This article is based on a test environment. Due to the limitations of the test environment, it cannot be realistic. |
The complexity of the situation. To be closer to the actual situation, I tried to make the manual settings as complex as possible. Hope more friends |
You can use this method for testing and application, and finally come up with a real solution. |
Many of my friends have encountered this problem and have worked hard to crack the WEP or even WPA of the other party. |
Password, but the AP of the other side is set to SSIDSSID hidden, MAC filter, DHCP disabled, or even |
The IP address bound to the MAC. This will turn your network's dream into a blow. |
Today, I will study and discuss solutions to these problems with you.
Download the Kohler Network Sharing System |
Http://www.colasoft.com.cn/download/capsatech.exeand install and activate it. |
Open the Kohler analysis software system, as shown in |
First, set the network to your wireless network adapter, and then confirm. |
Click the above button to start collection now. At this time, the wireless network adapter can collect many wireless networks. |
Communication data. Wait a moment and you will see such information, as shown in |
1. Obtain the IP relationship of MAC |
View the local network browsing by physical endpoint, |
The MAC address of the NIC in the local PC corresponds to the IP address 27.122.1.100 you set manually. Large |
Have you seen it? In the local network, there is a 00: 16: b6: 9d: 10: ad which is valid for sniffing. |
The MAC address and IP address of the client. In this way, the relationship between MAC and IP is obtained. Due to testing |
The environment is not complex enough to sniff more computers. If the sniffing environment is complex, you will sniff |
To more computers with different network segments. Check whether the MAC address of the valid client is obtained during packet capture. |
The IP address used by MAC. |
2. Obtain the subnet mask |
View 192.168.2.0/24 in the following "Browse by IP endpoint" local subnet 1. |
It is actually the number of digits of the subnet mask. It can be calculated that the obtained subnet mask is 255.255.255.0. OK |
3. Obtain the network segment after DHCP is disabled |
If the IP address of a valid MAC is located on multiple computers in the same local subnet |
All entries under 192.168.2.0/24 are displayed. For example, the local subnet has multiple PC connections whose IP addresses |
192.168.2.8 and 192.168.2.20 the base instinct was that the DHCP network segment must contain |
192.168.2.5-192.168.2.20. It does not rule out the continuity of MAC-bound IP address jump, |
It is determined that 192.168.2.2/5/20 is a valid IP address. For weak water three thousand, only one half drink is used. |
You have enough for the network. |
Generally, DNS is provided by the local ISP, and a single phone can basically get the DNS server |
How do I obtain the gateway address? You can use a MAC address scanner to scan network segments. First, manually set the IP address |
The IP address is the correct CIDR block, which is within the same CIDR block but not necessarily the IP address filtering range. Manually |
Set the subnet mask to 192.168.2.80 to 255.255.255.0. For example |
Then, the MAC address scanner scans computers in the same CIDR block. |
IP address ing. For details, see |
According to the MAC address 00: 14: 6c: 3e: f0: ac obtained when I cracked the AP |
The address is 192.168.2.60. |
Alternatively, you can use the-0 conflict mode in BT to re-connect the client to the AP. |
Then go to the Network Analysis System session to find the gateway's MAC address. |
00: 14: 6c: 3e: f0: ac and double-click the session details. |
In the session details, double-click the data packet to decode the data packet. Red |
Color section. Source physical address and source IP address. This is the corresponding gateway address. |
3. Finally, publish my actual AP settings |
We all know that after the SSID is hidden, the SSID will not be scanned, And even if WEP is cracked, it will not be connected. |
To the wireless network. Here I will provide you with a solution. (In non-client Mode) |
You can use NetStumbler to view the result, as shown in figure, where MAC is an AP of 00904c7e0064. |
Open the kismet software under BT3, And the <no ssid> is displayed, as shown in |
How can we determine that this ssid is what we see? You can select this <no ssid> and |
Press enter and you will see BSSID to see if the AP is 00904c7e0064? At this time, if there is a legal |
When the client is connected to the AP and network communication is in progress |
The blue SSID is displayed in the window. <Shuwei> For details, see |
If you still cannot get the correct SSID after a while, you can use the-0 conflict mode. |
Aireplay-ng-0 5-a <ap mac>-c <valid client mac> wifi0 |
Reconnect the client to the AP. The SSID is displayed on Kismet at the moment of connection. |