Wireless attacks
For most of the following attacks, we'll be using the aircrack-ng suite of tools to help us accomplish our objectives.
Note
Aircrack-ng can be found at www.aircrack-ng.org.
Exercise – checking whether a wireless card supports injection
A quick and easy method to determine whether your wireless NIC supports packet injection is to use the aireplay-ng
tool. Using the aireplay --test <interface>
command will test for packet injection.
The following is a demonstration of using the command. As you can see, our card supports packet injection:
![](https://static.packt-cdn.com/products/9781788995177/graphics/0d5c4b62-218f-4ea8-b786-9dfb49859c17.png)
In addition, the -9
parameter can be used instead of --test
.
![](https://static.packt-cdn.com/products/9781788995177/graphics/a3f8279a-fc83-4ef0-92e4-6f7cf9dc8178.png)
If you look carefully at the output, you'll see the packet loss ratio was obtained for each access point.
Exercise – detecting access points and their manufacturers
We can detect each access point that is within range of our Kali NetHunter device. We'll be able to determine the following:
- The MAC address or BSSID of the access point
- Its signal rating by displaying a PWR value
- Its encryption...