Today we’re continuing our WiFi series with the example of cracking a WPA-Pre Shared Key. We started by diving into a PSK brute force with John the Ripper with a previously captured 4-way handshake. Sice we’ve taken a step back and covered promiscuous and monitor mode in terms of packet sniffing, and how MAC addresses come into play here. And now we’ll cover the ingredients needed for this recipe of passphrase cracking delightfulness.
As I just mentioned our wireless NIC is in monitor mode airmon-ng start wlan0. This is just one of 6 modes that our wireless NIC can operate in. The other 5 are: Master, Managed, Ad-hoc, Mesh and Repeater.
A wireless NIC in Master Mode is often referred to as an Access Point or Base Station. Typically it’s an embedded device with a proprietary OS or slim down Linux installation setup to provide network access to clients.
My WiFi Pineapple here for instance is an access point and I can see the NIC is in Master mode by issuing iwconfig ath0
Now if I come back to my localhost and issue lsusb I see I have my trusty Realtek 8187L installed. And if I check airdriver-ng loaded I see that it’s using the mac80211 driver. With that I know to use the iw command to check the cards capabilities. I just need to know the physical ID first, so running airmon-ng shows that it’s phy1. So now running iw phy phy1 info will show me all of its supported modes. Of course this is a lot of output. Typically I’ve been piping this output to more or less, but today I’ll pipe it to grep.
Grep will show me just what I ask for. In this instance I’m looking for the word “modes”. Issuing iw phy phy1 info | grep modes yields a match, but I’ll need to see a few lines past. For that I’ll tack on A8 to get 8 lines following. iw phy phy1 info | grep -A8 modes shows me that my card only supports the managed and monitor modes.
So that brings us to Managed:
Interfaces in Managed Mode, aka Infrastructure Mode, are considered clients or stations and are the devices connected to an access point. Your laptop, nintendo DS, iPhone, etc.
To connect to my open access point here I can issue iwconfig wlan1 mode managed then iwconfig wlan1 essid Pineapple. If I check iwconfig wlan1 I can see it has associated with the access point.
Ad-hoc, aka Peer-to-Peer, is a mode where wireless devices can communicate with each other without the need for a centralized base-station or access point. This can be useful for small groups of devices in close proximity, but the performance will decrease as the number of devices increases.
For all of the devices on the Ad-Hoc network to communicate with each other they must use the same ESSID. To setup my interface I’ll issue iwconfig wlan0 channel 1 essid myadhocnetwork mode ad-hoc
Now I can see here my cell is not associated, and that’s because this radio is the only one on this ad-hoc network. How sad? I’d tell wlan1 to join wlan0 so they can party together, but as we discovered just a moment ago wlan1 only supports the managed and monitor modes.
The next wireless mode is Mesh. You can think of a mesh as a sort of planned ad-hoc network. Mesh networks, or mesh clouds, are comprised of radios acting as routers, gateways and clients. In a mesh network nodes can communicate as long as they have at least one common connection. For example node A can talk to node C if they are both within range of node B. Likewise, if a node were to go down a mesh can heal itself by routing through other nodes in the network.
We could probably do an entire series on mesh networking, but suffice it to say for now that’s the jist.
And our final mode is Repeater. A wireless interface in repeater mode can be configured to connect to a wireless network, and repeat the signal. The practical application here is to extend the range of a single access-point.
And as always we value your feedback and suggestions. If you have a tip to share with me, email firstname.lastname@example.org. And be sure to check out our sister show Hak5 for more great stuff, just like this. I’ll be there reminding you to trust your technolust.