Assalamu alaikum. A cikin tsammanin fara karatun Mun shirya muku fassarar labari mai ban sha'awa.
Koyarwar ta yau za ta bi ku ta hanyoyin farawa da kunshin jirgin sama-ng. Tabbas, ba shi yiwuwa a samar da duk mahimman bayanai da rufe kowane yanayi. Don haka ku kasance cikin shiri don yin aikin gida da bincike da kanku. Kunna da kuma cikin Akwai ƙarin ƙarin koyawa da sauran bayanai masu amfani.
Ko da yake ba ya rufe duk matakai daga farko zuwa ƙarshe, jagorar ya bayyana dalla-dalla da aikin tare da jirgin sama-ng.
Saita kayan aiki, shigar da Aircrack-ng
Mataki na farko na tabbatar da aiki mai kyau jirgin sama-ng akan tsarin Linux ɗin ku shine faci da shigar da direban da ya dace don katin sadarwar ku. Yawancin katunan suna aiki tare da direbobi masu yawa, wasu daga cikinsu suna ba da aikin da ya dace don amfani jirgin sama-ng, wasu ba sa.
Ina tsammanin yana tafiya ba tare da faɗi cewa kuna buƙatar katin sadarwar da ya dace da kunshin ba jirgin sama-ng. Wato, kayan aikin da suka dace sosai kuma suna iya aiwatar da allurar fakiti. Yin amfani da katin cibiyar sadarwa mai jituwa, zaku iya hacking wurin shiga mara waya cikin ƙasa da awa ɗaya.
Don tantance nau'in nau'in katin ku, duba shafin . Karanta , idan ba ku san yadda ake rike teburin ba. Koyaya, wannan ba zai hana ku karanta littafin ba, wanda zai taimaka muku koyon sabon abu kuma ku tabbatar da wasu kaddarorin katin ku.
Da farko, kuna buƙatar sanin abin da chipset katin sadarwar ku ke amfani da shi da kuma wane direba za ku buƙaci don shi. Kuna buƙatar ƙayyade wannan ta amfani da bayanin da ke cikin sakin layi na sama. A cikin babi za ku gano direbobin da kuke buƙata.
Sanya aircrack-ng
Ana iya samun sabon sigar aircrack-ng daga , ko kuma kuna iya amfani da rarraba gwajin shiga kamar Kali Linux ko Pentoo, wanda ke da sabon sigar jirgin sama-ng.
Don shigar da aircrack-ng koma zuwa .
IEEE 802.11 Tushen
To, yanzu da mun gama shiri, lokaci ya yi da za mu tsaya kafin mu fara koyan abu ɗaya ko biyu game da yadda hanyoyin sadarwa mara waya ke aiki.
Bangare na gaba yana da mahimmanci a fahimta don ku iya gano shi idan wani abu bai yi aiki kamar yadda ake tsammani ba. Fahimtar yadda duk ke aiki zai taimaka maka gano matsalar, ko aƙalla kwatanta ta daidai don wani ya taimake ka. Abubuwa sun ɗan ɗanɗana a nan kuma kuna iya tsallake wannan ɓangaren. Duk da haka, hacking mara waya ta networks na bukatar kadan ilimi, don haka kutse ba kadan fiye kawai buga umarni daya da barin aircrack yi maka.
Yadda ake nemo hanyar sadarwa mara waya
Wannan bangare taƙaitaccen gabatarwa ne ga hanyoyin sadarwa da ake gudanarwa waɗanda ke aiki tare da wuraren shiga (AP). Kowane wurin shiga yana aika kusan 10 abin da ake kira firam ɗin tashoshi a sakan daya. Waɗannan fakitin sun ƙunshi bayanai masu zuwa:
- Sunan hanyar sadarwa (ESSID);
- Ko an yi amfani da boye-boye (da kuma abin da ake amfani da ɓoyayyen ɓoye, amma lura cewa wannan bayanin ƙila ba gaskiya ba ne kawai saboda wurin shiga ya ba da rahotonsa);
- Wadanne kudaden canja wurin bayanai ake tallafawa (a cikin MBit);
- Wace tasha ce cibiyar sadarwa?
Wannan bayanin ne aka nuna a cikin kayan aiki wanda ke haɗa musamman zuwa wannan hanyar sadarwa. Yana bayyana lokacin da ka ƙyale katin don duba cibiyoyin sadarwa ta amfani da shi iwlist <interface> scan
Kowane wurin shiga yana da adireshin MAC na musamman (bits 48, nau'i-nau'i hex 6). Yana kama da wani abu kamar haka: 00:01:23:4A:BC: DE. Kowace na'ura na cibiyar sadarwa tana da irin wannan adireshin, kuma na'urorin sadarwar suna sadarwa da juna ta amfani da su. Don haka nau'in suna ne na musamman. Adireshin MAC na musamman ne kuma babu na'urori biyu masu adireshin MAC iri ɗaya.
Haɗawa zuwa cibiyar sadarwa
Akwai zaɓuɓɓuka da yawa don haɗawa zuwa cibiyar sadarwar mara waya. A mafi yawan lokuta, Buɗe Tsarin Tabbatarwa ana amfani da shi. (Na zaɓi: Idan kuna son ƙarin koyo game da tantancewa, .)
Buɗe Tabbatar da Tsari:
- Buƙatun ingantaccen wurin samun dama;
- Wurin shiga yana amsawa: Ok, an tabbatar da ku.
- Yana buƙatar ƙungiyar hanyar shiga;
- Wurin shiga yana amsawa: Ok, an haɗa ku.
Wannan shine lamarin mafi sauƙi, amma matsaloli suna tasowa lokacin da ba ku da haƙƙin shiga saboda:
- Yana amfani da WPA/WPA2 kuma kuna buƙatar amincin APOL. Wurin shiga zai ƙi a mataki na biyu.
- Wurin shiga yana da jerin sunayen abokan ciniki da aka yarda (adiresoshin MAC) kuma ba zai ƙyale wani ya haɗa ba. Wannan shi ake kira MAC tacewa.
- Wurin shiga yana amfani da Tabbatar da Maɓalli Mai Rabawa, ma'ana kana buƙatar samar da madaidaicin maɓallin WEP don haɗawa. (Duba sashe don ƙarin bayani game da shi)
Sauƙaƙan shaka da hacking
Gano hanyar sadarwa
Abu na farko da za a yi shi ne nemo manufa mai yuwuwa. Kunshin aircrack-ng yana da shi don wannan , amma kuna iya amfani da wasu shirye-shirye kamar, misali, .
Kafin neman hanyoyin sadarwa, dole ne ka canza katin ka zuwa abin da ake kira "yanayin kulawa". Yanayin saka idanu yanayi ne na musamman wanda ke ba kwamfutarka damar sauraron fakitin cibiyar sadarwa. Wannan yanayin kuma yana ba da damar yin allura. Za mu yi magana game da allura na gaba.
Don saka katin cibiyar sadarwa cikin yanayin sa ido, yi amfani :
airmon-ng start wlan0Ta wannan hanyar za ku ƙirƙiri wani wurin dubawa kuma ku ƙara zuwa gare shi "mon"... Don haka, wlan0 zai zama wuta 0mon. Don bincika idan katin cibiyar sadarwa yana cikin yanayin sa ido, gudu iwconfig kuma ga kanku.
Sa'an nan, gudu don nemo hanyoyin sadarwa:
airodump-ng wlan0monidan airdump-ng baza'a iya haɗawa da na'urar WLAN ba, zaku ga wani abu kamar haka:
yana tsalle daga tashar zuwa tashar kuma yana nuna duk wuraren shiga daga inda yake karɓar tashoshi. Ana amfani da tashoshi 1 zuwa 14 don ma'auni 802.11 b da g (a Amurka kawai 1 zuwa 11 an yarda; a Turai 1 zuwa 13 tare da wasu keɓancewa; a Japan 1 zuwa 14). 802.11a yana aiki a cikin rukunin 5 GHz, kuma samuwarta ya bambanta daga ƙasa zuwa ƙasa fiye da na rukunin 2,4 GHz. Gabaɗaya, sanannun tashoshi suna farawa daga 36 (32 a wasu ƙasashe) zuwa 64 (68 a wasu ƙasashe) kuma daga 96 zuwa 165. Kuna iya samun ƙarin cikakkun bayanai akan samun tashoshi akan Wikipedia. A cikin Linux, yana kula da ƙyale/ƙin watsawa akan takamaiman tashoshi don ƙasarku ; duk da haka, dole ne a daidaita shi yadda ya kamata.
Ana nuna tashar ta yanzu a kusurwar hagu na sama.
Bayan ɗan lokaci za a sami wuraren shiga da (da fatan) wasu abokan ciniki da ke da alaƙa da su.
Babban toshe yana nuna wuraren shiga da aka gano:
bssid
Mac address na hanyar shiga
pwr
ingancin sigina lokacin da aka zaɓi tashar
pwr
ƙarfin sigina. wasu direbobi ba sa kai rahoto.
beacons
adadin tashoshi da aka samu. idan ba ku da alamar ƙarfin sigina, kuna iya auna ta a cikin tashoshi: ƙarin tashoshi, mafi kyawun siginar.
data
adadin firam ɗin bayanai da aka karɓa
ch
tashar da wurin shiga ke aiki
mb
gudun ko yanayin wurin shiga. 11 tsantsa ne 802.11b, 54 tsantsar 802.11g. dabi'un da ke tsakanin su biyun cakude ne.
enc
boye-boye: opn: babu boye-boye, wep: rufa-rufa, wpa: wpa ko wpa2, kuka?: kuka ko wpa (har yanzu ba a bayyana ba)
ainihi
sunan cibiyar sadarwa, wani lokacin boye
Tushen ƙasa yana nuna abokan cinikin da aka gano:
bssid
adireshin mac wanda abokin ciniki ke da alaƙa da wannan hanyar shiga
tashar
adireshin mac na abokin ciniki kanta
pwr
ƙarfin sigina. wasu direbobi ba sa kai rahoto.
fakitoci
adadin firam ɗin bayanai da aka karɓa
bincike
sunayen cibiyar sadarwa (essids) waɗanda wannan abokin ciniki ya riga ya gwada
Yanzu kana buƙatar saka idanu cibiyar sadarwar da aka yi niyya. Aƙalla abokin ciniki ɗaya dole ne a haɗa shi da shi, tunda hacking networks ba tare da abokan ciniki ba abu ne mai rikitarwa (duba sashe ). Dole ne ya yi amfani da ɓoyayyen WEP kuma yana da sigina mai kyau. Kuna iya canza matsayin eriya don inganta liyafar sigina. Wani lokaci ƴan santimita na iya zama yanke hukunci don ƙarfin sigina.
A cikin misalin da ke sama akwai hanyar sadarwa 00:01:02:03:04:05. Ya juya ya zama manufa daya tilo, tunda ita kadai ce aka haɗa da abokin ciniki. Hakanan yana da sigina mai kyau, yana mai da shi manufa mai dacewa don aiki.
Shakatawa Initialization Vectors
Saboda hanyar haɗe-haɗe, ba za ku kama duk fakiti daga cibiyar sadarwar da aka yi niyya ba. Don haka, muna so mu saurari tashoshi ɗaya kawai kuma mu rubuta duk bayanan a cikin faifai, don mu iya amfani da su don kutse:
airodump-ng -c 11 --bssid 00:01:02:03:04:05 -w dump wlan0mon Amfani da siga -с ka zabi tashar da siga bayan -w prefix ne don jujjuyawar hanyar sadarwa da aka rubuta zuwa faifai. Tuta –bssid tare da adireshin MAC na wurin shiga, yana iyakance fakitin da aka karɓa zuwa wurin shiga guda ɗaya. Tuta –bssid samuwa kawai a cikin sababbin iri airdump-ng.
Kafin fashe WEP, kuna buƙatar tsakanin 40 zuwa 000 daban-daban Initialization Vectors (IV). Kowane fakitin bayanai yana ƙunshe da vector farawa. Za a iya sake amfani da su, don haka adadin ƙwayoyin cuta yawanci yakan yi ƙasa da adadin fakitin da aka kama.
Don haka za ku jira don kama fakitin bayanai 40k zuwa 85k (tare da IV). Idan cibiyar sadarwa ba ta aiki, wannan zai ɗauki lokaci mai tsawo. Kuna iya hanzarta wannan tsari ta amfani da hari mai aiki (ko harin sake kunnawa). Za mu yi magana a kansu a kashi na gaba.
Hacking
Idan kun riga kuna da isassun ɓangarorin IV da aka adana a cikin fayiloli ɗaya ko fiye, kuna iya ƙoƙarin fashe maɓallin WEP:
aircrack-ng -b 00:01:02:03:04:05 dump-01.cap MAC adireshin bayan tuta -b shine BSSID na manufa, kuma dump-01.cap fayil ne mai kunshe da fakitin da aka kama. Kuna iya amfani da fayiloli da yawa, kawai ƙara duk sunaye zuwa umarnin ko amfani da kati, misali dump*.cap.
Ƙarin bayani game da sigogi , fitarwa da amfani da za ku iya samu daga .
Adadin faifan farawa da ake buƙata don fashe maɓalli bashi da iyaka. Wannan yana faruwa ne saboda wasu ƙwayoyin cuta sun fi rauni kuma sun rasa mahimman bayanai fiye da wasu. Yawancin lokaci waɗannan ƙwayoyin farawa suna haɗuwa da waɗanda suka fi ƙarfi. Don haka idan kun yi sa'a, zaku iya fashe maɓalli tare da kawai 20 IVs. Duk da haka, sau da yawa wannan bai isa ba. jirgin sama-ng na iya yin aiki na dogon lokaci (sati ɗaya ko fiye idan kuskuren ya yi yawa) sannan ya gaya muku cewa ba za a iya tsattsage maɓallin ba. Da yawan abubuwan farawa da kuke da shi, saurin hack ɗin na iya faruwa kuma yawanci yana yin haka cikin 'yan mintuna ko ma daƙiƙa. Kwarewa ta nuna cewa 40 - 000 vector sun isa yin kutse.
Akwai ƙarin wuraren samun ci gaba waɗanda ke amfani da algorithms na musamman don tace IVs masu rauni. Sakamakon haka, ba za ku iya samun fiye da N vectors daga wurin shiga ba, ko kuma kuna buƙatar miliyoyin vectors (misali, miliyan 5-7) don fashe maɓallin. Za ka iya abin da za a yi a irin waɗannan lokuta.
Hare-hare masu aiki
Yawancin na'urori ba sa goyan bayan allura, aƙalla ba tare da facin direbobi ba. Wasu kawai suna tallafawa wasu hare-hare. Yi magana da kuma dubi ginshiƙi wasan iska. Wani lokaci wannan tebur ba ya samar da bayanai na zamani, don haka idan kun ga kalmar "A'A" sabanin direban ku, kada ku damu, amma ku duba shafin gidan direba, jerin wasikun direba a kunne. . Idan kun sami nasarar sake kunnawa tare da direban da ba a haɗa shi cikin jerin da aka goyan baya ba, jin daɗin bayar da shawarar canje-canje akan shafin tebur ɗin daidaitawa kuma ƙara hanyar haɗi zuwa jagorar farawa mai sauri. (Don yin wannan, kuna buƙatar buƙatar asusun wiki akan IRC.)
Da farko kana buƙatar tabbatar cewa allurar fakiti da gaske tana aiki tare da katin sadarwarka da direba. Hanya mafi sauƙi don bincika ita ce gudanar da harin allurar gwaji. Tabbatar kun ci wannan gwajin kafin ci gaba. Dole ne katin ku ya sami damar yin allura domin ku kammala waɗannan matakai.
Kuna buƙatar BSSID (adireshin MAC na wurin shiga) da ESSID (sunan hanyar sadarwa) na wurin shiga wanda baya tace ta adireshin MAC (kamar naku) kuma yana cikin kewayon da ake samu.
Gwada haɗawa zuwa wurin shiga ta amfani da :
aireplay-ng --fakeauth 0 -e "your network ESSID" -a 00:01:02:03:04:05 wlan0mon Ma'ana bayan -а zai zama BSSID na wurin shiga ku.
Allurar ta yi aiki idan kun ga wani abu kamar haka:
12:14:06 Sending Authentication Request
12:14:06 Authentication successful
12:14:06 Sending Association Request
12:14:07 Association successful :-)Idan ba haka ba:
- Bincika sau biyu daidaitattun ESSID da BSSID;
- Tabbatar cewa an kashe tace adireshin MAC akan wurin samun damar ku;
- Gwada irin wannan akan wani wurin shiga;
- Tabbatar cewa an daidaita direban ku da kyau kuma yana tallafawa;
- Maimakon "0" gwada "6000 -o 1 -q 10".
Maimaitawar ARP
Yanzu da muka san cewa allurar fakiti tana aiki, za mu iya yin wani abu da zai hanzarta shiga tsakani IVs: harin allura. .
Babban ra'ayi
A cikin sauƙi, ARP yana aiki ta hanyar watsa buƙatun zuwa adireshin IP, kuma na'urar da ke da adireshin IP ɗin tana mayar da martani. Tunda WEP ba ta karewa daga sake kunnawa, zaku iya shakar fakiti kuma ku sake aika shi akai-akai muddin yana da inganci. Don haka, kawai kuna buƙatar kutsawa da sake kunna buƙatar ARP da aka aika zuwa wurin samun dama don samar da zirga-zirga (da samun IVs).
Hanyar kasala
Da farko bude taga da airdump-ng, wanda zai shaka zirga-zirga (duba sama). Airplay-ng и airdump-ng iya aiki lokaci guda. Jira abokin ciniki ya bayyana akan hanyar sadarwar da aka yi niyya kuma fara harin:
aireplay-ng --arpreplay -b 00:01:02:03:04:05 -h 00:04:05:06:07:08 wlan0mon-b yana nuna BSSID, -h zuwa adireshin MAC na abokin ciniki da aka haɗa.
Yanzu kuna buƙatar jira fakitin ARP ya zo. Yawancin lokaci kuna buƙatar jira 'yan mintuna kaɗan (ko karanta labarin gaba).
Idan kun yi sa'a, za ku ga wani abu kamar haka:
Saving ARP requests in replay_arp-0627-121526.cap
You must also start airodump to capture replies.
Read 2493 packets (got 1 ARP requests), sent 1305 packets...Idan kuna buƙatar dakatar da wasa, ba lallai ne ku jira fakitin ARP na gaba ya zo ba, kuna iya amfani da fakitin da aka kama a baya ta amfani da siga. -r <filename>
Lokacin amfani da allurar ARP, zaku iya amfani da hanyar PTW don fashe maɓallin WEP. Yana da mahimmanci rage yawan adadin fakitin da ake buƙata, kuma tare da su lokacin fashe. Kuna buƙatar ɗaukar cikakken fakiti da airdump-ng, wato, kar a yi amfani da zaɓin “--ivs” lokacin aiwatar da umarnin. Domin jirgin sama-ng amfani “aircrack -z <file name>”
Idan adadin fakitin bayanai da aka karɓa airdump-ng yana daina ƙaruwa, ƙila ka rage saurin sake kunnawa. Yi wannan tare da siga -x <packets per second>
M hanya
Yawancin tsarin aiki suna share cache na ARP lokacin rufewa. Idan suna buƙatar aika fakiti na gaba bayan sun sake haɗawa (ko amfani da DHCP kawai), suna aika buƙatar ARP. A matsayin sakamako na gefe, zaku iya shaƙa ESSID da yuwuwar maɓalli yayin sake haɗawa. Wannan ya dace idan ESSID na makasudin ku yana ɓoye ko kuma idan yana amfani da ingantaccen maɓalli.
Bari airdump-ng и airplay-ng suna aiki. Bude wani taga kuma gudu :
Yana da -a - wannan shine BSSID na wurin shiga, -с adireshin MAC na abokin ciniki da aka zaɓa.
Jira 'yan dakiku kuma sake kunnawa ARP zai yi aiki.
Yawancin abokan ciniki suna ƙoƙarin sake haɗawa ta atomatik. Amma hadarin wani ya gane wannan harin, ko kuma a kalla ya kula da abin da ke faruwa a kan WLAN, ya fi sauran hare-haren.
Ƙarin kayan aiki da bayanai game da su, ku .
source: www.habr.com