__ ___ ______ _ _____ _ _ _ _ _
\ \ / (_) ____(_) / ____| | | | | | | | |
\ \ /\ / / _| |__ _ | | | |__ __ _| | | ___ _ __ __ _ ___ | | __ _| |__
\ \/ \/ / | | __| | | | | | '_ \ / _` | | |/ _ \ '_ \ / _` |/ _ \ | | / _` | '_ \
\ /\ / | | | | | | |____| | | | (_| | | | __/ | | | (_| | __/ | |___| (_| | |_) |
\/ \/ |_|_| |_| \_____|_| |_|\__,_|_|_|\___|_| |_|\__, |\___| |______\__,_|_.__/
__/ |
|___/
Virtualized WiFi pentesting laboratory without the need for physical WiFi cards, using mac80211_hwsim and vwifi proyect.
The competitive CTF began on March 11 and ended on May 15, 2022. Now the lab is still active but giving less points since the solutions have been published.
To access the CTFd server click here
If you want to create the VM manually click here
- 4 gb de RAM (6gb recommended)
- 4 CPUs
- Virtualize Intel VT-x/EPT or AMD-V/RVI enabled
- Download VMDK from mega
- Import VMDK in VMWare
- Read the IMPORTANT INTRUCCTIONS
- Check that the Wi-Fi networks to be audited can be seen from the VM
- If there is any problem exec restartVM.sh script
- Go to Challenges list
- You can't see you own traffic with airodump-ng (if you have airodump and mount an AP you won't see it)
- User/pass:
- user/toor (use this to login)
- The VMs starts automatically to the snapshot. In case of error use the home script:
- restartVM.sh to restart and restore
- All tools are in /root/tools folder
- All bruteforce can be done using rockyou
- The maximum waiting time between automations, connections, etc. is 5 min approx.
- The numbering of the challenges is indicative, if a challenge is unlocked it can be done regardless of the order.
- All necessary tools for the lab are installed, but others can be installed.
- If you fail a challenge until you run out of attempts, you can block the following challenges. Don't answer the flag randomly.
- Enable nested VT-x / AMD-V on VMWare host if not enabled
- Scope
- "wifi-guest"
- "wifi-mobile"
- "wifi-corp"
- "wifi-regional"
- "wifi-global"
- "wifi-admin"
- "wifi-office"
- Hidden network: <length: 14>
All attacks are made from the Debian VM
They are in $HOME/tools
No, everything runs automatically.
Run restartVM.sh in $HOME folder, if the problem persists, ask in the telegram group.
- https://github.com/koutto/pi-pwnbox-rogueap/wiki
- https://book.hacktricks.xyz/pentesting/pentesting-network/wifi-attacks
- Wi-Fi Attack-Defense: Wi-Fi Network Reconnaissance
- Wi-Fi Attack-Defense Wi-Fi Network Reconnaissance II
- Wi-Fi Security: AP-less WPA2-PSK Cracking
- WiFi Security: Mana: Attacking TTLS-MSCHAPv2
- Pivoting over WiFi: PEAP Relay Attack
- Wi-Fi Security: Pivoting over WiFi: PEAP Relay
- Wi-Fi Security: Mana: Attacking PEAP-MSCHAPv2
- Wi-Fi Security: Evil Twin - WPA Enterprise (Mana)
- Spanish
setxkbmap es
- American English
setxkbmap us
- https://github.com/koutto/pi-pwnbox-rogueap/wiki
- https://github.com/s0lst1c3/eaphammer/wiki
- https://www.aircrack-ng.org/doku.php
- https://www.cellstream.com/reference-reading/tipsandtricks/410-3-ways-to-put-your-wi-fi-interface-in-monitor-mode-in-linux
- https://wiki.netbsd.org/tutorials/how_to_use_wpa_supplicant/
- https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
- https://wiki.innovaphone.com/index.php?title=Howto:802.1X_EAP-TLS_With_FreeRadius
The Walkthrough is available here: https://wifichallengelab.com/walkthrough