WiFi Hacking

Last modified: Thu Aug 03 2023 00:00:00 GMT+0000 (Coordinated Universal Time)

Network

Investigation

Online Tools

  • WiGLE

    Wireless Network Mapping. If you have the BSSID, you can get the location.
    You need to create an account to use the advanced search.

Check Status

  • Retrieve the Device IP Address

    # IP address
    ip addr
    # IP address - Show the specific interface only
    ip addr show eth0
    ip addr show eth1
    ip addr show tun0
    
    # IPv4 only
    ip -4 addr
    # IPv6 only
    ip -6 addr
    
    # Static route
    ip route
    
  • Delete Network Interfaces From Your Devices

    ip link delete docker0
    
  • Find Current WiFi IP Address

    We can get the ip adress of the WiFi that we’re currently connecting by checking a default gateway in results of ipconfig command.

    ipconfig
    
    # Outputs
    
    ...
    
    Default gateway . . . . . : 192.168.1.1
    
  • Find Another Computer's IP Address/MAC Address on Network

    arp -av
    
  • Get Public IP Address

    We can get our public ip address from command line as below.

    curl https://api.ipify.org
    

    Alternatively, we can get the public ip online like https://www.whatismyip.com/.


Crack WiFi Passwords

Default Router Credentials

admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco

Crack from A Packet Capture File

If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.

aircrack-ng example.cap -w wordlist.txt

Find BSSID From SSID

  1. Access to WiGLE and login.
  2. Go to View → Advanced Search.
  3. Open the General Search tab.
  4. Input the SSID in the SSID/Network Name.
  5. Check the result.

MAC Address Spoofing

First of all, you need to use network adapter which has monitor mode on your machine.
Aircrack-ng is a complete suite of tools to assess WiFi network security.

  1. Preparation

    # Show available interfaces
    airmon-ng
    
    # Put an interface into monitor mode
    airmon-ng start wlan0
    airmon-ng start eth0
    # or
    iwconfig wlan0 mode monitor
    iwconfig eth0 mode monitor
    
    # Choose the access point (monitor mode)
    airodump-ng wlan0mon
    
  2. Retrieve Client's MAC Addresses

    # Retrieve client's MAC address from the chosen access point
    # -c 9: channel 9
    # --bssid: target router MAC address
    # -w psk: the dump file prefix
    # eth0: interface name
    airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon
    airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0
    
  3. Spoof MAC Address using the Retrieved Address

    # Take down the network at first
    ip link set wlan0 down
    
    # Set MAC address which you got by airodump-ng in the previous section
    macchanger -m XX:XX:XX:XX:XX:XX wlan0
    
    # Bring up the network
    ip link set wlan0 up
    
  4. Confirmation

    # Check the current MAC address
    macchanger -s wlan0
    
  5. Reset to the Original MAC Address

    # Reset to the original (permanent) MAC address
    macchanger -p wlan0
    

Other Useful Tools

  • Bettercap

    The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

  • OUI Standards

    List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.

    • Access to the OUI Standards

      If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search.
      Then check the information.