Breaking the Signal: Going into the wireless network

Jan 43 min read

To footprint a wireless network, We must identify the BSS (Basic Service Set) or Independent BSS (IBSS) provided by the access point. This is done with the help of the wireless network’s SSID, which can be used to establish an association with the access point to compromise its security. Therefore, we need to find the SSID of the target wireless network. Footprinting methods to detect the SSID of a wireless network include:

▪ Passive Footprinting, in which you detect the existence of an access point by sniffing packets from the airwaves

▪ Active Footprinting, in which a wireless device sends a probe request with the SSID to see if an access point responds

i bought the below buddy :

Monitor Mode: Captures wireless packets without connecting to the network.
Packet Injection: Allows injecting packets for active network analysis.
SSID Detection: Helps in identifying network SSIDs during footprinting.
Wireless Protocol Support: Compatible with 802.11 standards.
Range and Sensitivity: Offers extended range for capturing signals from distant networks.

Kismet: Overview and Installation

Kismet is an open-source wireless network detector and sniffer for Linux. It helps in detecting, analyzing, and monitoring Wi-Fi networks, displaying details like SSID, signal strength, encryption type, and more. It supports 802.11a/b/g/n/ac networks and is used for network monitoring and security analysis.

Install Kismet: Open a terminal and run:

sudo apt install kismet

Prepare Wireless Adapter: Ensure your wireless adapter supports monitor mode. Enable it with:

sudo ip link set wlan0 down
sudo iw dev wlan0 set type monitor
sudo ip link set wlan0 up

Start Kismet: Launch Kismet with:

sudo kismet

kismet shows the below: details of WIFI available.

Another interesting - it shows the encrytpion of the WIFI.

The plan :

Hack into wifi.
Find the device connected to wifi.
Gathering device details.

This is going to be fun… Let’s get started! 🚀

1.Wi-Fi Reconnaissance with Airmon-NG

1.1 Setting Up the Playground

First things first, we need to get our wireless adapter into monitor mode—a fancy way of saying we want it to snoop on all nearby Wi-Fi signals. With a trusty terminal at my side, I fired up the following commands:

sudo su 
airmon-ng check kill 
airmon-ng start wlan0 # Enabling monitor mode

Bam! Success. The output confirmed that my device wlan0 was now in monitor mode:

1.2.Capturing the Magic Packets

With monitor mode enabled, it was time to unleash airodump-ng to capture packets floating in the air. I targeted a specific Wi-Fi network using its BSSID (12:34:56:78:9a:bc, totally made up) and locked on to its channel:

sudo airodump-ng wlan0mon --channel 36 --bssid 12:34:56:78:9a:bc -w output

Packets started pouring in, and my capture file, output-02.cap, grew by the second.

1.3.Deauthentication Attack: Kicking Devices Off

The next step? A classic deauth attack to disconnect devices from the network temporarily and force them to reconnect. This trick speeds up the process of capturing the 4-way handshake, which is crucial for cracking the Wi-Fi password.

sudo aireplay-ng --deauth 36 -a 12:34:56:78:9a:bc -c 22:11:33:44:55:66 wlan0mon

36 deauth packets later, we got what we needed: a juicy handshake!

1.4.Brute Forcing with Aircrack-ng

With the handshake captured, it was time to unleash aircrack-ng and start the brute-force attack. I fed it a password list (password_wifi.txt) and pointed it to my capture file:

sudo aircrack-ng -w password_wifi.txt -b 12:34:56:78:9a:bc output-02.cap

boom! boom! shaka lakka boom boom !

Now connect in this wifi.

2.Scanning the Network with Angry IP Scanner

When you run a scan, Angry IP Scanner performs the following tasks for each IP address in the specified range:

Ping Requests: It sends ICMP packets to check whether a device is online.
Hostname Resolution: If a device is online, it tries to resolve its hostname (e.g., my-pc.local).
MAC Address Retrieval: If enabled, Angry IP Scanner fetches the MAC address of devices, which can help identify the manufacturer.
Open Port Detection (Optional): You can enable port scanning to detect which ports are open on each device (useful for identifying services like SSH, HTTP, or FTP).

3.Gather Device details.

Nmap is a robust tool for network discovery and security auditing. Use it to scan devices, detect open ports, and identify operating systems.

This scans a device and shows open ports. To identify the OS, use:

Nbtscan helps identify Windows devices by querying NetBIOS names. It’s ideal for discovering Windows machines and gathering their hostnames, IP addresses, and workgroup info.

Sometimes, typing an IP address directly in a browser (e.g., http://192.168.1.1) lets you access a web interface for devices like routers or cameras, providing device details and configuration options.

Wireshark lets you capture and analyze network traffic, revealing device details like IP addresses, services, and protocols.Wireshark helps you uncover data, services, and even login information transmitted over unencrypted protocols.