ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ aircrack-ng
Π Π΅ΠΆΠΈΠΌ ΡΠ»ΠΎΠ²Π°ΡΡ WPA
Π‘Π»ΠΎΠ²Π°ΡΡ Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ (-w password.lst) ΠΈ ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ Π·Π°Ρ
Π²Π°ΡΠ° (wpa.cap), ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΠ΅ΠΌΡ ΠΏΠΎ ΠΊΡΠ°ΠΉΠ½Π΅ΠΉ ΠΌΠ΅ΡΠ΅ ΠΎΠ΄Π½ΠΎ 4-ΡΡΠΎΡΠΎΠ½Π½Π΅Π΅ ΡΡΠΊΠΎΠΏΠΎΠΆΠ°ΡΠΈΠ΅.
Copy root@kali:~# aircrack-ng -w password.lst wpa.cap
Aircrack-ng 1.5.2
[00:00:00] 232/233 keys tested (1992.58 k/s)
Time left: 0 seconds 99.57%
KEY FOUND! [ biscotte ]
Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45 ΠΡΠ½ΠΎΠ²Ρ Π²Π·Π»ΠΎΠΌΠ° WEP
Π§ΡΠΎΠ±Ρ aircrack-ng ΠΏΡΠΎΠ²Π΅Π» Π°ΡΠ°ΠΊΡ Π½Π° WEP-ΠΊΠ»ΡΡ ΠΏΠΎ ΡΠ°ΠΉΠ»Ρ Π·Π°Ρ
Π²Π°ΡΠ°, ΠΏΠ΅ΡΠ΅Π΄Π°ΠΉΡΠ΅ Π΅ΠΌΡ ΠΈΠΌΡ ΡΠ°ΠΉΠ»Π° Π² ΡΠΎΡΠΌΠ°ΡΠ΅ .ivs ΠΈΠ»ΠΈ .cap/.pcap:
Copy root@kali:~# aircrack-ng all-ivs.ivs
Aircrack-ng 1.4
[00:00:00] Tested 1514 keys (got 30566 IVs)
KB depth byte(vote)
0 0/ 9 1F(39680) 4E(38400) 14(37376) 5C(37376) 9D(37376)
1 7/ 9 64(36608) 3E(36352) 34(36096) 46(36096) BA(36096)
2 0/ 1 1F(46592) 6E(38400) 81(37376) 79(36864) AD(36864)
3 0/ 3 1F(40960) 15(38656) 7B(38400) BB(37888) 5C(37632)
4 0/ 7 1F(39168) 23(38144) 97(37120) 59(36608) 13(36352)
KEY FOUND! [ 1F:1F:1F:1F:1F ]
Decrypted correctly: 100% ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airgraph-ng
CAPR graph
ΠΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ (-i dump-01.csv), Π²ΡΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ (-o capr.png) ΠΈ ΡΠΈΠΏ Π³ΡΠ°ΡΠΈΠΊΠ° (-g CAPR):
Copy root@kali:~# airgraph-ng -i dump-01.csv -o capr.png -g CAPR
**** WARNING Images can be large, up to 12 Feet by 12 Feet****
Creating your Graph using, dump-01.csv and writing to, capr.png
Depending on your system this can take a bit. Please standby...... CPG graph
ΠΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ (-i dump-01.csv), Π²ΡΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ (-o cpg.png) ΠΈ ΡΠΈΠΏ Π³ΡΠ°ΡΠΈΠΊΠ° (-g CAG):
Copy root@kali:~# airgraph-ng -i dump-01.csv -o cpg.png -g CPG
**** WARNING Images can be large, up to 12 Feet by 12 Feet****
Creating your Graph using, dump-01.csv and writing to, cpg.png
Depending on your system this can take a bit. Please standby...... ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ wpaclean
Π Π°Π·ΠΎΠ±ΡΠ°ΡΡ ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π½ΡΠ΅ ΡΠ°ΠΉΠ»Ρ Π·Π°Ρ
Π²Π°ΡΠ° (wpa-psk-linksys.cap wpa.cap) ΠΈ ΡΠΎΡ
ΡΠ°Π½ΠΈΡΡ Π²ΡΠ΅ 4-ΡΡΠΎΡΠΎΠ½Π½ΠΈΠ΅ ΡΡΠΊΠΎΠΏΠΎΠΆΠ°ΡΠΈΡ Π² Π½ΠΎΠ²ΡΠΉ ΡΠ°ΠΉΠ» (/root/handshakes.cap):
Copy root@kali:/usr/share/doc/aircrack-ng/examples# wpaclean /root/handshakes.cap wpa-psk-linksys.cap wpa.cap
Pwning wpa-psk-linksys.cap (1/2 50%)
Net 00:0b:86:c2:a4:85 linksys
Pwning wpa.cap (2/2 100%)
Net 00:0d:93:eb:b0:8c test
Done ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ wesside-ng
ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΠΊΠ°Π·Π°Π½Π½ΡΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ ΡΠ΅ΠΆΠΈΠΌΠ° ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° (-i wlan0mon) ΠΈ Π½Π°ΡΠ΅Π»ΠΈΡΡΡΡ Π½Π° ΠΎΠ΄ΠΈΠ½ BSSID (-v de:ad:be:ef:ca:fe):
Copy root@kali:~# wesside-ng -i wlan0mon -v de:ad:be:ef:ca:fe
[18:31:52] Using mac 3C:46:D8:4E:EF:AA
[18:31:52] Looking for a victim...
[18:32:13] Chan 04 - ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ makeivs-ng
Π¦Π΅Π»Π΅Π²ΠΎΠΉ BSSID (-b de:ad:be:ef:ca:fe), WEP-ΠΊΠ»ΡΡ (-k 123456789ABCDEF123456789AB) ΠΈ ΠΈΠΌΡ Π²ΡΡ
ΠΎΠ΄Π½ΠΎΠ³ΠΎ ΡΠ°ΠΉΠ»Π° (-w makeivs.ivs):
Copy root@kali:~# makeivs-ng -b de:ad:be:ef:ca:fe -k 123456789ABCDEF123456789AB -w makeivs.ivs
Creating 100000 IVs with 16 bytes of keystream each.
Estimated filesize: 2.29 MB
Using fake BSSID DE:AD:BE:EF:CA:FE
Done.
Copy root@kali:~# aircrack-ng makeivs.ivs
Opening makeivs.ivs
Read 100001 packets.
# BSSID ESSID Encryption
1 DE:AD:BE:EF:CA:FE WEP (100000 IVs)
Choosing first network as target.
Opening makeivs.ivs
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 100000 ivs.
Aircrack-ng 1.2 rc4
[00:00:00] Tested 621 keys (got 100000 IVs)
KB depth byte(vote)
0 1/ 2 76(113152) 1E(111104) 48(109824) 1C(109568) A6(109568)
1 1/ 3 F5(112640) 06(111616) 33(111616) F4(111616) 05(111104)
2 0/ 2 31(137216) F9(113664) 76(113152) DC(110336) B9(109568)
3 10/ 3 E1(108800) 0A(108544) 34(108032) 3E(108032) 48(108032)
4 9/ 4 7D(109312) BA(109056) 5E(108800) D6(108800) 11(108288)
KEY FOUND! [ 12:34:56:78:9A:BC:DE:F1:23:45:67:89:AB ]
Decrypted correctly: 100% ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ ivstools
ΠΡΡΠ΅ΡΠΊΠ½ΠΈΡΠ΅ Π²Π΅ΠΊΡΠΎΡΡ ΠΈΠ½ΠΈΡΠΈΠ°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΈΠ· ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π½ΠΎΠ³ΠΎ Π·Π°Ρ
Π²Π°ΡΠ° .pcap ΠΈ ΡΠΎΡ
ΡΠ°Π½ΠΈΡΠ΅ ΠΈΡ
Π² Π½ΠΎΠ²ΠΎΠΌ ΡΠ°ΠΉΠ»Π΅:
Copy root@kali:~# ivstools --convert wep_64_ptw.cap out.ivs
Opening wep_64_ptw.cap
Creating out.ivs
Read 65282 packets.
Written 30566 IVs.
Merge all .ivs files into one file.
Copy root@kali:~# ivstools --merge *.ivs /root/all-ivs.ivs
Creating /root/all-ivs.ivs
Opening out.ivs
916996 bytes written
Opening out2.ivs
1374748 bytes written ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ easside-ng
Π‘Π½Π°ΡΠ°Π»Π° Π·Π°ΠΏΡΡΡΠΈΡΠ΅ buddy-ng, Π·Π°ΡΠ΅ΠΌ Π·Π°ΠΏΡΡΡΠΈΡΠ΅ Π°ΡΠ°ΠΊΡ Easside-ng, ΡΠΊΠ°Π·Π°Π² ΠΊΠ°ΠΊ ΠΌΠΎΠΆΠ½ΠΎ Π±ΠΎΠ»ΡΡΠ΅ ΠΎΠΏΡΠΈΠΉ.
Copy root@kali:~# buddy-ng
Waiting for connexion
Copy root@kali:~# easside-ng -v de:ad:be:ef:ca:fe -m 3c:46:d8:4e:ef:aa -s 127.0.0.1 -f wlan0mon -c 6
Setting tap MTU
Sorting out wifi MAC besside-ng
ΠΡΠ°ΠΊΠΎΠ²Π°ΡΡ ΡΠΎΠ»ΡΠΊΠΎ WPA (-W), ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ°ΡΡ ΠΏΠΎΠ΄ΡΠΎΠ±Π½ΡΠΉ Π²ΡΠ²ΠΎΠ΄ (-v) ΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΠ΅ΠΆΠΈΠΌ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ° wlan0mon.
Copy root@kali:~# besside-ng -W -v wlan0mon
[18:39:34] mac 3c:46:d8:4e:ef:aa
[18:39:34] Let's ride
[18:39:34] Appending to wpa.cap
[18:39:34] Appending to wep.cap
[18:39:34] Logging to besside.log
[18:39:35] Found AP 44:3a:cb:38:51:42 [watwutwot] chan 1 crypto WPA dbm -49
[18:39:35] Found AP 4c:8b:30:83:ed:91 [TELUS3079-2.4G] chan 1 crypto WPA dbm -71
[18:39:35] Found AP 1c:87:2c:d3:34:18 [Kuroki] chan 3 crypto WPA dbm -89
[18:39:37] Found AP 4c:8b:30:24:71:75 [SAMUEL9] chan 8 crypto WPA dbm -73
[18:39:37] Found AP 0c:51:01:e6:01:c4 [fbi-van-24] chan 11 crypto WPA dbm -46
[18:39:37] Found AP 70:f1:96:8e:5c:02 [TELUS0455-2.4G] chan 11 crypto WPA dbm -78
[18:39:38] Found client for network [Kuroki] 90:06:28:cb:0f:f3
[18:39:41] Found AP f0:f2:49:3c:ec:a8 [fbi-van-24] chan 1 crypto WPA dbm -49
[18:39:42] Found AP bc:4d:fb:2c:6d:88 [SHAW-2C6D80] chan 6 crypto WPA dbm -77
[18:39:42] Found client for network [SHAW-2C6D80] 64:5a:04:98:e1:62
[18:39:43] Found AP 10:78:5b:e9:a4:e2 [TELUS2151] chan 11 crypto WPA dbm -49
[18:39:43] Found client for network [fbi-van-24] 60:6b:bd:5a:b6:6c ΠΡΠΈΠΌΠ΅ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airtun-ng
wIDS
Π£ΠΊΠ°ΠΆΠΈΡΠ΅ BSSID ΡΠΎΡΠΊΠΈ Π΄ΠΎΡΡΡΠΏΠ°, ΠΊΠΎΡΠΎΡΡΡ Π²Ρ Ρ
ΠΎΡΠΈΡΠ΅ ΠΊΠΎΠ½ΡΡΠΎΠ»ΠΈΡΠΎΠ²Π°ΡΡ (-a DE:AD:BE:EF:CA:FE), ΠΈ Π΅Π΅ WEP-ΠΊΠ»ΡΡ (-w 1234567890).
Copy root@kali:~# airtun-ng -a DE:AD:BE:EF:CA:FE -w 1234567890 wlan0mon
created tap interface at0
WEP encryption specified. Sending and receiving frames through wlan0mon.
FromDS bit set in all frames. ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airserv-ng
ΠΠ°ΠΏΡΡΠΊ ΡΠΊΠ·Π΅ΠΌΠΏΠ»ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ° Π½Π° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌ ΠΏΠΎΡΡΡ (-p 4444), ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ wlan0mon Π½Π° ΠΊΠ°Π½Π°Π»Π΅ 6 (-c 6).
Copy root@kali:~# airserv-ng -p 4444 -d wlan0mon -c 6
Opening card wlan0mon
Setting chan 6
Opening sock port 4444
Serving wlan0mon chan 6 on port 4444 ΠΡΠΈΠΌΠ΅ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airolib-ng
Π£ΠΊΠ°ΠΆΠΈΡΠ΅ ΠΈΠΌΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΠΎΠΉ Π±Π°Π·Ρ Π΄Π°Π½Π½ΡΡ
(airolib-db) ΠΈ ΠΈΠΌΠΏΠΎΡΡΠΈΡΡΠΉΡΠ΅ ΡΠ°ΠΉΠ», ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΠΈΠΉ ESSID ΡΠ΅ΡΠΈ (ΡΠ΅ΡΠ΅ΠΉ), Π½Π° ΠΊΠΎΡΠΎΡΡΠ΅ Π²Ρ Π½Π°ΡΠ΅Π»ΠΈΠ»ΠΈΡΡ (-import essid /root/essid.txt). ΠΡΠ»ΠΈ Π±Π°Π·Π° Π΄Π°Π½Π½ΡΡ
Π½Π΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ, ΠΎΠ½Π° Π±ΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½Π°.
Copy root@kali:~# airolib-ng airolib-db --import essid /root/essid.txt
Database <airolib-db> does not already exist, creating it...
Database <airolib-db> successfully created
Reading file...
Writing...
Done. ΠΠΌΠΏΠΎΡΡΠΈΡΡΠΉΡΠ΅ Π²ΡΠ΅ ΡΠ»ΠΎΠ²Π°ΡΠΈ, ΠΊΠΎΡΠΎΡΡΠ΅ Π²Ρ Ρ
ΠΎΡΠΈΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π΄Π»Ρ ΡΠ°ΡΡΠ΅ΡΠ° PMK.
Copy root@kali:~# airolib-ng airolib-db --import passwd /usr/share/doc/aircrack-ng/examples/password.lst
Reading file...
Writing... read, 1814 invalid lines ignored.
Done ΠΡΠΏΠΎΠ»ΡΠ·ΡΠΉΡΠ΅ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡ -batch Π΄Π»Ρ Π²ΡΡΠΈΡΠ»Π΅Π½ΠΈΡ Π²ΡΠ΅Ρ
PMK.
Copy root@kali:~# airolib-ng airolib-db --batch
Computed 233 PMK in 0 seconds (233 PMK/s, 0 in buffer). All ESSID processed. Π§ΡΠΎΠ±Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π±Π°Π·Ρ Π΄Π°Π½Π½ΡΡ
airolib-ng Ρ aircrack-ng, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠΉΡΠ΅ ΠΎΠΏΡΠΈΡ -r ΠΈ ΡΠΊΠ°ΠΆΠΈΡΠ΅ ΠΈΠΌΡ Π±Π°Π·Ρ Π΄Π°Π½Π½ΡΡ
.
Copy root@kali:~# aircrack-ng -r airolib-db /root/wpa.cap
Opening /root/wpa.cap
Read 13 packets.
# BSSID ESSID Encryption
1 00:0D:93:EB:B0:8C test WPA (1 handshake)
Choosing first network as target.
Opening /root/wpa.cap
Reading packets, please wait...
Aircrack-ng 1.4
[00:00:00] 230/0 keys tested (106728.53 k/s)
Time left: 0 seconds inf%
KEY FOUND! [ biscotte ]
Master Key : CD D7 9A 5A CF B0 70 C7 E9 D1 02 3B 87 02 85 D6
39 E4 30 B3 2F 31 AA 37 AC 82 5A 55 B5 55 24 EE
Transient Key : 33 55 0B FC 4F 24 84 F4 9A 38 B3 D0 89 83 D2 49
73 F9 DE 89 67 A6 6D 2B 8E 46 2C 07 47 6A CE 08
AD FB 65 D6 13 A9 9F 2C 65 E4 A6 08 F2 5A 67 97
D9 6F 76 5B 8C D3 DF 13 2F BC DA 6A 6E D9 62 CD
EAPOL HMAC : 28 A8 C8 95 B7 17 E5 72 27 B6 A7 EE E3 E5 34 45
Quitting aircrack-ng... ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airodump-ng
ΠΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³ Π²ΡΠ΅Ρ
Π±Π΅ΡΠΏΡΠΎΠ²ΠΎΠ΄Π½ΡΡ
ΡΠ΅ΡΠ΅ΠΉ, ΠΏΠ΅ΡΠ΅ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΡΡΠΎΡ ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ Π±Π΅ΡΠΏΡΠΎΠ²ΠΎΠ΄Π½ΡΠΌΠΈ ΠΊΠ°Π½Π°Π»Π°ΠΌΠΈ.
Copy root@kali:~# airodump-ng wlan0mon
CH 8 ][ Elapsed: 4 s ][ 2018-11-22 13:44
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
54:A0:50:DA:7B:98 -76 1 0 0 1 54e WPA2 CCMP PSK RTINC-24
FC:15:B4:CF:0A:55 -70 2 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
A8:4E:3F:73:DD:88 -67 3 0 0 6 720 WPA2 CCMP PSK WAT-73DD80
4C:8B:30:83:ED:91 -71 2 0 0 1 54e WPA2 CCMP PSK TELL-US-2.4G
4C:8B:30:D7:09:41 -76 2 0 0 1 54e WPA2 CCMP PSK SAMUELL-2.4G
FA:8F:CA:89:90:39 -82 2 0 0 1 135 OPN Raymond's TV.e102
AC:20:2E:CD:F4:88 -85 0 0 0 6 54e. WPA2 CCMP PSK BELL-CDF480
10:78:5B:2A:A1:21 -80 2 0 0 6 54e WPA2 CCMP PSK COGECO-2.4G
BSSID STATION PWR Rate Lost Frames Probe
(not associated) 8C:85:90:0C:C5:D0 -44 0 - 1 1 5
(not associated) A0:63:91:43:C2:D5 -70 0 - 1 0 1 TT-D59979
(not associated) 14:91:82:04:D9:74 -43 0 - 1 0 1 1 ΠΡΠΏΠΎΠ»Π½ΠΈΡΡ ΡΠ½ΠΈΡΡΠΈΠ½Π³ Π½Π° ΠΊΠ°Π½Π°Π»Π΅ 6 (-c 6) ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ wlan0mon Π² ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΌΠΎΠ½ΠΈΡΠΎΡΠ° ΠΈ ΡΠΎΡ
ΡΠ°Π½ΠΈΡΠ΅ Π·Π°Ρ
Π²Π°Ρ Π² ΡΠ°ΠΉΠ» (-w /root/chan6).
Copy root@kali:~# airodump-ng -c 6 -w /root/chan6 wlan0mon
CH 6 ][ Elapsed: 8 s ][ 2017-11-12 13:49
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
BC:4D:FB:2C:6D:88 -68 28 9 3 0 6 54e. WPA2 CCMP PSK BELL-CDF4800
A8:4E:3F:73:DD:88 -74 33 19 0 0 6 54e. WPA2 CCMP PSK COGECO-2.4G
FC:15:B4:CF:0A:55 -77 61 31 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series Π€ΠΈΠ»ΡΡΡ Π΄Π»Ρ ΡΠΎΡΠ΅ΠΊ Π΄ΠΎΡΡΡΠΏΠ° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡΠ΅Π»Ρ Ρ ΡΠΊΠ°Π·Π°Π½ΠΈΠ΅ΠΌ OUI ΠΈ ΠΌΠ°ΡΠΊΠΈ (-d FC:15:B4:00:00:00 -m FF:FF:FF:00:00:00).
Copy root@kali:~# airodump-ng -d FC:15:B4:00:00:00 -m FF:FF:FF:00:00:00 wlan0mon
CH 14 ][ Elapsed: 18 s ][ 2018-11-22 13:53
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
FC:15:B4:CF:0A:55 -76 9 0 0 6 54e. WPA2 CCMP PSK HP-Print-55-ENVY 4500 series
BSSID STATION PWR Rate Lost Frames Probe ΠΡΠΈΠΌΠ΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airodump-ng-oui-update
airodump-ng-oui-update Π½Π΅ ΠΈΠΌΠ΅Π΅Ρ Π½ΠΈΠΊΠ°ΠΊΠΈΡ
ΠΎΠΏΡΠΈΠΉ. ΠΡΠΏΠΎΠ»Π½ΠΈΡΠ΅ ΠΊΠΎΠΌΠ°Π½Π΄Ρ ΠΈ Π΄ΠΎΠΆΠ΄ΠΈΡΠ΅ΡΡ Π΅Π΅ Π·Π°Π²Π΅ΡΡΠ΅Π½ΠΈΡ.
Copy root@kali:~# airodump-ng-oui-update
/usr/sbin/update-ieee-data
Updating /var/lib/ieee-data//oui.txt
Checking permissions on /var/lib/ieee-data//oui.txt
Downloading https://standards.ieee.org/develop/regauth/oui/oui.txt to /var/lib/ieee-data//oui.txt
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui.txt
/var/lib/ieee-data//oui.txt updated.
Updating /var/lib/ieee-data//mam.txt
Checking permissions on /var/lib/ieee-data//mam.txt
Downloading https://standards.ieee.org/develop/regauth/oui28/mam.txt to /var/lib/ieee-data//mam.txt
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//mam.txt
/var/lib/ieee-data//mam.txt updated.
Updating /var/lib/ieee-data//oui36.txt
Checking permissions on /var/lib/ieee-data//oui36.txt
Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.txt to /var/lib/ieee-data//oui36.txt
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui36.txt
/var/lib/ieee-data//oui36.txt updated.
Updating /var/lib/ieee-data//iab.txt
Checking permissions on /var/lib/ieee-data//iab.txt
Downloading https://standards.ieee.org/develop/regauth/iab/iab.txt to /var/lib/ieee-data//iab.txt
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//iab.txt
/var/lib/ieee-data//iab.txt updated.
Updating /var/lib/ieee-data//oui.csv
Checking permissions on /var/lib/ieee-data//oui.csv
Downloading https://standards.ieee.org/develop/regauth/oui/oui.csv to /var/lib/ieee-data//oui.csv
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui.csv
/var/lib/ieee-data//oui.csv updated.
Updating /var/lib/ieee-data//mam.csv
Checking permissions on /var/lib/ieee-data//mam.csv
Downloading https://standards.ieee.org/develop/regauth/oui28/mam.csv to /var/lib/ieee-data//mam.csv
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//mam.csv
/var/lib/ieee-data//mam.csv updated.
Updating /var/lib/ieee-data//oui36.csv
Checking permissions on /var/lib/ieee-data//oui36.csv
Downloading https://standards.ieee.org/develop/regauth/oui36/oui36.csv to /var/lib/ieee-data//oui36.csv
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//oui36.csv
/var/lib/ieee-data//oui36.csv updated.
Updating /var/lib/ieee-data//iab.csv
Checking permissions on /var/lib/ieee-data//iab.csv
Downloading https://standards.ieee.org/develop/regauth/iab/iab.csv to /var/lib/ieee-data//iab.csv
Checking header
Temporary location /tmp/ieee-data_y1vJ3E to be moved to /var/lib/ieee-data//iab.csv
/var/lib/ieee-data//iab.csv updated.
Running parsers from /var/lib/ieee-data//update.d ΠΡΠΈΠΌΠ΅ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airmon-ng
ΠΡΠΈ Π²Π²ΠΎΠ΄Π΅ ΠΊΠΎΠΌΠ°Π½Π΄Ρ airmon-ng Π±Π΅Π· ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ² Π±ΡΠ΄Π΅Ρ ΠΏΠΎΠΊΠ°Π·Π°Π½ ΡΡΠ°ΡΡΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠΎΠ².
Copy root@kali:~# airmon-ng
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n Π ΡΠ΄ ΠΏΡΠΎΡΠ΅ΡΡΠΎΠ² ΠΌΠΎΠΆΠ΅Ρ ΠΌΠ΅ΡΠ°ΡΡ ΡΠ°Π±ΠΎΡΠ΅ Airmon-ng. ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΎΠΏΡΠΈΠΈ check ΠΎΡΠΎΠ±ΡΠ°Π·ΠΈΡ Π²ΡΠ΅ ΠΏΡΠΎΡΠ΅ΡΡΡ, ΠΊΠΎΡΠΎΡΡΠ΅ ΠΌΠΎΠ³ΡΡ Π²ΡΠ·ΡΠ²Π°ΡΡ Π±Π΅ΡΠΏΠΎΠΊΠΎΠΉΡΡΠ²ΠΎ, Π° ΠΎΠΏΡΠΈΡ check kill ΡΠ½ΠΈΡΡΠΎΠΆΠΈΡ ΠΈΡ
Π·Π° Π²Π°Ρ.
Copy root@kali:~# airmon-ng check
Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to run 'airmon-ng check kill'
PID Name
465 NetworkManager
515 dhclient
1321 wpa_supplicant
root@kali:~# airmon-ng check kill
Killing these processes:
PID Name
515 dhclient
1321 wpa_supplicant ΠΠΊΠ»ΡΡΠΈΡΠ΅ ΡΠ΅ΠΆΠΈΠΌ ΠΌΠΎΠ½ΠΈΡΠΎΡΠ° (start) Π½Π° Π·Π°Π΄Π°Π½Π½ΠΎΠΌ Π±Π΅ΡΠΏΡΠΎΠ²ΠΎΠ΄Π½ΠΎΠΌ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ (wlan0), Π·Π°ΠΊΡΠ΅ΠΏΠ»Π΅Π½Π½ΠΎΠΌ Π½Π° ΠΊΠ°Π½Π°Π»Π΅ 6. ΠΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½ Π½ΠΎΠ²ΡΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ (Π² Π½Π°ΡΠ΅ΠΌ ΡΠ»ΡΡΠ°Π΅ wlan0mon), ΠΈΠΌΡ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ Π²Π°ΠΌ Π½ΡΠΆΠ½ΠΎ Π±ΡΠ΄Π΅Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π² Π΄ΡΡΠ³ΠΈΡ
ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡΡ
.
Copy root@kali:~# airmon-ng start wlan0 6
PHY Interface Driver Chipset
phy0 wlan0 ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0) ΠΠΏΡΠΈΡ stop ΡΠ½ΠΈΡΡΠΎΠΆΠΈΡ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Π² ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΌΠΎΠ½ΠΈΡΠΎΡΠ° ΠΈ Π²Π΅ΡΠ½Π΅Ρ Π±Π΅ΡΠΏΡΠΎΠ²ΠΎΠ΄Π½ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Π² ΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌΡΠΉ ΡΠ΅ΠΆΠΈΠΌ.
Copy root@kali:~# airmon-ng stop wlan0mon
PHY Interface Driver Chipset
phy0 wlan0mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
(mac80211 station mode vif enabled on [phy0]wlan0)
(mac80211 monitor mode vif disabled for [phy0]wlan0mon) ΠΡΠΈΠΌΠ΅ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ airgraph-ng
CAPR graph
ΠΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ (-i dump-01.csv), Π²ΡΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ (-o capr.png) ΠΈ ΡΠΈΠΏ Π³ΡΠ°ΡΠΈΠΊΠ° (-g CAPR).
Copy root@kali:~# airgraph-ng -i dump-01.csv -o capr.png -g CAPR
**** WARNING Images can be large, up to 12 Feet by 12 Feet****
Creating your Graph using, dump-01.csv and writing to, capr.png
Depending on your system this can take a bit. Please standby...... CPG graph
Π£ΠΊΠ°ΠΆΠΈΡΠ΅ Π²Ρ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ (-i dump-01.csv), Π²ΡΡ
ΠΎΠ΄Π½ΠΎΠΉ ΡΠ°ΠΉΠ» Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ (-o cpg.png) ΠΈ ΡΠΈΠΏ Π³ΡΠ°ΡΠΈΠΊΠ° (-g CAG).
Copy root@kali:~# airgraph-ng -i dump-01.csv -o cpg.png -g CPG
**** WARNING Images can be large, up to 12 Feet by 12 Feet****
Creating your Graph using, dump-01.csv and writing to, cpg.png
Depending on your system this can take a bit. Please standby...... ΠΡΠΈΠΌΠ΅ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΡ aireplay-ng
ΠΠ½ΡΠ΅ΠΊΡΠΈΠΎΠ½Π½ΡΠΉ ΡΠ΅ΡΡ
ΠΠ°ΠΏΡΡΡΠΈΡΠ΅ ΡΠ΅ΡΡ ΠΈΠ½ΠΆΠ΅ΠΊΡΠΈΠΈ (-9) ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ wlan0mon Π² ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΌΠΎΠ½ΠΈΡΠΎΡΠ°.
Copy root@kali:~# aireplay-ng -9 wlan0mon
22:55:44 Trying broadcast probe requests...
22:55:44 Injection is working!
22:55:46 Found 4 APs
22:55:46 Trying directed probe requests...
22:55:46 24:FB:95:FD:3D:7F - channel: 6 - 'America'
22:55:52 30/30: 100%
22:55:52 34:6D:A0:CD:45:10 - channel: 6 - 'ATT2b8i4UD'
22:55:58 27/30: 90%
22:55:58 50:64:3D:2A:F7:A0 - channel: 6 - 'FBI surveillance van'
22:56:04 12/30: 40%
22:56:04 16:6E:EF:29:67:46 - channel: 6 - 'dd-wrt_vap'
22:56:10 1/30: 3% 
