WPA2半握手包破解，不需要传统完整4步握手也可破解，WiFi密码破解_Nuclear'Atk 网络安全研究中心
WPA2半握手包破解，不需要传统完整4步握手也可破解，WiFi密码破解
dxa4481/WPA2-HalfHandshake-Crack
This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP.
WPA2-HalfHandshake-Crack
Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to show it is not necessary to have the Access Point present. A person can simply listen for WPA2 probes from any client withen range, and then throw up an Access Point with that SSID. Though the authentication will fail, there is enough information in the failed handshake to run a dictionary attack against the failed handshake.
$ sudo python setup.py install
Sample use
$ python halfHandshake.py -r sampleHalfHandshake.cap -m 48d224f0d128 -s "no place like 127.0.0.1"
-r Where to read input pcap file with half handshake (works with full handshakes too)
-m AP mac address (From the 'fake' access point that was used during the capture)
-s AP SSID
-d (optional) Where to read dictionary from
Capturing half handshakes
To listen for device probes the aircrack suite can be used as follows
sudo airmon-ng start wlan0
sudo airodump-ng mon0
You should begin to see device probes with BSSID set as (not associated) appearing at the bottom. If WPA2 SSIDs pop up for these probes, these devices can be targeted
Setup a WPA2 wifi network with an SSID the same as the desired device probe. The passphrase can be anything
In ubuntu this can be done here
Capture traffic on this interface.
In linux this can be achived with TCPdump
sudo tcpdump -i wlan0 -s 65535 -w file.cap
(optional) Deauthenticate clients from nearby WiFi networks to increase probes
If there are not enough unassociated clients, the aircrack suite can be used to deauthenticate clients off nearby networks
WPA2半握手包破解-不需要传统完整4步握手也可破解
lxj616 (简介) |
传统的WPA2攻击通过侦听客户端与AP接入点之间的一次成功握手实现。
然后抓到的4次握手协商可用来字典攻击。
这个工具展示了不需要AP真实存在即可完成攻击。
一个攻击者可以仅仅通过嗅探任何有效范围内客户端发出的WPA2探测信号，
之后建立那个SSID名称的AP接入点。
尽管认证将会失败，但失败的握手包已经有了足够的信息被用来字典攻击。
测试截图：
各类吐槽：
首先得先有个字典
实习白帽子 |
重点还是需要字典!
無名老人 (干过开发，日过渗透，江湖人称：少妇杀手) |
最后你还是需要字典，各位wifi 牛，求共享高质量字典
@無名老人 字典除了常用弱口令生日 其他的都是本地手机号和固定电话号码，这个需要自己生成
园长 (喵~) |
贱贱，喔～
lxj616 (简介) |
@园长 喵呜
jeary ((:?？办么怎，了多越来越法方象抽的我)) |
简单说就是省去传统抓包的麻烦
咖啡 (来自iPhone6s土豪金客户端 | 1分钟前 迪拜帆船酒店 总统套房) |
@無名老人 淘宝上有跑包的。。。。。
無名老人 (干过开发，日过渗透，江湖人称：少妇杀手) |
@咖啡 比如wifi 共享精灵的裤子 啥的，这个是最好的字典啊
乌云白帽子 |
@lxj616 大牛给个字典行不行？还有工具包，菜鸟要偷隔壁的网
我勒个去 |
@咖啡 搜啥关键字?没找到啊
灭亡 (-.-) |
赞一个 点击感谢
Passive Karma Attack ?
字典才是硬道理
(统治全球，奴役全人类！毁灭任何胆敢阻拦的有机生物！) |
很早就有类似的功能了，思路淫荡、
本文“”，来自：，本文地址：，转载请注明作者及出处！ 上传我的文档
 下载
 收藏
该文档贡献者很忙，什么也没留下。
 下载此文档
正在努力加载中...
无线网络密码破解WPAWPA2教程(包教包会)
下载积分：1000
内容提示：无线网络密码破解WPAWPA2教程(包教包会),无线网络密码
文档格式：DOC|
浏览次数：8|
上传日期： 00:03:26|
文档星级：
该用户还上传了这些文档
无线网络密码破解WPAWPA2教程(包教包会)
官方公共微信にゃんぱすー
Your browser does not support HTML5 video.
最近访客Powered By}