❎
wiki.hackerlab.cz
  • About me
  • Vulnerability Assessment
  • CLOUD PENTESTING
    • AWS
    • GCP
    • Microsoft Azure
    • Labs
  • REST API - Bypasses and Privilege Escalations
  • Python Virtual Environment (VENV)
  • OSINT & Information Gathering
  • Web Pentesting
    • JavaScript .maps
    • SSRF
    • LDAP Injection
    • Django ORM Exploitation
    • HTTP Request Smuggling
    • Server Side Template Injection (SSTI)
    • Insecure Deserialization
    • Brute force
    • Shell Fu - Oneliners
    • CORS
    • Special Chars & NULL Bytes
    • XSS
    • XXE
    • Nuclei
    • SQL Injection
    • Blind SQL Injection
    • SQLmap
    • NoSQL Injection
    • CRLF Injection
    • Input Validation - Fuzz1
    • HTTP Headers - X-Forwarded
    • Log4j
    • Enumeration with Wordlists
    • Bug Bounty - Web Recon
    • HTTP Proxy Override
    • CSV Injection
    • Windows Forbidden File Names
    • Path Traversal
    • OS Command Injection
    • Open Redirect
    • JWT Tool
    • Burp Extensions - TokenJAR & ATOR
    • Upload RCE
    • GUID and UUIDs
  • Toolset
    • Git - Repo and Tools
    • Docker for Pentesters
  • Infrastructure Pentesting
    • Active Directory (AD)
      • Vulnerable Machines (labs)
      • Pass the hash
      • Azure Active Directory
      • Password Cracking
      • Domain Enumeration
      • LLMNR Poisoning with Responder
      • HTB Forest
      • LDAP
      • WinRM
      • SMB & RPC Enumeration
      • SMB Relay
      • Impacket
      • Bloodhound
      • OWA Exchange Server 2019
      • Active Directory Web Services (ADWS)
      • Active Directory Attacks
    • Mail Server Attacks
    • NFS Enumeration
    • Windows PostExploitation
      • Windows Enumeration
      • Powershell Payloads
      • Add RDP Account & Ride on Meterpreter
    • Dump File Analysis
  • Other Pentest Projects
    • Security Projects
  • WIFI Pentesting
    • Kali Linux - Alpha card AWUS 1900 (VirtualBox)
    • Active Card & Monitor Mode
    • Aircrack-ng Suite
  • Certs
    • Burp Suite Certified Practitioner
  • Linux
    • Network Manager
  • Books
    • The Hacker Playbook 3
Powered by GitBook
On this page
  • Card Detected
  • Enable Wifi Card
  • airmon-ng - List available interfaces
  • Enable monitor mode

Was this helpful?

  1. WIFI Pentesting

Active Card & Monitor Mode

Set your WiFi card into monitor mode with airmon-ng

PreviousKali Linux - Alpha card AWUS 1900 (VirtualBox)NextAircrack-ng Suite

Last updated 4 years ago

Was this helpful?

You might want to stop the Network Manager 

systemctl stop NetworkManager

or disable the NetworkManager from autostart after reboot

systemctl disable NetworkManager

There is a possibility to limit Network manager devices but for Wifi hacking you kill all processes which interefers with Wifi.

Card Detected

After reboot, your card is detected but not enabled at the moment.

ifconfig does not list the device wlan0 

ifconfig

until you use (ifconfig -a) which lists also inactive cards.

ifconfig -a

iwconfig lists your wifi card all the time, regardless of it's active or inactive.

iwconfig

wlan0   IEEE 802.11 ESSID:off/any
        Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
        Retry short limit:7 RTS thr:off Fragment thr:off 
        Encryption key:off 
        Power Management:off

We need to activate (enable) card for use.

Enable Wifi Card

ifconfig wlan0 up

It might happen that your card is soft blocked by the kernel.

SIOCSIFFLAGS: Operation not possible due to RF-kill

Perform the following command and enable the network interface (wlan0) one more time.

rfkill unblock wifi

# try one more time
fconfig wlan0 up

airmon-ng - List available interfaces 

airmon-ng            

PHY     Interface       Driver          Chipset
phy0    wlan0           88XXau          Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac

Enable monitor mode

airmon-ng start wlan0 

Found 1 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

    PID Name
    440 NetworkManager

PHY     Interface       Driver          Chipset

phy0    wlan0           88XXau          Realtek Semiconductor Corp. RTL8814AU 802.11a/b/g/n/ac
                (monitor mode enabled)

You can see in my case the NetworkManager with PID 440 was detected as interference, kill or disable the process.

when you are in a monitor mode, the iwconfig command shows Mode:monitor

iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  Mode:Monitor  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
Network Manager