wifi 密码破解研究

2021-11-23 宋洋葱 宋洋葱

前言

常见软件工具：

还需要一块支持监听模式的网卡。

mac 自带的 wifi 扫描工具

airport 为早期 os 版本自带工具

airport -s
sudo rm -rf /tmp/airport*
sudo airport en0 sniff 3
ls -lh /tmp/airport*
aircrack-ng -w top100.txt -M 100 -f 80 -1 -a 2 -b 0c:5c:b5:c8:04:eb /tmp/airportSniff*.cap

新版 macos 会提示

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
WARNING: The airport command line tool is deprecated and will be removed in a future release.
For diagnosing Wi-Fi related issues, use the Wireless Diagnostics app or wdutil command line tool.

需要使用 wdutil 代替

sudo wdutil scan -i 5

较新的 macOS 版本（Big Sur 之后），Apple 把 wdutil 的很多调试功能收缩了，只留下了日志、诊断、dump 等功能，已经不能直接扫描 Wi-Fi。

mac 上安装 aircrack-ng

参考程aircrack-ng教安装

brew install autoconf automake libtool openssl shtool pkg-config hwloc pcre sqlite3 libpcap cmocka

下载aircrack-ng.tar.gz

解压后安装

 cd aircrack-ng-1.6
 autoreconf -i
 ./configure --with-experimental
 gmake
 gmake install
 ldconfig

树莓派上安装 aircrack-ng

查看无线网卡是否支持监听模式

# 查看树莓派型号
cat /proc/device-tree/model
# Raspberry Pi 3 Model B Plus Rev 1.3

# 查看 Supported interface modes
# 是否有 monitor 模式
iw list | grep "Supported interface modes" -A 7
# 没有 monitor 则不支持，后面就不用看了

mac shell ssh 连接树莓派中文乱码

查看配置 ···

locale
# 输出
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
cat /etc/default/locale

修改配置locale

grep "^[^#]" /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config
# 注释掉以下行
# AcceptEnv LANG LC_*
systemctl restart sshd
echo "export LC_ALL=en_US.UTF-8" >> /etc/.bash_profile
echo "export LANG=en_US.UTF-8" >> /etc/.bash_profile

grep "^[^#]" /etc/locale.gen
# 注释以下行
# en_US.UTF-8 UTF-8
sudo locale-gen
# 查看是否正常
locale
# 或者重新配置默认语音
# sudo dpkg-reconfigure locales

安装依赖

sudo apt-get update
sudo apt-get install -y libpcap-dev libsqlite3-dev sqlite3 libpcap0.8-dev libssl-dev build-essential iw tshark subversion ethtool
sudo apt-get install -y libnl-3-200 libnl-3-dev libnl-genl-3-dev libnl-genl-3-200

通过编译的方式安装

wget https://download.aircrack-ng.org/aircrack-ng-1.6.tar.gz
tar -zxvf aircrack-ng-1.6.tar.gz
cd aircrack-ng-1.6
autoreconf -i
./configure --with-experimental
make
make install
ldconfig

Aircrack-ng 使用

使用Aircrack-ng工具，依次输入以下命令

# 杀死占用网卡的进程  
# 如果为空则证明没占用，有进程则需要手动关闭
1.airmon-ng check kill  
查看无线网卡状态
2.ifconfig/iwconfig -a
加载无线网卡，已加载则忽略
3.ifconfig wlan0 up
激活网卡
4.airmon-ng start wlan0
探测无线网络
5.airodump-ng mon0

无法关闭 avahi-daemon

# 提示
# stopping avahi-daemon.service but it can still be activated by
# 移出
apt-get remove avahi-daemon

无法设置监听模式

iwconfig wlan0 mode monitor
# out 
Error for wireless request "Set Mode" (8B06) :
    SET failed on device wlan0 ; Operation not supported

参考