How-To Guides and Suggested Methods

Basic Terminology

• https://techtalk.gfi.com/wi-fi-glossary-71-terms-you-need-to-know/
• https://www.datapro.net/techinfo/wifi_term.html

Setup

• Setting the wifi card to monitor mode: Find the card name with "ifconfig" (e.g. wlan0 or wlx60e327177a6b).
  Also, please note there are alternative methods & guides for this if necessary.

  
  sudo ifconfig wlan0 down
  sudo iwconfig wlan0 mode monitor
  sudo ifconfig wlan0 up
            

• Some programs(hcxtools) might throw an error about conflicting network processes. You can kill them with:

  
  sudo airmon-ng check kill
            

WEP Hacking Guides

• https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wep-passwords-with-aircrack-ng-0147340/
• https://www.aircrack-ng.org/doku.php?id=shared_key
• https://null-byte.wonderhowto.com/how-to/hack-wi-fi-hunting-down-cracking-wep-networks-0183712/
• https://www.aircrack-ng.org/doku.php?id=simple_wep_crack
• You technically only need one wifi adapter for this hack, but it would take awhile to capture enough (~100,000) packets for cracking. The second wifi adpater speeds up the process.

WPA2 Hacking Guides

• https://null-byte.wonderhowto.com/how-to/hack-wi-fi-cracking-wpa2-psk-passwords-using-aircrack-ng-0148366/
• ADVICE: Start with low number of Deauth frames (1-3). Too many will permanetly disconnect some devices
• https://www.aircrack-ng.org/doku.php?id=cracking_wpa
• HINT: Passwords are in Rockyou DB. They are exactly 10 digits long and should take less than 10-15minutes to crack with a laptop.
• You technically only need one wifi adapter for this hack, but you would have to wait for a client to make a connection to the network (e.g. when your phone autoconnects to home wifi when you come home from work). The second wifi adapter allows us to disconnect (deauth) an already connected client.
• If the network has no clients, you must wait or try alternative techniques, such as PMKID or WPS.

PMKID Guide

• https://www.bitcrack.net/the-pmkid-attack/

WPS Guides

• You can find wifi networks with WPS enbaled using Wash (installs with Reaver) or Airodump-ng -W option.
• PixieDust: https://null-byte.wonderhowto.com/how-to/hack-wifi-using-wps-pixie-dust-attack-0162671/
• Personalized PIN: https://github.com/t6x/reaver-wps-fork-t6x/wiki/Introducing-a-new-way-to-crack-WPS:-Option--p-with-an-Arbitrary-String
• Brute Force: https://www.kalitutorials.net/2014/04/hack-wpawpa2-wps-reaver-kali-linux.html
• ADVICE: Try brute force last! Most current routers will timeout/lockout after 3 failed attempts!!
• HINT: Any brute force will take less than 10 minutes.

Netgear Routers with default ESSID (e.g. NETGEAR85)

• https://ethaniel.me/networking/practical-wpa2-attacks-on-netgear-routers
• HINT: Use the password list in Requirements. You must add 3 digit numbers
• HINT: The password begins with a constonant and is in first half of alphabet

Hidden Networks

• https://www.aircrack-ng.org/doku.php?id=airodump-ng#hidden_ssids_length
• http://bactracktutorial.blogspot.com/2011/12/using-mdk3-in-backtrack-4-to-crack.html