WiFi Hacking

Enumeration

# IP addresses
ip addr
# specific interface
ip addr show eth0
ip addr show eth1
ip addr show tun0
# IPv4/6 only
ip -4 addr
ip -6 addr
# Static route
ip route

# Get the currently connected WiFi router's IP address (see the 'Default gateway' line in the output)
ipconfig

# Find any wireless devices
iw dev
# Display information of the specified device
iw dev <interface> info
# Scan wifi networks nearby the specified device
iw dev <interface> scan

# Find another computer's IP address/MAC address on the network
arp -av

# Get public IP address
curl https://api.ipify.org

Using WiGLE

If BSSIDs found, we can find the location for devices using WiGLE.

To find BSSID From SSID using WiGLE:

1. Access to WiGLE and login.
2. Go to View → Advanced Search.
3. Open the General Search tab.
4. Input the SSID in the SSID/Network Name.
5. Check the result.

Delete Network Interfaces From Your Devices

ip link delete <iterface>

Crack WiFi Passwords

Default Router Credentials

admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco

Crack from A Packet Capture File

If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.

aircrack-ng example.cap -w wordlist.txt

MAC Address Spoofing

First of all, you need to use network adapter which has monitor mode on your machine.
Aircrack-ng is a complete suite of tools to assess WiFi network security.

1. Preparation

   # Show available interfaces
   airmon-ng
   
   # Put an interface into monitor mode
   airmon-ng start wlan0
   airmon-ng start eth0
   # or
   iwconfig wlan0 mode monitor
   iwconfig eth0 mode monitor
   
   # Choose the access point (monitor mode)
   airodump-ng wlan0mon
   

2. Retrieve Client's MAC Addresses

   # Retrieve client's MAC address from the chosen access point
   # -c 9: channel 9
   # --bssid: target router MAC address
   # -w psk: the dump file prefix
   # eth0: interface name
   airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon
   airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0
   

3. Spoof MAC Address using the Retrieved Address

   # Take down the network at first
   ip link set wlan0 down
   
   # Set MAC address which you got by airodump-ng in the previous section
   macchanger -m XX:XX:XX:XX:XX:XX wlan0
   
   # Bring up the network
   ip link set wlan0 up
   

4. Confirmation

   # Check the current MAC address
   macchanger -s wlan0
   

5. Reset to the Original MAC Address

   # Reset to the original (permanent) MAC address
   macchanger -p wlan0
   

Deauthentication Attack

Reference: https://medium.com/@flytechoriginal/state-of-wifi-security-in-2024-b88091015cc2

Using (Freeway)[https://github.com/FLOCK4H/Freeway], we can easily achieve this attack.

sudo Freeway -i wlan1 -a deauth

Other Useful Tools

• Bettercap

  The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

• OUI Standards

  List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.

  • Access to the OUI Standards

    If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search.
    Then check the information.