Documente Academic
Documente Profesional
Documente Cultură
Start a terminal session, clicking on fourth icon from left in title bar and find
Kalis IP on wired interface:-
Now you can use free VNC viewer to remote into kali, as you know its wired
IP:https://www.realvnc.com/download/viewer/
5. Create a monitor interface for wlan interface and set its channel & channel
width:root@kali:~# ifconfig
eth0
lo
wlan0
Name
3513
NetworkManager
3610
wpa_supplicant
3922
dhclient
Interface Chipset
wlan0
Driver
Intel 5300AGN
iwlwifi - [phy0]
collisions:0 txqueuelen:1000
RX bytes:134272 (131.1 KiB) TX bytes:6242 (6.0 KiB)
Interrupt:20 Memory:fc200000-fc220000
lo
mon0
Link encap:UNSPEC HWaddr 00-21-6A-8D-48-B0-00-00-00-0000-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1585 errors:0 dropped:1585 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:428563 (418.5 KiB) TX bytes:0 (0.0 B)
wlan0
//iwconfig will show you all the wireless settings. Check that mon0 is in monitor
mode.
root@kali:~# iwconfig
wlan0
lo
mon0
no wireless extensions.
eth0
no wireless extensions.
//With kali linux, mon0 is what you need for sniffing. Wlan0 can be turned down
now.
root@kali:~# ifconfig wlan0 down
//Find your physical interface name and set its channel width & channel.
root@kali:~# iw list | grep phy
Wiphy phy0
* set_wiphy_netns
//This is the most important command. I have set it to sniff on channel 36 and
channel 44. For Below use HT40-. For 20 MHz use HT20.
6. Now you can start wireshark or tcpdump or dumpcap, and start sniffing on
mon0 interface. I would make sure of the following settings, if using
wireshark:Application->internet->wireshark to start wireshark
For longer captures, you can always use a ring buffer, Use multiple files.
7. Start capturing. After capturing, you can save the file in the underlying disk,
used by windows. You can access the underlying windows filesystem, if you
mount it like this:-
Once mounted, the windows file system will be on desktop for you to save
captures. You can later boot using windows and find the capture stored on
disk.
Notes: Make sure the adaptor in the kali laptop, is capable of catching all the
streams, the intended client is working on. For example, if you have
1SS wireless NIC in kali laptop, then you can not capture a
communication, between a 3SS client and Cisco access point.
Default user in kali, is root and password is toor.
Following link has always helped me to crack WPA2 encrypted ssid, if I
was able to capture the eapol handshake:http://mrncciew.com/2014/08/16/decrypt-wpa2-psk-using-wireshark/
If you leave the key calculated by the below link in wireshark, the
packets being captured, after eapol, will be decrypted on the fly in
wireshark, if eapol handshake was captured right->
http://jorisvr.nl/wpapsk.html
As this is live usb, any softwares you install or files you save on the
linux install itself, will be deleted once you reboot. That is the reason, if
you want a stable sniffer, either you would create dual boot disk, where
kali resides in one partition permanently, OR create a live persistence
disk:http://www.youtube.com/watch?v=_Jev5iEUuvo
If you go for persistent way, never remove the USB drive, while
shutting down, as the CLI asks you to.
While start up, always use live USB persistence mode. Save the
wireshark captures in the persistence folder created. Persistence is
totally optional.
Else just go with Live (forensic mode) & save the capture files in the
windows file system, which is accessible via the kali liux, as explained
above.
There are many other ways of turning the wireless NIC into monitor
mode like:http://wireless.kernel.org/en/users/Documentation/iw#Adding_interface
s_with_iw
But as the above has worked reliably for me, I will keep that as a
reference.
The step where I disable the wlan0 has had no effect on my packet
capture, as far as I have seen. Even if I keep it enabled, I get a good
pcap. Skipping this step has been ok too. If issues, try toggling it.
root@kali:~# ifconfig wlan0 down
tcpdump and dumpcap come preinstalled with kali. You can use them
instead of wireshark for longer captures, if you like.
If you want to make java work with kali, so it can join webex directly
using Mozilla based default browser iceweasel. This link shows you how
to download, unzip, install & create iceweasel dependency on Java:https://www.java.com/en/download/help/linux_install.xml