Changes between Version 17 and Version 18 of Kali


Ignore:
Timestamp:
07/08/2021 09:14:08 PM (15 months ago)
Author:
Cale Collins
Comment:

cleaned up

Legend:

Unmodified
Added
Removed
Modified
  • Kali

    v17 v18  
    159159sudo airmon-ng start wlan0 #this command creates the "mon" interface "wlan0mon".
    160160}}}
    161 Kick off airodump-ng to start capturing packets. Note, airodump-ng by default will only monitor on 2.4Ghz, use the "--band a" switch to enable 5ghz monitoring. 
     161Start airodump-ng to begin capturing packets. Note, airodump-ng by default will only monitor on 2.4Ghz, use the "--band a" switch to enable 5ghz monitoring. 
    162162{{{#!bash
    163163sudo airodump-ng --band a wlan0mon
     
    165165[[Image(test5ghz.png,500px)]]
    166166
    167 
     167== Penetration testing your wifi network
     168
     169Once the SSID you wish to test has been identified, record its MAC address and note which channel it's on.
     170       
     171Single out that network to find clients which can be deauthenticated.  In this example my BSSID is {{{11:22:33:44:55:66}}} on channel 44.  We will create a log file to record the handshake called "my-handshake".
     172{{{#!bash
     173sudo airodump-ng -c44 --write my-handshake --bssid 11:22:33:44:55:66 wlan0mon
     174}}}
     175Run this scan until a client (station) is identified.  For this example I've used my cell phone MAC {{{77:88:99:AA:BB:CC}}}.
     176
     177[[Image(single out SSID.png,500px)]]
     178
     179Start a new SSH session, so both sessions are open simultaneously.
     180
     181In the second session execute your deauthentication attack (this is where packet injection is used):
     182
     183** Note: Do not deauthenticate devices which are not part of your network **
     184{{{#!bash
     185sudo aireplay-ng --deauth 0 -a 11:22:33:44:55:66 -c 77:88:99:AA:BB:CC wlan0mon
     186}}}
     187Upon success the client is disconnected from the access point.  When the client reconnects airodump-ng will capture the handshake and log it to the designated file.
     188
     189[[Image(handshake.png,500px)]]
     190
     191Upper right displays handshake hash (pixelated in this image).
     192
     193=== Wordlists and Aircrack-ng
     194               
     195Wordlists with default manufacturer passwords are provided by Metasploit framework.  More wordlists can be found in "/usr/share/wordlists".  A wordlist is only one potential approach to breaking the handshake hash.  Though this is an excellent test to perform in order to verify your passwords aren't easily compromised. 
     196
     197An all around (basic) word list included with Kali is rockyou.txt.
     198{{{#!bash
     199sudo gunzip /usr/share/wordlists/rockyou.txt.gz #extract the wordlist
     200cat /usr/share/wordlists/rockyou.txt #display words contained in the list
     201}}}
     202Start aircrack-ng to decrypt the hash:
     203{{{
     204aircrack-ng my-handshake-01.cap -w /usr/share/wordlists/rockyou.txt
     205}}}
     206
     207[[Image(aircrack.png,360px)]]
    168208
    169209= Getting help with Kali