If you want to take a variety of network adapters with you without being suspicious, accessing through Airserv-ng is the perfect solution. Hidden in the Aircrack-ng suite, this tool allows a hacker to connect any number of network adapters to a Raspberry Pi and access it via a Wi-Fi or Ethernet connection wireless network adapter, which usually means that you can connect it directly Connect your computer. However, this may not always be appropriate or possible because an external network adapter may alert you or it may be difficult to connect to specific types of devices. Thanks to tools like the Raspberry Pi, it is easy to have a second computer out of sight and connect to a network adapter that is suitable for hacking.
Raspberry Pi for Wi-Fi Hacking
A typical scenario could be a penetration tester to be able to perform offensive network operations such as MITM attacks or handshake captures, but would not like to be the only person in the office has a bulky external network adapter card that blinks visibly. Some attacks may even require multiple external radios, which I believe can be reported to management in shared workspaces.
Instead, connect all the necessary NICs to a Raspberry Pi and then, if you access the Pi over Wi-Fi, the Penetration Tester can keep the adapters out of sight while using less suspicious devices to access the Pi and issue commands , The only remaining problem is how to connect to the Pi, which is usually done via an SSH connection.
While SSH is Encrypted, This Is a Great Thing If we use a Wi-Fi network that may intercept traffic, there are some limitations. First, connect to the Pi and execute commands from the Pi remotely. This means that you need to use the tools on the Raspberry Pi. At the same time, you do not have direct access to the tools on your primary computer because you are running command-line tools on the Pi from your computer. For things like cracking Wi-Fi passwords, the Pi does not have the speed to be very effective. Some tools on the Pi over SSH and then copy files back and forth to do things like cracking passwords in which the pi is not good. There is a cleaner solution. By creating an encrypted Wi-Fi network on the Pi and connecting from our primary computer, we can access all the Pi adapters connected to the Pi directly from our computer as if they were directly connected.
Airserv-ng provides access to the Wi-Fi network adapters other than SSH, so we can use more powerful tools on our primary computer. Instead of using the Pi to perform the attacks, we use it to deploy the Wi-Fi network adapters and then tools on our primary computer as if the Wi-Fi adapters were directly attached to it.
In this setup, we create an encrypted network between the internal cards of our primary computer and the Raspberry Pi. Through this Wi-Fi network, the Raspberry Pi serves all network adapters we connect to any port number on the network. If set up correctly, we can then access a specific network adapter by entering the IP address and then the port number through which airserv-ng services the adapter.
Typically, we scan the Wi-Fi traffic around us with a command like airodump-ng wlan1mon . This command executes the program airodump-ng on the interface wlan1mon connected to our computer. However, if we were connected to the same Wi-Fi network as a Raspberry Pi running Airserv-ng on a Wi-Fi adapter, we could execute a command that looks like airodump-ng 192.168.0.16 : 666 to do the same.
So, what does it do? We still run Airodump-ng on an interface, but this time we'll specify the IP address of the Raspberry Pi on the network and the default port number on which Airserv-ng hosts the Wi-Fi adapter. We can also run programs like besside-ng to catch handshakes this way. Care must be taken to ensure that the Wi-Fi connection between the primary computer and the Pi is not attacked -ng, we must install the aircrack-ng Suite on the computer on which we want to provide a network interface. In our example with a Raspberry Pi, we need to run either Raspbian or Kali Linux on our Pi.
First we need the Aircracking suite. This is preinstalled on Kali Linux, but on Raspbian it is easy to install. In a terminal window, enter the following to install the aircrack-ng suite.
sudo apt install aircrack-ng
After completing download, you should have several useful programs, including airserv-ng.
To verify If you have installed the program correctly, run man airserv-ng to display the manual entry for the program. You should see something like below.
man airserv-ng SURNAME airserv-ng - a wireless map server SUMMARY airserv-ng
DESCRIPTION airserv-ng is a wireless card server that allows multiple wireless applications to use a independently WLAN card via a client-server TCP network connection. All operating system and wireless card drivers specific Code is integrated into the server. This eliminates the need for every wireless application to Plex wireless card and driver logic. It also supports multiple operating systems. OPTIONS -h Displays the help screen. -p TCP port to monitor (default: 666). -d Wifi interface to use. -c Lock interface to this channel. -v Debug level. There are 3 debug levels. Debug level 1 indicates the client connection / disconnection (default). Debug Level 2 shows channel change requests and invalid client command requests in addition to Error level 1 error messages. Debug level 3 displays a message each time a packet (and its length) is sent the customer. It also contains Level 2 (and 1) messages.
You can press Q to exit the program. After we have installed these, you can try to provide a Wi-Fi card.
Step 2: Prepare the Wi-Fi Adapters
After plugging in a Wi-Fi network card that you want to operate, we need to consider how we will use it. If we need to put it in monitor mode, we should do this first.
First, find the name of your card by running ifconfig or iwcondig , In Kali it should look something like wlan1 . Next we put it into monitor mode with the following command.
sudo airmon-ng start [name of wifi card here]
Remember that if you select the Wi-Fi card you are currently using for Internet access, you will probably crash the program. If you only have one Wi-Fi card but use Ethernet, you should be able to deploy your Wi-Fi card over your Ethernet connection.
root @ nickles: ~ # airmon-ng start wlan1 4 processes have been found that can cause problems. Kill her before putting with & # 39; Airmon-ng Check Kill & # 39; If the card is in monitoring mode, it will be disturbed by channel change and sometimes putting the interface back into managed mode PID name 541 NetworkManager 604 wpa_supplicant 5143 dhclient 5157 dhclient PHY interface driver chipset phy0 wlan0 ath9k Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter (rev 01) phy3 wlan1 rt2800usb Ralink Technology, Corp. RT5572 (mac80211 monitor mode vif enabled for [phy3] wlan1 on [phy3] wlan1mon) (mac80211 Station mode vif disabled for [phy3] wlan1)
If we run ifconfig again, the network card should now have the name wlan1mon . It is in monitoring mode and ready for use.
Now we can specify a port for each Wi-Fi adapter we want to serve. If we have a Raspberry Pi and a USB hub with multiple Wi-Fi adapters plugged in, you can assign a port number with the name of the network adapter. Port 111 for wlan1 . and Port 222 for wlan2 .
Once you've decided how to determine which port is leading to which adapter, we can serve it with the following command.
root @ nickles: ~ # airserv-ng -d wlan1mon -p 111 Opening card wlan1mon Set channel 1 Open sock opening 666 Serving wlan1mon chan 1 on port 111
In this command, the flag -d refers to the device that we operate and the command -p to the port we use & # 39; Re serving it on.
Now let's try to get a handshake over the card we serve. We can do this from any computer connected to the same local area network or even from our own computer.
First, check if our IP address is on the network. We can do this with ifconfig and it should be about 192.168.0.2.
Now we will open airodump-ng and try to listen to a handshake. Instead of using the command as if the card were directly connected, such as airodump-ng wlan1mon we use it via the airserv-ng interface and instead use our IP address and port number.
root @ nickles: ~ # airodump-ng 192.168.0.37:111 Connection to 192.168.0.37 port 111 is made ... connection successfull Connection to 192.168.0.37 port 111 is made ... connection successfull airodump-ng: osdep.c: 46: wi_set_ht_channel: Assertion `wi-> wi_set_ht_channel & # 39; failed. CH 0] [ Elapsed: 36 s ][ 2019-04-14 10:36 ] [WPA Handshake: 40: 70: 09: 7A: 64: 90 BSSID-PWR-Beacons #Data, # / s CH MB ENC-CIPHER-AUTH-ESSID 40: 70: 09: 7A: 64: 90 -39 323 1447 33 6 195 WPA2 CCMP PSK Spot 2.4 GHz 8C: A2: FD: 01: 2B: 28-66 237 27 0 6 195 WPA2 CCMP PSK Donna 🙂 0E: A2: FD: 01: 2B: 28 -65 114 0 0 6 195 WPA2 CCMP PSK Donna 🙂 _ Guest C0: C1: C0: B6: F3: 71-77 116 15 0 6 130 WPA2 CCMP PSK SilverHorse C0: C1: C0: B6: F3: 72 -78 132 10 0 6 130 OPN SilverHorse Guest 8C: A2: FD: 00: C5: 8E -78 212 34 0 6 195 WPA2 CCMP PSK LavishBest 70: 3A: CB: ED: A4: 58 - 76 5 11 0 6 130 WPA2 CCMP PSK jlc 60: 19: 71: F1: A3: 20 -78 42 0 0 6 195 WPA2 CCMP PSK Red Polish
This way we use the interface of our device from a computer via the network. When we use a Raspberry Pi, we call up all our network cards and then create a Wi-Fi access point from the Pi's internal card to simplify all the necessary Wi-Fi hacking. Each time a different port number is selected. If we serve maps wlan1 on port 111, we can access from our IP number with a : 111 in the end.
Airserv-Ng ng is a handy tool that makes multiple Wi-Fi network cards more accessible and accessible, especially when used with a Raspberry Pi. Not only can a single Raspberry Pi serve many Wi-Fi adapters through its internal card, but multiple people in a team can share a single adapter as needed without having to physically connect the adapter to their computer. Although this solution simplifies the use of Wi-Fi adapters as a network resource, it should be noted that they are not encrypted at all. So be careful when using them in an environment where someone else might be listening on the network.
I hope you liked these instructions for using Airserv-ng to make hacking WLANs easier! If you have questions about this tutorial about using Airserv-ng with the Raspberry Pi, leave a comment below and feel free to contact me on Twitter @KodyKinzie .