC地址過濾.....................................81
8.1.1 什麼是MAC地址過濾............................81
8.1.2 讓我們來突破MAC地址過濾吧....................82
8.1.3 如何防範?.....................................87
8.2 破解關閉SSID的無線網路................................87
8.3 不再依賴DHCP.........................................92
Part2:中學篇
卷9 我在悄悄地看著你..........................................95
9.1 截獲及解碼無線加密數據................................95
9.1.1 截獲無線加密數據...............................95
9.1.2 對截獲的無線加密數據包解密.....................95
9.2 分析MSN\QQ\Yahoo聊天數據...........................98
9.3 分析Email\論壇賬戶名及密碼............................99
9.4 分析WEB互動數據....................................100
9.4.1 當前訪問站點..................................100
9.4.2 當前防毒軟體版本判斷...........................101
9.4.3 當前作業系統判斷...............................101
9.4.4 當前網路設備識別...............................102
9.5 外一篇:我不在咖啡館,就在去咖啡館的路上..........................103
卷10 滲透的快感
10.1 掃描為先.............................................104
10.1.1 NMAP & Zenmap..............................104
10.1.2 AMAP........................................106
10.1.3 Nbtscan.......................................107
10.1.4 DNS Walk....................................107
10.2 密碼破解............................................108
10.2.1 Hydra........................................109
10.2.2 BruteSSH......................................111
10.3 緩衝區溢出(Metasploit3)..............................112
10.3.1 關於Metasploit3...............................112
10.3.2 Metasploit3的升級..............................113
10.3.3 Metasploit3操作實踐............................114
卷11 無線D.O.S,看不見就被踢下線..............................117
11.1 什麼是無線D.O.S....................................117
11.2 安裝無線D.O.S工具...................................117
11.2.1 淺談MDK 3..................................117
11.2.2 圖形界面無線D.O.S工具——Charon........................120
11.2.3 D.O.S攻擊工具的使用.........................121
11.3 無線D.O.S也瘋狂....................................122
11.3.1 關於無線連線驗證及客戶端狀態.............................122
11.3.2 Auth Flood攻擊...............................122
11.3.3 Deauth Flood攻擊.............................125
11.3.4 Association Flood攻擊..........................127
11.3.5 Disassociation Flood攻擊........................129
11.3.6 RF Jamming攻擊..............................130
Part3:大學篇
卷12 速度,職業和業餘的區別...................................134
12.1 什麼是WPA-PSK的高速破解..........................134
12.2 提升WPA-PSK破解操作實戰..........................139
12.2.1 回顧Cowpatty套裝............................139
12.2.2 使用genpmk製作WPA Hash....................139
12.3 WPA PMK Hash初體驗...............................140
12.3.1 使用Hash進行WPA破解 ......................140
12.3.2 測試數據對比..................................141
12.4 更快的方法——GPU..................................141
12.4.1 關於GPU.....................................141
12.4.2 GPU程式語言CUDA...........................142
12.4.3 GPU在安全領域的套用及發展...............................143
12.4.4 將GPU技術用於破解...........................144
12.5 不得不提的EWSA.....................................145
12.5.1 EWSA的使用準備..............................145
12.5.2 使用EWSA進行WPA-PSK破解.............................146
12.5.3 未註冊EWSA的解決方法.......................147
12.6 其它的選擇:分散式破解...............................149
12.6.1 關於分散式....................................149
12.6.2 無線WPA加密分散式破解第一輪公測.........................150
12.6.3 加入分散式的意義.............................151
卷13 影分身是這樣練成的.......................................151
13.1 偽造AP並不難.......................................152
13.1.1 偽裝成合法的AP..............................152
13.1.2 惡意創建大量虛假AP信號......................153
13.2 搜尋及發現偽造AP...................................154
13.3 給偽造分身加個護盾...................................160
卷14 無客戶端破解,敏感的捷徑.................................163
14.1 什麼是無客戶端.......................................163
14.1.1 關於無客戶端的定義...........................163
14.1.2 關於無客戶端的破解...........................164
14.2 無客戶端破解第一彈:Chopchop攻擊.....................164
14.3 無客戶端破解第二彈:Fragment攻擊....................166
Part4:研究生篇
卷15 War-Driving,戰爭駕駛.....................................169
15.1 什麼是War-Driving...................................169
15.1.1 War-Driving的概念............................169
15.1.2 了解Hotspot熱點地圖..........................170
15.1.3 War-Driving所用工具及安裝....................171
15.2 在城市裡War-Driving.................................172
15.2.1 關於WiFiForm................................172
15.2.2 WiFiForm + GPS探測.........................173
15.3 繪製熱點地圖操作指南................................175
15.3.1 繪製熱點地圖.................................175
15.3.2 某運營商內部無線熱點地圖......................177
15.3.3 國內某機場無線熱點地圖........................178
15.3.4 某省會城市繁華地段無線熱點地圖...........................179
15.4 一些案例............................................180
15.4.1 遠程無線攻擊的原理............................181
15.4.2 真實案例.....................................181
卷16 藍牙,看不見才更危險.....................................183
16.1 無處不在的Bluetooth.................................183
16.1.1 什麼是藍牙?.................................183
16.1.2 藍牙體系及相關術語...........................184
16.1.3 藍牙適配器的選擇.............................186
16.1.4 藍牙(驅動)工具安裝..........................186
16.1.5 藍牙設備配對操作.............................187
16.2 玩轉藍牙Hacking.....................................189
16.2.1 識別及激活藍牙設備...........................189
16.2.2 查看藍牙設備相關內容.........................190
16.2.3 掃描藍牙設備.................................191
16.2.4 藍牙列印.....................................192
16.2.5 藍牙攻擊......................................193
16.2.6 修改藍牙設備地址.............................194
16.3 破壞,藍牙D.O.S ....................................195
16.3.1 藍牙D.O.S實戰...............................196
16.3.2 藍牙D.O.S會遇到的問題.......................198
16.4 破解不可見的藍牙設備.................................199
16.4.1 什麼是不可見?...............................199
16.4.2 關於Redfang..................................199
16.4.3 使用Redfang進行破解..........................200
16.4.4 其它..........................................201
卷17 再玩點有意思的..........................................202
17.1 Wifizoo.............................................202
17.1.1 關於Wifizoo..................................202
17.1.2 Wifizoo的安裝................................202
17.1.3 如何使用Wifizoo..............................202
17.2 無線攻擊跳板.........................................205
17.2.1 關於無線跳板.................................205
17.2.2 Airserv-ng+Fpipe..............................205
17.2.3 無線跳板實戰..................................207
尾聲:關於“ceng”的一些感想...............................209
附錄:.............................................210
A、無線網卡晶片列表........................................210
B、中國計算機安全相關法律及規定............................211
C、本書附贈的《黑客手冊》專版Backtrack 4 Linux DVD光碟簡介...........213
光碟目錄............................................214