Step 1: Fire Up Kali
Let’s start by firing our favorite hacking Linux distribution, Kali. Then open a terminal that looks like this:
To make certain we have some wireless connections and their designation, we can type:
- kali > iwconfig
Step 2: Put Your Wi-Fi Adapter in Monitor Mode
The next step is to put your Wi-Fi adapter in monitor mode. This is similar to promiscuous mode on a wired connection. In other words, it enables us to see all the packets passing through the air past our wireless adapter. We can use one of the tools from the Aircrack-ng suite, Airmon-ng, to accomplish this task.
- kali > airmon-ng start wlan0
Next, we need to use Airdump-ng to see the info on the wireless AP around us.
- kali > airdump-ng mon0
Step 3: Use Airdump-Ng to Get the Necessary Info
Finally, all we need to do is to put this info into our Bully command.
- kali > bully mon0 -b 00:25:9C:97:4F:48 -e Mandela2 -c 9
Let’s break down that command to see what’s happening.
- mon0is the name of the wireless adapter in monitor mode.
- –b 00:25:9C:97:4F:48is the BSSID of the vulnerable AP.
- -e Mandela2is the SSID of the AP.
- -c 9is the channel the AP is broadcasting on.
Step 4: Start Bully
When we hit enter, Bully will start to try to crack the WPS PIN.
Now, if this AP is vulnerable to this attack, bully will spit out the WPS PIN and the AP password within 1 to 2 hours.
Thanks for reading, EDUCATIONAL PURPOSES ONLY.