Explanation of the attack modes in aireplay-ng 6

Article Title: Explanation of attack modes in aireplay-ng 6. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

-0 deautenticate conflict Mode

Force disconnect a valid client from the vro to reconnect it. Authentication data packets are obtained during the reconnection process to generate valid arp data.

If a client is connected to a vro but no one is on the Internet to generate valid data,-3 cannot generate valid arp data, therefore, the-0 attack mode must be used in combination with-3 attacks to activate them.

Aireplay-ng-0 10-a ap_mac-c valid client mac wifi0

Parameter description: 10 indicates the number of sending times (0 indicates cyclic attack, and the client cannot access the Internet normally)

-A sets the mac address of the ap and-c sets the mac address of the connected legal client (if-c is required, all clients connected to the ap are disconnected)

-1 fakeauth count disguises a client to connect to the ap

This is the first step in the study without a client, because there is no valid connection to the client, so you need a disguised client to connect to the router. To allow the ap to accept data packets, you must associate your NIC with the ap. -1 send the injection command only when the disguised client connection is successful enough

Aireplay-ng-1 0-e ap_essid-a ap_mac-h my_mac wifi0

Parameter description: 0 indicates that the rock is connected after 0 seconds;-e sets ap_essid;-a sets the mac address of the ap-h sets the mac address of the nic of the disguised client (that is, the mac address of the NIC)

-2 interactive Mode

This mode integrates three functions: Packet Capture and data extraction, and packet injection.

Ireplay-ng-2-p 0841-c ff: ff-B ap_mac-h my_mac wifi0

Parameter description:-p sets the information contained in the Control Frame (hexadecimal). The default value is 0841.-c: sets the target mac address.-B sets the mac address of the ap; -h disguise the mac address of the client NIC (that is, the mac address of the client)

Extract packets and send injection packets

Aireplay-ng-2-r myarp-x 1024 wifi0

Parameter description: myarp: file name set by myself;-x 1024: Packet sending speed (up to 1024)

-3 arp-request Injection Attack Mode

This mode is a process of analyzing and resending packets after capturing packets.

Aireplay-ng-3-B ap_mac-h valid client mac-x 512 wifi0

-4. The chopchop attack mode is used to obtain a detailed explanation of the attack mode in 6 that contains the password aireplay-ng.

-0 deautenticate conflict Mode

Force disconnect a valid client from the vro to reconnect it. Authentication data packets are obtained during the reconnection process to generate valid arp data.

If a client is connected to a vro but no one is on the Internet to generate valid data,-3 cannot generate valid arp data, therefore, the-0 attack mode must be used in combination with-3 attacks to activate them.

Aireplay-ng-0 10-a ap_mac-c valid client mac wifi0

Parameter description: 10 indicates the number of sending times (0 indicates cyclic attack, and the client cannot access the Internet normally)

-A sets the mac address of the ap and-c sets the mac address of the connected legal client (if-c is required, all clients connected to the ap are disconnected)

-1 fakeauth count disguises a client to connect to the ap

This is the first step in the study without a client, because there is no valid connection to the client, so you need a disguised client to connect to the router. To allow the ap to accept data packets, you must associate your NIC with the ap. -1 send the injection command only when the disguised client connection is successful enough

Aireplay-ng-1 0-e ap_essid-a ap_mac-h my_mac wifi0

Parameter description: 0 indicates that the rock is connected after 0 seconds;-e sets ap_essid;-a sets the mac address of the ap-h sets the mac address of the nic of the disguised client (that is, the mac address of the NIC)

-2 interactive Mode

This mode integrates three functions: Packet Capture and data extraction, and packet injection.

Ireplay-ng-2-p 0841-c ff: ff-B ap_mac-h my_mac wifi0

Parameter description:-p sets the information contained in the Control Frame (hexadecimal). The default value is 0841.-c: sets the target mac address.-B sets the mac address of the ap; -h disguise the mac address of the client NIC (that is, the mac address of the client)

Extract packets and send injection packets

Aireplay-ng-2-r myarp-x 1024 wifi0

Parameter description: myarp: file name set by myself;-x 1024: Packet sending speed (up to 1024)

-3 arp-request Injection Attack Mode

This mode is a process of analyzing and resending packets after capturing packets.

Aireplay-ng-3-B ap_mac-h valid client mac-x 512 wifi0

-4 chopchop attack mode, used to obtain an xor file containing key data

Aireplay-ng-4-B ap-mac-h my_mac wifi0

-5 fragment: fragment attack mode, used to obtain PRGA (files with the suffix xor of the key)

Aireplay-ng-5-B ap_mac-h my_mac wifi0

Packetforge-ng data packet manufacturing Program

Packetforge-ng-0-a ap_mac-h my_mac wifi0-k packet 255.255.255-l packet 255.255.255-y niam_xor-w mrarp

Parameter description:-0: disguised arp packet;-k: Set the ip address and port of the target file;-l: Set the source file IP address and port;-y: Read PRGA from the xor file; name: name of the xor file;-w: Specifies the name of the disguised arp packet.

Aircrack-ng-n 64-B ap_mac name-01.ivs

Parameter description:-n sets the key length (64/128/256/512)

The xor file of the key data.

Aireplay-ng-4-B ap-mac-h my_mac wifi0

-5 fragment: fragment attack mode, used to obtain PRGA (files with the suffix xor of the key)

Aireplay-ng-5-B ap_mac-h my_mac wifi0

Packetforge-ng data packet manufacturing Program

Packetforge-ng-0-a ap_mac-h my_mac wifi0-k packet 255.255.255-l packet 255.255.255-y niam_xor-w mrarp

Parameter description:-0: disguised arp packet;-k: Set the ip address and port of the target file;-l: Set the source file IP address and port;-y: Read PRGA from the xor file; name: name of the xor file;-w: Specifies the name of the disguised arp packet.

Aircrack-ng-n 64-B ap_mac name-01.ivs

Parameter description:-n sets the key length (64/128/256/512)