怎么破解WPA PSK CCMP
发布网友
发布时间:2022-04-21 23:18
共1个回答
热心网友
时间:2023-06-26 16:09
下面以kali linux为例,带大家分别一起学习如何利用Aircrack 和 Cowpatty两种工具进行无线WPA/WPA-PSK的攻击与破解。如果大家是在vmware虚拟机上做破解攻击的话,你们需要先准备一个kali linux能够识别的外置无线网卡,然后再加载进虚拟的攻击机上,因为我是在自己本身的物理机上做的。详细步骤如下:
Step1:升级 Aircrack-ng
为了更好地识别出无线网络设备以及环境,我们现在先对Airomp-ng的OUI库进行升级,想进入到Aircrack-ng的安装目录下,然后输入一下命令:airomp-ng-oui-update ,然后回车,等待一段时间之后就升级成功了。
Step2:载入无线网卡
在进入kali linux之后,进入图形界面之后,插入之前准备好的USB无线网卡,(我这里用的是MECURY 的300M无线网卡,大家可以上网找一下kali linux系统所支持的网卡芯片类型,只要能识别出就可以)再查看一下无线网卡的载入情况,可以使用一下命令查看:ifconfig -a
如果载入识别成功之后,那么我们接下来便可以激活无线网卡了,输入下面命令便可激活:
ifconfig wlan0 up
其中,up用于启动网卡,这是我们可以再用ifconfg命令确认一下载入启用情况。
Step3:激活网卡至monitor模式,就是我们平时所说的监听模式。
这里要将网卡启动monitor模式,才能抓取无线数据包进行分析破解;我们可以利用aircrack-ng套件里面的airmon-ng工具开启监听模式:airmon-ng start wlan0
root@kali:/opt/mydownload# airmon-ng start wlan0
Found 2 processes that could cause trouble.
If airomp-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
2502 NetworkManager
2531 wpa_supplicant
Interface Chipset Driver
wlan0 Atheros AR9565 ath9k - [phy0]
(monitor mode enabled on mon0)
其中,上面的start后面是跟我们即将开启monitor模式的无线网卡设备名。
而,上面的绿色的标记是无线网卡的芯片型号(Atheros AR9565),默认驱动为ath9k,在监听模式下,适配器更改名称为mon0。
Step4:抓取目标信道的无线数据包
开启好,监听模式之后,我们便使用Aircrack-ng套件里面的airomp-ng套件进行无线数据包的抓取,在这一步骤是整个破解过程比较重要的阶段;而其中我们要破解的关键点就是要获取AP与无线客户端的握手数据包(WPA/WPA2 shankhand)报文,然后对报文进行破解,从而提取出密钥,达到破解的木的。
首先,我们在对目的AP的攻击之前,我们要先要对无线网络信道进行探测,以便于确定攻击的目标信道和AP,再进行下一步的针对性的数据包抓取。
这是,我们可以使用下面的命令对信道数据进行侦查:airomp-ng wlan0
airomp-ng 工具是用于获取当前无线网络的概况,包括AP的SSID、MAC地址、工作频道、无线客户端的MAC以及数量等情况,后面跟上的是无线网卡的设备名。
BSSID, First time seen, Last time seen, channel, Speed, Privacy, Cipher, Authentication, Power, # beacons, # IV, LAN IP, ID-length, ESSID, Key
B0:D5:9D:3B:B7:84, 2015-09-22 17:26:52, 2015-09-22 17:27:13, 11, 54, WPA2, CCMP,PSK, -91, 4, 0, 0. 0. 0. 0, 29, 瀵..8涓6锛.甯.姣..浠ヨ.,
0C:84:DC:7B:BC:61, 2015-09-22 17:26:27, 2015-09-22 17:27:11, 1, 54, WPA2, CCMP,PSK, -86, 27, 0, 0. 0. 0. 0, 4, mini,
00:87:36:0F:50:2F, 2015-09-22 17:26:27, 2015-09-22 17:27:07, 1, 54, WPA2, CCMP,PSK, -86, 10, 0, 0. 0. 0. 0, 3, kfc,
60:36:DD:DD:D8:59, 2015-09-22 17:26:37, 2015-09-22 17:27:14, 11, 54, WPA2, CCMP,PSK, -85, 15, 0, 0. 0. 0. 0, 3, zwz,
72:54:99:D1:73:D8, 2015-09-22 17:26:28, 2015-09-22 17:27:12, 2, 54, WPA2, CCMP,PSK, -83, 46, 0, 0. 0. 0. 0, 15, DreamBox_D173D8,
00:1F::E0:20:E9, 2015-09-22 17:26:27, 2015-09-22 17:27:13, 3, 54, OPN , , , -77, 58, 0, 0. 0. 0. 0, 8, CMCC-WEB,
00:1F::E1:20:E9, 2015-09-22 17:26:27, 2015-09-22 17:27:13, 3, 54, WPA2, CCMP, MGT, -77, 62, 0, 0. 0. 0. 0, 4, CMCC,
D4:EE:07:20:0A:5A, 2015-09-22 17:26:27, 2015-09-22 17:27:11, 1, 54, WPA2, CCMP,PSK, -76, 49, 0, 0. 0. 0. 0, 6, WXWiFi,
3A:67:B0:71:FD:1D, 2015-09-22 17:26:30, 2015-09-22 17:27:14, 11, 54, WPA2, CCMP,PSK, -75, 82, 0, 0. 0. 0. 0, 13, LieBaoWiFi819,
2C:D0:5A:FB:B5:28, 2015-09-22 17:26:29, 2015-09-22 17:27:14, 10, 54, WPA2, CCMP,PSK, -69, 65, 37, 0. 0. 0. 0, 24, ...澶х.峰氨缁.浣.,
48:5A:B6:D9:1F:11, 2015-09-22 17:26:29, 2015-09-22 17:27:14, 11, 54, WPA2, CCMP,PSK, -65, 88, 0, 0. 0. 0. 0, 12, 360WiFi-8317,
00:36:76:36:EF:A7, 2015-09-22 17:26:27, 2015-09-22 17:27:13, 6, 54, WPA2, CCMP,PSK, -61, 95, 0, 0. 0. 0. 0, 13, 缁...~..韬,
D2:7E:35:A3:87:2A, 2015-09-22 17:26:30, 2015-09-22 17:27:14, 11, 54, WPA2, CCMP,PSK, -50, 31, 0, 0. 0. 0. 0, 3, gun,
Station MAC, First time seen, Last time seen, Power, # packets, BSSID, Probed ESSIDs
D4:0B:1A:69:34:00, 2015-09-22 17:26:40, 2015-09-22 17:26:40, -90, 8, (not associated) ,
9C:65:B0:0F:9D:3A, 2015-09-22 17:27:01, 2015-09-22 17:27:01, -88, 4, (not associated) ,
60:36:DD:DD:D8:59, 2015-09-22 17:26:52, 2015-09-22 17:26:53, -87, 3, (not associated) ,
48:D2:24:1C:A1:B5, 2015-09-22 17:26:36, 2015-09-22 17:26:36, -85, 1, (not associated) ,
70:72:3C:ED:DE:1D, 2015-09-22 17:26:38, 2015-09-22 17:26:45, -84, 4, 0C:84:DC:7B:BC:61, mini
90:E7:C4:83:7E:66, 2015-09-22 17:26:37, 2015-09-22 17:27:08, -81, 6, 00:87:36:0F:50:2F,
38:BC:1A:21:D0:5B, 2015-09-22 17:26:30, 2015-09-22 17:27:01, -74, 18, 3A:67:B0:71:FD:1D,
BC:85:56:DD:84:54, 2015-09-22 17:27:02, 2015-09-22 17:27:02, -74, 9, (not associated) ,
48:5A:B6:D9:1F:11, 2015-09-22 17:26:55, 2015-09-22 17:27:03, -67, 13, 3A:67:B0:71:FD:1D,
60:D9:A0:A9:51:9C, 2015-09-22 17:26:34, 2015-09-22 17:26:48, -58, 23, 2C:D0:5A:FB:B5:28,
30:C7:AE:A5:F5:02, 2015-09-22 17:26:40, 2015-09-22 17:27:09, -51, 11, 2C:D0:5A:FB:B5:28,
上面是抓去无线环境的一个csv输出报文,可以从上面的信息中,清晰看到BSSID、信道、信道速率、认证方式、ESSID,还有红色部分的分别有station(无线客户端)MAC,packets的个数,BSSID(连接AP的MAC地址),ESSID等信息。
通过上面对无线网络环境的初步探测之后,我们便对其中的目标信道里面的特定AP进行数据包报文的探测分析,如11信道的ESSID为“gun”的AP进行分析。
kaili#airomp-ng -c 11 -w test2 mon0
-c:针对信道号
-w:输出的cap和csv报文名称
mon0:无线适配器的别名
以上便是利用aircrack-ng套件破解WPA/WPA2-PSK无线加密的破解过程,如有疑问请与本人交流,谢谢。
http://www.iyunv.com/thread-117445-1-1.html
