Changes between Version 17 and Version 18 of Kali

Timestamp:

07/08/2021 09:14:08 PM (3 years ago)

Author:

Cale Collins

Comment:

cleaned up

Kali

@@ -159 +159 @@
 sudo airmon-ng start wlan0 #this command creates the "mon" interface "wlan0mon".
 }}}
-Kick off airodump-ng to start capturing packets. Note, airodump-ng by default will only monitor on 2.4Ghz, use the "--band a" switch to enable 5ghz monitoring.  
+Start airodump-ng to begin capturing packets. Note, airodump-ng by default will only monitor on 2.4Ghz, use the "--band a" switch to enable 5ghz monitoring.  
 {{{#!bash
 sudo airodump-ng --band a wlan0mon
@@ -165 +165 @@
 [[Image(test5ghz.png,500px)]]
 
-
+== Penetration testing your wifi network
+
+Once the SSID you wish to test has been identified, record its MAC address and note which channel it's on. 
+        
+Single out that network to find clients which can be deauthenticated.  In this example my BSSID is {{{11:22:33:44:55:66}}} on channel 44.  We will create a log file to record the handshake called "my-handshake".
+{{{#!bash
+sudo airodump-ng -c44 --write my-handshake --bssid 11:22:33:44:55:66 wlan0mon
+}}}
+Run this scan until a client (station) is identified.  For this example I've used my cell phone MAC {{{77:88:99:AA:BB:CC}}}.
+
+[[Image(single out SSID.png,500px)]]
+
+Start a new SSH session, so both sessions are open simultaneously. 
+
+In the second session execute your deauthentication attack (this is where packet injection is used):
+
+** Note: Do not deauthenticate devices which are not part of your network **
+{{{#!bash
+sudo aireplay-ng --deauth 0 -a 11:22:33:44:55:66 -c 77:88:99:AA:BB:CC wlan0mon
+}}}
+Upon success the client is disconnected from the access point.  When the client reconnects airodump-ng will capture the handshake and log it to the designated file. 
+
+[[Image(handshake.png,500px)]]
+
+Upper right displays handshake hash (pixelated in this image).
+
+=== Wordlists and Aircrack-ng
+                
+Wordlists with default manufacturer passwords are provided by Metasploit framework.  More wordlists can be found in "/usr/share/wordlists".  A wordlist is only one potential approach to breaking the handshake hash.  Though this is an excellent test to perform in order to verify your passwords aren't easily compromised.  
+
+An all around (basic) word list included with Kali is rockyou.txt.
+{{{#!bash
+sudo gunzip /usr/share/wordlists/rockyou.txt.gz #extract the wordlist
+cat /usr/share/wordlists/rockyou.txt #display words contained in the list
+}}}
+Start aircrack-ng to decrypt the hash:
+{{{
+aircrack-ng my-handshake-01.cap -w /usr/share/wordlists/rockyou.txt
+}}}
+
+[[Image(aircrack.png,360px)]]
 
 = Getting help with Kali