▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Wifi hacking tips :

#Using Kernel Modules to Simulate Wireless Adapters to Practice Pen Testing

You can use mac80211_hwsim is a software simulator of 802.11 radio(s) for mac80211 in Kali Linux and other penetration testing distributions like Parrot.

[mac80211_hwsim](https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim) kernel module has a parameter 'radios' that can be used to select how many radios are simulated (default 2). This allows configuration of both very simply setups (e.g., just a single access point and a station) or large scale tests (multiple access points with hundreds of stations).

The following site provides a description:
- https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim

#Starting the Kernel Module in Kali

In my Kali Linux box, I have only one active interface (eth0).

root@kali:~# ip -brie a
lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             172.16.217.170/24 fe80::20c:29ff:fe3c:82b0/64

I am starting the simulator kernel module with the modprobe mac80211_hwsim command:

root@kali:~# modprobe mac80211_hwsim

After starting the module, the wireless interfaces are shown:

root@kali:~# ip -brie a
lo               UNKNOWN        127.0.0.1/8 ::1/128
eth0             UP             172.16.217.170/24 fe80::20c:29ff:fe3c:82b0/64
wlan0            DOWN
wlan1            DOWN
hwsim0           DOWN

You can then install hostapd to create a wireless access point and then use aircrack-ng to perform wireless assessments.


#Install and Configure hostapd

You can then install hostapd, as shown below:

root@kali:~# sudo apt install hostapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  hostapd
0 upgraded, 1 newly installed, 0 to remove and 1748 not upgraded.
Need to get 608 kB of archives.
After this operation, 1,549 kB of additional disk space will be used.
Get:1 http://archive.linux.duke.edu/kalilinux/kali kali-rolling/main amd64 hostapd amd64 2:2.6-18 [608 kB]
Fetched 608 kB in 2s (301 kB/s)
Selecting previously unselected package hostapd.
(Reading database ... 353210 files and directories currently installed.)
Preparing to unpack .../hostapd_2%3a2.6-18_amd64.deb ...
Unpacking hostapd (2:2.6-18) ...
Setting up hostapd (2:2.6-18) ...
Created symlink /etc/systemd/system/hostapd.service → /dev/null.
update-rc.d: We have no instructions for the hostapd init script.
update-rc.d: It looks like a network service, we disable it.
Processing triggers for systemd (238-4) ...
Processing triggers for man-db (2.8.2-1) ...
Scanning processes...
Scanning candidates...
Scanning processor microcode...
Scanning linux images...

Running kernel seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

User sessions running outdated binaries:
 root @ session #3: bash[1599]
root@kali:~# hostapd
hostapd v2.6
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors

usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] \
         [-g <global ctrl_iface>] [-G <group>]\
         [-i <comma-separated list of interface names>]\
         <configuration file(s)>

options:
   -h   show this usage
   -d   show more debug messages (-dd for even more)
   -B   run daemon in the background
   -e   entropy file
   -g   global control interface path
   -G   group for control interfaces
   -P   PID file
   -K   include key data in debug messages
   -f   log output to debug file instead of stdout
   -T = record to Linux tracing in addition to logging
        (records all messages regardless of debug verbosity)
   -i   list of interface names to use
   -S   start all the interfaces synchronously
   -t   include timestamps in some debug messages
   -v   show hostapd version
root@kali:~#