Attacking Captive Portals Captive portals are often set up on unencrypted or open networks to allow guests or employees to easily connect to the network or Internet, sometimes without credentials. ...

A rogue AP is an AP in use that has not been authorized by a local network administrator. This could take the form of an AP plugged into a network without the administrator’s knowledge. Creating a...

WPS WPS makes configuring new devices easier for users with little networking or security knowledge. For the most part, all they have to do is input a PIN code or push a button. Method to authent...

John The Ripper The rules to mutate passwords are in /etc/john/john.conf Rule to add 2 and 3 numbers at the end of the password: $[0-9]$[0-9] $[0-9]$[0-9]$[0-9] Use –rules with jo...

Hashcat Hashcat is a password cracking tool that was developed to primarily operate on systems with Graphical Processing Units (GPUs) from NVIDIA, AMD, and Intel. A utility that is specifically r...

Methodology First, we’ll need to capture a handshake. Next, we will make a guess at the passphrase and send that guess into the hash function. We will then compare the output from the hash ...

Airolib-ng Airolib-ng is a tool designed to store and manage ESSID and password lists, compute their Pairwise Master Keys (PMKs) and use them in WPA/WPA2 cracking through sqlite3. # create a text...

Airodump-ng Airodump-ng is used to capture raw 802.11 frames. # Channel hopping airodump-ng wlan0 # Specify the channel where airodump listens airodump-ng --channel 11 --bssid <bssid> # l...

Airmon-ng Airmon-ng is a convenient way to enable and disable monitor mode on various wireless interfaces. # Displays the status and information about the wireless interfaces airmon-ng # List pr...

Airgraph-ng Airgraph-ng is a Python script that can be used to create graphs of wireless networks using the CSV files generated by Airodump-ng. Color Table: | Color | Encryption | |——-|———-| | Gr...