Tag: Wireless

Pwnagotchi Waveshare V3

So you want to build yourself one of those Pwnagotchi that everyone is talking about since the Flipper Zero came out and no one can get one, eh? And you’ve followed the official installation instructions (which this post supplements, but does not replace) but have noticed that either (1) you can’t really find a Waveshare eInk 2.13″ display that’s not version 3, or (2) you can’t quite seem to get into your Pwnagotchi if it’s even running and ERMAGERD WTF why is this so obtuse? Well, this is the guide for you. 🙂

Continue reading “Pwnagotchi Waveshare V3”
0

Bruteforcing ESSID Values

If you need to reveal an (E)SSID you can do this simply through MDK3.  To do so we’ll use the “p” mode, as follows:

mdk3 {INTERFACE} p -f /path/to/file/of/potential_names -t {AP_MAC_ADDRESS} -b {CHARSET}

For the “CHARSET” you can use “a” (for all characters, not recommended except for tiny names), or one or more of the following:

  • u – Uppercase
  • l – Lowercase
  • n – Numbers
  • s – ASCII symbols

Good hunting!

WPA Handshake Stripping

Many thanks to INIT_SIX for also pointing out a quick way to reduce the size of your WPA handshake captures using pyrit:

pyrit -r /path/to/capture.cap -o /path/to/handshake-only-output.cap strip

Add the “-e” or “-b” switches to filter down to just a single AP by ESSID or BSSID respectively:

pyrit -r capture.cap -o output.cap -b "99:88:77:66:55:44" strip

That’s it! Good hunting!

Wireless Attack: WPA

The following is a quick-hit list of commands for attacking a WPA wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WPA network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.

For the sake of this tutorial the AP will be assumed to have a MAC address of “99:88:77:66:55:44” and the client will be assumed to have a MAC address of “00:11:22:33:44:55”. The wireless network card we will use will be assumed to be “wlan0”.

If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WPA & WPS (basic_0x01)

Continue reading “Wireless Attack: WPA”

Wireless Attack: WEP

The following is a quick-hit list of commands for attacking a WEP wireless network. It assumes you are using a 2016 variant of Kali linux with the aircrack-ng suite installed and a wireless network card that can be placed into monitor mode (which should be about 100% of them). It also assumes that there is a WEP network with an associated client that is transmitting, and that you are running as a user with sufficient permissions to execute each of these commands.

For the sake of this tutorial the AP will be assumed to have a MAC address of “DE:AD:DE:AD:DE:AD” and the client will be assumed to have a MAC address of “BE:AD:ED:BE:AD:ED”. The wireless network card we will use will be assumed to be “wlan0”.

UPDATE 2017-01-01: If a presentation is more your style of learning you can access training on this topic here: Wireless Attacks – WEP (basic_0x00)

First up, boot up Kali and shut down any potentially interfering programs:

airmon-ng check kill

Continue reading “Wireless Attack: WEP”

Website Powered by WordPress.com.

Up ↑