Wireless pentest lab Part 6 – Remote Packet Capture
Wireless remote packet capture refers to the process of capturing network traffic on a remote device or network using a […]
Wireless pentest lab Part 5 – Extracting Certificate Info
Disclaimer for Wireless Penetration Testing Educational Purposes: The wireless penetration testing educational service provided here is solely for the purpose […]
WI-FI 6 Notes – Trigger Frames
Trigger Frame The trigger frame is a control frame of the MAC header, which contains the association IDs (AIDs) of […]
Wireless pentest lab Part 4 – PEAP Relay Attacks with wpa_sycophant
The article that covers the details of the attack can be found here and here. Launch the rogue AP Start […]
Wireless pentest lab Part 3
Part 1 Part 2 hostapd-wpe Download the files Creating certs Copy and edit the hostapd-wpe config file Execute the script […]
Wireless pentest lab Part 2
Part 1 Part 3 berate-ap OR Test berate_ap Testing hostapd-mana Create certificates: Documentation can be found here Create a certificate […]
Wireless pentest lab Part 1
Part 2 Part 3 Reference and credit: https://w1f1.net/ Tools: screen Linux screen is a command-line utility that allows you to […]
PEAP EAP-MSCHAPV2 Attack
References: EVP_RSA_gen() generates a new RSA key pair with modulus size bits. Create a certificate signing request. Create the hostapd.eap_user […]
Kali Linux – Rogue SSIDs Part 1 PSK
Wireless Penetration Test and Training Purposes Disclaimer: The training material and exercises provided are for educational and training purposes only. […]
ALFA AWUS036AXML – (802.11ax) 2×2 6 GHz
AWUS036AXML is the WiFi 6/6E (802.11ax) 2×2 6 GHz and Bluetooth 5.2 high-performance USB adapter. It comes with a 2-in-1 USB-C […]
Kali Linux Wireless Pentesting Notes
By default, Kali is set to global regulatory domain (00). To change or set the regulatory domain, run iw reg […]
WIFOO Revisited – Part 2 – WEP
Part 1 Create the wireless monitor interface(s). 2. Recon and gather info using any of the monitor mode interfaces. Take […]
WIFOO Revisited – Part 1 – 6GHz Adapter Test
Part 2 Check the status of the adapter/driver The recon data will be saved in .csv format. This is useful […]
6GHz Baseline Test
This is a high-level document where I try to understand how different devices will transfer data and at what data […]
6GHz Basics – Scanning and Probing in the 6 GHz band
Passive Scanning – With 1200 MHz to cover and 59 channels to scan, a station with a dwell time of […]
WIFI 6E Basics Notes
Reference: https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-delivers-wi-fi-6e-certification-program An overview of WPA 3 can be found here wlan virtual-ap “WIFI6E”aaa-profile “WIFI6E_AAA_PROFILE”vlan 12ssid-profile “WIFI6E_SSID_PROFILE”allowed-band noneallowed-band-6ghz Security Wi-Fi […]
Wi-Fi 6E Notes Part 1 – IAP 655
Channels Image Reference: www.juniper.net show arm-channels show ap bss-table show ap arm neighbors Basic Packet Capture from the IAP pcap […]
ACMP – Convert IAP to Campus
Whitelist the IAP on the Mobility Conductor Obtain the Ethernet MAC address of the IAP from the GUI/sticker on the […]
ACMP – ArubaOS 8 and AOS-CX Release Descriptions
Reference: https://www.arubanetworks.com/support-services/end-of-life/arubaos-software-release/
ACMP – Exam Notes – Introduction to Clusters – Part 1
What is clustering? A cluster combines multiple managed devices to provide high availability for all clients. Benefits include seamless roaming […]
Review: 802.1X EAP-TLS Authentication Flow Explained – With Packet Captures
Steps 1,2 and 3 – Establish layer one and two The wireless client associates with the AP and seSupplicantional EAPOL […]
Aruba Certified Mobility Associate (ACMA) – Notes
Model AP Client Type Firewall Capacity POE Ports 7005 16 1,024 Physical 2 Gbps N/A 7008 16 1,024 Physical 2 […]
Generate HTTPS Certificate for Aruba WLC
In cryptography, PKCS #12 defines an archive file format for storing many cryptographic objects as a single file. It is […]
WPA3 Downgrade attack
WLAN configured for WPA3 SAE with backward compatibility Confirmation via airodump-ng Confirmation via Wireshark The client connected after going through […]
WPA_SUPPLICANT – MULTI CONFIG
PEAP MSCHAPV2 network={ssid=”LAB-PEAP“scan_ssid=1key_mgmt=WPA-EAPeap=PEAPidentity=”jack”password=”black”phase1=”peaplabel=0″phase2=”auth=MSCHAPV2″} TTLS-PAP network={ssid=”LAB-PAP-TTLS“scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=PAP”} TTLS-CHAP network={ssid=”LAB-CHAP-TTLS“scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=CHAP”} TTLS-MSCHAPv2 network={ssid=”LAB-TTLS-MSCHAPv2″scan_ssid=1key_mgmt=WPA-EAPeap=TTLSidentity=”jack”anonymous_identity=”anon”password=”black”phase2=”auth=MSCHAPV2″}
WPA_SUPPLICANT – SIMPLE PSK CLIENT
network={ssid=”TEST”scan_ssid=1key_mgmt=WPA-PSKpsk=”password12345″} wpa_supplicant -Dnl80211 -iwlan0 -c/etc/wpa_supplicant.conf
HOSTAPD – WPA/WPA2 CONFIG
interface=wlan1driver=nl80211ssid=BLACKhw_mode=gchannel=11macaddr_acl=0ignore_broadcast_ssid=0auth_algs=1wpa=2wpa_passphrase=LETMEINwpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPwpa_group_rekey=86400ieee80211n=1wme_enabled=1 bss=wlan1_0driver=nl80211ssid=WHITEhw_mode=gchannel=11macaddr_acl=0ignore_broadcast_ssid=0auth_algs=1wpa=2wpa_passphrase=LETMEINwpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPwpa_group_rekey=86400ieee80211n=1wme_enabled=1
HOSTAPD – WEP CONFIG
Use hostapd to create multiple SSIDs on a single wireless adapter interface=wlan1hw_mode=gchannel=6driver=nl80211ssid=APPLEauth_algs=1wep_default_key=0wep_key0=”10101″ bss=wlan0_1 hw_mode=g channel=6 driver=nl80211 ssid=PEAR auth_algs=1 wep_default_key=0 wep_key0=”10101″
Ventev Warehouse Antenna mounts for the – M6130130MP1D0006W and M6060060P1D43620M
Ventev colocation mounts with Aruba AP-534 Ventev Antenna Option # 1 For Open Warehouse Areas – part # – 220125 […]
Wireless Network Design using Ekahau Pro Part 1 – Office Space
Wireless designs come with a plethora of nuances, specifically around requirements and past experiences. You can look at a floor […]
metasploit Windows 7 – windows/smb/ms17_010_eternalblue)
Use auxiliary for smb service Set options to target host Scan target Use ms17_010_eternalblue module exploit Victim desktop Change directory […]
Cisco 9130 Cheat Sheet
2.4 GHz 1 – 23 – 200 mW2 – 20 – 100 mW3 – 17 – 050 mW4 – 14 […]
4-way handshake review – High Level
Reference: 802.11-2016 – Section – 12.7.6 4-way handshake Key 1- sent from the authenticator to the supplicant Key 2- sent […]
Cisco 9800 with ISE Central Web Authentication
Define the AAA server and server group. I normally define the Radius server on both Anchor and Foreign controllers just […]
Cisco 9800 Open SSID – MAC Filter via AAA
Add AAA server to WLC Add the WLC to the AAA server Create a radius server group Create an AAA […]
Cisco 9800 Equivalent of AireOS webpass through – notes
This lab will demonstrate how to configure a simple web passthrough on the IOS XE 9800 Controller AireOS web passthrough […]
CCIE Enterprise Core – ENCOR 350-401 – Network Device Communication – Packet Routing
Verify the ARP table of each device PC1 R4 R6 PC2 The primary function of a network is to provide […]
Cisco 9800 Flexconnect QoS – WIFI CALLING – Part 2
First and foremost read this …. https://tools.ietf.org/id/draft-ietf-tsvwg-ieee-802-11-05.html. Then this … https://tools.ietf.org/html/rfc4594 wireless packet capture with omnipeek /wireshark / SSID open […]
Cisco 9800 Flexconnect QoS – WIFI CALLING – Part 1
First and foremost read this …. https://tools.ietf.org/id/draft-ietf-tsvwg-ieee-802-11-05.html. Then this … https://tools.ietf.org/html/rfc4594 wireless packet capture with omnipeek /wireshark / SSID open […]
Cisco 9800 (17.1)HA via Nexus 9K vPC
Nexus Config – 9K1 vlan 1,10,20vlan 10name NETWORK_MGMTvlan 20name WLAN_MGMT spanning-tree vlan 1-3967 priority 24576vrf context managementvpc domain 1peer-keepalive destination […]
Cisco 9800 High Availability on IOS XE 17.x – notes
Information About High Availability High Availability (HA) allows you to reduce the downtime of wireless networks that occurs due to […]
Slowly working my way through INE’s CCIE R&S workbook
Eve-ng Physical Topology
Spanning-tree Communication – Bridge Protocol Data Units (BPDU)
Because STP is involved in loop detection, many people refer to the catastrophic loops as “Spanning Tree loops.” This is […]
Spanning Tree Basics – Part 3
Spanning-tree from the view point of DL-1 and DL2 The interface associated to lowest path cost is more preferred. The […]
Spanning Tree Basics – Part 2 – The STP root
In part one we looked at the simplest spanning tree decision that a switch can make when it has a […]
Spanning Tree Basics – Part 1
Locating Root Ports After the switches have identified the root bridge, they must determine their root port (RP). The root […]
Quality of Service (QoS) on Catalyst 9800 Controller – Basics (rough notes place holder)
Define class maps Class Map match-any DROP-NETFLIX1_AVC_UI_CLASS (id 39) Description: DROP-NETFLIX1_AVC_UI_CLASS UI_policy_DO_NOT_CHANGE Match protocol netflix Class Map match-any DROP-NETFLIX2_AVC_UI_CLASS (id […]
Infrastructure MFP – Part 1
Management frame protection (MFP) provides security for the otherwise unprotected and unencrypted 802.11 management messages passed between access points and […]
802.11 Deauth frames – type: management
4.5.4.3 Deauthentication reference – 802.11-2016 – page 223 The deauthentication service is invoked when an existing Open System, Shared Key, […]
802.11i / Robust Security Network/ 12.6.2 RSNA selection – part 1
reference 802.11-2016 – page STA = station RSNA – Robust Security Network Association A STA prepared to establish RSNAs shall […]
WPA3 Enterprise/Personal – RSN
WPA3-Personal WPA3-Personal brings better protections to individual users by providing more robust password-based authentication, even when users choose passwords that […]
Upgrading Cisco 9800 Controllers
Be sure to complete the following prerequisites before upgrading the Cisco IOS XE version of the controller software image: Compatibility […]
Ubuntu 19 wpa_supplicant – WPA3 OWE video
video upload test Enhanced open using Ubuntu and wpa_supplicant lab@Crazy4840afkee:/etc/wpa_supplicant$ more owe_script.conf network={ ssid=”OWE13″ key_mgmt=OWE pairwise=CCMP scan_ssid=1 ieee80211w=2 } use […]
WPA3 Opportunistic Wireless Encryption – frame format – Basics
New Wi-Fi Enhanced Open™ technology infuses no-hassle advanced cryptography for open networks We’ve all come to expect fast, reliable, and […]
Cisco 9800 TACACS+ Config CLI and verify – notes
Define the TACACS+ source interface. The source interface is usually the management interface. ip tacacs source-interface VlanX 2. Enable aaa […]
Join Autonomous AP to Cisco Controller
1. Download recovery code from Cisco.com 2. Copy file from server to autonomous AP AP will reboot and join the […]
CCIE Enterprise Wireless (v1.0) – 3.9 Controller Mobility – C9800 Radio Resource Management – Part 2
How RF Groups are formed When the WLC initializes as new, it creates a unique Group ID using the IP […]
CCIE Enterprise Wireless (v1.0) – 3.9 Controller Mobility – C9800 Radio Resource Management – Part 1
The C9800 Product line is designed as a direct replacement for Current Hardware Wireless Lan Controller platforms. C9800 is compatible […]
2020 – Give thanks to the most high
Blessings, love , righteousness, tolerance, acceptance and forgiveness. For the LORD is good; his mercy is everlasting; and his truth […]
Just As Good…
Managed Devices upgrade via Mobility Master – 8.5
Configure sever parameters – server IP, protocol, file location , file name. Select the cluster of devices to be upgraded. […]
Upgrade Mobility master HA Pair – 8.x
Download the desired version from Aruba’s website. Once the code is downloaded verify the checksum using the Linux md5sum command […]
Clustering of Mobility Controllers – 8.x
Seamless roaming of clients between APs Seamless client failover in the event of a connectivity failure to the active controller. […]
CCIE Enterprise Wireless (v1.0) – 3.9 Controller Mobility – 3.9.e Mobility anchoring aka Mobility Tunnels
Note: CCIE Enterprise Wireless (v1.0) – 3.9 Controller Mobility – 3.9.e Mobility anchoring On any firewall between the guest anchor […]
CCIE Enterprise Wireless (v1.0) – section 3.3 – a – Cisco 9800 Cloud Controller High Availability ( HA ) /SSO
Restrictions Prior to enabling HA between two 9800 WLCs ensure these you perform these validations: Both devices must be of […]
ArubaOS 8.X – configure communication between mobility master and managed devices (MD)/controllers
The Aruba mobility master structure is configured via folder hierarchy starting at the “managed device” level The two options are […]
Aruba 8.4.0 Mobility Master install with redundancy
TOPOLOGY Boot and configure basic settings: ports, up link VLAN, username and password Configure VRRP on the primary and secondary […]
Install Cisco 9800 Cloud Controller on ESXI 6.7
Download the recommended controller version from Cisco.com – as of 12/18/2019 the recommended version is listed below as Gibraltar-16.12.1s ED […]
Cisco Cloud 9800 – Mobility Tunnel ( between two 9800 cloud controllers)
Cisco 9800 cloud Basic Install – zero day wireless CLI
Disable the wireless network to configure the country code: C9800(config)#ap dot11 5ghz shutdown Disabling the 802.11a network may strand mesh […]
802.11 PHY Layer – Carrier Sense/Clear Channel Assessment (CS/CCA)
Carrier Sense/Clear Channel Assessment (CS/CCA) If the station is not currently transmitting or receiving, it listens and senses the channel […]
802.11 Frames
Management Frames 802.11 management frames make up a majority of the frame types in a WLAN. Management frames are used […]