# Wi-Fi

* <https://www.aircrack-ng.org/doku.php?id=newbie_guide>
* <https://defkey.com/airodump-ng-shortcuts>
* <https://xakep.ru/2020/01/27/wifi-total-pwn/>

![Pentesting Wi-Fi Mindmap](https://raw.githubusercontent.com/koutto/pi-pwnbox-rogueap/main/mindmap/WiFi-Hacking-MindMap-v1.png)

## Hardware

### TP-Link TL-WN722N v2/v3

* <https://github.com/aircrack-ng/rtl8188eus/tree/v5.3.9>
* <https://codeby.net/threads/gajd-2020-po-zapusku-rezhima-monitora-v-tp-link-tl-wn722n-v2-v3-kali-linux-wardriving.70594/>

Chipset: TP-Link TL-WN722N v2/v3 \[Realtek RTL8188EUS].

Check kernel version:

```
$ uname -r
5.8.0-kali2-amd64
```

Install kernel headers:

```
$ sudo apt install -y bc linux-headers-amd64
```

Build drivers from source and install:

```
$ sudo -i
# echo "blacklist r8188eu" >> "/etc/modprobe.d/realtek.conf"
# git clone https://github.com/aircrack-ng/rtl8188eus/tree/v5.3.9 /opt/rtl8188eus && cd /opt/rtl8188eus
# make && make install
# reboot
```

Test for packet injections:

```
$ sudo aireplay-ng -9 wlan1
```

### Alfa AWUS036ACH AC1200

* <https://github.com/aircrack-ng/rtl8812au>

Chipset: Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter.

Install drivers with apt:

```
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install realtek-rtl88xxau-dkms
$ sudo reboot
```

Or build from source and install:

```
$ sudo -i
# git clone https://github.com/aircrack-ng/rtl8812au /opt/rtl8812au && cd /opt/rtl8812au
# ./dkms-install.sh
# reboot
```

Test for packet injections:

```
$ sudo aireplay-ng -9 wlan1
```

## Prologue

Install stuff:

```
$ sudo apt install lshw cowpatty -y
```

Make sure lsusb can see the wireless adapters (it would show the chipset):

```
$ lsusb
Bus 001 Device 003: ID 2357:010c TP-Link TL-WN722N v2/v3 [Realtek RTL8188EUS]
Bus 001 Device 010: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
```

Make sure iwconfig can see the wireless adapter:

```
$ ifconfig
$ iwconfig
$ iw dev
```

Turn on monitor mode manually:

```
$ sudo ip link set wlan1 down
$ sudo iwconfig wlan1 mode monitor
$ sudo ip link set wlan1 up
$ iwconfig
```

Undo:

```
$ sudo ip link set wlan1 down
$ sudo iwconfig wlan1 mode managed
$ sudo ip link set wlan1 up
$ iwconfig
```

Or create a separate virtual interface in monitor mode:

```
$ sudo ip link set wlan1 down
$ sudo iw dev wlan1 interface add wlan1mon type monitor
$ sudo ip link set wlan1 up
$ sudo service NetworkManager restart
$ iwconfig
```

Undo:

```
$ sudo ip link set wlan1 down
$ sudo iw dev wlan1mon del
$ sudo ip link set wlan1 up
$ iwconfig
```

Or do it with airmon-ng:

```
$ sudo airmon-ng start wlan1
```

In fact, that does not need to be done as airodump-ng can put the wireless card into monitor mode automatically:

```
$ sudo airodump wlan1
```

Make sure, you're not using the default MAC:

```
$ macchanger -s wlan1
```

Restart NM when there are troubles with Internet connection:

```
$ sudo service NetworkManager restart
```

## Misc

### WLAN channels

* <https://en.wikipedia.org/wiki/List_of_WLAN_channels>

![Unlicened Spectrum and Channel Allocations](https://www.ekahau.com/wp-content/uploads/2020/05/unlicensed-spectrum-and-channel-allocations_6-ghz.png)

### Signal Strength

* <https://eyesaas.com/wi-fi-signal-strength/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ppn.snovvcra.sh/pentest/wi-fi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.