BackTrack 5 Wireless Penetration Testing Beginner's Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Time for action – configuring your wireless card

Here we go! Follow these steps to connect your wireless card to the access point:

  1. Let us first see what wireless networks our Alfa card is currently detecting. Issue the command iwlist wlan0 scanning and you will find a list of networks in your vicinity:
  2. Keep scrolling down and you should find the Wireless Lab network in this list. In my setup, it is detected as Cell 05, it may be different in yours. The ESSID field contains the network name:
  3. As multiple access points can have the same SSID, verify that the MAC address mentioned in the Address field above matches your access point's MAC. A fast and easy way to get the MAC address is underneath the access point or using the web-based GUI settings.
  4. Now, issue the command iwconfig wlan0 essid "Wireless Lab" and then iwconfig wlan0 to check the status. If you have successfully connected to the access point, you should see the MAC address of the access point in the Access Point: field in the output of iwconfig, as shown in the following screenshot:
  5. We know the access point has a management interface IP address "192.168.0.1" from its manual. Alternatively, this is the same as the default router IP address when we run the route –n command. Let's set our IP address in the same subnet by issuing the command ifconfig wlan0 192.168.0.2 netmask 255.255.255.0 up. Verify the command succeeded by typing ifconfig wlan0 and checking the output:
  6. Now let's ping the access point by issuing the command ping 192.168.0.1. If the network connection has been set up properly, then you should see the responses from the access point. You can additionally issue an arp –a to verify that the response is coming from the access point. You should see that the MAC address of the IP 192.168.0.1 is the access point's MAC address we have noted earlier. It is important to note that some of the more recent access points might have response to ICMP Echo Request packets disabled. This is typically done to make the access point secure out-of-the-box with only the bare minimum configuration settings available. In such a case, you could try to launch a browser and access the web interface to verify that the connection is up and running.
  7. On the access point, we can verify the connectivity by looking at the connection logs. As you can see in the following log, the MAC address of the wireless card 00:c0:ca:3a:bd:93 has been logged:

What just happened?

We just connected to our access point successfully from BackTrack using our Alfa wireless card as the wireless device. We also learnt how to verify that a connection has been established at both the wireless client and the access point side.

Have a go hero – establishing connection in WEP configuration

Here is a challenging exercise for you—set up the access point in WEP configuration. For each of these, try establishing a connection with the access point using the wireless adapter. Hint: Check the manual for the iwconfig command by typing man iwconfig for how to configure the card to connect to WEP.

Pop quiz – understanding the basics

  1. After issuing the command ifconfig wlan0 up, how do you verify the wireless card is up and functional?
  2. Can we run all our experiments using the BackTrack live CD alone? And not install it to the hard drive?
  3. What does the command arp –a show?
  4. Which tool should we use in BackTrack to connect to WPA/WPA2 networks?
上一章目录下一章