type
status
date
slug
summary
tags
category
icon
password
Property
Jun 23, 2023 11:48 AM
📘实验任务
- 通过使用Fluxion工具来完成WIFi钓鱼,通过伪造的wifi热点来监听用户输入的信息
📱实验环境
- Virtual Box 6.1
- Kali 2022
- 睿连网卡RTX3070
- Lenovo 小新13Pro 自带Wifi
🔍实验过程
1.安装配置Fluxion
解压并进入目录
安装fluxion,会自动下载解决依赖(所以首先要保证虚拟机能上网)
运行
./fluxion.sh -i
安装依赖,运行./fluxion
启动Fluxion,可看到对应的菜单栏:![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fd301d862-33c2-461f-87df-04304f11aa02%2F1.png?table=block&id=be084614-c232-46b5-b235-5d085e8e4361&t=be084614-c232-46b5-b235-5d085e8e4361&width=528&cache=v2)
2.创建一同名AP来进行伪造:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F183dbac9-1e78-43cb-9fb2-391d4b741d0b%2F2.png?table=block&id=818b2517-fa45-43b0-bc18-9f70fc170003&t=818b2517-fa45-43b0-bc18-9f70fc170003&width=576&cache=v2)
3.在对应界面开始扫描环境中的Wifi,找到企图伪造攻击的Wifi:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F18f6663d-b224-4c5d-9805-9decb9bc934f%2F3.png?table=block&id=97a25950-c6f0-485e-9609-49781b229269&t=97a25950-c6f0-485e-9609-49781b229269&width=576&cache=v2)
选择扫描频道(2.4GHz)下的wifi:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F81400772-2101-4f7e-9da3-7eddfba956e5%2F4.png?table=block&id=4e121b7e-52a7-4014-9421-9ff010c60a7c&t=4e121b7e-52a7-4014-9421-9ff010c60a7c&width=576&cache=v2)
输入选中的目标wifi进行攻击:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F4ec541d9-afc1-465b-8fa9-7e4af84addaa%2F5.png?table=block&id=ed303844-7bb0-48d8-bb0b-9186dc926b6b&t=ed303844-7bb0-48d8-bb0b-9186dc926b6b&width=576&cache=v2)
选择
重置攻击
,由于前面我们已经抓取过目标wifi的通信,因此已经抓到了握手包:![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc468d271-bf5a-41a9-82c7-e8a979af905e%2F6.png?table=block&id=3cdf1d1e-08a0-4426-9f68-168d3d870418&t=3cdf1d1e-08a0-4426-9f68-168d3d870418&width=576&cache=v2)
下一步选择
解除认证方式
来检查握手包状态:![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F1310fd01-ae43-4b2c-8cca-be4f56c64bfb%2F7.png?table=block&id=382e812c-5898-42e6-8e10-774bbcc98c37&t=382e812c-5898-42e6-8e10-774bbcc98c37&width=576&cache=v2)
后续的选项均选择Fluxion推荐的方式来进行配置:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Faf02d512-ef0b-42f0-949c-573cc109596f%2F8.png?table=block&id=9c88276a-4a64-47d3-ac76-39e0e16c8b5e&t=9c88276a-4a64-47d3-ac76-39e0e16c8b5e&width=576&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc005936d-46e2-4338-8053-235de48232d1%2F9.png?table=block&id=22e4cc89-76a6-470f-83a9-c1c21f880541&t=22e4cc89-76a6-470f-83a9-c1c21f880541&width=576&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F879f84fe-e855-49fd-828d-a018312302e5%2F10.png?table=block&id=fe303798-ede1-44ef-bc77-7e612acf331c&t=fe303798-ede1-44ef-bc77-7e612acf331c&width=576&cache=v2)
4.抓取握手包,可以看到Fluxion控制界面能够看到其对目标wifi的握手包进行了抓取和信息监控:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F2c3fd880-c80f-45e5-8604-71b0857981be%2F11.png?table=block&id=24b103ae-a5b2-4f97-8118-8c64e040631f&t=24b103ae-a5b2-4f97-8118-8c64e040631f&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc87e6111-82df-440c-a6d0-87d7c1ec68a3%2F12.png?table=block&id=bcfc70d6-7b5a-4903-946b-62d84d25fa16&t=bcfc70d6-7b5a-4903-946b-62d84d25fa16&width=528&cache=v2)
5. 创建钓鱼wifi,在拿到握手包后即可创建钓鱼wifi开始钓鱼 🐟:
创建钓鱼wifi的接入端口,同上述抓取握手包类似的流程:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F2bfd537d-fa2e-4641-9942-0d5287856137%2F13.png?table=block&id=a0165d6c-f06e-4e05-95d2-a088b34251a2&t=a0165d6c-f06e-4e05-95d2-a088b34251a2&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F4c44b1ae-b466-4df5-9432-3ae5651d3eff%2FUntitled.png?table=block&id=cc6f0a2b-5919-4df5-a154-f0b7e81eddc0&t=cc6f0a2b-5919-4df5-a154-f0b7e81eddc0&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F11fa197e-7492-4a9d-aee1-408d209c61a7%2FUntitled.png?table=block&id=e7ae0aa5-7687-44da-9d28-710732514faf&t=e7ae0aa5-7687-44da-9d28-710732514faf&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc8a5b7f4-a301-4731-b484-62a60d72abe6%2FUntitled.png?table=block&id=134154b4-e76b-4449-8ba4-49904ead5146&t=134154b4-e76b-4449-8ba4-49904ead5146&width=528&cache=v2)
为钓鱼wifi选择网卡,此处默认选择wlan0:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F75e5f17f-42f3-4f94-943f-46165b195a91%2FUntitled.png?table=block&id=fd48554c-dca5-4ca4-bee1-7aa79f4ddb6f&t=fd48554c-dca5-4ca4-bee1-7aa79f4ddb6f&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F1996693a-73ec-4d2c-9fb2-acc0f918320f%2FUntitled.png?table=block&id=9e5155f2-ce15-4821-87c6-966878df72b2&t=9e5155f2-ce15-4821-87c6-966878df72b2&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fa98bd35f-9094-4f16-aaf9-1798f1d522b8%2FUntitled.png?table=block&id=46e02d71-c2a6-4279-a846-50cce59e0e4b&t=46e02d71-c2a6-4279-a846-50cce59e0e4b&width=528&cache=v2)
密码验证方式选择
hash-cowpatty
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F32aa327e-7bbd-4a68-b194-d2c0fd7a52da%2FUntitled.png?table=block&id=ebba6ef0-7cd9-4af8-94a5-a1f28f99d955&t=ebba6ef0-7cd9-4af8-94a5-a1f28f99d955&width=528&cache=v2)
创建SSL证书:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F3e5519dd-eb66-455e-9a83-9b4abacae434%2FUntitled.png?table=block&id=4b996ecc-5a11-4f76-9f61-06fddb4a4810&t=4b996ecc-5a11-4f76-9f61-06fddb4a4810&width=528&cache=v2)
断开原网络:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Feb16cf0e-b743-464e-bcc0-746d00533ba3%2FUntitled.png?table=block&id=c65ef869-8e34-42b7-be97-cd18bf42ec29&t=c65ef869-8e34-42b7-be97-cd18bf42ec29&width=528&cache=v2)
选择攻击对象的网页认证界面,可任意选择需要伪造的网页:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Ff413df8d-97de-401e-8559-322b4e74530d%2FUntitled.png?table=block&id=404206dd-2445-4e4f-ad20-27ce82a58496&t=404206dd-2445-4e4f-ad20-27ce82a58496&width=528&cache=v2)
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fc459c2d7-0c17-4894-af81-27951916ee50%2FUntitled.png?table=block&id=8caafced-490c-460d-947f-6f2285547eeb&t=8caafced-490c-460d-947f-6f2285547eeb&width=528&cache=v2)
6.开始钓鱼,fluxion会把原wifi强行断开连不上,此时通过其他的移动设备去连接该伪造钓鱼wifi,连上wifi后会上不了网,会跳转到一个页面,提示要输入wifi密码来修复wifi:
在用户的终端会弹出一个窗口来让用户输入密码:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F70385b53-f311-4ea0-bfa1-91863e01d027%2F16.png?table=block&id=439261b8-1f53-4bd9-a4d5-cc25f9cd412d&t=439261b8-1f53-4bd9-a4d5-cc25f9cd412d&width=240&cache=v2)
程序会将用户输入的密码河之前抓到的握手包来进行比较,比对密码是否正确,如果用户密码输入的不正确,那么窗口会提示密码输入不正确,直至用户密码输入正确为止。
用户输入正确的密码之后,假的AP停止,fluxion会返回正确的密码给操作者,并且将用户输入的所有密码记录在文档中:
- 手机输入密码后正确密码保存在netlog文件夹中:
/fluxion/attacks/Captive Portal/netlog
- 输入的错误密码保存在pwdlog文件夹中:
/fluxion/attacks/Captive Portal/pwdlog
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F5937d39b-c76e-4463-b9ea-d5ed751d3d4b%2FUntitled.png?table=block&id=ce8bedbc-8cfa-4f8f-aa33-f7435a534175&t=ce8bedbc-8cfa-4f8f-aa33-f7435a534175&width=624&cache=v2)
若密码输入成功,五个窗口会关闭,只留下显示正确wifi密码的路径窗口:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2Fb3c952e6-9729-42db-9429-7622bf8bbd71%2F19.png?table=block&id=bd06c16c-93e9-42aa-a557-cb97ad51e985&t=bd06c16c-93e9-42aa-a557-cb97ad51e985&width=624&cache=v2)
打开即可查看到正确的密码和信息:
![notion image](https://www.notion.so/image/https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fsecure.notion-static.com%2F9b70e9c5-afe1-4522-8e28-b8776a427fb6%2F20.png?table=block&id=ea78475a-40fc-476d-abbe-a3866f4acd5c&t=ea78475a-40fc-476d-abbe-a3866f4acd5c&width=624&cache=v2)
至此,已实现全部的Wifi钓鱼过程
❓遇到的问题
- 无法安装pyrit的问题:
- vim /etc/apt/sources.list
- 加入更新源:
- apt-get update更新本地的相关环境依赖
- How to solve Kali Linux apt-get install: E: Unable to locate package checkinstall:
🗒️参考文档
- 作者:百川🌊
- 链接:https://www.baichuanweb.cn/article/example-45
- 声明:本文采用 CC BY-NC-SA 4.0 许可协议,转载请注明出处。