[系统运维]基于openwrt的wifi 渗透

# 背景

使用路由器刷了 openwrt的固件。然后尝试破解wpa等wifi的密码

# 配置好网络之后，使用ssh连接路由器。

测试连通性

0 ping downloads.openwrt.org

root@OpenWrt:~# ping downloads.openwrt.org
PING downloads.openwrt.org (168.119.138.211): 56 data bytes
64 bytes from 168.119.138.211: seq=0 ttl=50 time=238.224 ms
64 bytes from 168.119.138.211: seq=1 ttl=50 time=234.064 ms
64 bytes from 168.119.138.211: seq=3 ttl=50 time=237.744 ms

root@OpenWrt:/# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.1/targets/ramips/mt7620/packages/
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.

Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/base/Packa
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/luci/Packa
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/21.02.

Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/packages/P
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/routing/Pa
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/telephony/
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.1/target
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.02.1/packag
 * opkg_download: Check your network settings and connectivity.

------------------------
修改配置/etc/opkg.conf 之前是报下面的错。
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/relea          ses/21.02.1/packages/mipsel_24kc/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/21.0          2.1/packages/mipsel_24kc/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

尝试很多次更新，尝试搜索问题，期间试过打开opkg配置文件，注释最后一句

/etc/opkg.conf?文件，都没解决，突然晚点试试，又可以了。

1马上opkg update 和 install aricrack-ng? screen?airmon-ng

//screen 支持后台运行窗口，可以后台抓包同时后台注入，然后后台破解密码

root@OpenWrt:/# opkg update
Downloading https://downloads.openwrt.org/releases/21.02.1/targets/ramips/mt7620/packages/
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/base/Packa
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/luci/Packa
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/packages/P
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/routing/Pa
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/telephony/
Updated list of available packages in /var/opkg-lists/openwrt_telephony
root@OpenWrt:/# opkg install aircrack-ng screen
Installing aircrack-ng (1.6-1) to root...
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/          packages/aircrack-ng_1.6-1_mipsel_24kc.ipk
Installing libnl-genl200 (3.5.0-1) to root...
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/          base/libnl-genl200_3.5.0-1_mipsel_24kc.ipk
Installing zlib (1.2.11-3) to root...
Downloading https://downloads.openwrt.org/releases/21.02.1/packages/mipsel_24kc/          base/zlib_1.2.11-3_mipsel_24kc.ipk
Package screen (4.8.0-2) installed in root is up to date.
Configuring libnl-genl200.
Configuring zlib.
Configuring aircrack-ng.

查看一下我自己的网络情况（关键信息已***）

root@OpenWrt:/# ifconfig -a
br-lan    Link encap:Ethernet  HWaddr 00:0C:43:76:20:**
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:43ff:***:2080/64 Scope:Link
          inet6 addr: fd82:6e1b:68e2::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:134744 errors:0 dropped:0 overruns:0 frame:0
          TX packets:201387 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16906566 (16.1 MiB)  TX bytes:211760728 (201.9 MiB)

eth0      Link encap:Ethernet  HWaddr 00:0C:43:76:20:**
          inet6 addr: fe80::20c:43ff:***:2080/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:781743 errors:0 dropped:0 overruns:0 frame:0
          TX packets:339947 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:422301082 (402.7 MiB)  TX bytes:231308516 (220.5 MiB)
          Interrupt:5

eth0.1    Link encap:Ethernet  HWaddr 00:0C:43:76:20:**
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:134745 errors:0 dropped:0 overruns:0 frame:0
          TX packets:201387 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16906896 (16.1 MiB)  TX bytes:211760728 (201.9 MiB)

eth0.2    Link encap:Ethernet  HWaddr 00:0C:43:76:20:**
          inet addr:192.168.31.250  Bcast:192.168.31.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:43ff:***:2081/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:628901 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138526 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:390228779 (372.1 MiB)  TX bytes:17925593 (17.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2763 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2763 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:306455 (299.2 KiB)  TX bytes:306455 (299.2 KiB)

wlan0     Link encap:Ethernet  HWaddr 00:0C:43:76:20:**
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

? ?2 airmon-ng start wlan0

启动成功后，使用ifconfig /a 查看变化
? ?3?ifconfig -a

wlan0 -----> wlan0mon

? ?4?airodump-ng wlan0mon

? ?

5 新开一个putty 连接到openwrt路由上面。

6 airodump-ng --bssid 58:41:20:07:75:** -c 6 -w /tmp/wa wlan0mon

把信道6的wifi抓取，抓取到 /tmp/wa文件下面

? 10 ll /tmp/

root@OpenWrt:~# ll /tmp/
drwxrwxrwt   20 root     root           620 Jan  2 21:12 ./
drwxr-xr-x    1 root     root             0 Jan  1  1970 ../
drwx------    2 root     root            40 Jan  2 14:15 .uci/
-rw-r--r--    1 root     root             6 Jan  2 14:15 TZ
-rw-r--r--    1 root     root          1081 Jan  1  1970 board.json
-rw-r--r--    1 root     root            80 Jan  2 20:18 dhcp.leases
drwxr-xr-x    2 root     root            40 Jan  2 14:15 dnsmasq.d/
drwxr-xr-x    3 root     root            80 Jan  2 14:17 etc/
drwxr-xr-x    2 root     root            80 Jan  2 20:17 hosts/
drwxr-xr-x    3 root     root            60 Jan  2 14:15 lib/
drwxr-xr-x    2 root     root           380 Jan  2 21:12 lock/
drwxr-xr-x    2 root     root            80 Jan  2 14:15 log/
-rw-------    1 root     root            88 Jan  2 20:13 luci-indexcache.fg.52OGJa3fc3X.uyp5x51.lua
-rw-------    1 root     root          8223 Jan  2 20:13 luci-indexcache.z1WhauV2VgopPu7QvR3F4..json
drwxr-xr-x    2 root     root           260 Jan  2 20:13 luci-modulecache/
drwxr-xr-x    2 root     root           220 Jan  2 20:20 opkg-lists/
drwxr-xr-x    2 root     root            40 Jan  1  1970 overlay/
-rw-r--r--    1 root     root            47 Jan  2 14:17 resolv.conf
drwxr-xr-x    2 root     root            60 Jan  2 20:17 resolv.conf.d/
drwxr-xr-x    7 root     root           280 Jan  2 14:17 run/
drwxr-xr-x    3 root     root            60 Jan  2 20:25 screens/
drwxrwxrwt    2 root     root            40 Jan  1  1970 shm/
drwxr-xr-x    2 root     root            80 Jan  2 14:18 state/
drwxr-xr-x    2 root     root            80 Jan  1  1970 sysinfo/
drwxr-xr-x    2 root     root            40 Jan  2 14:15 tmp/
drwxr-xr-x    3 root     root            60 Jan  2 16:29 usr/
-rw-r--r--    1 root     root        842499 Jan  2 20:59 wa-01.cap
-rw-r--r--    1 root     root           474 Jan  2 20:59 wa-01.csv
-rw-r--r--    1 root     root           585 Jan  2 20:59 wa-01.kismet.csv
-rw-r--r--    1 root     root          2740 Jan  2 20:59 wa-01.kismet.netxml
-rw-r--r--    1 root     root        146088 Jan  2 20:59 wa-01.log.csv

我认为wa-01.cap就是抓到的包，但是如何破解， 等待更新。。。
? 12 恢复环境
?

root@OpenWrt:~# airmon-ng stop wlan0mon

PHY     Interface       Driver          Chipset

phy0    wlan0mon        rt2800_wmac     Not pci, usb, or sdio

                (mac80211 station mode vif enabled on [phy0]wlan0)

                (mac80211 monitor mode vif disabled for [phy0]wlan0mon)

root@OpenWrt:~# ifconfig -a