标签:prot tap eset 医院 byte gray log dea reset
0x01 起因
前段时间一个好基友找我,跟我说想跟一个心仪很久的女孩表白,想让我给他整一个高大上的表白方式,
基友脱单当然是力挺啊,我就想到了现代人不可缺少的WiFi,但是按照普通的教程,钓鱼WiFi只能搭建一个
既然是表白这种事情,当然要越震撼越好啊,百度了一番之后,我找到了最终合适的工具 - mdk3
0x02 简介
MDK3 是一款无线DOS 攻击测试工具,能够发起Beacon Flood、Authentication DoS、Deauthentication/Disassociation Amok 等模式的攻击,
另外它还具有针对隐藏ESSID 的暴力探测模式、802.1X 渗透测试、WIDS干扰等功能,可以说是WiFi攻击中比较实用的一款工具了,
今天我们的目标是:建立大量垃圾WiFi来给嫂子表白(为什么用嫂子这个词不多解释)
我们先来简单了解一下md3的一些命令,打开终端,输入mdk3 --help
root@kali-linux:~# mdk3 --help
MDK 3.0 v6 - "Yeah, well, whatever"
by ASPj of k2wrlz, using the osdep library from aircrack-ng
And with lots of help from the great aircrack-ng community:
Antragon, moongray, Ace, Zero_Chaos, Hirte, thefkboss, ducttape,
telek0miker, Le_Vert, sorbo, Andy Green, bahathir and Dawid Gajownik
THANK YOU!
MDK is a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses.
IMPORTANT: It is your responsibility to make sure you have permission from the
network owner before running MDK against it.
This code is licenced under the GPLv2
MDK USAGE:
mdk3 <interface> <test_mode> [test_options]
Try mdk3 --fullhelp for all test options
Try mdk3 --help <test_mode> for info about one test only
TEST MODES:
b - Beacon Flood Mode
Sends beacon frames to show fake APs at clients.
This can sometimes crash network scanners and even drivers!
a - Authentication DoS mode
Sends authentication frames to all APs found in range.
Too much clients freeze or reset some APs.
p - Basic probing and ESSID Bruteforce mode
Probes AP and check for answer, useful for checking if SSID has
been correctly decloaked or if AP is in your adaptors sending range
SSID Bruteforcing is also possible with this test mode.
d - Deauthentication / Disassociation Amok Mode
Kicks everybody found from AP
m - Michael shutdown exploitation (TKIP)
Cancels all traffic continuously
x - 802.1X tests
w - WIDS/WIPS Confusion
Confuse/Abuse Intrusion Detection and Prevention Systems
f - MAC filter bruteforce mode
This test uses a list of known client MAC Addresses and tries to
authenticate them to the given AP while dynamically changing
its response timeout for best performance. It currently works only
on APs who deny an open authentication request properly
g - WPA Downgrade test
deauthenticates Stations and APs sending WPA encrypted packets.
With this test you can check if the sysadmin will try setting his
network to WEP or disable encryption.
好吧,其实有简化版本的说明,不过留着上面的一大段英文显得笔者逼格比较高
mdk3 mon b -n <ssid> //自定义ESSID -f <filename> //读取ESSID列表文件 -v <filename> //自定义ESSID和BSSID对应列表文字 -d //自定义为Ad-Hoc模式 -w //自定义为wep模式 -g //54Mbit模式 -t //WPA TKIP encryption -a //WPA AES encryption -m //读取数据库Mac地址 -c <chan> //自定义信道 -s <pps> //发包速率
以上便是我们今天要用到mdk3 B类型攻击方式的常用参数了,我们接下来开始表白之旅
0x03 表白
首先我们先开启网卡监听模式:
airmon-ng start wlan0<无线网卡名称>
这里我的无线网卡名称是wlan0,大家需要根据自己无线网卡的名称更改
然后我们输入ifconfig查看网卡是否开启了监听模式,即查看网卡名后是否增加了mon
root@kali-linux:~# ifconfig wlan0mon: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 unspec 60-57-18-BD-94-99-30-30-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC) RX packets 59 bytes 6198 (6.0 KiB) RX errors 0 dropped 59 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
这里可以看到我们的网卡已经开启监听模式了
然后我们就要先在一个文本罗列出一个垃圾WiFi的名称
我们在根目录下写入一个文本:
leafpad wifiname
然后我在wifiname这个文本中写入了表白的内容,之后Ctrl+S保存文件
PS:这里要注意,我们自定义的WiFi名称不能重复,否则只会建立一个WiFi,最好的解决方法是在名称后面加上数字,比如,我爱你1,我爱你2等等,其次每输入好一个WiFi名称后需要回车,在第二行输入第二个WiFi名称,否则这些名称就会挤在一个WiFi名称中
之后我们开始表白:
mdk3 wlan0mon b -c 6 -s 1000 -f ./wifinam //wlan0mon -->开启监听模式的无线网卡名称 //b -->mdk3工具B型攻击 //-c 6 -->向信频6发送大量SSID //-s 1000 -->向这个信频每秒广播1000个数据 //-f ./wifiname -->自定义WiFi名称(即SSID)文件路径
然后我们稍等片刻,打开手机检测WiFi就能看到我们的表白信息了
当然,这次基友的表白结果当然是被我占了风头,那个妹子要走了我的手机号。。。。。。
所以现在我是在医院的病床上单手打字,旁边一个凶汉一脸愤怒的盯着我= =
标签:prot tap eset 医院 byte gray log dea reset
原文地址:http://www.cnblogs.com/superye/p/7380974.html