mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
已翻译 by小眼儿
Signed-off-by: tinyeyeser <tinyeyeser@gmail.com>
This commit is contained in:
tinyeyeser
parent
c581ea49ee
commit
cad011927d
@ -1,156 +0,0 @@
|
||||
翻译中 by小眼儿
|
||||
|
||||
How to Crack a Wi-Fi Network's WPA Password with Reaver
|
||||
================================================================================
|
||||
|
||||
|
||||
Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how [easy it is to crack a WEP password][1], you probably secure your network using the more bulletproof WPA security protocol.
|
||||
|
||||
Here's the bad news: A new, free, open-source tool called [Reaver][2] exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network against Reaver attacks.
|
||||
|
||||
In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.
|
||||
|
||||
[http://www.youtube.com/embed/z1c1OIMbmb0?wmode=transparent&rel=0&autohide=1&showinfo=0&enablejsapi=1][3]
|
||||
|
||||
First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.
|
||||
|
||||
### What You'll Need ###
|
||||
|
||||
You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:
|
||||
|
||||
|
||||
|
||||
- [**The BackTrack 5 Live DVD**][4]. BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD [from BackTrack's download page][5] and burn it to a DVD. You can alternately download a virtual machine image if you're using VMware, but if you don't know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R3 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO.
|
||||
|
||||
- **A computer with Wi-Fi and a DVD drive**. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro.
|
||||
|
||||
- **A nearby WPA-secured Wi-Fi network**. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible.
|
||||
|
||||
- **A little patience**. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The [Reaver home page][6] suggests it can take anywhere from 4-10 hours. Your mileage may vary.
|
||||
|
||||
### Let's Get Crackin' ###
|
||||
|
||||
At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.
|
||||
|
||||
#### Step 1: Boot into BackTrack ####
|
||||
|
||||
To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter.
|
||||
|
||||
Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type `startx` and press Enter. BackTrack will boot into its graphical interface.
|
||||
|
||||
#### Step 2: Install Reaver ####
|
||||
|
||||
Update: This step is no longer necessary, as Reaver comes pre-installed on Backtrack 5 R3. Skip down to Step 3.
|
||||
|
||||
Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to.
|
||||
|
||||
1. Click Applications > Internet > Wicd Network Manager
|
||||
1. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time.
|
||||
|
||||
Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
|
||||
|
||||
apt-get update
|
||||
|
||||
And then, after the update completes:
|
||||
|
||||
apt-get install reaver
|
||||
|
||||
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)
|
||||
|
||||
#### Step 3: Gather Your Device Information, Prep Your Crackin' ####
|
||||
|
||||
In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that.
|
||||
|
||||
**Find your wireless card:** Inside Terminal, type:
|
||||
|
||||
iwconfig
|
||||
|
||||
Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named `wlan0`, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
|
||||
|
||||
|
||||
|
||||
**Put your wireless card into monitor mode**: Assuming your wireless card's interface name is `wlan0`, execute the following command to put your wireless card into monitor mode:
|
||||
|
||||
airmon-ng start wlan0
|
||||
|
||||
This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be `mon0`, like in the screenshot below. Make note of that.
|
||||
|
||||
|
||||
|
||||
**Find the BSSID of the router you want to crack**: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
|
||||
|
||||
airodump-ng wlan0
|
||||
|
||||
(Note: If `airodump-ng wlan0` doesn't work for you, you may want to try the monitor interface instead—e.g., `airodump-ng mon0`.)
|
||||
|
||||
You'll see a list of the wireless networks in range—it'll look something like the screenshot below:
|
||||
|
||||
|
||||
|
||||
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our [previous guide to cracking WEP passwords][7].)
|
||||
|
||||
Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.
|
||||
|
||||
#### Step 4: Crack a Network's WPA Password with Reaver ####
|
||||
|
||||
Now execute the following command in the Terminal, replacing `bssid` and moninterface with the BSSID and monitor interface and you copied down above:
|
||||
|
||||
reaver -i moninterface -b bssid -vv
|
||||
|
||||
For example, if your monitor interface was `mon0` like mine, and your BSSID was `8D:AE:9D:65:1F:B2` (a BSSID I just made up), your command would look like:
|
||||
|
||||
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
|
||||
|
||||
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:
|
||||
|
||||
|
||||
|
||||
**A few important factors to consider**: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through.
|
||||
|
||||
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).
|
||||
|
||||
### How Reaver Works ###
|
||||
|
||||
Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password.
|
||||
|
||||
Read more details about the vulnerability at [Sean Gallagher's excellent post on Ars Technica][8].
|
||||
|
||||
### How to Protect Yourself Against Reaver Attacks ###
|
||||
|
||||
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher [points out as Ars][9], even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.
|
||||
|
||||
> In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.
|
||||
|
||||
So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.
|
||||
|
||||
You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
|
||||
|
||||
Double bummer. So what will work?
|
||||
|
||||
I have the open-source router firmware [DD-WRT][10] installed on my router and I was unable to use Reaver to crack its password. As it turns out, [DD-WRT does not support WPS][11], so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their [supported devices list][12] to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like [monitor your internet usage][13], [set up a network hard drive][14], act as a [whole-house ad blocker][15], [boost the range of your Wi-Fi network][16], and more. It essentially [turns your $60 router into a $600 router][17].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[1]:http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack
|
||||
[2]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[3]:http://www.youtube.com/embed/z1c1OIMbmb0?wmode=transparent&rel=0&autohide=1&showinfo=0&enablejsapi=1
|
||||
[4]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fwww.backtrack-linux.org%2Fdownloads%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[5]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fwww.backtrack-linux.org%2Fdownloads%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[6]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[7]:http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack
|
||||
[8]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2011%2F12%2Fresearchers-publish-open-source-tool-for-hacking-wifi-protected-setup.ars&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[9]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2012%2F01%2Fhands-on-hacking-wifi-protected-setup-with-reaver.ars&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[10]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fdd-wrt.com%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[11]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2Fissues%2Fdetail%3Fid%3D44&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[12]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fdd-wrt.com%2Fwiki%2Findex.php%2FSupported_Devices&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[13]:http://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-cap
|
||||
[14]:http://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drive?tag=ddwrt
|
||||
[15]:http://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blocker?tag=ddwrt
|
||||
[16]:http://lifehacker.com/5563196/turn-your-old-router-into-a-range+boosting-wi+fi-repeater?tag=ddwrt
|
||||
[17]:http://lifehacker.com/178132/hack-attack-turn-your-60-router-into-a-600-router
|
||||
@ -0,0 +1,154 @@
|
||||
如何使用Reaver破解Wi-Fi网络的WPA密码
|
||||
================================================================================
|
||||
|
||||
|
||||
Wi-Fi网络能够让我们便利地访问因特网,但同时,我们又不希望隔壁抠门猥琐男总是蹭我们的网,所以自然要给WiFi加个密码,对吧?于是,好消息是,也许你已经看过我的另一篇文章,“[如何轻易破解WEP密码][1]”,所以你使用了更稳固的WPA安全协议。
|
||||
|
||||
但坏消息是,现在有一款自由开源新工具——[Reaver][2],已经挖掘出了无线路由器的一个漏洞,由此能够破解绝大多数路由器上的密码。今天,我就来一步步介绍,如何使用Reaver破解WPA/WPA2密码。最后我会给出相应的防范对策。
|
||||
|
||||
文章的第一部分,是使用Reaver破解WPA的详细步骤,读者可以看视频,也可以跟着下面的文字一起做。然后,我会解释Reaver的工作原理。最后,介绍如何防范Reaver攻击。
|
||||
|
||||
[http://www.youtube.com/embed/z1c1OIMbmb0?wmode=transparent&rel=0&autohide=1&showinfo=0&enablejsapi=1][3]
|
||||
|
||||
在正式开始之前,我还是要不厌其烦强调一下:知识就是力量,但是拥有力量不代表着可以为所欲为、触犯法律。同样,骑白马的不一定是王子,会开锁的也不一定是小偷。本文只是关于某些技术的实验与验证,只适用于学习。你知道的越多,就能够越好的保护自己。
|
||||
|
||||
###准备工作###
|
||||
|
||||
首先,无需成为一名网络专家,学会使用复杂的命令行工具,你只需要准备一张空白DVD、一台能连接WiFi的电脑,并腾出几个小时时间,这就是我们基本需要的东西。要安装Reaver,可以有很多方法,但是这里我们建议你按照下面的指南来做:
|
||||
|
||||
|
||||
|
||||
- [**The BackTrack 5 Live DVD**][4]。BackTrack是一款支持自启动的Linux发行版,上面集成了大量的网络测试工具。虽然这对于安装、配置Reaver并不是必需的一个条件,但是对于大多数用户却是最简单一个方法。从[BackTrack的下载页面(传送门)][5]下载Live DVD,然后刻盘。这里你也可以下载镜像然后使用VMware安装,如果你不知道VMware是啥,额,那就还是刻盘吧。如图所示,下载的时候,下拉菜单选择BackTrack 5 R3版本、Gnome环境、根据你的CPU选择32或64位系统(如果这里不确定是32还是64,为了保险起见,请选择32位),下载类型选择ISO,然后就可以点击下载了。
|
||||
|
||||
- **配有DVD光驱、支持WiFi的电脑**。BackTrack支持大多数的笔记本无线网卡,这一点对于大多数读者应该没什么问题。同时,你的电脑需要有一个DVD光驱,这样才能从BackTrack光盘启动。我的测试环境是一台用了6年的MacBook Pro。
|
||||
|
||||
- **附近要有采用WPA加密的WiFi网络**。没WiFi网,你破解谁去=。= ……一会我会在“Reaver的工作原理部分”介绍,WiFi防护设置是如何产生安全漏洞、WPA破解是如何成为可能的。
|
||||
|
||||
- **最后,你还需要一点点的耐心**。这是整个实验的最后一步,使用Reaver破解WPA密码并不难,它采用的是暴力破解,因此,你的电脑将会测试大量不同的密码组合,来尝试破解路由器,直到最终找到正确的密码。我测试的时候,Reaver花了大概两个半小时破解了我的WiFi密码。[Reaver的主页][6]上介绍,一般这个时间在4到10个小时之间,视具体情况而定。
|
||||
|
||||
###让我们开始吧###
|
||||
|
||||
此时,你应该已经把BackTrack的DVD光盘刻录好了,笔记本也应该已经准备就绪。
|
||||
|
||||
####第1步:启动BackTrack####
|
||||
|
||||
要启动BackTrack,只需将DVD放入光驱,电脑从光盘启动。(如果不知道如何使用live CD或DVD启动,请自行Google。)启动过程中,BackTrack会让你选择启动模式,选择默认的“BackTrack Text - Default Boot Text Mode”然后回车。
|
||||
|
||||
最终BackTrack会来到一个命令行界面,键入`startx`,回车,BackTrack就会进入它的图形界面。
|
||||
|
||||
####第2步:安装Reaver####
|
||||
|
||||
(文章更新:Reaver在R3版中已经预装,如果你安装的是BT5的R3版,这一步骤可以忽略,直接跳到第3步。)
|
||||
|
||||
Reaver已经加入了BackTrack的最新版软件包,只是还没有集成到live DVD里,所以,在本文最初撰写的时候,你还需要手动安装Reaver。要安装Reaver,首先设置电脑联网。
|
||||
|
||||
1.点击Applications > Internet > Wicd Network Manager
|
||||
2.选择你的网络并点击Connect,如果需要的话,键入密码,点击OK,然后再次点击Connect。
|
||||
|
||||
连上网以后,安装Reaver。点击菜单栏里的终端按钮(或者依次点击 Applications > Accessories > Terminal)。在终端界面,键入以下命令:
|
||||
|
||||
apt-get update
|
||||
|
||||
更新完成之后,键入:
|
||||
|
||||
apt-get install reaver
|
||||
|
||||
如果一切顺利,Reaver现在应该已经安装好了。如果你刚才的下载安装操作使用的是WiFi上网,那么在继续下面的操作之前,请先断开网络连接,并假装不知道WiFi密码=。= 接下来我们要准备破解它~
|
||||
|
||||
####第3步:搜集设备信息,准备破解####
|
||||
|
||||
在使用Reaver之前,你需要获取你无线网卡的接口名称、路由的BSSID(BSSID是一个由字母和数字组成的序列,用于作为路由器的唯一标识)、以及确保你的无线网卡处于监控模式。具体参见以下步骤。
|
||||
|
||||
**找到无线网卡:**在终端里,键入:
|
||||
|
||||
iwconfig
|
||||
|
||||
回车。此时你应该看到无线设备的相关信息。一般,名字叫做`wlan0`,但如果你的机子不止一个无线网卡,或者使用的是不常见的网络设备,名字可能会有所不同。
|
||||
|
||||
|
||||
|
||||
**将无线网卡设置为监控模式**:假设你的无线网卡接口名称为`wlan0`,执行下列命令,将无线网卡设置为监控模式:
|
||||
|
||||
airmon-ng start wlan0
|
||||
|
||||
这一命令将会输出监控模式接口的名称,如下图中箭头所示,一般情况下,都叫做`mon0`。
|
||||
|
||||
|
||||
|
||||
**找到你打算破解的路由器的BSSID**:最后,你需要获取路由器的唯一标识,以便Reaver指向要破解的目标。执行以下命令:
|
||||
|
||||
airodump-ng wlan0
|
||||
|
||||
(注意:如果`airodump-ng wlan0`命令执行失败,可以尝试对监控接口执行,例如`airodump-ng mon0`)
|
||||
|
||||
此时,你将看到屏幕上列出周围一定范围内的无线网络,如下图所示:
|
||||
|
||||
|
||||
|
||||
当看到你想要破解的网络时,按下Ctrl+C,停止列表刷新,然后复制该网络的BSSID(图中左侧字母、数字和分号组成的序列)。从ENC这一列可以看出,该网络是WPA或WPA2协议。(如果为WEP协议,可以参考我的[前一篇文章——WEP密码破解指南][7])
|
||||
|
||||
现在,手里有了BSSID和监控接口的名称,万事俱备,只欠破解了。
|
||||
|
||||
####第4步:使用Reaver破解无线网络的WPA密码####
|
||||
|
||||
在终端中执行下列命令,用你实际获取到的BSSID替换命令中的 `bssid` :
|
||||
|
||||
reaver -i moninterface -b bssid -vv
|
||||
|
||||
例如,如果你和我一样,监控接口都叫做 `mon0`,并且你要破解的路由器BSSID是`8D:AE:9D:65:1F:B2`,那么命令应该是下面这个样子:
|
||||
|
||||
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
|
||||
|
||||
最后,回车!接下来,就是喝喝茶、发发呆,等待Reaver魔法的发生。Reaver将会通过暴力破解,尝试一系列PIN码,这将会持续一段时间,在我的测试中,Reaver花了2个半小时破解网络,得出正确密码。正如前文中提到过的,Reaver的文档号称这个时间一般在4到10个小时之间,因此根据实际情况不同,这个时间也会有所变化。当Reaver的破解完成时,它看起来是下图中这个样子:
|
||||
|
||||
|
||||
|
||||
**一些要强调的事实**:Reaver在我的测试中工作良好,但是并非所有的路由器都能顺利破解(后文会具体介绍)。并且,你要破解的路由器需要有一个相对较强的信号,否则Reaver很难正常工作,可能会出现其他一些意想不到的问题。整个过程中,Reaver可能有时会出现超时、PIN码死循环等问题。一般我都不管它们,只是保持电脑尽量靠近路由器,Reaver最终会自行处理这些问题。
|
||||
|
||||
除此以外,你可以在Reaver运行的任意时候按下Ctrl+C中断工作。这样会退出程序,但是Reaver下次启动的时候会自动恢复继续之前的工作,前提是只要你没有关闭或重启电脑(如果你直接在live DVD里运行,关闭之前的工作都会丢失)。
|
||||
|
||||
###Reaver的工作原理###
|
||||
|
||||
你已经学会了使用Reaver,现在,让我们简单了解一下Reaver的工作原理。它利用了WiFi保护设置(WiFi Protected Setup - 下文中简称为WPS)的一个弱点,WPS是许多路由器上都有的一个功能,可以为用户提供简单的配置过程,它与设备中硬编码保存的一个PIN码绑定在一起。Reaver利用的就是PIN码的一个缺陷,最终的结果就是,只要有足够的时间,它就能破解WPA或WPA2的密码。
|
||||
|
||||
关于这个缺陷的具体细节,参看[Sean Gallagher's excellent post on Ars Technica][8]。
|
||||
|
||||
###如何防范Reaver攻击###
|
||||
|
||||
该缺陷存在于WPS的实现过程中,因此,如果能够关闭WPS,WiFi就是安全的(或者,更好的情况是,你的路由器天生就木有这一功能)。但不幸的是,正如Gallagher[在Ars的文章中所指出的][9],即使在路由器设置中人为关掉了WPS,Reaver仍然能够破解其密码。
|
||||
|
||||
> 在一次电话通话中,Craig Heffner说道,很多路由器即使关闭WPS都无法有效防范攻击。他和同事一起测试过,所有的Linksys和Cisco Valet无线路由器都是如此。“在所有的Linksys路由器上,你甚至无法手动关闭WPS,”他说,尽管Web界面中有关闭WPS配置的按钮,但是“它仍然会自动打开,极易受到攻击”。
|
||||
|
||||
因此,方法一:失败!。也许你可以亲自尝试把你的路由器WPS关闭,然后测试一下Reaver是否还能成功破解。
|
||||
|
||||
你也可以在路由器中设置一下MAC地址过滤(只允许指定的白名单设备连接你的网络),但是有经验的黑客还是能够检测出设备的白名单MAC地址,并使用MAC地址仿冒你的计算机。
|
||||
|
||||
方法二:失败!那到底该怎么办?
|
||||
|
||||
我的建议是,我曾经在我的路由器上安装了开源路由固件[DD-WRT][10],成功防御了Reaver攻击。因为,[DD-WRT天生就是不支持WPS的][11],因此,这成为了又一个我热爱自由软件的原因。如果你也对DD-WRT感兴趣,可以看一下这里的[设备支持列表][12],看是否支持你的路由器设备。除了安全上的升级,DD-WRT还可以[监控网络行为][13],[设置网络驱动器][14],[拦截广告][15],[增强WiFi信号范围][16]等,它完全可以[让你60美刀的路由器发挥出600美刀路由器的水平][17]!
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver
|
||||
|
||||
译者:[Mr小眼儿](http://blog.csdn.net/tinyeyeser) 校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
|
||||
[1]:http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack
|
||||
[2]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[3]:http://www.youtube.com/embed/z1c1OIMbmb0?wmode=transparent&rel=0&autohide=1&showinfo=0&enablejsapi=1
|
||||
[4]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fwww.backtrack-linux.org%2Fdownloads%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[5]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fwww.backtrack-linux.org%2Fdownloads%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[6]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[7]:http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack
|
||||
[8]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2011%2F12%2Fresearchers-publish-open-source-tool-for-hacking-wifi-protected-setup.ars&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[9]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Farstechnica.com%2Fbusiness%2Fnews%2F2012%2F01%2Fhands-on-hacking-wifi-protected-setup-with-reaver.ars&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[10]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fdd-wrt.com%2F&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[11]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fcode.google.com%2Fp%2Freaver-wps%2Fissues%2Fdetail%3Fid%3D44&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[12]:http://go.redirectingat.com/?id=33330X911647&site=lifehacker.com&xs=1&isjs=1&url=http%3A%2F%2Fdd-wrt.com%2Fwiki%2Findex.php%2FSupported_Devices&xguid=&xcreo=0&sref=http%3A%2F%2Flifehacker.com%2F5873407%2Fhow-to-crack-a-wi%2Bfi-networks-wpa-password-with-reaver&pref=http%3A%2F%2Flifehacker.com%2F5953047%2Fhow-to-crack-wep-and-wpa-wi%2Bfi-passwords&xtz=-480&abp=1
|
||||
[13]:http://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-cap
|
||||
[14]:http://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drive?tag=ddwrt
|
||||
[15]:http://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blocker?tag=ddwrt
|
||||
[16]:http://lifehacker.com/5563196/turn-your-old-router-into-a-range+boosting-wi+fi-repeater?tag=ddwrt
|
||||
[17]:http://lifehacker.com/178132/hack-attack-turn-your-60-router-into-a-600-router
|
||||
Loading…
Reference in New Issue
Block a user