tux/wpe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor

Browse Source
This commit is contained in:
Tux 2025-09-09 06:22:35 +02:00
parent a53501b115
commit 6c6930fd5a
3 changed files with 80 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
LICENSE Normal file → Executable file
View File

@ -1,5 +1,5 @@
Copyright (C) 2025
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Copyright (C) 2025
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

150
README.md Normal file → Executable file
View File

@ -1,75 +1,75 @@
# Wireless Pwnage Edition
## What does this do and how does it work?
This setup makes use of Hostapd-WPE (Wireless Pwnage Edition) which is a modified
version of the standard hostapd (Host Access Point Daemon) tool.
It enables setting up a rogue access point that mimics legitimate Wi-Fi networks,
tricking clients into connecting and capturing their authentication credentials.
Modern wireless clients (laptops, smartphones, tablets) attempt to maintain
seamless connectivity by continuously probing for known Wi-Fi networks in their
saved list. This behavior allows them to automatically connect when a familiar
network is in range, without user intervention.
In combination with a tool like Hostapd-WPE this allows to make clients in range
connect, even if the authentication fails, and to monitor the attempted handshake.
When a device is not connected to Wi-Fi, it will periodically send probe requests
asking if any of its previously connected networks are available.
Hostapd-WPE can be configured to respond to all probe requests with an "available"
response, effectively making the client think the requested SSID is in range.
Many clients, depending on their security settings, will automatically attempt
to connect to the AP, believing it to be the legitimate network.
The captured authentication attempts can then be used for offline password cracking.
As prerequisite the host which is used to run this setup needs two Wi-Fi network
cards.
One is used to run Hostapd-WPE and needs to support AP mode.
The other is used to monitor the connection attempts and recording the authentication
handshakes, requiring monitor mode.
The supported modes for a Wi-Fi network card chipset can be checked with the
command "iw list".
The script "mon" is used to launch the monitoring mode with one of the network
cards, recording all captured connections in a pcap file which can then be used
for cracking the credentials.
The script "wpe" launches Hostapd-WPE in karma mode, making use of the client
behaviour explained above.
## Processing a capture file
When monitoring Wi-Fi connections the resulting captured data is saved to a pcap
file, numbered by the times the tool was run, so for the first run "wpa-01.cap".
Various tools can be used to process the captured data, also making use of
various wordlists which, depending on the host system, are available in the
directory /usr/share/wordlists.
Examples:
aircrack-ng with a simple wordlist:
```sh
aircrack-ng -w /usr/share/wordlists/wifite.txt wpa-01.cap
```
Convert the capture for the use with the tool John the Ripper:
```sh
aircrack-ng wpa-01.cap -J wpa &&
hccap2john wpa.hccap > wpa.john &&
john -w=/usr/share/wordlists/john.lst -form=wpapsk wpa.john
```
Convert the capture for the use with the tool Hashcat:
```sh
sudo apt -y install hcxtools &&
hcxpcapngtool -o wpa.hccapx wpa-01.cap &&
hashcat -m 22000 -a 0 wpa.hccapx \
/usr/share/wordlists/rockyou.txt.gz
```
# Wireless Pwnage Edition
## What does this do and how does it work?
This setup makes use of Hostapd-WPE (Wireless Pwnage Edition) which is a modified
version of the standard hostapd (Host Access Point Daemon) tool.
It enables setting up a rogue access point that mimics legitimate Wi-Fi networks,
tricking clients into connecting and capturing their authentication credentials.
Modern wireless clients (laptops, smartphones, tablets) attempt to maintain
seamless connectivity by continuously probing for known Wi-Fi networks in their
saved list. This behavior allows them to automatically connect when a familiar
network is in range, without user intervention.
In combination with a tool like Hostapd-WPE this allows to make clients in range
connect, even if the authentication fails, and to monitor the attempted handshake.
When a device is not connected to Wi-Fi, it will periodically send probe requests
asking if any of its previously connected networks are available.
Hostapd-WPE can be configured to respond to all probe requests with an "available"
response, effectively making the client think the requested SSID is in range.
Many clients, depending on their security settings, will automatically attempt
to connect to the AP, believing it to be the legitimate network.
The captured authentication attempts can then be used for offline password cracking.
As prerequisite the host which is used to run this setup needs two Wi-Fi network
cards.
One is used to run Hostapd-WPE and needs to support AP mode.
The other is used to monitor the connection attempts and recording the authentication
handshakes, requiring monitor mode.
The supported modes for a Wi-Fi network card chipset can be checked with the
command "iw list".
The script "mon" is used to launch the monitoring mode with one of the network
cards, recording all captured connections in a pcap file which can then be used
for cracking the credentials.
The script "wpe" launches Hostapd-WPE in karma mode, making use of the client
behaviour explained above.
## Processing a capture file
When monitoring Wi-Fi connections the resulting captured data is saved to a pcap
file, numbered by the times the tool was run, so for the first run "wpa-01.cap".
Various tools can be used to process the captured data, also making use of
various wordlists which, depending on the host system, are available in the
directory /usr/share/wordlists.
Examples:
aircrack-ng with a simple wordlist:
```sh
aircrack-ng -w /usr/share/wordlists/wifite.txt wpa-01.cap
```
Convert the capture for the use with the tool John the Ripper:
```sh
aircrack-ng wpa-01.cap -J wpa &&
hccap2john wpa.hccap > wpa.john &&
john -w=/usr/share/wordlists/john.lst -form=wpapsk wpa.john
```
Convert the capture for the use with the tool Hashcat:
```sh
sudo apt -y install hcxtools &&
hcxpcapngtool -o wpa.hccapx wpa-01.cap &&
hashcat -m 22000 -a 0 wpa.hccapx \
/usr/share/wordlists/rockyou.txt.gz
```

0
hostapd-wpe.conf Normal file → Executable file
View File