├── cracking
    ├── pins.md
    ├── passwords.md
    └── rainbow-tables.md
├── drivers
    ├── ralink.md
    └── realtek.md
├── wifi-802.11
    ├── tools.md
    ├── packet-types.md
    ├── bands-and-channels.md
    └── history.md
├── attacking-wpa-1-2-3
    └── page-4.md
├── wep-attacks
    ├── caffe-latte.md
    ├── fragmentation.md
    ├── hirte-attack.md
    └── koreks-chop-chop.md
├── attacking-wireless-access-points
    ├── more-attacks.md
    └── dos-a-ap.md
├── monitoring
    ├── nzyme.md
    └── kismet.md
├── .gitbook
    └── assets
    │   └── Wireless Penetration Testing.jpg
├── attacking-wps
    ├── wps-versions.md
    ├── wps-null-pin.md
    ├── pin-brute-force.md
    └── pixie-dust.md
├── hacking-devices
    └── usb-dongles.md
├── aireplay-ng
    └── attacks.md
├── seo
    └── keywords.md
├── .github
    └── FUNDING.yml
├── attacking-wireless-clients
    └── de-authenticate-a-wireless-client.md
├── SUMMARY.md
└── README.md


/cracking/pins.md:
--------------------------------------------------------------------------------
1 | # Pins
2 | 
3 | 


--------------------------------------------------------------------------------
/drivers/ralink.md:
--------------------------------------------------------------------------------
1 | # Ralink
2 | 
3 | 


--------------------------------------------------------------------------------
/drivers/realtek.md:
--------------------------------------------------------------------------------
1 | # Realtek
2 | 
3 | 


--------------------------------------------------------------------------------
/wifi-802.11/tools.md:
--------------------------------------------------------------------------------
1 | # Tools
2 | 
3 | 


--------------------------------------------------------------------------------
/attacking-wpa-1-2-3/page-4.md:
--------------------------------------------------------------------------------
1 | # Page 4
2 | 
3 | 


--------------------------------------------------------------------------------
/wep-attacks/caffe-latte.md:
--------------------------------------------------------------------------------
1 | # Caffe Latte
2 | 
3 | 


--------------------------------------------------------------------------------
/wep-attacks/fragmentation.md:
--------------------------------------------------------------------------------
1 | # Fragmentation
2 | 
3 | 


--------------------------------------------------------------------------------
/wep-attacks/hirte-attack.md:
--------------------------------------------------------------------------------
1 | # Hirte Attack
2 | 
3 | 


--------------------------------------------------------------------------------
/attacking-wireless-access-points/more-attacks.md:
--------------------------------------------------------------------------------
1 | # More Attacks
2 | 
3 | 


--------------------------------------------------------------------------------
/attacking-wireless-access-points/dos-a-ap.md:
--------------------------------------------------------------------------------
1 | ---
2 | description: How to DoS and AP (Access Point)
3 | ---
4 | 
5 | # DOS a AP
6 | 
7 | 


--------------------------------------------------------------------------------
/monitoring/nzyme.md:
--------------------------------------------------------------------------------
1 | # Nzyme
2 | 
3 | {% embed url="https://www.nzyme.org" %}
4 | 
5 | {% embed url="https://github.com/Offensive-Wireless/nzyme" %}
6 | 


--------------------------------------------------------------------------------
/.gitbook/assets/Wireless Penetration Testing.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Offensive-Wireless/Wireless-Penetration-Testing/HEAD/.gitbook/assets/Wireless Penetration Testing.jpg


--------------------------------------------------------------------------------
/attacking-wps/wps-versions.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | coverY: 0
 3 | ---
 4 | 
 5 | # WPS Versions
 6 | 
 7 | #### Wi-Fi Protected Setup (WPS) Versions
 8 | 
 9 | Wi-Fi Protected Setup (WPS) is a network security standard
10 | 


--------------------------------------------------------------------------------
/monitoring/kismet.md:
--------------------------------------------------------------------------------
1 | # Kismet
2 | 
3 | {% embed url="https://www.kismetwireless.net/docs" %}
4 | 
5 | {% embed url="https://ipvm.com/forums/video-surveillance/topics/is-there-a-list-of-the-top-camera-manufacturer-s-mac-ouis" %}
6 | 


--------------------------------------------------------------------------------
/hacking-devices/usb-dongles.md:
--------------------------------------------------------------------------------
 1 | # USB Dongles
 2 | 
 3 | 
 4 | 
 5 | * ALFA AWUS036NH - 2.4Ghz
 6 | * ALFA AWUS051NH v.2 - 2.4Ghz and 5Ghz
 7 | * ALFA AWUS036NEH - 2.4Ghz
 8 | * Panda PAU05 - 2.4Ghz
 9 | * Panda PAU06 - 2.4Ghz
10 | * Panda PAU07 - 2.4Ghz and 5Ghz
11 | * Panda PAU09 - 2.4Ghz and 5Ghz
12 | 


--------------------------------------------------------------------------------
/aireplay-ng/attacks.md:
--------------------------------------------------------------------------------
 1 | # Attacks
 2 | 
 3 | ## Aireplay-ng Attack Options <a href="#aireplay-ng" id="aireplay-ng"></a>
 4 | 
 5 | * Attack 0: Deauthentication
 6 | * Attack 1: Fake authentication
 7 | * Attack 2: Interactive packet replay
 8 | * Attack 3: ARP request replay attack
 9 | * Attack 4: KoreK chopchop attack
10 | * Attack 5: Fragmentation attack
11 | * Attack 6: Cafe-latte attack
12 | * Attack 7: Client-oriented fragmentation attack
13 | * Attack 8: WPA Migration Mode
14 | * Attack 9: Injection test
15 | 


--------------------------------------------------------------------------------
/seo/keywords.md:
--------------------------------------------------------------------------------
1 | ---
2 | description: Wireless Penetration Test
3 | ---
4 | 
5 | # Keywords
6 | 
7 | wireless penetration test, wifi penetration testing, wireless pentesting tools, wifi pentesting, wireless pentesting, wifi penetration, wifi security testing, wireless network penetration testing, wifi pentest tools, wireless penetration, wireless penetration testing tools, wireless vulnerability testing, wifi penetration testing tools, wireless security testing, wlan penetration testing, wifi penetration tools, wireless security testing tools,
8 | 


--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
 1 | # These are supported funding model platforms
 2 | 
 3 | github: rfs85 # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 4 | patreon: rfs85 # Replace with a single Patreon username
 5 | open_collective: # Replace with a single Open Collective username
 6 | ko_fi: # Replace with a single Ko-fi username
 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 9 | liberapay: # Replace with a single Liberapay username
10 | issuehunt: # Replace with a single IssueHunt username
11 | otechie: # Replace with a single Otechie username
12 | custom: ['https://twitter.com/OffensiveWifi']# Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
13 | 


--------------------------------------------------------------------------------
/attacking-wps/wps-null-pin.md:
--------------------------------------------------------------------------------
 1 | # WPS Null Pin
 2 | 
 3 | ### WPS Null Pin Attack
 4 | 
 5 | WPS, or Wi-Fi Protected Setup, is a network security standard designed to simplify the process of connecting devices to a wireless network. However, it's vulnerable to several types of attacks, one of which is the WPS Null Pin attack.
 6 | 
 7 | ### **How WPS Null Pin Attack Works**
 8 | 
 9 | The WPS Null Pin attack takes advantage of a flaw in the implementation of the WPS protocol where an empty or null PIN—essentially a PIN consisting of all zeroes—can be accepted by a router or access point as a valid means of authentication.
10 | 
11 | Example of a command used in a WPS Null Pin attack with a tool like Reaver:
12 | 
13 | ```
14 | reaver -i wlan0mon -b 00:90:4C:C1:AC:21 -p "\x00\x00\x00\x00\x00\x00\x00\x00"
15 | ```
16 | 
17 | ### **Preventing WPS Null Pin Attacks**
18 | 
19 | To secure a network against WPS Null Pin attacks, it's advisable to:
20 | 
21 | * Disable WPS on your router.
22 | * Regularly update router firmware to ensure any security patches for WPS are applied.
23 | * Monitor network authentication attempts to detect unusual patterns that may indicate an attack in progress.
24 | 


--------------------------------------------------------------------------------
/cracking/passwords.md:
--------------------------------------------------------------------------------
 1 | # Passwords
 2 | 
 3 | #### Understanding the Basics of Wi-Fi Security
 4 | 
 5 | **Types of Wi-Fi Encryption**
 6 | 
 7 | * WEP (Wired Equivalent Privacy)
 8 | * WPA (Wi-Fi Protected Access)
 9 | * WPA2 (Wi-Fi Protected Access II)
10 | * WPA3 (Wi-Fi Protected Access III)
11 | 
12 | WEP is the oldest and most vulnerable to cracking due to its weak encryption mechanism. WPA improved on WEP's weaknesses, and WPA2 further enhanced security. WPA3 is the latest standard and offers the strongest security.
13 | 
14 | **Methods Used for Cracking Wi-Fi Passwords**
15 | 
16 | 1. **Brute Force Attack**: Attempting all possible combinations until the correct password is found.
17 | 2. **Dictionary Attack**: Using a list of potential passwords (words from a dictionary) and trying them.
18 | 3. **Rainbow Table Attack**: Comparing the network's encrypted password against a precomputed table of possible values.
19 | 4. **Phishing**: Trick users into revealing their Wi-Fi password through a fake authentication page.
20 | 5. **Social Engineering**: Gaining password information through manipulation or deceit.
21 | 
22 | **Legal and Ethical Considerations**
23 | 
24 | Cracking Wi-Fi passwords without authorization is illegal and unethical. Conducting such activities can result in severe legal consequences. It is important to respect others' privacy and data security. Always ensure you have explicit permission before attempting to test the security of any Wi-Fi network.
25 | 


--------------------------------------------------------------------------------
/attacking-wireless-clients/de-authenticate-a-wireless-client.md:
--------------------------------------------------------------------------------
 1 | # De-authenticate a Wireless Client
 2 | 
 3 | #### De-authenticating a Wireless Client
 4 | 
 5 | De-authenticating a client from a wireless network is a process used to forcibly disconnect the client from the network. This can be used by network administrators to manage network access or troubleshoot issues. Below are the steps to de-authenticate a wireless client:
 6 | 
 7 | **Step 1: Identify the Client**
 8 | 
 9 | First, you need to find the MAC address of the client you wish to de-authenticate. You can usually find this information from your router's admin interface.
10 | 
11 | **Step 2: Use De-authentication Tools**
12 | 
13 | Many tools exist that can send de-authentication packets to a client, such as `aireplay-ng` in Linux. Use the following command:
14 | 
15 | ```bash
16 | sudo aireplay-ng -0 1 -a [AP MAC ADDRESS] -c [CLIENT MAC ADDRESS] wlan0
17 | ```
18 | 
19 | Replace `[AP MAC ADDRESS]` with the MAC address of your access point and `[CLIENT MAC ADDRESS]` with the MAC address of the client.
20 | 
21 | **Step 3: Verify the Client is De-authenticated**
22 | 
23 | After sending the de-authentication packets, the client should be disconnected from the network. You can verify this by checking the client's network status or by looking at the connected devices list in your router's admin interface.
24 | 
25 | _Note: Unauthorized de-authentication of clients is illegal and should only be performed on networks you own or have permission to manage._
26 | 


--------------------------------------------------------------------------------
/attacking-wps/pin-brute-force.md:
--------------------------------------------------------------------------------
 1 | # Pin Brute Force
 2 | 
 3 | ### WPS Pin Brute Force Attack
 4 | 
 5 | WPS (Wi-Fi Protected Setup) is a network security standard designed to simplify the process of connecting devices to a secure Wi-Fi network without the need to enter a complex password. It achieves this by using a PIN (Personal Identification Number), which is an eight-digit number that can be entered to connect a device to the network.
 6 | 
 7 | ### **How Brute Force Attack Works**
 8 | 
 9 | A brute force attack on WPS PINs involves systematically trying every possible combination until the correct one is found. Considering the WPS PIN is an eight-digit number, the number of possible combinations is 10^8 (100,000,000). However, due to the way the WPS protocol is designed, the number of attempts needed may be significantly lower.
10 | 
11 | The eight-digit PIN is split into two parts: the first seven digits and the last digit, which serves as a checksum for the previous seven. Because of this structure, the effective number of combinations to brute force is reduced to 10^7 (10,000,000). Additionally, after the first four digits are confirmed, the protocol confirms this, effectively splitting the brute force process and further reducing the complexity.
12 | 
13 | ### **Risks and Mitigations**
14 | 
15 | Performing a WPS PIN brute force attack is considered a security risk, and using such methods to gain unauthorized access to networks is illegal and unethical. Network administrators need to understand this risk so they can take appropriate security measures:
16 | 
17 | * Disable WPS on the router.
18 | * Use a strong WPA2 or WPA3 security protocol for the Wi-Fi network.
19 | * Regularly monitor network access for any unauthorized attempts.
20 | 
21 | Please ensure you are authorized and it is legal before attempting any kind of security testing on networks that you do not own.
22 | 


--------------------------------------------------------------------------------
/SUMMARY.md:
--------------------------------------------------------------------------------
 1 | # Table of contents
 2 | 
 3 | * [Wi-Fi Hacking](README.md)
 4 | 
 5 | ## Offensive Wireless
 6 | 
 7 | * [WebSite](https://www.offensive-wireless.com/)
 8 | * [Discord](https://discord.gg/sEXM6W95gV)
 9 | 
10 | ## Wifi 802.11
11 | 
12 | * [History](wifi-802.11/history.md)
13 | * [Bands & Channels](wifi-802.11/bands-and-channels.md)
14 | * [Packet Types](wifi-802.11/packet-types.md)
15 | * [Tools](wifi-802.11/tools.md)
16 | 
17 | ## Attacking Wireless Access Points
18 | 
19 | * [DOS a AP](attacking-wireless-access-points/dos-a-ap.md)
20 | * [More Attacks](attacking-wireless-access-points/more-attacks.md)
21 | 
22 | ## Attacking Wireless Clients
23 | 
24 | * [De-authenticate a Wireless Client](attacking-wireless-clients/de-authenticate-a-wireless-client.md)
25 | 
26 | ## Drivers
27 | 
28 | * [Realtek](drivers/realtek.md)
29 | * [Ralink](drivers/ralink.md)
30 | 
31 | ## WEP Attacks
32 | 
33 | * [KoreK's Chop Chop](wep-attacks/koreks-chop-chop.md)
34 | * [Caffe Latte](wep-attacks/caffe-latte.md)
35 | * [Hirte Attack](wep-attacks/hirte-attack.md)
36 | * [Fragmentation](wep-attacks/fragmentation.md)
37 | 
38 | ## Attacking WPA 1 / 2 / 3
39 | 
40 | * [Page 4](attacking-wpa-1-2-3/page-4.md)
41 | 
42 | ## Attacking WPS
43 | 
44 | * [WPS Versions](attacking-wps/wps-versions.md)
45 | * [Pixie Dust](attacking-wps/pixie-dust.md)
46 | * [Pin Brute Force](attacking-wps/pin-brute-force.md)
47 | * [WPS Null Pin](attacking-wps/wps-null-pin.md)
48 | 
49 | ## Cracking
50 | 
51 | * [Passwords](cracking/passwords.md)
52 | * [Pins](cracking/pins.md)
53 | * [Rainbow Tables](cracking/rainbow-tables.md)
54 | 
55 | ## Hacking Devices
56 | 
57 | * [USB Dongles](hacking-devices/usb-dongles.md)
58 | 
59 | ## Aireplay-ng
60 | 
61 | * [Attacks](aireplay-ng/attacks.md)
62 | 
63 | ## Monitoring
64 | 
65 | * [Kismet](monitoring/kismet.md)
66 | * [Nzyme](monitoring/nzyme.md)
67 | 
68 | ## SEO
69 | 
70 | * [Keywords](seo/keywords.md)
71 | 


--------------------------------------------------------------------------------
/wifi-802.11/packet-types.md:
--------------------------------------------------------------------------------
 1 | # Packet Types
 2 | 
 3 | ### 802.11 Packet Types
 4 | 
 5 | In the 802.11 Wi-Fi networking standard, packets are categorized into three main types, each serving a unique purpose in the communication process between wireless devices:
 6 | 
 7 | #### **Management Frames**
 8 | 
 9 | Management frames are responsible for the establishment and maintenance of communication. They help in associating and disassociating devices with the network.
10 | 
11 | Examples of management frames include:
12 | 
13 | * **Beacon frames**: These are broadcast by the access point to signal its presence and relay information such as SSID and supported rates.
14 | * **Authentication frames**: These are used for authentication services between devices and the access point.
15 | * **Association request/response frames**: These frames manage device association with an access point.
16 | 
17 | #### **Control Frames**
18 | 
19 | Control frames facilitate the delivery of data frames by helping to control the access to the medium and providing frame acknowledgment.
20 | 
21 | Common control frames include:
22 | 
23 | * **Acknowledgment (ACK) frames**: Sent to confirm the successful reception of a frame.
24 | * **Request to Send (RTS) and Clear to Send (CTS) frames**: Used in an optional handshaking process to minimize collisions.
25 | 
26 | #### **Data Frames**
27 | 
28 | Data frames carry the actual payload, which is the user data from higher layers. These frames are protected by acknowledgment mechanisms to ensure reliable delivery.
29 | 
30 | The structure of data frames includes:
31 | 
32 | * **Frame Control field**: Contains information defining the type of frame.
33 | * **Duration**: Specifies the time period required for the frame.
34 | * **Address fields**: Define the transmitter, receiver, and the BSSID.
35 | * **Sequence Control field**: Helps in ordering frame sequences.
36 | * **Data Payload**: The encapsulated user information.
37 | * **Frame Check Sequence (FCS)**: Used for error detection.
38 | 
39 | Understanding the functions and structures of these packet types is crucial for diagnosing network issues and enhancing Wi-Fi performance.
40 | 


--------------------------------------------------------------------------------
/wifi-802.11/bands-and-channels.md:
--------------------------------------------------------------------------------
 1 | # Bands & Channels
 2 | 
 3 | Wi-Fi utilizes radio waves to transmit data wirelessly. These radio waves are divided into different bands, each with its own characteristics and advantages. The two most common Wi-Fi bands are 2.4 GHz and 5 GHz.
 4 | 
 5 | * **2.4 GHz band:** This band is the older and more widely used of the two. It offers wider coverage and can better penetrate walls and other obstacles. However, it is also more crowded, as it is used by many other devices, such as Bluetooth devices, microwave ovens, and cordless phones. This can lead to interference and slower speeds.
 6 | * **5 GHz band:** This band is less crowded than the 2.4 GHz band and offers faster speeds. However, it has a shorter range and cannot penetrate walls and other obstacles as well. This means that you may need to have more access points if you have a large home or office.
 7 | 
 8 | In addition to the 2.4 GHz and 5 GHz bands, there is also a new 6 GHz band that is starting to be used by some Wi-Fi devices. The 6 GHz band offers even faster speeds and less congestion than the other two bands. However, it is still too early to say how widely adopted it will be.
 9 | 
10 | The channels that your Wi-Fi router uses can also affect your speed and performance. Each band is divided into several channels, and it is important to choose a channel that is not being used by other Wi-Fi networks in your area.&#x20;
11 | 
12 | If you are using a 2.4 GHz router, you should choose a channel that is at least 5 channels away from any other Wi-Fi networks. For 5 GHz routers, you can choose any available channel.
13 | 
14 | Here are some additional tips for choosing the right Wi-Fi band and channel:
15 | 
16 | * If you have a small home or office and only need to connect a few devices, the 2.4 GHz band may be sufficient.
17 | * If you have a large home or office and need to connect many devices, or if you need the fastest possible speeds, the 5 GHz band is a better choice.
18 | * If you live in an apartment building or other crowded area, you may need to experiment with different channels to find one that is not being used by other networks.
19 | * You can use a Wi-Fi analyzer tool to see which channels are being used in your area.
20 | 


--------------------------------------------------------------------------------
/attacking-wps/pixie-dust.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: >-
 3 |   Explore our comprehensive article on WPS Pixie Dust attack – a critical aspect
 4 |   of cybersecurity. Get to know its implications, prevention tactics, and
 5 |   mitigation strategies. Learn to secure your syste
 6 | ---
 7 | 
 8 | # Pixie Dust
 9 | 
10 | #### WPS Pixie Dust Attack
11 | 
12 | The WPS Pixie Dust attack is a type of cyberattack which targets the Wi-Fi Protected Setup (WPS) protocol, a network security standard to create a secure wireless home network. This attack takes advantage of a vulnerability in the WPS PIN method of connecting devices to a wireless network.
13 | 
14 | **How it Works**
15 | 
16 | When a device tries to connect to a WPS-enabled network, it can do so using a PIN which is an 8-digit number. This PIN is highly susceptible to brute-force attacks because it’s split into two parts; the first part contains 7-digits and the second part is a checksum of the first part, leaving the actual unknown digits to 7. The Pixie Dust attack exploits this by trying to retrieve the WPS PIN during the exchange known as the E-S1 and E-S2.
17 | 
18 | **Vulnerability**
19 | 
20 | The vulnerability comes from the fact that some WPS-enabled routers will transmit enough information during this exchange that allows attackers to deduce the PIN using advanced offline calculations. This usually happens within a matter of seconds to several hours, depending on the complexity of the PIN and the processing power available to the attacker.
21 | 
22 | **Mitigation**
23 | 
24 | To mitigate the risk of a Pixie Dust attack, it is recommended to:
25 | 
26 | * Disable WPS on your router.
27 | * Regularly update router firmware.
28 | * Use a strong WPA2 encryption with a complex passphrase.
29 | 
30 | Please note that not all routers are susceptible to a Pixie Dust attack, and security for wireless networks is continually evolving. It’s crucial to stay updated with the latest security practices to protect your network.
31 | 
32 | Here are some resources that can help:
33 | 
34 | * **National Institute of Standards and Technology (NIST):** [https://www.nist.gov/cyberframework](https://www.nist.gov/cyberframework)
35 | * **Wi-Fi Alliance:** [https://www.wi-fi.org/](https://www.wi-fi.org/)
36 | * **US-CERT:** [https://www.cisa.gov/sites/default/files/publications/infosheet\_US-CERT\_v2.pdf](https://www.cisa.gov/sites/default/files/publications/infosheet\_US-CERT\_v2.pdf)
37 | 


--------------------------------------------------------------------------------
/wep-attacks/koreks-chop-chop.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: >-
 3 |   Explore our comprehensive article on KoreK's Chop Chop, the ultimate guide
 4 |   providing insights into its distinct features. Join us for an engaging deep
 5 |   dive into KoreK's Chop Chop.
 6 | ---
 7 | 
 8 | # KoreK's Chop Chop
 9 | 
10 | ### KoreK ChopChop Attack Explained
11 | 
12 | The KoreK ChopChop attack is a sophisticated wireless network attack that targets WEP encryption. It's named after its creator, a hacker known as KoreK. This attack allows an unauthorized user to decrypt packets without knowing the encryption key.
13 | 
14 | ### **How ChopChop Attack Works**
15 | 
16 | 1. The attacker captures a packet from the wireless network.
17 | 2. The attacker modifies the encrypted packet slightly and tries to resend it to the network. If the modified packet is accepted, it means the last byte of the packet was correctly guessed.
18 | 3. The attacker uses this technique to confirm the value of the last byte of the packet.
19 | 4. Once the last byte is confirmed, the attacker shortens the packet by one byte and repeats the process, effectively "chopping" off one byte at a time.
20 | 5. Eventually, the attacker can determine the entire plaintext of the packet through this process of elimination.
21 | 6. With the plaintext revealed, the attacker can analyze the structure of the encrypted packet and extract the WEP key.
22 | 
23 | ### **Security Implications**
24 | 
25 | * The ChopChop attack exploits weaknesses in the WEP protocol, making the use of WEP-protected WiFi networks extremely insecure.
26 | * It is a form of active attack since it involves the injection of modified packets back into the network.
27 | 
28 | ### **Preventative Measures**
29 | 
30 | * Upgrade to WPA or WPA2 encryption, which are more secure than WEP.
31 | * Regularly monitor network traffic for unusual activities that might indicate the presence of an attacker.
32 | * Employ additional security measures such as MAC address filtering, though this is not a foolproof solution.
33 | 
34 | ```
35 | aireplay-ng -4 -h 00:09:5B:EC:EE:F2 -b 00:14:6C:7E:40:80 wlan0
36 | ```
37 | 
38 | Where:
39 | 
40 | * \-4 means the chopchop attack
41 | * \-h 00:09:5B:EC:EE:F2 is the MAC address of an associated client or your card's MAC if you did fake authentication
42 | * \-b 00:14:6C:7E:40:80 is the access point MAC address
43 | * ath0 is the wireless interface name
44 | 
45 | Although it is not shown, you may use any of&#x20;
46 | 


--------------------------------------------------------------------------------
/cracking/rainbow-tables.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: >-
 3 |   Dive deep into our latest article about WPA Rainbow Tables. Discover in-depth
 4 |   knowledge on how to enhance your network security using this powerful tool.
 5 |   Revealing secrets about WPA Rainbow Tables
 6 | ---
 7 | 
 8 | # Rainbow Tables
 9 | 
10 | WPA Rainbow Tables are pre-computed databases used to crack WPA/WPA2 passwords through a process called a rainbow table attack.&#x20;
11 | 
12 | These tables contain millions, even billions, of pre-calculated hashes for various combinations of characters, making it much faster to find the password associated with a particular hash compared to brute-forcing every possible password.
13 | 
14 | ### **WPA vs. WPA2 Rainbow Tables**
15 | 
16 | There are separate rainbow tables for WPA and WPA2 due to differences in their hashing algorithms. WPA uses MD5, while WPA2 uses a stronger hashing algorithm called PBKDF2 (Password-Based Key Derivation Function 2). PBKDF2 makes it much more computationally expensive to generate and use rainbow tables for WPA2, offering better protection.
17 | 
18 | ### Understanding WPA Rainbow Tables
19 | 
20 | WPA Rainbow Tables are exceptional tools designed for cracking Wi-Fi Protected Access (WPA and WPA2) passwords. These tables are essentially pre-computed collections of hash values that are used to streamline the process of password recovery.
21 | 
22 | ### **How Do Rainbow Tables Work?**
23 | 
24 | Rainbow tables counteract the time-consuming method of brute-force attacks by providing a pre-calculated list of potential passwords and their corresponding hash values. The workflow involves:
25 | 
26 | 1. Capturing the handshake between a client and an access point.
27 | 2. Searching the rainbow table for a hash matching the handshake.
28 | 3. Once found, the corresponding password is revealed, thus breaking the encryption.
29 | 
30 | ### **Advantages of Using Rainbow Tables**
31 | 
32 | * **Speed:** Pre-calculation of hashes saves considerable time during attack execution.
33 | * **Efficiency:** Rainbow tables make it possible to crack complex passwords that would otherwise require immense computational resources.
34 | 
35 | ### **Limitations and Defense**
36 | 
37 | Modern security measures, such as the implementation of salting and the use of stronger password hashing algorithms like bcrypt, make rainbow tables less effective.&#x20;
38 | 
39 | Furthermore, network administrators are encouraged to use strong, unique passwords and upgrade to advanced security protocols like WPA3 to mitigate the risk of such attacks.
40 | 


--------------------------------------------------------------------------------
/wifi-802.11/history.md:
--------------------------------------------------------------------------------
 1 | # History
 2 | 
 3 | ### The Journey of Wi-Fi: A Look Back at 802.11 History
 4 | 
 5 | Wi-Fi, the ubiquitous wireless networking technology we rely on daily, has a fascinating history dating back to the 1980s. Here's a glimpse into its evolution:
 6 | 
 7 | **Early Days (1980s):**
 8 | 
 9 | * **1985:** The Federal Communications Commission (FCC) unlocks the 2.4 GHz band for unlicensed use, laying the groundwork for future wireless technologies.
10 | * **1991:** In the Netherlands, NCR Corporation and AT\&T invent the precursor to 802.11, named WaveLAN, intended for cashier systems with speeds of 1 and 2 Mbps.
11 | 
12 | **Standardization and Adoption (1990s):**
13 | 
14 | * **1997:** The Institute of Electrical and Electronics Engineers (IEEE) releases the first version of the 802.11 standard, offering speeds up to 2 Mbps.
15 | * **1999:** 802.11b emerges, popularizing Wi-Fi with speeds of up to 11 Mbps, boosting adoption in homes and businesses.
16 | * **1999:** The Wi-Fi Alliance forms, promoting interoperability and branding Wi-Fi as a consumer product.
17 | 
18 | **The Rise of Speed and Diversity (2000s):**
19 | 
20 | * **2003:** 802.11g arrives, offering 54 Mbps speeds and compatibility with 802.11b devices.
21 | * **2004:** 802.11a emerges, utilizing the 5 GHz band for faster speeds (up to 54 Mbps) but limited range compared to 2.4 GHz.
22 | * **2009:** 802.11n revolutionizes Wi-Fi with MIMO technology, achieving speeds of up to 600 Mbps.
23 | 
24 | **Continued Advancements and Innovation (2010s and beyond):**
25 | 
26 | * **2013:** 802.11ac pushes the bar further with speeds exceeding 1 Gbps, using wider channels and more efficient modulation techniques.
27 | * **2019:** 802.11ax (Wi-Fi 6) debuts, focusing on improved performance in congested environments with features like MU-MIMO and OFDMA.
28 | * **2020:** 802.11ax expands into the 6 GHz band with Wi-Fi 6E, offering more channels and potentially even faster speeds.
29 | * **Present and future:** Development continues, with 802.11be (Wi-Fi 7) expected to offer multi-gigabit speeds and further advancements in efficiency and capacity.
30 | 
31 | **Key Takeaways:**
32 | 
33 | * Wi-Fi has evolved from a niche technology to a global phenomenon, driven by continuous standardization, innovation, and increasing user demand for speed and reliability.
34 | * Different generations of 802.11 standards cater to diverse needs, from basic connectivity to high-bandwidth applications.
35 | * The future of Wi-Fi promises even higher speeds, better efficiency, and improved performance in crowded environments.
36 | 
37 | I hope this provides a helpful overview of Wi-Fi's rich history!
38 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | description: >-
 3 |   Boost your network's security with our services in Wireless Penetration
 4 |   Testing. We offer comprehensive vulnerability assessments, identifying
 5 |   potential threats and providing effective solutions...
 6 | cover: .gitbook/assets/Wireless Penetration Testing.jpg
 7 | coverY: 0
 8 | layout:
 9 |   cover:
10 |     visible: true
11 |     size: hero
12 |   title:
13 |     visible: true
14 |   description:
15 |     visible: true
16 |   tableOfContents:
17 |     visible: true
18 |   outline:
19 |     visible: true
20 |   pagination:
21 |     visible: true
22 | ---
23 | 
24 | # Wi-Fi Hacking
25 | 
26 | Wireless Penetration Testing, often abbreviated as WPT, is an essential tool for maintaining the security of wireless networks.&#x20;
27 | 
28 | 
29 | 
30 | {% @mailchimp/mailchimpSubscribe %}
31 | 
32 | It is a method that involves an authorized and managed attack on a network to identify potential security weaknesses and areas of vulnerability.&#x20;
33 | 
34 | Essentially, the purpose of a wireless penetration test is to identify all potential loopholes that could be exploited in a cyber attack.&#x20;
35 | 
36 | These tests are critical in helping organizations improve the security of their wireless networks, potentially saving them from significant losses due to data breaches or unauthorized network access.
37 | 
38 | Gaining insight into how attackers could potentially exploit a network is pivotal to continuous security improvements.
39 | 
40 | {% embed url="https://www.offensive-wireless.com/" %}
41 | 
42 | ### Wireless Penetration Test Attacks
43 | 
44 | During a Wireless Penetration Test (WPT), various attack strategies are employed to evaluate the strength of a wireless network's security. These may include:
45 | 
46 | * **Passive Attacks**: Where testers eavesdrop on wireless traffic to gather information without being detected.
47 | * **Active Attacks**: Involving interacting with the network, such as attempting to break encryption, inject packets, or create fake access points.
48 | * **Man-in-the-Middle (MitM) Attacks**: Where the tester positions themselves between two communicating hosts to intercept and potentially modify the data being exchanged.
49 | * **Denial-of-Service (DoS) Attacks**: Designed to overwhelm the network's resources, effectively rendering the service unavailable to legitimate users.
50 | * **Evil Twin Attacks**: A rogue access point is set up to mimic a legitimate network, tricking users into connecting to it to steal sensitive information.
51 | 
52 | The outcomes from these attacks aid in identifying and patching vulnerabilities, enhancing overall network resilience against malicious actors.
53 | 


--------------------------------------------------------------------------------