5 KiB
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
Check BSSIDs
When you receive a capture whose principal traffic is Wifi using WireShark you can start investigating all the SSIDs of the capture with Wireless --> WLAN Traffic:
Brute Force
One of the columns of that screen indicates if any authentication was found inside the pcap. If that is the case you can try to Brute force it using aircrack-ng
:
aircrack-ng -w pwds-file.txt -b <BSSID> file.pcap
For example it will retrieve the WPA passphrase protecting a PSK (pre shared-key), that will be required to decrypt the trafic later.
Data in Beacons / Side Channel
If you suspect that data is being leaked inside beacons of a Wifi network you can check the beacons of the network using a filter like the following one: wlan contains <NAMEofNETWORK>
, or wlan.ssid == "NAMEofNETWORK"
search inside the filtered packets for suspicious strings.
Find Unknown MAC Addresses in A Wifi Network
The following link will be useful to find the machines sending data inside a Wifi Network:
((wlan.ta == e8:de:27:16:70:c9) && !(wlan.fc == 0x8000)) && !(wlan.fc.type_subtype == 0x0005) && !(wlan.fc.type_subtype ==0x0004) && !(wlan.addr==ff:ff:ff:ff:ff:ff) && wlan.fc.type==2
If you already know MAC addresses you can remove them from the output adding checks like this one: && !(wlan.addr==5c:51:88:31:a0:3b)
Once you have detected unknown MAC addresses communicating inside the network you can use filters like the following one: wlan.addr==<MAC address> && (ftp || http || ssh || telnet)
to filter its traffic. Note that ftp/http/ssh/telnet filters are useful if you have decrypted the traffic.
Decrypt Traffic
Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
-
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
-
Discover The PEASS Family, our collection of exclusive NFTs
-
Get the official PEASS & HackTricks swag
-
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦@carlospolopm.
-
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.