Skip to main content

Generic Commands

info

Your card should be able to make injection in monitor mode you can check with the command iw list.

Monitor mode​

Ask NetworkManager to not manage your interface

nmcli dev set <interface> managed no

Start Monitor mode

ifconfig <wlan1> down
iwconfig <wlan1> mode monitor
ifconfig <wlan1> up
tip

If possible, do not perform the airmon-ng check kill command.

airmon-ng
airmon-ng check <wlan1>
airmon-ng check kill
airmon-ng start <wlan1> <channel>
-----
airmon-ng start <wlan1> --band <abg>

Stop monitor mode

ifconfig <wlan1> down
iwconfig <wlan1> mode managed
ifconfig <wlan1> up
airmon-ng stop <wlan1mon>
service network-manager start

Reconnaissance​

airodump-ng <wlan1mon>
airodump-ng <wlan1mon> -c <channel> --bssid <bssid> [-a] -w <out>
-----
nmcli -c yes dev wifi list --rescan yes
-----
iw dev <wlan1> scan

GUI

/opt/wifi/sparrow-wifi/sparrow-wifi.py

Uncovering hidden ESSIDs​

Passive way

Check for probe requests from airodump or via wireshark by filtering all non-beacon packets. 

wlan.bssid == <ap_mac> && !(wlan.fc.type_subtype == 0x08)

Active way

Deautentication attack to force the reauthentication.

aireplay-ng -0 5 -a <supplicant_mac> --ignore-negative <wlan1mon>

Association​

One packet for association

aireplay-ng -1 0 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>

Association with keep-alive

aireplay-ng -1 6000 -o 1 -q 10 -e <ESSID> -a <ap_mac> -h <chipset_mac> <wlan1mon>

Deauthentication​

info

If nb_deauth is 0 it means continuously. You can try option -D if you can't deauth on 5GHz frequency.

aireplay-ng -0 <nb_deauth> -a <ap_mac> -c <supplicant_mac> <wlan1mon>
tip

In airodump PWR should be dropped to 0.

Deauthenticate with broadcast address

aireplay-ng -0 20 -a <ap_mac> -c FF:FF:FF:FF:FF:FF <wlan1mon>

Decrypt capture files​

For WPA/WPA2 encryption, at least handshake packets 2-3 or 3-4 are necessary.

airdecap-ng -e <essid> -p <PSK> [-b <ap_mac>] <cap_file>

Repeater​

airtun-ng -a <ap_mac_source> --repeat [--bssid <ap_mac_source_filtering>] -i <mon0_source> <mon1_dest>

Install the Alfa AWUS1900 (RTL8814AU) driver in Kali​

info

RTL8814AU chipset is no longer supported in the realtek-rtl88xxau-dkms driver.

apt remove realtek-rtl88xxau-dkms
apt install dkms build-essential libelf-dev linux-headers-`uname -r`
cd /opt
git clone https://github.com/aircrack-ng/rtl8814au
cd rtl8814au
make dkms_install
info

To remove the driver use the command below.

make dkms_remove

Bettercap​

Install​

apt install golang libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev
/opt/bettercap -eval "caplets.update; q"
/opt/bettercap -eval "caplets.update; ui.update; q"

Start GUI​

/opt/bettercap -caplet "http-ui"