Wifi Enum

Enumeration

# IP addresses
ip addr
# specific interface
ip addr show eth0
ip addr show eth1
ip addr show tun0
# IPv4/6 only
ip -4 addr
ip -6 addr
# Static route
ip route

# Get the currently connected WiFi router's IP address (see the 'Default gateway' line in the output)
ipconfig

# Find any wireless devices
iw dev
# Display information of the specified device
iw dev <interface> info
# Scan wifi networks nearby the specified device
iw dev <interface> scan

# Find another computer's IP address/MAC address on the network
arp -av

# Get public IP address
curl https://api.ipify.org

Using WiGLE

If BSSIDs found, we can find the location for devices using WiGLE.

To find BSSID From SSID using WiGLE:

Access to WiGLE and login.
Go to View → Advanced Search.
Open the General Search tab.
Input the SSID in the SSID/Network Name.
Check the result.

Delete Network Interfaces From Your Devices

ip link delete <iterface>

Crack WiFi Passwords

Default Router Credentials

admin:Admin
admin:admin
admin:password
admin:Michelangelo
root:admin
root:alpine
sitecom:Admin
telco:telco

Crack from A Packet Capture File

If we have a packet capture file (.cap or .pcap) of the WiFi network, we can crack the WiFi password using the file.

aircrack-ng example.cap -w wordlist.txt

MAC Address Spoofing

First of all, you need to use network adapter which has monitor mode on your machine. Aircrack-ng is a complete suite of tools to assess WiFi network security.

Preparation

# Show available interfaces
airmon-ng

# Put an interface into monitor mode
airmon-ng start wlan0
airmon-ng start eth0
# or
iwconfig wlan0 mode monitor
iwconfig eth0 mode monitor

# Choose the access point (monitor mode)
airodump-ng wlan0mon

Retrieve Client's MAC Addresses

# Retrieve client's MAC address from the chosen access point
# -c 9: channel 9
# --bssid: target router MAC address
# -w psk: the dump file prefix
# eth0: interface name
airodump-ng -c 6 --bssid XX:XX:XX:XX:XX:XX -i wlan0mon
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk eth0

Spoof MAC Address using the Retrieved Address

# Take down the network at first
ip link set wlan0 down

# Set MAC address which you got by airodump-ng in the previous section
macchanger -m XX:XX:XX:XX:XX:XX wlan0

# Bring up the network
ip link set wlan0 up

Confirmation

# Check the current MAC address
macchanger -s wlan0

Reset to the Original MAC Address

# Reset to the original (permanent) MAC address
macchanger -p wlan0

Deauthentication Attack

Reference: https://medium.com/@flytechoriginal/state-of-wifi-security-in-2024-b88091015cc2

Using (Freeway)[https://github.com/FLOCK4H/Freeway], we can easily achieve this attack.

sudo Freeway -i wlan1 -a deauth

Other Useful Tools

Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
OUI Standards
List of MAC OUI (Organizationally Unique Identifier). You can get the information from the BSSID.
- Access to the OUI Standards
  If the target BSSID is "B4:5D:50:AA:86:41", search text by inputting "B4-5D-50" on the string search. Then check the information.

PreviousWASTE Pentesting NextWifi Exploit

Last updated 1 month ago

hashtagEnumeration

hashtagUsing WiGLE

hashtagDelete Network Interfaces From Your Devices

hashtagCrack WiFi Passwords

hashtagDefault Router Credentials

hashtagCrack from A Packet Capture File

hashtagMAC Address Spoofing

hashtagDeauthentication Attack

hashtagOther Useful Tools