Mac system installation aircrack-ng hack nearby WiFi password (1)

Source: Internet
Author: User
Tags bssid macbook

Tag: Sig Routing command does not have BSP FFD COM follow principle

First step, install Macport, install Xcode

Installing macport Macport is a tool for tool management software packages, and we can also install Aircrack-ngin other ways, but Aircrack-ng is installed by macport the fastest, (Mac system requires the installation of Xcode, you can refer to Macport's homepage)

Step two, install Aircrack-ng

Executed through the shell command line:

sudo port install Aircrack-ng
Step three, get the current NIC

  through the ifconfig command to get the name of the current network card, my side network card name is En0:

Fourth step, get all the wireless networks

Use the Airport tool that comes with your Mac system to view your current wireless network and information about them, and execute them in the shell :

Sudo/system/library/privateframeworks/apple80211.framework/versions/current/resources/airport-s

The system echoes, as follows, all the WiFiaround me, note the table, SSID, BSSID, CHANNEL, these keywords will be mentioned in the following:

Fifth, start to grab the packet, collect data to listen to the wireless network around

Parameter en0 is the default NIC for my computer, the number 6 is the network channel that the NIC needs to listen:

Sudo/system/library/privateframeworks/apple80211.framework/versions/current/resources/airport En0 Sniff 6

When you execute the above command and start listening, the wifi icon will change to a small eye-like icon:

Listen for a bit longer, then use Ctrl + C to stop listening, the system will listen to the data saved to the local, such as, the data saved to the /tmp/airportsniffdamcjh.cap file:

In the process of monitoring if a user logged in this WiFi, then the package will be intercepted by us, if the user has not logged in to this WiFi, we will continue to wait for monitoring, as far as possible in the mobile phone or laptop peak use to open capture, so capture handshake (handshake) The probability is relatively high, the specific principle refers to the last link;

The sixth step is to see if the data in the CAP file is crawled to

Enter the command:

sudo aircrack-ng   

If the encryption value of the routing list to be queried is WPA (1 handshake) , the fetch succeeds, the person jumps to the sixth step , to be re-crawled:

Seventh step, enter command air-crack start hack

The parameter bc:46:99:df:6c:72 after-B refers to the BSSIDof the NIC, and one of the last file paths is the data that was heard in the previous step

sudo aircrack-ng-w dict.txt-b bc:46:99:df:6c:72/tmp/airportsniffdamcjh.cap

As long as the dictionary is big enough, the password break out should be around the corner, the dictionary can do it yourself, or download online

Can you crack the main look at the face and see the Luck

After a successful break, the command line displays KEY FOUND :

If you feel yourself getting a dictionary blasting is troublesome, some third-party websites offer free blasting, or charges for blasting, https://gpuhash.me/

WPA/WPA2 Introduction

Due to a serious security vulnerability in WEP, WiFi Federation has developed WPA and WPA2 to replace WEP. Where WPA implements the main part of 802.11i, it provides backward compatibility with existing hardware and is used as a transition from WEP to 802.11i. After that, WPA2 completed the entire IEEE 802.1i standard.
WPA uses different authentication methods depending on the scenario, where the wpa-psk of a home or small office network does not require a dedicated authentication server, and all devices in that network are authenticated by using the same 256-bit key.

WPA-PSK Security Vulnerabilities

The four-time handshake in the WPA-PSK certification is designed to perform a certain degree of authentication in an unsecured channel through clear text transmission, and to establish a secure channel between devices. First, thePSK is converted to the PMK, and the PMK is then used to generate the PTK. PTK are divided into sections, some of which are called mic keys, and are used to generate hash values for each package for verification.
WPA's security issues are not related to the algorithms used in the authentication process, and more so because the process can be easily reproduced, which makes WPA-PSK likely to suffer from a dictionary brute force attack.

Wpa-psk Attack principle

The WPA-PSK attack is divided into the following steps:
1. Generate PMK according to passphrase,ssid, i.e. PMK = PDKDF2_SHA1 (passphrase, SSID, SSID length, 4096)
2. Capture EAPOL four handshake packets, get anonce,snonce and other information, used to calculate PTK, i.e.
PTK = Prf-x (PMK, Len (PMK), "pairwise key Expansion", Min (AA,SA) | | Max (AA,SA) | | Min (anonce, snonce) | | Max (Anonce, snonce))
3. Use Mic key to calculate the mic of the EAPOL message, i.e. mic = HMAC_MD5 (mic key, 802.1x data)
4. Compare the calculated mic value to the mic value captured, and if the same, the hack succeeds.

Wpa-psk Attack Difficulty

The main difficulty of the WPA-PSK attack is the amount of computation needed to calculate the PMK. The usual computing power of an ordinary computer is in 500pmks/s, and the time it takes to brute-force the 8-bit lowercase combination cipher is 14, So there are only two possible ways to crack WPA-PSK: 1. The user uses a common weak password; 2. Pile up computing resources to get the computing power of supercomputer.

Related:

AP: A network access point that is a device that is connected to a wireless or wired network. is commonly known as a router.

Mac (Media Access Control address): The identity card equivalent to the NIC, the MAC address itself cannot be modified, but can spoof the AP by forging a MAC address.

WEP (Wireless encryption Protocol): Wireless encryption protocol. An early encryption protocol that is easy to crack.

WPA/WPA2 (wi-fiprotected Access): A more secure encryption system based on WEP.

Handshake: shake hands.

IV (initialization vector) s: Initialize vector.

Reference:

macport:https://www.macports.org/install.php

Hack wpa/wpa2 wifi password with macbook: http://topspeedsnail.com/macbook-crack-wifi-with-wpa-wpa2/

WEP&WPA Cracking on Bt5/mac principle: http://blog.csdn.net/stoneliul/article/details/8836248

Third-party blasting site: https://gpuhash.me/(provides free hack, also provides fee-breaking method, using bitcoin as payment medium)

  

NONO
Source: http://www.cnblogs.com/diligenceday/
QQ: 287101329
: 18101055830

Mac system installation aircrack-ng hack nearby WiFi password (1)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.