- Шаг 1 — запуск беспроводного интерфейса в режиме мониторинга
- Шаг 1а — Настройка MadWifi -NG
- Шаг 1b — Настройка драйверов mac80211
- Стадия 1С — Настройка прочих драйверов
- Шаг 2 — Начало. Сбор хэндшейков.
- Шаг 4 — Aircrack-ng — взлом предварительного ключа
Уважаемый гость, на данной странице Вам доступен материал по теме: Crack Wpa WiFi Linux. Скачивание возможно на компьютер и телефон через торрент, а также сервер загрузок по ссылке ниже. Рекомендуем также другие статьи из категории «Ключи».
Средняя скорость 2794 Kb/s
Complete and professional how-to tutorials for Kali Linux and its numerous tools.
How To Hack WPA/WPA2 Wi-Fi With Kali Linux & Aircrack-ng
Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or “hack,” WPA and WPA2 networks. There are hundreds of Windows applications that claim they can hack WPA; don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves. There is only one way that hackers get into your network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng or similar. Also note that, even with these tools, Wi-Fi cracking is not for beginners. Playing with it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools. If you feel you have the necessary skills, let’s begin:
These are things that you’ll need:
- A successful install of Kali Linux (which you probably have already done). If not, follow my tutorial here: http://lewiscomputerhowto.blogspot.com/complete-guide-on-how-to-install-kali.html
- A wireless adapter capable of injection/monitor mode. Some computers have network cards capable of this from the factory. If you’re, like most however, you’ll have to buy an external one. Here is a list of the best: http://blackmoreops.com/recommended-usb-wireless-cards-kali-linux
- A wordlist to attempt to “crack” the password once it has been captured
- Time and patients
If you have these then roll up your sleeves and let’s see how secure your network is!
Important notice: Hacking into anyone’s Wi-Fi without permission is considered an illegal act or crime in most countries. We are performing this tutorial for the sake of penetration testing, hacking to become more secure, and are using our own test network and router.
By reading and/or using the information below, you are agreeing to our Disclaimer
Start Kali Linux and login, preferably as root.
Plugin your injection-capable wireless adapter, (Unless your native computer wireless card supports it). If you’re using Kali in VMware, then you might have to connect the card via the icon in the device menu.
Disconnect from all wireless networks, open a Terminal, and type airmon-ng
This will list all of the wireless cards that support monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the adapter (if you’re using one) and check that it supports monitor mode. If you’re not using an external adapter, and you still don’t see anything listed, then your card doesn’t support monitor mode, and you’ll have to purchase an external one (see the link in the requirements). You can see here that my card supports monitor mode and that it’s listed as wlan0.
Type airmon-ng start followed by the interface name of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0
The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mon0.
A bug recently discovered in Kali Linux makes airmon-ng set the channel as a fixed “-1” when you first enable mon0. If you receive this error, or simply do not want to take the chance, follow these steps after enabling mon0:
Type: ifconfig [interface of wireless card] down and hit Enter.
Replace [interface of wireless card] with the name of the interface that you enabled mon0 on; probably called wlan0. This disables the wireless card from connecting to the internet, allowing it to focus on monitor mode instead.
After you have disabled mon0 (completed the wireless section of the tutorial), you’ll need to enable wlan0 (or name of wireless interface), by typing: ifconfig [interface of wireless card] up and pressing Enter.
Type airodump-ng followed by the name of the new monitor interface, which is probably mon0.
If you receive a “fixed channel –1” error, see the Edit above.
Airodump will now list all of the wireless networks in your area, and a lot of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.
Copy the BSSID of the target network
Now type this command:
airodump-ng -c [channel] —bssid [bssid] -w /root/Desktop/ [monitor interface]
Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0). The “–w” and file path command specifies a place where airodump will save any intercepted 4-way handshakes (necessary to crack the password). Here we saved it to the Desktop, but you can save it anywhere.
A complete command should look similar this:
airodump-ng -c 10 —bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0
Now press enter.
Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!
But we’re not really going to wait for a device to connect, no, that’s not what impatient hackers do. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, hackers can use this tool to force a device to reconnect by sending deauthentication (deauth) packets to one of the networks devices, making it think that it has to reconnect with the network.
Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.
Leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0
The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point/router’s BSSID, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the client’s BSSID, the device we’re trying to deauth, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.
My complete command looks like this:
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0
Upon hitting Enter, you’ll see aireplay-ng send the packets. If you were close enough to the target client, and the deauthentication process works, this message will appear on the airodump screen (which you left open):
This means that the handshake has been captured, the password is in the hacker’s hands, in some form or another. You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.
If you didn’t receive the “handshake message,” then something went wrong in the process of sending the packets. Unfortunately, a variety of things can go wrong. You might just be too far away, and all you need to do is move closer. The device you’re attempting to deauth might not be set to automatically reconnect, in which case you’ll either have to try another device, or leave airodump on indefinitely until someone or something connects to the network. If you’re very close to the network, you could try a WiFi spoofing tool like wifi-honey, to try to fool the device into thinking that you’re the router. However, keep in mind that this requires that you be significantly closer to the device than the router itself. So unless you happen to be in your victim’s house, this is not recommended.
Do note that, despite your best efforts, there are many WPA networks that simply can’t be cracked by these tools. The network could be empty, or the password could be 64 characters long, etc.
This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, it’s the .cap one, that is important. Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password. The * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.
My complete command looks like this:
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt /root/Desktop/*.cap
Now press Enter.
Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, you can try other wordlists. If you simply cannot find the password no matter how many wordlists you try, then it appears your penetration test has failed, and the network is at least safe from basic brute-force attacks.
Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.
If the phrase is in the wordlist, then aircrack-ng will show it too you like this:
The passphrase to our test-network was “notsecure,” and you can see here that it was in the wordlist, and aircrack found it.
If you find the password without a decent struggle, then change your password, if it’s your network. If you’re penetration testing for someone, then tell them to change their password as soon as possible.
Please use this information only in legal ways
Most people – even nontechnical users – have already heard about Linux operating systems. However, average users aren’t aware of how powerful Kali Linux is. Kali Linux was designed to be a hacker’s or security professional’s best friend, since it comes loaded with a variety of tools and programs that aren’t always available on other operating systems. The real key advantage is that all of these tools have been prepackaged into one system, so you’re ready to go when you begin a new installation provided you install Kali with the right optional packages.
Though Kali Linux can be used for all kinds of security attacks and penetration tests, one of the reasons it has become so infamous is due to its ability to break wireless encryption standards that secure wireless devices such as routers. Once an attacker leverages Kali Linux to break wireless systems, they can provide themselves with full network access. In home settings, the consequences of being hacked may be nominal, but in a professional setting such as an office, an attack could be many times more damaging.
If you are the type of person that is technologically literate and understand the different types of wireless security protocols, you know how easy it is to break certain forms of encryption and security. In this demonstration, we are going to take a step-by-step look at how you can break WPA and WPA2 (Wi-Fi Protected Access 2) using Kali Linux.
What You Will Need for the Demo
First off, you are going to need a Kali Linux installation. If you prefer to install Kali Linux to your hard drive and feel comfortable working with multiple operating systems on a single host computer, feel free to install the software. In addition, you have the option of building your own machine that will run Kali Linux exclusively. However, there is an easier solution.
If you download and install VMWare, you can run a virtual Kali Linux image simultaneously in your host environment, such as Windows. There are a couple of extra configuration steps you will need to make to your virtual machine’s network interface, and there is one additional caveat. By default, there isn’t a way to bridge the internal wireless card in a laptop through to VMWare, so in this case, you would need an external USB wireless adapter. You might find that your wireless hardware isn’t capable of running monitor mode, in which case you can easily purchase a USB wireless card to use in the demonstration.
You will also need a wireless router that you own to practice on. Exercise great caution before applying these techniques, because it would be illegal for you to try to break into a system that you don’t own. Make sure you have the following items together before you begin:
- A computer system with Kali Linux installed
- A wireless router that you own configured to use WPA2
- A wireless card that is capable of running in monitor mode
- The aircrack-ng software
The Attack Process
Once you have all of your hardware together, it’s time to begin the attack process. Note that it would be best to have root privileges on the Kali user account you are using to perform the attack. Otherwise you may have to use the sudo command, which can be extremely tedious.
Make sure that your network card is visible in Kali by using the ifconfig command. If you are using a wireless card via USB, ensure that it is plugged in.
Make sure that your computer isn’t currently connected to a wireless network. Then you will need to run the airmon-ng command from the terminal. This command will display all of your wireless interfaces that are capable of running in monitor mode. Unfortunately, if you don’t see any interfaces listed, your card likely isn’t capable of monitor mode.
Now you need to actually start using airmon-ng on your wireless interface. In our example, the wireless interface is named wlan0, so we would enter the airmon-ng start wlan0 command. After you have completed this step, output in the lower-right corner of the terminal should display the listening wireless interface (it will likely be named mon0).
Next, you will need to run the dump command with the listening wireless interface as a parameter. In our example, the command we would need to enter would be airmon-ng start wlan0. This will show you any information gleaned from wireless networks in range of your wireless card such as the encryption type, the BSSID (essentially the MAC address of the wireless device), and other information such as the channel and model number of the wireless device.
Find the wireless network that you want to crack and copy its BSSID. You will need to plug other information from the airodump-ng command into the command that starts the attack procedure. The command we will need to use is as follows:
- airodump-ng -c [wireless channel] –bssid [BSSID] -w /root/Desktop/ [monitor interface]
Remember that the monitoring interface in our example is mon0.
The next step can be a little troublesome. By now your wireless interface is gathering and storing information about the wireless network, but in order for the attack to succeed, we will need a host to connect to the wireless network. When a device connects to the wireless router, our Kali software will capture data regarding a four-way handshake that is the weak point in the protocol. If you were performing this in real-life on a live network, there’s no telling how long it could take for a host to connect. Fortunately, since we are doing this in an environment we control, we have the option of connecting another device to the network manually.
Alternatively, you can use a de-authorization command, which feels a lot cooler. Essentially, this command will craft some de-authorization packets to send to the target wireless router to force the reconnection process for other devices. We will target a device to force to reconnect by using the client’s BSSID in a command. The only requirement is that you already need to be able to see a connected client’s BSSID in the previous command’s output.
Make sure that you don’t close the terminal that you started running the airodump-ng command. Then, open a second terminal and enter the following command:
- aireplay-ng –0 2 –a [Router-BSSID] –c [Client-BSSID] mon0
You should see output that displays the indication of a successful handshake. If you don’t, however, there are a multitude of factors that could have caused it to fail. One common problem is that the wireless signal was too weak, in which case you would only need to move your computer closer towards the wireless router. In addition, the connected device may not be configured to automatically reconnect to the network. If that’s the case, then you will have to wait for them to reconnect (in a real-life scenario).
Upon a successful reconnection handshake, we are going to need to crack the protocol. Enter the following command, and plug in the parameters as they pertain to your configuration:
- aircrack-ng -a2 -b [Router-BSSID] -w [Wordlist-File] /root/Desktop/*.cap
The only new parameter in this command is a wordlist we have not yet discussed. A wordlist is basically a file containing different character combinations that we will use to carry out the attack. You can find them online for free, just make sure you remember where you store the data on your computer and use the file’s path as a parameter in the preceding command.
After you have entered the command, the software will finally initiate the process of breaking the wireless encryption.
Now all you need to do is wait for the software to break the key. Note that in order to successfully break the encryption, the Wi-Fi password needs to be contained in the wordlist. This is called a dictionary-based attack, which is a little different from a brute force attack. A dictionary-based attack simply tries all of the passwords in a list or database whereas a brute force attack tries all possible combinations of characters. If your dictionary failed to find the correct password, you can try using an additional wordlist. Also note that it could take a long time to actually break the password, depending on the strength and complexity of the password as well as how fast your computer hardware is.
Once the software successfully cracks the password, it will display the key near the middle of the terminal in a line that reads:
- KEY FOUND! [ wireless key ]
Go ahead and try logging in with the key for fun, though you should already know what the key was since you are using this on your home network.
Breaking WPA and WPA2 encryption is pretty easy as far as security attacks are concerned. But please remember to use this information responsibly. You simply don’t have the right to run around war driving and attacking other people’s networks, and the consequences could be terribly severe.
Привет всем! Прошло уже достаточно времени с моей последней статьи про Kali Linux. Теперь настало время для практики. И в этой статье мы попробуем «проверить на безопасность» свою собственную беспроводную точку доступа в интернет. И так, приступим.
Шаг 1 — запуск беспроводного интерфейса в режиме мониторинга
Цель этого шага в том, чтобы запустить вашу wi-fi карту в так называемом режиме мониторинга. Данный режим позволяет вам «слушать» все пакеты, т. е. Не только те которые адресованы вашей карте.
Точная процедура включения режима монитора отличается в зависимости от используемого драйвера. Для определения драйвера, выполните следующую команду:
На машине с Ralink, Atheros и Broadcom система выдаст примерно следующее:
Шаг 1а — Настройка MadWifi -NG
Сперва остановим ath0, выполнив:
airmon-ng stop ath0
Должно быть так:
Выполните команду «iwconfig», чтобы убедиться в том, что больше никаких интерфейсов athX не запущено. Это должно выглядеть примерно так:
Теперь введите следующую команду, чтобы переключить беспроводную карту на канал 9 в режиме мониторинга:
airmon-ng start wifi0 9
После этой команды мы должны увидеть что-то похожее на:
Теперь убедимся что наш интерфейс правильно настроен, снова выполняем команду iwconfig
Ответ должен выглядеть так:
Шаг 1b — Настройка драйверов mac80211
airmon-ng start wlan0 9
Обратите внимание, что монитор включен на mon0.
Стадия 1С — Настройка прочих драйверов
Для других ( ieee80211 основе ) драйверов, просто выполните следующую команду, чтобы включить режим мониторинга (замените rausb0 вашим именем интерфейса):
airmon-ng start rausb0 9
Шаг 2 — Начало. Сбор хэндшейков.
Целью этого шага является сбор т. н. рукопожатий
airodump-ng -c 9 —bssid 00:14:6C:7E:40:80 -w psk ath0
- -с 9 является каналом для беспроводной сети
- — BSSID 00:14:6 C: 7E : 40:80 является MAC адресом точки доступа.
- -w psk является префиксом имени файла вывода
- ath0 является именем нашего интерфейса.
Вот какой будет вывод если беспроводной клиент подключится к сети:
А вот так если не подключится:
Данный шаг может затянуться, и вам придется ждать пока кто-то из клиентов не подключится к точке доступа. Но думаю это не проблема.
На основании вывода Airodump-ng в предыдущем шаге, вам удалось определить клиента, который в данный момент подключен. Нам понадобится его MAC-адрес.
Откройте другой сеанс консоли и введите:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 ath0
- -0 средство деаутентификации
- 1 число деаутентификаций для отправки ( вы можете отправить несколько , если хотите)
- -a 00:14:6C:7E:40:80 МАС-адрес точки доступа
- -c 00:0F:B5:FD:FB:C2 МАС-адрес клиента которого мы обнаружили
- ath0 имя интерфейса
Вот как будет выглядеть результат команды:
11:09:28 Sending DeAuth to station — STMAC: [00:0F:B5:34:30:30]
Шаг 4 — Aircrack-ng — взлом предварительного ключа
На данном этапе нам нужно взломать предварительный ключ WPA/WPA2. Чтобы сделать это, нам понадобиться словарь слов в качестве входных данных.
Существует небольшой словарь, который поставляется с aircrack-ng — “password.lst”. Будем использовать его.
Откройте другой сеанс консоли и введите:
aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap
Вот типичный вывод, когда нет хэндшейков:
Когда это происходит, вы должны либо повторить шаг 3 или ждать дольше, если вы используете пассивный подход.
Вот таким может быть вывод если хэндшейк будет найден:
Теперь в этот момент, Aircrack-ng начнет пытаться взломать предварительный ключ. В зависимости от скорости вашего процессора и размера словаря, это может занять много времени.
Вот таким будет вывод при успешном взломе:
Ну вот, ключ у нас. Беспроводная сеть проверена на безопасность 😉