AWUS036ACH,似乎不再注入数据包

tag-icon tag-icon wifi kali-linux
AWUS036ACH,似乎不再注入数据包

我使用的是 MacBook Pro 2018,并使用以下方式安装了 AWUS036ACH Wifi 驱动程序:

apt-get update
apt-get install realtek-rtl88xxau--dkms

我再次运行操作系统并重新连接我的设备(由于 Thunderbolt 插座,我使用 USB 集线器)并运行了一系列测试。

它似乎工作了一秒钟,进行了注射,然后灯灭了,此后就停止工作了。

我看到它仍然处于连接状态,但似乎不再注入数据包。

    root@kali:~# iwconfig

wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.



root@kali:~# airmon-ng check kill

Killing these processes:

  PID Name
  706 wpa_supplicant



root@kali:~# airmon-ng start wlan0


PHY Interface   Driver      Chipset

phy0    wlan0       88XXau      Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac WLAN Adapter
 (monitor mode enabled)



root@kali:~# iwconfig

wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.


root@kali:~# aireplay-ng -9 wlan0

19:25:43  Trying broadcast probe requests...
19:25:44  Injection is working!
19:25:45  Found 1 AP 

19:25:45  Trying directed probe requests...
19:25:45  A0:04:60:1E:42:B3 - channel: 9 - 'SLOWWOLFJACK'
19:25:46  Ping (min/avg/max): 1.777ms/6.663ms/22.185ms Power: -40.46
19:25:46  26/30:  86%

root@kali:~# airodump-ng wlan   CH 13 ][ Elapsed: 6 s ][ 2019-03-02 19:26                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 CH 12 ][ Elapsed: 1 min ][ 2019-03-02 19:27                                                       

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSIDAR21                

 A0:04:60:1E:42:B3  -41       64       17    0   9  720  WPA2 CCMP   PSK  SLOWWOLFJACK             
 CC:40:D0:7F:D0:C2  -44      102      104    0   4  195  WPA2 CCMP   PSK  NETGEAR21                
                                                                                                    BSSID              STATION            PWR   Rate    Lost    Frames  Probe                        
                                                                                                    (not associated)   30:8C:FB:05:9E:F6  -33    0 - 1      0        4  NETGEAR21                     
 (not associated)   7C:2E:BD:62:F9:52  -35    0 - 1      0       27  NETGEAR21                      (not associated)   00:00:48:60:CC:77  -41    0 - 1     48       79  NETGEAR77                     
 CC:40:D0:7F:D0:C2  8C:85:90:34:72:10    0    0e- 0e   980       87  NETGEAR21                     
 CC:40:D0:7F:D0:C2  2C:AA:8E:09:BA:AA  -39    0e- 1      3       14                                
 CC:40:D0:7F:D0:C2  64:EB:8C:7B:D4:D7  -45    0 -24      0        3                                
 CC:40:D0:7F:D0:C2  74:81:14:A5:EE:E0  -54    1e-24      0        2                                
 CC:40:D0:7F:D0:C2  2C:AA:8E:09:1A:C1  -55    0e- 1e     0       17                                

root@kali:~# aireplay-ng -9 wlan0
19:27:13  Trying broadcast probe requests...
19:27:15  No Answer...
19:27:15  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:18  Trying broadcast probe requests...
19:27:20  No Answer...
19:27:20  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:21  Trying broadcast probe requests...
19:27:23  No Answer...
19:27:23  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:23  Trying broadcast probe requests...
19:27:25  No Answer...
19:27:25  Found 0 APs

root@kali:~# iwconfig

    wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.467 GHz  Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.

答案1

您首先向我们展示了该无线芯片组能够注入数据包。唉,我敢打赌,如果逐字重复这个过程(不容易),它也会以同样的方式运行。

我认为问题应该更多是“为什么它在使用后停止注入数据包airodump”? (而不是“Wifi 无法工作”……很抱歉因为提出了一个观点而鞭打死马,但请继续阅读)

众所周知,在监控模式下使用 Alfa AWUS036ACH WiFi 芯片组时,必须手动更改 WiFi 通道。

因此,在本次会话中,iwconfig您从输出开始收听通道 10 (2.457 GHz)。

要么是缺少一个步骤,要么是因为通道 9 与通道 10 的范围重叠而检测到通道 9 中的 BSSID/接入点,所以第一个aireplay成功。

在下一步中,airodump使用更改了频道(多次),并留在出口处,wlan0监视频道 12 (2.467 GHz)。

随后,aireplay注入测试不再起作用,因为附近没有在通道 12 上工作的 AP。

这可以通过消息“找到 0 个 AP”以及输出airodump(看到 2 个 AP,通道 9 和 4)来双重确认。

TLDR 当处于监视模式时,airodump被编码用于自行更改频道以进行扫描。反之,使用前aireplay需要更换频道手动当使用 AWUS036ACH 芯片组时,在 Wifi 芯片组中连接到有 AP 的通道。

我还在 Ubuntu 论坛中找到了一个用于更改监视模式通道的脚本无法更改 wlan0 固定频道

#!/bin/bash
# this script is to change the channel of the wireless card to the one specified, then puts it in monitor mode.
# make sure you uncheck enable wireless in nm-applet before continuing (this script will have no effect otherwise)
# note that if you are using airmon-ng you may want to manually remove all of the monitor devices it has created. (you don't need them)
# to do this run "airmon-ng stop mon0" and if you had more then run "airmon-ng stop mon1" etc.

# this script has undefined consequences if the commands fail (no error checking)
# it would be good idea to run each of the commands listed here separately to make sure they all work before making use of this script
# note that this is just sequence of commands which I would normally run manually on my system, they may not work on yours.
# also you need to run the script as root

#change this to the interface you wish to change
IFACE="wlan0"

ifconfig $IFACE down
iwconfig $IFACE mode managed
ifconfig $IFACE up
iwconfig $IFACE channel $@
ifconfig $IFACE down
iwconfig $IFACE mode monitor
ifconfig $IFACE up

PS 我建议不要在没有尝试了解工具在做什么的情况下使用它们。

使用 20Mhz 频道时的 PPS 2.4GHz Wifi Spectrum 标准频道分配。

光谱

相关内容