Last changed: 16.08.2017
Establish Wlan connections via command line in Linux
Nowadays modern operating systems offer easy to use graphical interfaces for managing wireless connections. Nonetheless knowledge of the underlying processes and the tools needed for manual setup should be possessed by anyone interested in pentesting wireless networks.
Aside from that I want to show how to quickly setup your own wireless infrastructure as an easy method for file transfers or other network services.
preparation
Running daemons like the GNOME Network Manager can interfere with your manually set configuration by overwriting the interface settings. So taking over full control requires killing all interfering processes.
systemctl stop NetworkManager
killall dhclient
killall dhcpcd
killall wpa_supplicant
basics
manage IP addresses
ip addr add 10.0.0.1/24 dev wlan0
ip addr del 10.0.0.1/24 dev wlan0
ip addr flush dev wlan0
scan for networks
iw wlan0 scan
change MAC address
ip link set wlan0 address 00:11:22:33:44:55
change interface mode
iw wlan0 set type ibss|managed|monitor
show device information
iw wlan0 info
iw phy0 info
modify transmit power
iw reg get
iw reg set DE
iw wlan0 set txpower fixed 2000
establish connections
connect to ad-hoc network (requires ibss mode)
iw wlan0 ibss join <ssid> 2462
connect to open/WEP encrypted network (requires managed mode)
iw wlan0 connect <essid> [key 0:<wepkeyphrase>]
connect to WPA/WPA2 encrypted network (requires managed mode)
wpa_passphrase <essid> <passphrase> > wpa_supplicant.conf
wpa_supplicant -Bi wlan0 -c wpa_supplicant.conf
DHCP request
dhcpcd wlan0
dhclient wlan0
setup wireless access point
To share an internet connection on the interface eth0 with other clients via wlan you can use the following steps to setup an access point and enable network address translation. Examples for configuration files can be found below.
ip addr add 10.0.0.1/24 dev wlan0
echo 1 > /proc/sys/net/ipv4/ip_forward
hostapd hostapd.conf
dnsmasq -C dnsmasq.conf
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
configuration example files
The following configuration files can be used to quickly setup your own access point.
hostapd_min.conf
interface=wlan0
driver=nl80211
ssid=minimum
channel=1
hostapd_wep.conf
interface=wlan0
driver=nl80211
ssid=insecure
channel=1
hw_mode=g
auth_algs=1
wep_key0="13char-WEPkey"
wep_default_key=0
hostapd_wpa-psk.conf
interface=wlan0
driver=nl80211
ssid=quite_secure
channel=1
hw_mode=g
auth_algs=1
wpa=2
wpa_passphrase=LongAndSecurePassphrase
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
dnsmasq.conf
interface=wlan0
dhcp-range=interface:wlan0,10.0.0.20,10.0.0.60,infinite
speed up with qw
If you manage wireless connections via the command line very often I recommend using the bash script qw to speed up the process and to save some time.
To kill interfering processes, setup a random mac and start a preconfigured access point run
qw k
qw f
qw a
The client can connect to this access point with
qw c
Setup WPA Enterprise with freeradius and hostapd
In this section I will describe the steps needed to setup your own access point with WPA Enterprise using FreeRADIUS 3.0 on Kali Linux.
The initial setup requires only minor changes to large configuration files. Only the parts that needs to be changed are mentioned.
Be aware that this configuration shall only be used as a first step to get the service running and that it is in no way secure. One important step will be to create tls certificates and activate verification in the client configuration.
configure freeradius
/etc/freeradius/3.0/mods-available/eap
...
default_eap_type = peap
...
/etc/freeradius/3.0/users
username_1 Cleartext-Password := "password_1"
/etc/freeradius/3.0/clients.conf
...
client 192.168.1.2/24 {
shortname = hostapd
secret = shared_secret_123
}
start freeradius
systemctl start freeradius
test connection
radtest username_1 password_1 192.168.1.3 10 shared_secret_123
configure hostapd
hostapd_wpa-peap.conf
interface=wlan0
driver=nl80211
ssid=very_secure
channel=1
hw_mode=g
ieee8021x=1
wpa=2
wpa_key_mgmt=WPA-EAP
rsn_pairwise=CCMP
auth_algs=1
auth_server_addr=192.168.1.3
auth_server_port=1812
auth_server_shared_secret=shared_secret_123
connect with wpa_supplicant
wpa_supplicant_peap.conf
network={
ssid="very_secure"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="username_1"
password="password_1"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}