An rubuta wannan labarin don dalilai na bayanai da bincike kawai. Muna roƙon ku da ku bi ka'idodin hanyar sadarwa da doka, kuma koyaushe ku tuna tsaro na bayanai.
Gabatarwar
A farkon shekarun 1990, lokacin da Wi-Fi ta fara bayyana, an ƙirƙiri Wired Equivalent Privacy algorithm, wanda ya kamata ya tabbatar da sirrin hanyoyin sadarwar Wi-Fi. Duk da haka, WEP ya tabbatar da zama algorithm na tsaro mara inganci wanda ke da sauƙin hack.
An maye gurbin shi da sabon Wi-Fi Kare Kariyar Access II algorithm, wanda yawancin wuraren samun Wi-Fi ke amfani dashi a yau. WPA2 yana amfani da algorithm boye-boye, AES, wanda yake da matukar wahala a fashe.
Ina rashin lafiyar?
Rashin amfanin WPA2 shine rufaffen kalmar sirri ana watsa shi lokacin da masu amfani suka haɗa lokacin abin da ake kira musafaha-hanyoyi 4. Idan muka kama musafaha, za mu san rufaffen kalmar sirri kuma duk abin da za mu yi shi ne yanke shi. Don wannan dalili za mu yi amfani da aircrack-ng.
To yaya ake yin hack?
Mataki 1. ayyana dubawa
Da farko muna buƙatar gano abin da cibiyar sadarwa ke buƙata, don yin wannan mun shigar da umarni:
$ ifconfigMuna samun amsar:
eth0 no wireless extensions.
wlan0 IEEE 802.11abgn ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=15 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
lo no wireless extensionsA cikin yanayina, akwai musaya guda uku kawai, biyu daga cikinsu ba su da kari na waya. Saboda haka, muna sha'awar wlan0 kawai.
Mataki 2. Saka adaftar cibiyar sadarwa cikin yanayin saka idanu
Sanya adaftar hanyar sadarwa zuwa yanayin sa ido zai ba mu damar ganin zirga-zirgar mara waya ta zo kusa da mu. Don yin wannan, shigar da umarni:
$ airmon-ng start wlan0Da fatan za a lura cewa airmon-ng ya sake sanya masa suna (nawa yanzu mon0, amma yakamata ku duba).
Mataki 3. Tsare zirga-zirga
Yanzu da adaftar hanyar sadarwar mu tana cikin yanayin sa ido, za mu iya kama zirga-zirgar da ke wuce mu ta amfani da umarnin airodump-ng. Shiga:
$ airodump-ng mon0 
Lura cewa duk wuraren samun damar gani ana jera su a saman allon, kuma ana jera abokan ciniki a kasan allon.
Mataki 4. Mai da hankali kan tsaka-tsaki akan takamaiman wurin shiga.
Mataki na gaba shine mu mai da hankali kan ƙoƙarinmu akan ɗayan wuraren shiga da tasharsa. Muna sha'awar BSSID da lambar tashar tashar shiga da za mu yi hack. Mu bude wani tasha mu shiga:
$ airodump-ng --bssid 08:86:30:74:22:76 -c 6 -w WPAcrack mon0 
- 08:86:30:74:22:76 BSSID na wurin shiga
- -c channel 6 wanda wurin shiga Wi-Fi ke aiki
- WPAcrack fayil wanda za a yi rikodin musafaha
- mon0 adaftar cibiyar sadarwa a yanayin sa ido
Kamar yadda kuke gani a cikin hoton da ke sama, yanzu muna mai da hankali kan ɗaukar bayanai daga wurin samun dama tare da ESSID Belkin276 akan tashar 6. Mun bar tashar a buɗe!
Mataki 5. Karbar musafaha
Don kama kalmar sirrin da aka rufaffen, muna buƙatar abokin ciniki ya zama ingantattun (haɗe da Wi-Fi). Idan an riga an tabbatar da shi, za mu iya cire shi (disconnect), to tsarin zai sake tabbatarwa ta atomatik (connect), wanda zai sa mu sami damar samun rufaffen kalmar sirri.
Wato kawai muna buƙatar cire haɗin masu amfani da haɗin gwiwa don su sake haɗawa. Don yin wannan, buɗe wani tasha kuma shigar:
$ aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0 
- Adadin masu amfani 100 da za a soke su
- 08:86:30:74:22:76 BSSID na wurin shiga
- mon0 adaftar cibiyar sadarwa
Yanzu, lokacin da kuka sake haɗawa, taga da muka bari a mataki na baya zai kama musafaha. Mu koma tashar mu airodump-ng mu duba.
Sanarwa a saman layi na dama, fitarwa airodump-ng: "Handshake WPA". Wato mun yi nasarar kama kalmar sirrin da aka rufaffen! Wannan shine matakin farko na nasara!
Mataki 6. Zaɓi kalmar sirri
Yanzu da muke da rufaffen kalmar sirri a cikin fayil ɗin WPACrack ɗin mu, zamu iya gudanar da tantance kalmar sirri. Amma don wannan muna buƙatar samun jerin kalmomin shiga da muke son amfani da su. Kuna iya samun irin wannan jerin a cikin mintuna 5 akan Google. Zan, duk da haka, yi amfani da tsohuwar lissafin kalmar sirri da aka haɗa a cikin aircrack-ng: BackTrack darkcOde.
Bude sabon tasha kuma shigar:
$ aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de 
- WPACrack-01.cap fayil wanda muka yi rikodin musafiha (airodump-ng ƙara -01.cap a ƙarshe)
- /pentest/passwords/wordlist/darkc0de cikakkiyar hanya zuwa lissafin kalmar sirri
Ze dau wani irin lokaci?
Wannan tsari na iya ɗaukar lokaci mai tsawo. Duk ya dogara da tsawon lissafin kalmar sirrinku, zaku iya jira daga ƴan mintuna zuwa ƴan kwanaki. A kan na'ura mai sarrafa dual-core Intel na, aircrack-ng yana hasashen sama da kalmomin shiga 800 a sakan daya.
Lokacin da aka samo kalmar sirri, zai bayyana akan allonka. Ko hasashen kalmar sirri ta yi nasara ko a'a ya dogara da lissafin ku. Idan ba za ku iya tantance kalmar sirri ta amfani da jeri ɗaya ba, kada ku yanke ƙauna, gwada wani.
Tips don amfani
- Wannan nau'in harin yana da tasiri don tantance kalmar sirri daga jeri, amma ba shi da amfani ga zato bazuwar. Yana da duk game da lokaci. Idan Wi-Fi tana da matsakaicin kalmar sirri na haruffan Latin da lambobi, zaɓin bazuwar zai ɗauki shekaru da yawa.
- Lokacin zabar lissafin kalmar sirri, tabbatar da la'akari da abubuwan yanki. Misali, babu ma'ana a yin zaɓi a gidan abinci na Paris ta amfani da jerin kalmomin shiga na Rasha.
- Idan kuna shiga cikin gida Wi-Fi, to gwada gano kowane bayanan sirri na wanda aka azabtar (sunan farko, sunan karshe, ranar haihuwa, sunan kare, da sauransu) kuma samar da ƙarin jerin kalmomin shiga daga wannan bayanan.
- Bayan kun kama musafaha, musaki airreplay-ng (kada ku sa masu amfani da talakawa wahala).
source: www.habr.com
