Introduction to wireless attack technology

This article only briefly describes some ideas about wireless attacks and attack tools, and does not have any principles. I will wait for the next article to introduce the principles of some tools and the use of common tools. I wrote this article only to familiarize myself with wireless kids shoes.

I. Several Methods of wireless phishing

1: No portal Authentication

1. Create a local soft AP to capture packets directly (the premise is that there is a wireless network card, the desktop is not good, there is no wireless network card)

2. Use 3G router to establish AP connection router sniffing

3. Brush DD-WRT openwrt to directly capture packets and install tcpdump

2: Portal Authentication

1. Brush DD-WRT openwrt and use wifidog for authentication

2. Local ap dns Spoofing Authentication

2. Several tools for wireless cracking

1. Water Drop "fern WiFi Cracker" spoonewp2 beini

2. Poor PIN code I often use the water drop qss tool link

3. tengda PIN code vulnerability default PIN code is not modified. According to the last six digits of Mac, it can be calculated that the 7-digit PIN code is 8 digits, and the last one can guess 9 digits.

The above mentioned wireless cracking tools are based on aireplay-ng at the underlying layer.

Iii. attack methods of wireless routers

1. DHCP attacks (quickly exhausting the IP address pool to occupy a large number of IP addresses)

2. DDoS attacks (random spoofing of MAC addresses connected by fake clients)

4. Wireless handshake packet cracking tool

1. hashcat

2. ewsa)

5. Tips

Use wifi to obtain the Wi-Fi password. The password path is data/MISC/WiFi/wpa_supplicant.conf.

How can someone connect to your forged soft AP? Use mdk3 to kill his vrossid. You have the same SSID and no password. If you can search for it, your SSID will be connected by default. (Not all routers can be killed. Do not drill corners)

Introduction to wireless attack technology