Diferencias

Muestra las diferencias entre dos versiones de la página.

--- hack [2020/04/15 17:18] – gregkedro
+++ hack [2020/04/17 16:21] (actual) – gregkedro
@@ Línea 2: / Línea 2: @@
 **Adapters:** Built-in wireless adapters in retail computers will not perform for what you need. You need a wireless adapter that will support: Monitor Mode & Packet Injection ([[https://youtu.be/0lqRZ3MWPXY|Explanation]]).
+  * Tools are found in the [[https://www.aircrack-ng.org/documentation.html|aircrack-ng]] suite.
 ===== Adapter Setup =====
@@ Línea 121: / Línea 122: @@
 Do an ''iwconfig'' to check out ''wlan0'' (or whatever your interface name is): should be ''Mode: Managed'' (you need to change to ''Monitored'' in order to catch all network traffic).
+  * **Important:** It is important that you use ''ifconfig'' (or ''ip'') here and not ''ifup''. ([[configs#ifupdown_vs_ifconfig|See explanation]].)
 . Disable the interface.
@@ Línea 131: / Línea 133: @@
 <code>airmon-ng check kill</code>
-. Enable monitor mode.
+. Enable monitor mode [1].
 <code>iwconfig wlan0 mode monitor</code>
@@ Línea 141: / Línea 143: @@
 Run ''iwconfig'' and you should see ''Mode:Monitor'' (capture any packet in range).
+[1] The ''mode'' sets the operating mode of the device:
+  * ''ad hoc'' (network composed of only one cell and without access point)
+  * ''managed'' (node connects to a network composed of many access points, with roaming)
+  * ''master'' (the node is the synchronisation master or acts as an access point)
+  * ''repeater'' (the node forwards packets between other wireless nodes)
+  * ''secondary'' (the node acts as a backup master/repeater)
+  * ''monitor'' (the node is not associated with any cell and passively monitor all packets on the frequency)
+  * ''auto''
 ----
@@ Línea 147: / Línea 158: @@
 General wireless packet sniffing is done with ''airodump-ng'', part of the ''aircrack-ng'' suite.
+**//This will give you general information about the wireless __networks__ around you.//**
 **man page:** airodump-ng is used for packet capturing of raw 802.11 frames for the
@@ Línea 164: / Línea 177: @@
 </code>
-Once you find a target in the information provided by ''airodump'', move on...
+Once you find a target network in the information provided by ''airodump'', move on...
 ----
@@ Línea 170: / Línea 183: @@
 ===== Targeted Sniffing =====
-Here you specify the  BSSID+Channel you want to play with...
+Here you specify the target network (BSSID + Channel) you want to play with...
-From the general sniff of all traffic you just did, copy the target BSSID and Channel number:
+**Target One Specific Network:** From the general sniff of all traffic you just did, copy the target BSSID and Channel number:
+  * Run it without ''--write filename'' if you just want to see the network and clients on that network.
+  * You will see two sections: the top is the network, the bottom shows the clients ("stations") on the network.
 <code>airodump-ng --bssid XX:XX:XX:XX:XX:XX --channel X --write filename wlan0</code>
@@ Línea 191: / Línea 206: @@
 <code>
-aireplay-ng --deauth 10000000 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX wlan0
+aireplay-ng --deauth=10000000 -a XX:XX:XX:XX:XX:XX -c XX:XX:XX:XX:XX:XX wlan0
 # program     repeat lots        MAC addr router      MAC addr client   wireless adpater
 </code>
 The ''-c'' argument is the MAC address of the client machine on the network you are deauthenticating. It is not the MAC address of your attack machine.
+  * Remember: to get a client MAC address, you run airodump-ng and specify the network in order to see all the clients. The clients show up in the second (lower) block of information, under STATION:
-This still may fail unless you are also running ''airodump-ng'' against the target network.
+<code>airodump-ng --bssid XX:XX:XX:XX:XX:XX --channel X wlan0</code>
+This still may fail unless you are also running ''airodump-ng'' against the target network (the command just above).
 ----
@@ Línea 259: / Línea 277: @@
 ==== WPA & WPA2 ====
-The only difference is the ecryption method: WPA uses TKIP & WPA2 uses CCMP. The same methods will work with both WPA and WPA2.
+The only difference is the ecryption method: WPA uses TKIP and WPA2 uses CCMP. The same methods will work with both WPA and WPA2.
 **Misconfiguration Exploit:** WPS (allows clients to connect without the password).
@@ Línea 268: / Línea 286: @@
   * Check this first (since WPA/WPA2 are so difficult to crack).
-. TOOL: ''wash'' (display all networks with WPS enable).
+. TOOL: ''wash'' (display all networks with WPS enable). You may need to put your wireless interface into auto mode instead of monitor mode.
-<code>wash --interface wlan0</code>
+<code>
+wash --interface wlan0     # if this errors out, do the following...
+ifconfig wlan0 down        # or ifdown wlan0
+iwconfig wlan0 mode auto
+ifconfig wlan0 up          # or ifup wlan0
+wash --interface wlan0     # remember to change mode back to monitor for the hacks
+</code>
 . Associate with the network (as above)... set this up but **//DO NOT RUN IT YET//**...