选择无线网卡一直是一个既纠结又头疼的问题,查找很多Kali无线网卡配置文章,绝大多数都是以Windows虚拟机进行讲解的,尚未发现一篇Mac OS下虚拟机的配置方法。经过查阅大量材料及实践后,将排雷经验记录下来,希望能够帮助大家。
Hack and Have fun!
无线网卡选择
思路一:使用MacBook Pro自带无线网卡
MacBook Pro无线网卡信息:
卡类型: AirPort Extreme (0x14E4, 0x133)
固件版本: Broadcom BCM43xx 1.0 (7.77.61.1 AirPortDriverBrcmNIC-1305.2)
翻墙查资料N久,最接近成功的是这篇教程Kali Linux Wireless/Wifi Adapter (Not detecting) [FIX] 2018,虽然ifconfig指令可以看到无线网卡信息,但是搜索不到周围AP,也不能设置monitor模式。故放弃。
若有那位老兄使用MacBook Pro 自带网卡可以设置成功,请您一定要在我博客下方留言告知!
思路二:使用外设USB无线网卡
- Alfa AWUS036H [b/g USB]
- Ubiquiti SRC [a/b/g Cardbus]
- Ubiquiti SRX [a/b/g ExpressCard]
- Airpcap series [USB]
- TP-Link TL-WN722N v1 [b/g/n USB] - Beware, if version is not specified by vendor, it is NOT v1
- Alfa AWUS036NHA [b/g/n USB]
- Alfa AWUS051NH v2 [a/b/g/n USB]
- MiniPCIe: anything that uses ath9k, especially AR92xx and AR93xx (ability to do spectral scan)
注意:TP-Link TL-WN722N 一定要选择V1版本
本来想选用业界推崇的WN722N,但是此型号在电商平台确实难求,所以在某宝选择了“vendor”的无线网卡(Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter)。
无论我们选取哪款无线网卡做渗透测试,至少要满足以下两点:支持AP及monitor模式。
AP模式:可作为evil无线接入点
monitor模式:可以进行抓包
配置无线网络
环境:MacBook Pro - Mac OS Mojave
虚拟机:VirtualBox
无线网卡:Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
注意:一定要选择USB3.0(xHCI)控制器,否则iw指令或设置monitor模式会存在问题
查询无线网卡基本情况
root@kali:~# iwconfig
lo no wireless extensions.
wlan0 IEEE 802.11 ESSID:off/any
Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm
Retry short long limit:2 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
eth0 no wireless extensions.
wlan0就是我们所选择的无线网卡
root@kali:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.105 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 ▇▇::▇▇:▇▇:▇▇ prefixlen 64 scopeid 0x20<link>
ether ▇▇:▇▇:▇▇:▇▇:▇▇:▇▇ txqueuelen 1000 (Ethernet)
RX packets 1915 bytes 132391 (129.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 53 bytes 4933 (4.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 20 bytes 1116 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1116 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether ▇▇:▇▇:▇▇:▇▇:▇▇:▇▇ txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
如果ifconfig命令中没有发现wlan0,通过ifconfig -a查看无线网卡是否存在,若存在则证明wlan0没有启动,需要进行配置
root@kali:~# ifconfig wlan0 up
通过iw list指令查看无线网卡详细信息
root@kali:~# iw list
查看支持接口模式
root@kali:~# iw list
......
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* mesh point
......
查看信道
root@kali:~# iwlist wlan0 frequency
wlan0 14 channels in total; available frequencies :
Channel 01 : 2.412 GHz
Channel 02 : 2.417 GHz
Channel 03 : 2.422 GHz
Channel 04 : 2.427 GHz
Channel 05 : 2.432 GHz
Channel 06 : 2.437 GHz
Channel 07 : 2.442 GHz
Channel 08 : 2.447 GHz
Channel 09 : 2.452 GHz
Channel 10 : 2.457 GHz
Channel 11 : 2.462 GHz
Channel 12 : 2.467 GHz
Channel 13 : 2.472 GHz
Channel 14 : 2.484 GHz
Current Frequency:2.447 GHz (Channel 8)
或者使用iw list指令
......
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm) (no IR)
* 2472 MHz [13] (20.0 dBm) (no IR)
* 2484 MHz [14] (20.0 dBm) (no IR)
......
发现AP
root@kali:~# iw dev wlan0 scan
还可以通过管道进行筛选:
搜索附近AP名称
root@kali:~# iw dev wlan0 scan | grep SSID
SSID: 1▇▇▇▇
SSID: T▇▇▇▇
SSID: C▇▇▇▇
......
搜索附近AP名称及信道
root@kali:~# iw dev wlan0 scan | egrep "DS\ Parameter\ set|SSID"
SSID: 1▇▇▇▇
DS Parameter set: channel 11
SSID: T▇▇▇▇
DS Parameter set: channel 11
SSID: C▇▇▇▇
DS Parameter set: channel 1
......
搜索名称、信道及频率
root@kali:~# iwlist wlan0 scanning | egrep "ESSID|Channel"
Channel:11
Frequency:2.462 GHz (Channel 11)
ESSID:"1▇▇▇▇"
Channel:11
Frequency:2.462 GHz (Channel 11)
ESSID:"T▇▇▇▇"
Channel:1
Frequency:2.412 GHz (Channel 1)
ESSID:"C▇▇▇▇"
Channel:1
monitor模式
增加monitor模式
对无线网卡添加monitor模式后才可以进行无线抓包,命名规则在原有无线网卡名称后添加mon,例:wlan0 -> wlan0mon
root@kali:~# iw dev wlan0 interface add wlan0mon type monitor
启动wlan0mon
添加wlan0mon后不会自动启动,需要手动进行启动
root@kali:~# ifconfig wlan0mon up
删除monitor
抓包之后可以删除monitor
root@kali:~# iw dev wlan0mon interface del
抓包
打开Wireshark 选择wlan0mon
参考资料
Aircrack-ng FAQ http://www.aircrack-ng.org/doku.php?id=faq
安全牛 - 苑房弘老师 Kali Linux安全测试 https://edu.aqniu.com/course/83
Kali Linux Wireless/Wifi Adapter (Not detecting) [FIX] 2018
https://www.youtube.com/watch?v=rNe0g2YRpNw
