WiFi Hacking

Investigation

Online Tools

• WiGLE

  Wireless Network Mapping. If you have the BSSID, you can get the location. You need to create an account to use the advanced search.

Check Status

• Retrieve the Device IP Address

  # IP address
  ip addr
  # IP address - Show the specific interface only
  ip addr show eth0
  ip addr show eth1
  ip addr show tun0
  
  # IPv4 only
  ip -4 addr
  # IPv6 only
  ip -6 addr
  
  # Static route
  ip route

• Delete Network Interfaces From Your Devices

  ip link delete docker0

• Find Current WiFi IP Address

  We can get the ip adress of the WiFi that we’re currently connecting by checking a default gateway in results of ipconfig command.

  ipconfig
  
  # Outputs
  
  ...
  
  Default gateway . . . . . : 192.168.1.1

• Find Another Computer's IP Address/MAC Address on Network

  arp -av

• Get Public IP Address

  We can get our public ip address from command line as below.

  curl https://api.ipify.org

  Alternatively, we can get the public ip online like https://www.whatismyip.com/.

Crack WiFi Passwords

Default Router Credentials

admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco

Crack from A Packet Capture File

If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.

aircrack-ng example.cap -w wordlist.txt

Find BSSID From SSID

1. Access to WiGLE and login.

2. Go to View → Advanced Search.

3. Open the General Search tab.

4. Input the SSID in the SSID/Network Name.

5. Check the result.

MAC Address Spoofing

First of all, you need to use network adapter which has monitor mode on your machine. Aircrack-ng is a complete suite of tools to assess WiFi network security.

1. Preparation

   # Show available interfaces
   airmon-ng
   
   # Put an interface into monitor mode
   airmon-ng start wlan0
   airmon-ng start eth0
   # or
   iwconfig wlan0 mode monitor
   iwconfig eth0 mode monitor
   
   # Choose the access point (monitor mode)
   airodump-ng wlan0mon

2. Retrieve Client's MAC Addresses

   # Retrieve client's MAC address from the chosen access point
   # -c 9: channel 9
   # --bssid: target router MAC address
   # -w psk: the dump file prefix
   # eth0: interface name
   airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon
   airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0

3. Spoof MAC Address using the Retrieved Address

   # Take down the network at first
   ip link set wlan0 down
   
   # Set MAC address which you got by airodump-ng in the previous section
   macchanger -m XX:XX:XX:XX:XX:XX wlan0
   
   # Bring up the network
   ip link set wlan0 up

4. Confirmation

   # Check the current MAC address
   macchanger -s wlan0

5. Reset to the Original MAC Address

   # Reset to the original (permanent) MAC address
   macchanger -p wlan0

Other Useful Tools

• Bettercap

  The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

• OUI Standards

  List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.

  • Access to the OUI Standards

    If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search. Then check the information.