HOWTO : Wifi Penetration Testing Without Tears

Wifi everywhere! There are a lot of private and public wifi access points around you. Almost everyone will use wifi at anytime. The security of wifi should be taken into account.

The most common wifi frequencies are 2.4GHz and 5GHz at the time of this writing. 2.4GHz frequency channel range is between 1 and 14 while 5GHz frequency channel range is between 34 and 165. That's include a/b/g/n/ac modes.

You can even find some access points still using WEP but it is not common. Almost all access points are using WPA/WPA2. To get passphrase of WEP from access point is very easy. However, WPA/WPA2 is not very hard indeed.

When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passhrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.

To complete the capture steps, you need a tool namely Aircrack-ng. It is a very powerful wifi auditing tool. Furthermore, there is a good tool to brute forcing WPA/WPA2 key, it is Hashcat. Hashcat is very powerful tool for password recovery. Hashcat requires GPU to do the brute forcing job. The more powerful the GPU, the faster the process of brute forcing.

However, to carry out the wifi penetration testing is somehow very hard for some people. It is because it will involve a lot of steps and procedure to complete. In addition, you also need a workable wifi USB dongle or card to make the job done.

Current version of Aircrack-ng 1.2 RC4 does not fully compatible to 5GHz frequency. It is required to patch it and compile it yourself in Kali Linux.

Realtek 8812au chipset wifi USB dongle is ready for 5GHz frequency and penetration testing. The driver is required to compile and install on Kali Linux yourself too.

One of the automated tools for penetration testing wifi is WAIDPS. It also can act as intrusion detection and prevention system for wifi. It just a few keystrokes to complete the wifi penetration testing.





Reference

[1] List of WLAN channels
[2] Kali Linux
[3] Aircrack-ng Official Site
[4] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[5] Install Realtek 8812au Linux Driver
[6] Patch Aircrack-ng For 5GHz Band On Kali Linux 2017.3
[7] Hashcat Official Site
[8] Install Hashcat on Ubuntu 16.04.3
[9] TP-Link Archer T4UHP (Realtek 8812au chipset)
[10] ALFA AWUS036NH (Realtek 8812au chipset)
[11] D-Link DWA-171 Nano USB Adapter (Realtek 8812au chipset)

That's all! See you.

HOWTO : Install RealTek 8812AU Driver with Packet Injection And Monitor Mode Support

TP-Link Archer T4UHP v1 is also supported by this driver with monitor mode and packet injection. It is a IEEE 802.11ac USB dongle.

Although Kali Linux has its own 8812au driver, I find AirCrack-ng's driver is the best.

Step 1 :

On Ubuntu Desktop 16.04.3 :

sudo apt update
sudo apt install build-essential dkms git

On Kali Linux 2017.2 :

apt update
apt install dkms

Step 2 :

git clone https://github.com/aircrack-ng/rtl8812au
cd rtl8812au

Step 3 :

On Ubuntu Desktop 16.04.3 :

Make sure to change at dkms.conf before running the following commands.

nano dkms.conf

Change all "/updates" to "/kernel/drivers/net/wireless" when using Ubuntu.

sudo bash ./dkms-install.sh

On Kali Linux 2017.2 :

bash ./dkms-install.sh

Step 4 :

To remove the dkms driver :

cd rtl8812au

Ubuntu Desktop 16.04.3 :

sudo bash ./dkms-remove.sh

Kali Linux 2017.2 :

bash ./dkms-remove.sh

Step 5 :

To control it, I suggest to use iw wireless tool.

Beware that the driver does not work properly on the following commands :

(1) airmon-ng start wlan0
(2) iw dev wlan0 interface add wlmon0 type monitor

Make sure run "airmon-ng check kill" beforehand.

Reference

AirCrack-ng RTL8812AU driver
HOWTO : Install Forked AirCrack-NG on Kali Linux 2017.3

That's all! See you.