Counterfeit AP to get WiFi password

Source: Internet
Author: User
Tags bssid

Counterfeit the target ap, intercept valid user data packets, and analyze and obtain the Wi-Fi password00x00In today's society, wireless networks are becoming more and more developed. However, no matter whether it is enterprise or self-use wifi hotspots, it does not pay much attention to its security, in addition, some malicious personnel and commercial spies are also using wifi for malicious attacks and data theft. wireless networks are a breakthrough point for LAN. some may say that this is the most rogue attack method, but I would like to say that this is also the most effective method in malicious attacks. to do this, you must first use the Wi-Fi password. this time, we will summarize how to obtain the password for the aircreak-ng series in Linux. to put it short, you can get what you want by following the steps!00x01No matter which system is used, you must activate the NIC to the monitor mode, in this way, the software can recognize iwconfig // view the ifconfig start wlan0 // start the wlan0 Nic airmon-ng start wlan0 // activate the NIC into the monitor mode, generally, mon0WEP airodump-ng -- ivs-w log-c channel wlan0 // wep can use ivs to filter packets, fast aireplay-ng-3-B bssid-h clientMac mon0 // use ARPRequesr to quickly increase the data volume aircrack-ng ivs file // crack the captured ivs file wep using these commands enough WPA/WPA2 airodump-ng-c channel-w log mon0 // If wpa captures packets normally, aireplay-ng-0 3-a BSSID-c clientMAC wlan0 // launch Deauth attack to obtain the complete handshake prompt indicates that the acquisition is successful, the captured data packet aircrack-ng-w dictionary file can be cracked. The captured cap file // WPA is completely dictionary-based. You need to be patient. In fact, the hash cracking speed will be greatly improved, it takes a long time to create a hash table using a dictionary, but the attack is dozens of times that of aircrack. common DOS attacks include Authentication Flood, Deauthentication Flood, Disassociation Flood, RF Jamming, and Association Flood.00x02 exploitation toolsThis time, we still rely on the next powerful tool of BT5. Currently, most wireless tools of mdk3 are developed using mdk3 as the basic kernel, so we don't need to talk about its performance. for vrouters, we can launch Authentication Flood. The mdk3 parameter is a. This attack is a Flood attack against Wireless AP, also known as an identity Authentication attack. the principle is to initiate a large number of false connection requests to the AP. Once the number of requests exceeds the range that the Wireless AP can afford, the AP will automatically disconnect the existing connection, make the legitimate user unable to use the MAC address (BSSID) of the wireless network mdk3 mon0 a-a AP)


At the same time, we can see that a large number of fake clients connect to the AP, and these clientMAC addresses are also randomly forged.

At this time, we can use-c to attack the specified channel,-a fixed bssid to attack, and-s to control the packet sending rate. generally, the default value is 200 packets per second. In this way, the wireless network will crash in a few minutes, but the problem is, what should we do if we encounter an AP client that can carry a large number of users? Don't worry, next we will use the Deauthentication Flood we used when we obtained handshake, remember, we used the aireplay-ng-0 to initiate the disconnection to get the handshake packet, in fact, aireplay-ng can be started, as long as you do not control the number of packets sent, and random channels, but the efficiency is not high compared to mdk3. this attack is not for AP, but for client MAC. when the mdk3 mon0 d attack starts, we can see that my network is intermittent. When I stop the attack, we can use the-s parameter to speed up packet sending. this efficiency is very high. Generally, the client starts to disconnect the network when it starts to launch. in addition, we can use-w (White List)-B (Black List) to add our mac addresses, so that we can make our forged AP never affected by attacks, in the blacklist and whitelist, you can write a separate mac or an absolute path of the file, and then write the mac to be added to the list in the file.Counterfeit APFirst, we need a wireless network card that supports AP, or directly connect to a wireless router, or make a hotspot. There are many ap methods available on the Internet. You can find them by yourself.

In order to identify a false one, I did not modify the mac address. The above wireless network is a forged AP created by myself using a wireless network card. Its name, password, and encryption method, the working channel works in exactly the same way as the original AP. The original AP is attacked and cannot be connected. I can only connect to this channel. Without knowing it, I will assume that the original AP is forged, unable to connect. at this time, we can capture the packets of our AP Nic. then the data packet is analyzed. in addition, we can also launch false AP signals to interfere with 1mdk3 mon0 B-g-c 11-h 7. At this time, we have begun to interfere a lot with the AP with Channel 11. in addition, we can also launch mdk3 mon0 B-n ESSID-g-c 11 on the specified network to send interference to the specified name (ESSID, -g is a standard 802.11 Wireless Network disguised as 54M, other D of-c channel. you can study O.S on your own.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.