-
Notifications
You must be signed in to change notification settings - Fork 23
/
课时69 AIRRACK-NG(二).txt
executable file
·206 lines (147 loc) · 7.13 KB
/
课时69 AIRRACK-NG(二).txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
课时69 AIRRACK-NG(二)
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃AIRTUN-NG ┃
┃Repeate ┃
┃ WDS/Bridge ┃
┃ 扩展无线侦听的距离 ┃
┃ 要求两块网卡都置入monitor模式 ┃
┃ airtun-ng -a <AP MAC> --repeat --bssid <AP MAC> -i wlan0mon wlan2mon┃
┃ wlan0mon: 收包的网卡 ┃
┃ wlan2mon: 发包的网卡 ┃
┃ -a: 发包的源地址 ┃
┃ --bssid: 过滤只发指定源地址的包(可选) ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
╋━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃AIRTUN-NG ┃
┃Replay ┃
┃ 将抓取的CAP文件重放到指定网卡 ┃
┃ airtun-ng -a <Source MAC> -r 1.cap <interface>┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━╋
root@kali:~# service network-manager stop
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
875 wpa_supplicant
1580 dhclient
映射两个网卡到kali虚拟机里
root@kali:~# airmon-ng start wlan0
Found 2 processess that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
875 wpa_supplicant
1580 dhclient
PHY Interface Dirver Chipset
phy1 wlan0 rt2800usb Ralink Technology, Corp, RT5370
phy0 wlan2 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enable for [phy0]wlan2 on [phy0]wlan2mon)
(mac80211 station mode vif disabled for [phy0]wlan2)
root@kali:~# iwconfig
eth0 no wireless extensions.
wlan0mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
wlan2mon IEEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fregment thrL:off
Power Management:off
lo no wireless extensions.
root@kali:~# airtun-ng -a 14:75:90:21:4F:56 --repeat --bssid 14:75:90:21:4F:56 -i wlan0mon wlan2mon
第一个侦听网卡灵敏度大,第二是发包网卡传输功率大
╋━━━━━━━━━╋
┃其他工具 ┃
┃bessid-ng ┃
┃fern-wifi-cracker ┃
╋━━━━━━━━━╋
root@kali:~# besside-ng -h
Besside-ng 1.2 rc3 - (C) 2010 Andrea Bittau
http://www.aircrack-ng.org
Usage: besside-ng [options] <interface>
Options:
-b <victim mac> : Victim BSSID
-R <victim ap regex> : Victim ESSID regex
-s <WPA server> : Upload wpa.cap for cracking
-c <chan> : chanlock
-p <pps> : flood rate
-W : WPA only
-v : verbose, -vv for more, etc.
-h : This help screen
root@kali:~# man besside-ng
Application----->Wireless Attacks----->fer wifi cracker
基于Aircrack-ng来实现的
root@kali:~# service network-manager stop
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
875 wpa_supplicant
1580 dhclient
手动打这些命令,然后打开fer wifi cracker
usr/share/wfuzz/wordlist/fuzzdb/wordlists-user-passwd/names/namelist.txt
cookie hijacker cookie劫持
╋━━━━━━━━━━━━━━━━━━━━━━━━╋
┃无线侦查 ┃
┃kismet ┃
┃ kismet*.nettxt ┃
┃ kismet*.pcapdump ┃
┃ ┃
┃ ┃
┃gpsd -n -N -D4/dev/ttyUSBO ┃
┃giskismet -x Kismet-*.netxml ┃
┃giskismet -q "select * from wireless" -o gps.kml┃
╋━━━━━━━━━━━━━━━━━━━━━━━━╋
root@kali:~# airmon-ng stop wlan2mon
root@kali:~# ifconfig -a
root@kali:~# iwconfig
eth0 no wireless extensions.
wlan2 IEEE 80211bgn ESSID:off/any
Mode:Managed Access Ponit: Not-Associated Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
lo no wireless extensions.
root@kali:~# kismet
Intf:wlan2
Name:wlan2
Add
root@kali:~# desmg
root@kali:~# ps aux | grep gpsd
root 2892 0.0 0.0 1266 1724 pts/0 S+ 19:18 0:00 grep gpsd
root@kali:~# kill 2892
bash: kill: (2892) - No such process
root@kali:~# gpsd
bash: gpsd: command not foud
root@kali:~# apt-get install gpsd gpsd-clients
root@kali:~# gpsd -h
root@kali:~# gpsd -n -N C4 /dev/ttyUSB0
root@kali:~# giskimet -x Kismet-20151126-19-26-10-1.netxml
Kismet-20151126-19-26-10-1.netxml:1: parser error : Document is empty
^
Kismet-20151126-19-26-10-1.netxml:1: parser error : Start tag ex[ected, '<' not found
^
root@kali:~# giskimet -x Kismet-20151126-18-42-55-1.netxml
Warning: no gps data found for BSSID: 08:10:79:2A:29:7A ESSID: 2-1-403
Warning: no gps data found for BSSID: 14:75:90:21:4F:56 ESSID: TP-LINK_4F56
Warning: no gps data found for BSSID: 50:BD:5F:C0:F6:D6 ESSID: MasterHuang
Warning: no gps data found for BSSID: 5C:63:BF:F9:74:0C ESSID: TP-D03234
Warning: no gps data found for BSSID: BC:D1:77:C0:87:DE ESSID: MERURY_C087DE
Warning: no gps data found for BSSID: D0:C7:C0:99:ED:3A ESSID: ziroom222
root@kali:~# giskismet -q "select * from wireless" -o ask.kml
root@kali:~# more ask.kml
<?xml version="1.0" encoding="UTF-8"?>
<kml xmlns="http://earth.google.com/kml/2.2">
<Document>
<name>Kismet</name>
<description>select * from wireless</description>
</Document>
</kml>
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃无线侦查 ┃
┃Google地球 ┃
┃ http://dl.google.com/dl/earth/client/current/google-earth-stable current amd64.deb┃
┃dpkg -i google-earth64.deb ┃
┃apt-get -f install ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
root@kali:~# cp /media/sf_D_DRIVE/软件/google-earth-stable current amd64.deb
root@kali:~# dpkg -i google-earth-stable current amd64.deb //第一次安装谷歌地球不能安装上去,需要安装依赖包
root@kali:~# apt-get -f install //强制安装依赖包
root@kali:~# dpkg -i google-earth-stable current amd64.deb //再一次安装谷歌地球
root@kali:~# google-earth //在命令行打开谷歌地图