preface : Watch Tencent class WiFi Attack and defense (Web security / Penetration test / White hat hacker / network security ) Some knowledge gained in the course , Knowledge is very old , Should be 2015 Year , And only about password cracking , The following content is gone .

 WiFi Safety gossip

Besides myself, I wifi
There are loopholes in itself , There are loopholes in the router itself . For hackers ,wifi Attack is the most efficient and reliable shortcut to the intranet , attack wifi after , Equivalent to taking a shortcut , The traditional hacker attack penetration process is the server --》 firewall --》 end user , Now it's directly to the user , And the firewall can't detect it .

When wifi After being attacked by hackers , You may encounter illegal occupation of broadband , Privacy exposure ( adopt arp/dns Deceptive hijacking , Analyze users' online traffic ), Account hijacked ( By setting up phishing websites , Stealing user account ), Computer is invaded ( Invade the host )……

  Wireless penetration topology

Small network topology , use wep/wpa/wpa2 authentication .


Enterprise class network topology , use web/802.1x authentication .


  Wireless security terminology

Encryption standards include

web: It's not safe , Challenge and response based authentication protocol , use rc4 encryption algorithm . Just grab enough ivs package , Can be cracked .

wpa: use TKIP/RC4 encryption algorithm , The attack method is to grab the handshake packet , Use dictionary brute force to crack .

wpa2: use TKIP/AES encryption algorithm , The attack method is to grab the handshake packet , Use dictionary brute force to crack .

  Penetration test environment

The attack opportunity is known first wifi Password for , Then try to attack cisco Router , And then treat another computer under the same LAN as a broiler .


Wireless routing settings : Including dial-up Internet access , Set up wireless wifi, set up DHCP

Setting of attacker : install ubantu of linux, There are many built-in wireless attacks and information collection software that can be used directly . If the attacker does not have a built-in network card, it needs to install a wireless network card and supporting drivers , If it is a laptop host, it has a built-in network card , But there is no built-in network card in the virtual machine , So you need an external network card .

 WiFi Infiltrate stampede

* First use wifi Hot spot scanning , such as wirelessmon(win Stable operation under ),network stumbler,inssider,wifi hack
aio( A tool set ,win7 It's more reliable ,iso Run as file administrator ) etc .
Then according to the order of penetration attack , Formulate attack process according to wireless encryption strength , attack wep of wifi hotspot , attack wpa/wpa2 open wps Functional wifi hotspot , attack wpa/wpa2 With customer connection wifi hotspot , attack wpa/wpa2 No customer connected wifi hotspot .
* install wirelessmon after , Displayed ap Refers to the wireless access node , Namely AccessPoint Abbreviation of ,AP It is a wireless base platform , and WIFI Belong to the same category ,WIFI
That is, hot spots , wireless AP Devices that are expansion hotspots
. Channel is frequency band , It is a data signal transmission channel with wireless signal as the transmission carrier . As specified , The channels used in China are 13 individual , use 1-13 channel . More devices on the same channel ,WiFi The weaker the signal is , So if you want to make the family WiFi High quality , You have to change your home WiFi With the surrounding WiFi Use the same channel . For example, own household 1 Channel No , Everyone around uses it 2 Channel No , Then it's okay , But if more and more people around use it 1 Channel No , that WiFi The signal will be affected , Eventually affect their own home network .
* After scanning through the tool, you need to know what is not encrypted , Connectable wifi
, Which can be broken in the simplest way , Are there any open wps Functional ? Is there a customer connected to me wifi upper ?
* wirelessmon Can scan out hidden wifi Account number of name , You should fill in this form manually when connecting wifi Security level of .
WiFi Password cracking  

 1. WEP Password cracking of type a encryption method - Catch enough IVS package .

---- Cracking tools are minidwep-gtk,feedingbottle,inflator1.0 Other tools .

---- use minidwep-gtk stay linux inside , The scanned information and wirelessmon It's similar .minidwep-gtk The principle of the tool is to grab enough IVS Crack the password after the package , here minidwep-gtk Has been trying to crack wifi password , If wifi No client access , Will forge customer access , The cracking speed is slower ; If wifi With password access , And the access provider has been doing data inflow ping One ip If , The cracking speed is faster .

 2. WPA/WPA2 Password cracking - use EWSA and Miniweip

---- Or use minidwep-gtk, Encryption mode selection WPA/WPA2, Then select L start-up . As long as there is wifi User access and data flow , You will find it WPA Handshake bag . It will be embedded in the graphics card to run the password , So the speed is relatively fast .

----EWSA The usage of is to import the handshake package ( from minidwep-gtk Obtained in the software ), Then create a new dictionary option , Load one cpu Dictionary , Can run out of the password . If there is no handshake, the package will not work .

3. WPS Password cracking of vulnerability - use Reaver Exhaustively PIN

Some routers are set to QSS Function on , Used directly by others PIN Code connection . This is also easier to crack . Direct use minidwep-gtk The tool scans the tail patch with wps Account of , Then select reaver Give the password to ping come out .

 WiFi Intranet Penetration

         Crack hidden SSID hotspot

         bypass MAC Filter limits

         bypass DHCP Turn off restrictions

         Wireless bridging solves the weakness of new numbers

         LAN traffic speed limit

        MITM Intermediary penetration to achieve account acquisition

         Phishing website realizes account acquisition

         Wireless router password burst

 WiFi Security defense 15 Rules and regulations

©2019-2020 Toolsou All rights reserved,
Solve in servlet The Chinese output in is a question mark C String function and character function in language MySQL management 35 A small coup optimization Java performance —— Concise article Seven sorting algorithms (java code ) use Ansible Batch deployment SSH Password free login to remote host according to excel generate create Build table SQL sentence Spring Source code series ( sixteen )Spring merge BeanDefinition Principle of Virtual machine installation Linux course What are the common exception classes ?