If you want a variety of network cards without looking suspicious, a perfect solution is to access them via Airserv-ng. Tucked away in the Aircrack-ng suite, this tool allows a hacker to connect any number of network adapters to a Raspberry Pi and access them via a Wi-Fi or Ethernet connection.
wireless network adapter, which usually means connecting it directly to your computer. However, this may not always be appropriate or possible because an external network adapter may draw attention to you or be difficult to connect to certain types of devices. Thanks to tools like the Raspberry Pi, it is easy to have a second computer out of sight and connected to a network adapter suitable for hacking.
Raspberry Pi's for Wi-Fi Hacking
A typical scenario might be a penetration tester who wants to be able to conduct offensive network operations like MITM attacks or handshake, but does not want to be the only person in the office with a bulky external network card that visibly blinks away. Some attacks may even require multiple external wireless cards to be effective, which I have found can be enough alone to report to the management at collaboration sites.
Instead, all the necessary network cards connect to a Raspberry Pi and then access to Pi via Wi-Fi allows the penetration tester to keep the adapters visible while using less suspicious devices to access Pi and issue commands. The only problem that remains is how to connect to Pi, which is usually achieved with an SSH connection.
While SSH is encrypted, which is good if we use a Wi-Fi network where someone can intercept traffic, it comes with some restrictions. First, connect to Pi and run commands from Pi remotely, which means you have to use the tools on the Raspberry Pi. You also do not have direct access to the tools on your primary computer while doing so, because you run command-line tools on Pi via your computer. For things like Wi-Fi password cracking, Pi doesn't have the speed to be very efficient.
Although it is possible to use some tools on Pi over SSH and then copy files back and forth to do things like password cracking like Pi not good at, there is a cleaner solution. By creating an encrypted Wi-Fi network on Pi and connecting to it from our primary computer, we can access all network cards connected to Pi directly from our computer as if they were directly connected.
Airserv-ng provides access to Wi-Fi network cards other than SSH, which allows us to use more powerful tools on our primary computer. Instead of using Pi to run the attacks, we use it to serve Wi-Fi network cards and then use tools on our primary computer as if we had Wi-Fi adapters directly connected to it.
In this installation, we create an encrypted network between the internal cards of our primary computer and the Raspberry Pi. Through this Wi-Fi network, Raspberry Pi serves all the network cards we connect to it in the network at whatever port number we want. When we configure correctly, we can then access a particular network adapter by typing the IP address and then the port number that the air service serves the adapter.
Normally we started scanning the Wi-Fi traffic around us with a command like airodump-ng wlan1mon . This command runs the program airodump-ng on the interface wlan1mon which is connected to our computer. However, if we were connected to the same Wi-Fi network as a Raspberry Pi running Airserv-ng on a Wi-Fi adapter, we could run a command that looks like airodump-ng 192.168.0.16 : 666 Chapter19459019] to do the same.
So what does this do? We still run airodump-ng on an interface, but this time we enter the IP address of Raspberry Pi on the network plus the default port number on which Airserv-ng hosts the Wi-Fi adapter. We can also run programs that help to take handshakes in this way and make sure not to attack the Wi-Fi link between the primary computer and Pi.
To use airserv -ng, we need to have the aircrack-ng suite installed on the computer where we want to operate a network interface. In our example with a Raspberry Pi, we also have to run either Raspbian or Kali Linux on our Pi.
First we need to install aircracking suite. This comes pre-installed on Kali Linux, but on Raspbian it is easy to install. In a terminal window, type the following to install the aircrack-ng suite.
sudo apt install aircrack-ng
Once this has been downloaded, you should have several useful programs, including airserv-ng.
To check If you have installed the program correctly, run man airserv-ng to look at the manual entry for the program. You should see something similar below.
man airserv-ng NAME airserv-ng - a wireless card server SYNOPSIS airserv-ng
DESCRIPTION airserv-ng is a wireless card server that allows multiple wireless application programs to use a wireless card via a client server TCP network connection. All operating systems and wireless card drivers specific code is integrated into the server. This eliminates the need for each wireless application to contain plex wireless card and driver logic. It also supports several operating systems. ALTERNATIVE -h Displays the help screen. -p TCP port to listen to (default: 666). -d WiFi interface to use. -c Lock the interface to this channel. -v Troubleshooting Level. There are three troubleshooting levels. Troubleshooting Level 1 shows client connection / connection (default). Troubleshooting Level 2 shows channel change requests and invalid client command requests in addition to error level 1 messages. Troubleshooting Level 3 displays a message each time a packet (and its length) is sent The client. It also contains level 2 (and 1) messages.
You can hit Q to exit. Now that we have installed this, we are ready to try serving a Wi-Fi card.
Step 2: Prepare Your Wi-Fi Adapters
After connecting a Wi-Fi network adapter that you want to serve, we need to consider how to use it. If we need to put it in monitoring mode, we may want to do it first.
First find the name of your card by running ifconfig or iwcondig . In Kali, it should look like wlan1 . Then we put it into monitoring mode by running the following command.
sudo airmon-ng start [name of wifi card here]
Remember that if you select the Wi-Fi card you are currently using to access the Internet, the program will probably crash. If you only have a Wi-Fi card but use Ethernet, you should be able to serve your Wi-Fi card over your Ethernet connection just fine.
root @ nickles: ~ # airmon-ng start wlan1 Found 4 processes that can cause problems. Kill them with & # 39; airmon-ng check kill & # 39; before putting the card in monitor mode they will interfere with switching channel and sometimes put the interface back in managed mode PID name 541 NetworkManager 604 wpa_supplicant 5143 dhclient 5157 dhclient PHY Interface Driver Chipset phy0 wlan0 ath9k Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter (rev 01) phy3 wlan1 rt2800usb Ralink Technology, Corp. RT5572 (mac80211 monitor mode vif enabled for [phy3] wlan1 on [phy3] wlan1mon) (mac80211 station mode vif disabled for [phy3] wlan1)
When we run ifconfig again, we would see that the network card is now called wlan1mon . It is in monitor mode and ready to go.
Now we can specify a port for each Wi-Fi adapter we want to serve. If we have a Raspberry Pi and a USB hub with multiple Wi-Fi adapters connected, you can assign a port number with the name of the network adapter, such as port 111 for wlan1 and port 222 for wlan2 .
Once you have decided to keep track of which port leads to which adapter, we can serve it with the following command.
root @ nickles: ~ # airserv-ng -d wlan1mon -p 111 Opening card wlan1mon Sets chan 1 Opening of stocking port 666 Serving wlan1mon chan 1 on port 111
In this command, the flag -d refers to which unit we serve, and the -p command refers to which port we "
Now, let's try a handshake through the card we serve. We can do this from any computer connected to the same local network, or even from our own computer.
First, check what our IP address is in the network. We can do this with ifconfig and it should be something like 192.168.0.2.
Now we open airodump-ng and try to listen to a handshake. Instead of using the command that was directly connected through the card, like airodump-ng wlan1mon we will use it via the airserv-ng interface, using our IP address and port number instead.
root @ nickles: ~ # airodump-ng 192.168.0.37:111 Connecting to 192.168.0.37 port 111 ... Connection succeeded Connecting to 192.168.0.37 port 111 ... Connection succeeded airodump-ng: osdep.c: 46: wi_set_ht_channel: The statement `wi-> wi_set_ht_channel & # 39; failed. CH 0] [ Elapsed: 36 s ][ 2019-04-14 10:36 ] [WPA Handshake: 40: 70: 09: 7A: 64: 90 BSSID PWR Beacons #Data, # / s CH MB ENC CIPHER AUTH ESSID 40: 70: 09: 7A: 64: 90 -39 323 1447 33 6 195 WPA2 CCMP PSK location 2.4 ghz 8C: A2: FD: 01: 2B: 28 -66 237 27 0 6 195 WPA2 CCMP PSK Donna 🙂 0E: A2: FD: 01: 2B: 28 -65 114 0 0 6 195 WPA2 CCMP PSK Donna 🙂 _ Guest C0: C1: C0: B6: F3: 71 -77 116 15 0 6 130 WPA2 CCMP PSK SilverHorse C0: C1: C0: B6: F3: 72 -78 132 10 0 6 130 OPN SilverHorse guest 8C: A2: FD: 00: C5: 8E -78 212 34 0 6 195 WPA2 CCMP PSK LavishBest 70: 3A: CB: ED: A4: 58 -76 5 11 0 6 130 WPA2 CCMP PSK jlc 60: 19: 71: F1: A3: 20 -78 42 0 0 6 195 WPA2 CCMP PSK Red Polish
Exactly how we use the interface of our device from a computer over the network. If we used a Raspberry Pi, we would pick up all our network cards and then create a Wi-Fi access point from the Pi internal card to facilitate all the Wi-Fi hacking needed and choose a different port number each time. If we serve card wlan1 on port 111 we can access it from our IP number with a : 111 at the end.
Airserving is a handy tool to make multiple Wi-Fi network cards more accessible and more subtle to access, especially when used with a Raspberry Pi. In addition to allowing a single Raspberry Pi to operate many Wi-Fi adapters via its internal card, several people in a team can also share a single adapter as needed, without having to physically connect the adapter to their computer. While this solution makes it easier to use Wi-Fi adapters as a network resource, it should be noted that it is not encrypted at all, so be careful when using this in an environment where someone else on the network might be listening.
I hope that you liked this guide to using Airserv-ng to facilitate Wi-Fi hacking! If you have any questions about this tutorial on using Airserv-ng with Raspberry Pi, leave a comment below and feel free to reach me on Twitter @KodyKinzie .