Summary
This module covers all aspects of a Wi‑Fi penetration test from start to finish. We work through a simulated Wi‑Fi penetration test that results in internal network access and the ultimate compromise of the Active Directory environment. This module ties together all topics taught in the Wi‑Fi Penetration Tester path and can be considered a capstone module for that path, but it can also be completed as a standalone.
In this module, we will cover the following topics:
- Reviewing a letter of engagement and going over rules of engagement and scope
- Initial reconnaissance of Wi-Fi networks
- Abusing a guest Wi-Fi network
- Compromising a WPA2 Wi-Fi network
- Attacking a WPA3 Wi-Fi network
- Performing Karma & Mana attack
- Router exploitation
- Compromising an Enterprise Wi-Fi network and pivoting into internal network
- Active Directory enumeration and establishing internal foothold
- Exploitation and Privilege Escalation
- Lateral Movement
- Active Directory Domain Compromise
- Post-Exploitation
- Structuring findings and communicating with the client
This module is broken down into sections with accompanying hands-on exercises to practice each of the tools, tactics, and techniques we cover. There are no specific Wi-Fi hardware requirements for this module, as Hack The Box manages all necessary resources. You will need to RDP into the provided attacker VM to perform the exercises.
As you work through the module, you will see example commands and command outputs for the various tools and topics introduced. Reproducing as many examples as possible is recommended to reinforce the concepts presented in each section.
You can start and stop the module at any time and pick up where you left off. There is no time limit or grading, but you must complete all exercises and the skills assessments to receive the maximum number of cubes and have this module marked as complete.
The module is classified as "Medium" and assumes a working knowledge of the Linux command line, operating system fundamentals, network fundamentals, information security principles, Wi-Fi attacks, Active Directory, and Web Applications.
A firm grasp of the following path can be considered a prerequisite for the successful completion of this module:
- Wi-Fi Penetration Tester
Intro to Attacking Corporate Wi-Fi Networks
You've done it! Congratulations, you've reached the end of the Wi-Fi Penetration Tester job role path! You have been exposed to key modern tools and methodologies for enumerating and attacking real-world wireless networks. Corporate wireless networks are often well-hardened, but this path has provided knowledge that will make you a better wireless assessor and enable you to provide clients with the best possible 360-degree review of their wireless implementations.
This path was designed to present realistic, modern wireless attack paths in a series of hands-on labs without requiring external hardware. Many of these attacks are difficult to practice without direct experience conducting enterprise wireless network assessments.
Until now, the modules in this path have demonstrated wireless attacks in isolation. This module will take us step-by-step through an simulated Wi-Fi penetration test against a fictional global hospital called StarLight Hospitals. While the goal of the lab is to compromise all Wi-Fi networks and obtain access to sensitive data in the hospital domain, this will not just be a walkthrough of how to solve the lab. The guided portion of the module will detail the thought process of an experienced pentester working through a network, chasing down every lead and leaving no stone unturned in the process. We will dig through enumeration data and attempt tactics that will fail to gain us further access in the network until we ultimately uncover the tactics that work to move progress forward. This module will simulate a realistic scenario of attacking enterprise wireless network to obtain a foothold in an Active Directory environment, perform further enumeration and attacks, and ultimately compromise the target domain. This module aims to show that penetration testers and red teamers should not overlook wireless attacks, and sometimes even modern wireless implementations are not put together well, leaving open holes that attackers can exploit.
Our goal was to keep the path as hands-on as possible, providing multiple realistic wireless labs to hone your skills. This module lab will require you to call on all of the skills learned in this path, so I hope you kept good notes!
Getting the Most Out of this Module
It is recommended to take the module twice, once from a black-box perspective, approaching this as an actual Wi-Fi penetration test and taking detailed notes of the activities performed, the identified weaknesses, and the attack path to the in-scope domains. The sections will serve as a guide to complete the assessment; however, being able to complete the assessment without assistance is an excellent gauge of readiness for the certification exam.
In the next section, we will cover the scenario and scope of this mock engagement and get things started. Now, let's go through the engagement letter/scope so we can kick off this assessment.
