Ethical Hacking 简明教程

Ethical Hacking - Wireless Hacking

无线网络是一组两个或多个通过无线电波连接的设备，在有限的空间范围内彼此连接。无线网络中的设备可以自由移动，但可以连接网络并在网络中与其他设备共享数据。它们如此普遍的一个最关键点是，其安装成本非常低，并且比有线网络快。

A wireless network is a set of two or more devices connected with each other via radio waves within a limited space range. The devices in a wireless network have the freedom to be in motion, but be in connection with the network and share data with other devices in the network. One of the most crucial point that they are so spread is that their installation cost is very cheap and fast than the wire networks.

无线网络得到了广泛使用，并且很容易设置。它们使用 IEEE 802.11 标准。 wireless router 是将用户连接到互联网的无线网络中最重要的设备。

Wireless networks are widely used and it is quite easy to set them up. They use IEEE 802.11 standards. A wireless router is the most important device in a wireless network that connects the users with the Internet.

在无线网络中，我们有 Access Points ，它们是作为逻辑交换机工作的无线范围扩展。

In a wireless network, we have Access Points which are extensions of wireless ranges that behave as logical switches.

尽管无线网络提供了极大的灵活性，但它们有其安全问题。黑客无需出现在网络所在的大楼里即可嗅探网络数据包。由于无线网络通过无线电波通信，黑客可以轻松地从附近位置嗅探网络。

Although wireless networks offer great flexibility, they have their security problems. A hacker can sniff the network packets without having to be in the same building where the network is located. As wireless networks communicate through radio waves, a hacker can easily sniff the network from a nearby location.

大多数攻击者使用网络嗅探来查找 SSID 并黑客入侵无线网络。当我们的无线卡转换为嗅探模式时，它们被称为 monitor mode 。

Most attackers use network sniffing to find the SSID and hack a wireless network. When our wireless cards are converted in sniffing modes, they are called monitor mode.

Kismet

Kismet 是 Kali 发行版中发现的一个功能强大的无线嗅探工具。它还可以从其官方网页下载 − https://www.kismetwireless.net

Kismet is a powerful tool for wireless sniffing that is found in Kali distribution. It can also be downloaded from its official webpage − https://www.kismetwireless.net

让我们看看它是如何工作的。首先，打开一个终端并键入 kismet 。启动 Kismet 服务器，然后单击“是”，如下面的屏幕截图所示。

Let’s see how it works. First of all, open a terminal and type kismet. Start the Kismet Server and click Yes, as shown in the following screenshot.

如这里所示，单击“开始”按钮。

As shown here, click the Start button.

现在，Kismet 将开始捕获数据。以下屏幕截图显示了它将如何显示 −

Now, Kismet will start to capture data. The following screenshot shows how it would appear −

NetStumbler

NetStumbler 是另一种无线黑客工具，主要用于 Windows 系统。它可以从 http://www.stumbler.net/ 下载

NetStumbler is another tool for wireless hacking that is primarily meant for Windows systems. It can be downloaded from http://www.stumbler.net/

在系统上使用 NetStumbler 非常容易。你只需单击“扫描”按钮并等待结果，如下面的屏幕截图所示。

It is quite easy to use NetStumbler on your system. You just have to click the Scanning button and wait for the result, as shown in the following screenshot.

它应显示如下屏幕截图 −

It should display a screenshot as follows −

需要注意的是你的卡应支持监视模式，否则你将无法监视。

It is important to note that your card should support monitoring mode, otherwise you will fail to monitor.

Wired Equivalent Privacy

有线等效保密（WEP）是一种安全协议，旨在保护无线网络并保持其私密性。它利用数据链路层的加密来禁止对网络的未经授权访问。

Wired Equivalent Privacy (WEP) is a security protocol that was invented to secure wireless networks and keep them private. It utilizes encryption at the data link layer which forbids unauthorized access to the network.

在传输开始之前，使用该密钥加密分组。完整性检查机制 检查分组在传输后未被更改。

The key is used to encrypt the packets before transmission begins. An *integrity check mechanism *checks that the packets are not altered after transmission.

请注意，WEP 并非完全不受安全问题影响。它会遇到以下几个问题：

Note that WEP is not entirely immune to security problems. It suffers from the following issues −

CRC32 is not sufficient to ensure complete cryptographic integrity of a packet.
It is vulnerable to dictionary attacks.
WEP is vulnerable to Denial of Services attacks too.

WEPcrack

WEPcrack 是一种流行的破解 WEP 密码工具。它可以从以下位置下载： https://sourceforge.net/projects/wepcrack/

WEPcrack is a popular tool to crack WEP passwords. It can be downloaded from − https://sourceforge.net/projects/wepcrack/

Aircrack-ng

Aircrak-ng 是另一种破解 WEP 密码的流行工具。它可以在 Linux 的 Kali 发行版中找到。

Aircrak-ng is another popular tool for cracking WEP passwords. It can be found in the Kali distribution of Linux.

以下屏幕截图显示了我们如何嗅探无线网络以及收集分组，并创建了文件 RHAWEP-01.cap。然后我们使用 aircrack-ng 运行该文件，以解密密码。

The following screenshot shows how we have sniffed a wireless network and collected packets and created a file RHAWEP-01.cap. Then we run it with aircrack-ng to decrypt the cypher.

Wireless DoS Attacks

在无线环境中，攻击者可以远距离攻击网络，因此有时难以收集针对攻击者的证据。

In a wireless environment, an attacker can attack a network from a distance and therefore, it is sometimes difficult to collect evidences against the attacker.

DoS 的第一种类型是 Physical Attack 。这种类型的攻击非常基础，其基础是无线电干扰，这种干扰甚至可以用 2.4 GHz 范围内运行的无绳电话来创造。

The first type of DoS is Physical Attack. This type of attack is very basic and it is in the base of radio interferences which can be created even from cordless phones that operate in 2.4 GHz range.

另一种类型是 Network DoS Attack 。由于无线接入点创造了一种共享介质，因此它提供了使此介质洪水般涌向接入点（AP）的可能性，从而会降低其对尝试连接的各个客户端的处理速度。此类攻击仅由 ping flood DoS attack 即可创建。

Another type is Network DoS Attack. As the Wireless Access Point creates a shared medium, it offers the possibility to flood the traffic of this medium toward the AP which will make its processing more slow toward the clients that attempt to connect. Such attacks can be created just by a ping flood DoS attack.

Pyloris 是一种流行的 DoS 工具，您可以从以下位置下载： https://sourceforge.net/projects/pyloris/

Pyloris is a popular DoS tool that you can download from − https://sourceforge.net/projects/pyloris/

低轨道离子加农炮 (LOIC) 是一种其他流行的 DoS 攻击工具。

Low Orbit Ion Cannon (LOIC) is another popular tool for DoS attacks.

Quick Tips

要保护无线网络安全，您应该牢记以下几点：

To secure a wireless network, you should keep the following points in mind −

Change the SSID and the network password regularly.
Change the default password of access points.
Don’t use WEP encryption.
Turn off guest networking.
Update the firmware of your wireless device.