WiFi networks are one of the most common technological implementations nowadays as they are present in virtually any home, commercial, industrial and academic environment, although in most cases administrators do not pay much attention to the potential security risks associated with their use.
This time, network security specialists from the International Institute of Cyber Security (IICS) will show you how to hack a WiFi network with a regular adapter without using monitor mode. This article will also focus on the well-known OneShot script.
OneShot is a very popular Python script due to its use in the popular Pixie Dust attack, which unlike other attacks does not require monitor mode. This can be a much more efficient attack method, as it is based on other techniques less known to WiFi network administrators, network security experts mention.
By not using monitor mode, any WiFi card will work, even one that you haven’t been able to attack before. Although any Wi-Fi adapter will work, it is better if you have an external antenna or its location is not far from the target. To install OneShot, you only need to enter the following commands:
git clone https://github.com/drygdryg/OneShot cd OneShot sudo python3 oneshot.py -i wlan0
To run the program in relation to a WiFi access point, you must know your BSSID, that is, the MAC address. According to network security experts, the BSSID of access points can be viewed using tools such as Airodump-ng. This program requires monitor mode, but let’s say we have a normal WiFi adapter that does not support monitor mode.
There is a way out of this situation: the BSSID is distributed in regular frames (beacons) and the operating system always knows the BSSID of each access point in the district (although it generally does not display this information, as most users do not need that).
Before we begin, let’s start by stopping NetworkManager processes, as it will constantly interfere with this operation:
sudo systemctl stop NetworkManager
Now we need to find out the name of the wireless interface. On Kali Linux, it’s usually wlan0. If you do not know the interface name on your system, run the following command:
sudo iw dev
A string that begins with Interface and contains the name of the interface; you need to activate the Wi-Fi adapter with a command such as:
sudo ip link set INTERFACE up
To have the operating system scan the Access Points at your fingertips and show us information about them, run the following command:
sudo iw dev INTERFACE scan
After scanning, you will most likely display a lot of information, scroll down, and search for those APs for which there is a WPS field. Scroll down a bit. In this example, the BSSID is named BSS and for this access point the value is b0:c2:87:4b:e0:fd. We don’t need any more information, but keep in mind that the signal level is good, which is excellent.
Pixie Dust Attack
Now you need to run a command like the one shown below:
sudo python3 oneshot.py -i wlan0 -b BSSID –K
In case of success, we get the text, where the end is written:
[+] PIN de WPS: ‘12345670’
[+] WPA PSK: ‘0619560772’
[+] AP SSID: ‘access point name’
WPA PISK: In this case, this is the password for the access point, mentioned by network security experts.
That is, this WiFi access point did not pass the security audit.
In case of a failure on our side, something like this will be shown:
[-] WPS-FAIL error
In this case, there is not enough data to run the Pixie Dust attack.
If you do not know the mass of the access point, you can type this command:
sudo python3 oneshot.py -i wlan0
We’ll look at a list of WiFi networks. The names that appear in green are the most vulnerable. Simply select the access point number and you’re done; the attack will be successfully performed. When you finish scanning, for NetworkManager to work again (and return the Internet connection), run the following command:
systemctl start NetworkManager
Please note that this material was made for informational purposes only, so IICS is not responsible for any misuse that may be given to this tool. To learn more about network security, information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.