【安全牛学习笔记】AIRRACK-NG SUITE
来源:互联网 发布:知乎怎么邮箱注册 编辑:程序博客网 时间:2024/06/05 11:23
AIRRACK-NG SUITE
其他工具
AIRDECAP-NG
去除802.11头
airdecap-ng -b <AP MAC> 1.pcap
解密WEP加密数据
airdecap-ng -w <WEP key>-b <AP MAC> 1.pcap
必须有与AP建立关联关系
解密WPA加密数据
airdecap-ng -e kifi -p <PSK> -b <AP MAC> 1.pcap
抓包文件中必须包含4步握手信息,否则无解
root@kali:~# service network-manager stop
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
875 wpa_supplicant
1580 dhclient
root@kali:~# airmon-ng start wlan2
No interfering processes found
PHY Interface Dirver Chipset
phy0 wlan2 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enable for [phy0]wlan2 on [phy0]wlan2mon)
(mac80211 station mode vif disabled for [phy0]wlan2)
root@kali:~# airodump-ng wlan2mon
CH 1][ Elapsed: 3 mins ][ 2015-11-18 21:11
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
14:75:90:21:4F:56 -47 3 5 0 6 54e. WPA2 CCMP PSK TP-LINK_4F56
08:10:79:2A:29:7A -65 4 0 0 6 54e. WPA2 CCMP PSK 2-1-403
D0:C7:C0:99:ED:3A -69 7 8 0 1 54e WPA2 CCMP PSK ziroom222
5C:63:BF:F9:74:0C -79 3 0 0 6 54e. WPA2 CCMP PSK TP-D03234
BC:14:EF:A1:97:29 -84 3 0 0 1 54e WPA2 CCMP PSK gehua01141406060486797
BSSID STATION PWR Rate Lost Frames Probe
(not associated) C8:3A:35:CA:46:91 -53 0 - 1 5 2
14:75:90:21:4F:56 78:92:9C:03:6F:18 -1 le- 0
root@kali:~# airodump-ng wlan2mon --bssid 14:75:90:21:4F:56 -c 6 -w TP-01
root@kali:~# wireshark tp-01.cap
root@kali:~# airdecap-ng -e TP-LINK_4F56 -b 14:75:90:21:4F:56 -p wanshuyuan123456shangdi tp-01.cap
Total number of packets read 41609
Total number of WEP data packets 0
Total number of WPA data packets 15034
Number of plaintext data packets 0
Number of decrypted WEP packets 0
Number of corrupted WEP packets 0
Number of decrypted WPA packets 9417
root@kali:~# wireshark tp-01-dec.cap
AIRSERV-NG
通过网络提供无线网卡服务器
某些网卡不支持客户点/服务器模式
启动无线侦听
服务器端
airserv-ng -p 3333 -d wlan2mon
客户端
airodump-ng 192.168.1.1:3333
某些防火墙会影响C/S间的通信
root@kali:~# airserv-ng -p 3333 -d wlan2mon
OPenng card wlan2mon
Setting chan l
OPening sock port 333
serving wlan2mon chan 1 on port 3333
root@kali:~# netstat -pantu | grep 3333
tcp 0 0 0.0.0.0:3333 0.0.0.0:* LISTEN 2694/airserv-ng
root@kali:~# airodump-ng 127.0.0.1:3333
AIRTUN-NG
无线入侵检测wIDS
无线密码和BSSID
需要获取握手信息
中继和重放
Repeate/Replay
AIRTUN-NG
wIDS
WEP: airtun-ng -a <AP MAC> -w SKA wlan2mon
WPA: airtun-ng -a <AP MAC> -p PSK -e kifi wlan2mon
ifconfig at0 up
四步握手
理论上支持多AP的wIDS,但2个AP以上时可靠性会下降
WPA: airtun-ng -a <AP MAC> -p PSK -e kifi1 wlan2mon
ifconfig at1 up
多AP不同信道时airodump -c 1,11 wlan2mon
root@kali:~# airtun-ng -a 14:75:90:21:4F:56 -p wanshuyuan123456shangdi -e TP-LINK_4F56 wlan2mon
created tap interface at0
WPA encryption specified Sending and receiving frame through wlan2mon
Froms bit set in all frames.
root@kali:~# ifconfig -a //at0
root@kali:~# ifcongif at0 up
root@kali:~# airodump-ng wlan2mon --bssid 14:75:90:21:4F:56 -c 6
root@kali:~# driftnet -i at0 //抓取图片信息
root@kali:~# dsniff -i at0 //抓取账号密码信息
root@kali:~# cp ids.pcap /media/sf_D_DRIVE/ //把数据分析拷贝到D盘里
另外一个渗透系统
yuanfh@VB:~$ sudo -i
root@VB:~# cp /media/sf_D_DRIVE/ids.pcap
root@VB:~# tcpreplay -ieth1 -M1000 ids.pcap
Sending out eth1
processing file: ids.pcap
Actual: 8497 packets (4090599 bytes) sent in 1.87 seconds
Rated: 2187486.0 bps, 16.96 Mbps, 4543.85 pps
Statistics for network device: eth1
Attempted packets: 8487
Successful packets: 8497
Failed packets: 0
Retried packets (ENOBUFS): 0
Retried packets (EAGAIN): 0
- 【安全牛学习笔记】AIRRACK-NG SUITE
- 【安全牛学习笔记】 AIRRACK-NG SUITE
- 【安全牛学习笔记】AIRRACK-NG(二)
- 【安全牛学习笔记】AIREPLAY-NG
- 【安全牛学习笔记】密钥交换、AIRCRACK-NG基础、AIRODUMP-NG排错
- 【安全牛学习笔记】密钥交换、AIRCRACK-NG基础、AIRODUMP-NG排错
- oracle SOA suite 学习笔记
- Aircrack-ng 学习笔记
- AngularJS学习笔记ng-repeat
- AngularJS学习笔记ng-class
- andrew ng机器学习笔记
- angularjs ng-class学习笔记
- angularjs学习笔记 ng-class
- Aircrack-ng 实验学习笔记
- 【安全牛学习笔记】WPA安全系统
- Oracle SOA Suite 学习笔记(一)
- 【安全牛学习笔记】python学习笔记
- 【安全牛学习笔记】搜索引擎
- 文档流和文本流
- BZOJ 1566 管道取珠(DP好题)
- VSColorOutput
- hbase scan startrow endrow 是否包括
- python入门
- 【安全牛学习笔记】AIRRACK-NG SUITE
- HDU 3635 Dragon Balls(带权并查集)
- 搭建图片服务器《二》-linux安装nginx
- 关于我所热爱的巴萨
- 车牌识别算法实现及其代码实现之三:车牌识别(待续)
- 图解数据结构二分法查找
- 最长上升子序列函数注解
- HIVE UDAF 中的map对象及reduce对象(GenericUDAFEvaluator)
- mybatis中的#和$的区别