心血來潮把 『WiFi Hacking! 無線網路駭客攻防戰』 相關網址列表整理貼出來, 分享給有興趣的朋友...
第一章 無線網路安全簡介
1.2 無線網路駭客活動
『罐型天線』 (Cantenna)
http://www.cantenna.com/
Gregory Rehm 製作的品客洋芋片罐型天線
http://www.turnpoint.net/wireless/has.html
WarDriving
http://www.wardriving.com/
WiGLE
http://www.wigle.net/
Cantenna
http://www.netscum.com/clapp/wireless.html/ (Andrew Clap)
http://www.oreillynet.com/cs/weblog/view/wlg/448/ (Rob Flickenger)
http://www.cantenna.com/ (Cantenna 專賣店)
第二章 攻擊前工具設備之準備
2.1 無線網卡選擇
無線網卡晶片對照表
這是目前最為完整的列表, 並且提供查詢功能
http://linux-wless.passys.nl/
Auditor CD 整理出來的對照表
http://www.remote-exploit.org/index.php/Auditor_dev_list1
支援 Airopeek Driver 的網卡
http://www.wildpackets.com/support/product_support/airopeek/hardware
Ralink 晶片網卡列表
http://ralink.rapla.net/
一個較舊的無線網卡晶片對照表,。
http://www.linux-wlan.org/docs/wlan_adapters.html.gz
2.2 軟體驅動的基地台 (Soft AP) 的介紹及準備
hostapd
http://hostap.epitest.fi/hostapd/
Host AP Driver
http://hostap.epitest.fi/
HotSpotter
http://www.remote-exploit.org/index.php/Hotspotter_main
Cqure
http://ap.cqure.net/
2.3 天線的種類
Gregory Rehm 的 Cantenna 製作教學
http://www.turnpoint.net/wireless/cantennahowto.html
Ez-12碟形反射器板形
http://www.freeantennas.com/projects/template2/index.html
Ez-10 10 dBi 角落反射器板形
http://www.freeantennas.com/projects/Ez-10/
2.4 準備作業環境 Windows & Linux
晶片
驅動程式
網址
Prism 2/2.5/3
linux-wlan-ng
http://www.linux-wlan.org
Atheros
Mad WiFi
http://madwifi.org
Prism GT
Prism54
http://prism54.org/
Cisco
Aironet
http://www.cisco.com
Orinoco
Wavelan
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Orinoco.html
Ralink
Rt2x00
http://rt2x00.serialmonkey.com/wiki/index.php/Main_Page
Realtek
rtl818x
http://rtl8180-sa2400.sourceforge.net/
Broadcom
bcm43xx
http://bcm43xx.berlios.de/
2.5 利用可開機Linux光碟 (Knoppix Live CD的操作與版本介紹)
安全工具的瑞士刀 Auditor Security Collection
http://www.remote-exploit.org/index.php/Auditor
下載:
http://www.remote-exploit.org/index.php/Auditor_mirrors
新一代的主流工具 BackTrack
http://www.remote-exploit.org/index.php/BackTrack)
下載:
http://www.remote-exploit.org/index.php/BackTrack_Downloads
進階工具組 SkyRidr
http://skyridr.net/index.htm
其他相關可開機光碟
Live CD Portal
http://distrowatch.com/
Live CD Portal
http://www.frozentech.com/
Live CD List
http://www.frozentech.com/content/livecd.php
Knoppix CD
http://www.knoppix.org/
SLAX Pocket OS
http://slax.linux-live.org/
Damn Small Live CD
http://www.damnsmalllinux.org/
Insert
http://www.inside-security.de/INSERT_en.html
Ultimate Boot CD
http://www.ultimatebootcd.com/
Windows Live CD
http://www.nu2.nu/pebuilder/
BackTrack 硬碟安裝步驟:
http://www.remote-exploit.org/index.php/Backtrack_FAQ_Install2HD
第三章 偵查 (找尋可用或可攻擊的目標無線網路)
3.2 Windows 環境下最常使用的工具
NetStumbler
http://www.netstumbler.com/
Cain & Abel
http://www.oxid.it/cain.html
CommView for WiFi
http://www.tamos.com/products/commwifi/
Airopeek
http://www.wildpackets.com/products/airopeek/overview
http://ftp.wildpackets.com/pub/demos/apnxdemo301.exe
3.3 Linux 環境下最常使用的工具
Kismet
http://www.kismetwireless.net/
gkismet
http://gkismet.sourceforge.net/
Airodump / Airodump-ng
http://tinyshell.be/aircrackng/wiki/index.php?title=Aircrack-ng
Wellenreiter
http://www.wellenreiter.net/index.html
第四章 連線 (與無線基地台建立連線, 進入無線區網)
4.3 突破 MAC Address連線限制 (變造網卡的MAC Address)
SMAC
http://www.klcconsulting.net/smac/
第五章 監聽 (蒐集無線區網裡的有用資訊)
5.2 找尋資訊來做網路設定
Ethereal Network Protocol Analyzer
http://www.ethereal.com/
Ethereal Network Protocol Analyzer
http://www.ethereal.com/
5.3 工具使用及介紹
MSN Sniffer
http://www.effetech.com/msn-sniffer/
Cain & Abel
http://www.oxid.it/cain.html
HTTP Sniffer
http://www.effetech.com/sniffer/
第六章 WEP 破解 (突破 WEP Key 加密的無線網路)
6.3 AirCrack 工具集
Packet Generator
http://www.tamos.com/htmlhelp/commwifi/pgen.htm
6.4 WPA 的破解
WPA Cracker
http://www.tinypeap.com/html/wpa_cracker.html
coWPAtty
http://sourceforge.net/projects/cowpatty
Aircrack
http://freshmeat.net/projects/aircrack/
第七章 偽裝 (在無線區網中偽冒攻擊)
7.4 反制之道
Garuda
http://garuda.sourceforge.net/index.html
AirDefense Enterprise
http://www.airdefense.net/
AirMagnet
http://www.airmagnet.com/
AirTight
http://www.airtightnetworks.net
Aruba
http://www.arubanetworks.com
第八章 攻擊 Client (攻擊無線區域網路裡的其他使用者)
8.1 目的與原理
nmap
http://www.nmap.com/
scanline http://www.foundstone.com/resources/termsofuse.htm?file=scanline.zip&warn=true
SuperScan
http://www.foundstone.com/resources/proddesc/superscan.htm
Nessus
http://www.nessus.org/
GFI Languard
http://www.gfi.com/lannetscan/
Wikto
http://www.sensepost.com/research/wikto/
Nikto
http://www.cirt.net/code/nikto.shtml
N-Stealth
http://www.nstalker.com/eng/products/nstealth/
Metasploit
http://www.metasploit.com/
Exploit 網站
http://www.securiteam.com/exploits/
Exploit 網站
http://www.packetstormsecurity.nl/
Sub7
http://hackpr.net/sub7/main.shtml
8.2 開放埠掃描, 弱點掃描, 網頁掃描
nmap
http://www.nmap.com/
ScanLine
http://www.foundstone.com/resources/termsofuse.htm?file=scanline.zip&warn=true
SuperScan
http://www.foundstone.com/resources/proddesc/superscan.htm
Nessus
http://www.nessus.org/
GFI Languard
http://www.gfi.com/lannetscan/
eEye
http://www.eeye.com/
Foundstone
http://www.foundstone.com/
Nessus
http://www.nessus.org/
Nessus 下載的網址為:
http://www.nessus.org/download/index.php?product=nessus3-win
Nessus 註冊的網址為:
http://www.nessus.org/plugins/index.php?view=register
GFi LANguard
http://www.gfi.com/lannetscan/
GFi LANguard 註冊網址:
http://www.gfi.com/downloads/register.aspx?pid=lanss&vid=7&lid=en
GFi LANguard 下載網址:
http://www.gfi.com/downloads/mirrors.aspx?pid=lanss&vid=7&lid=en
Acunetix Web Vulnerability Scanner
http://www.acunetix.com/
SPIDynamics
http://www.spidynamics.com/
Watchfire
http://www.watchfire.com/
Nikto
http://www.cirt.net/code/nikto.shtml
ActivePerl
http://www.activestate.com/Products/ActivePerl/
Wikto
http://www.sensepost.com/research/wikto/
Johnny’s Google Hacking
http://johnny.ihackstuff.com/
Google API 註冊碼申請
https://www.google.com/accounts/Login?continue=http://api.google.com/createkey&followup=http://api.google.com/createkey
N-Stealth
http://www.nstalker.com/eng/products/nstealth/
8.3 必備攻擊工具
MetaSploit Framework
http://www.metasploit.com/
DameWare Mini Remote Control
http://www.dameware.com/
VNC
http://www.realvnc.com/
Remote Admin
http://radmin.com/
Sub7
http://hackpr.net/sub7/main.shtml
SecuriTeam
http://www.securiteam.com/exploits/
Packet Storm Security
http://www.packetstormsecurity.nl/
第九章 攻擊 AP (攻佔基地台, 控制基地台)
9.2 攻擊基地台
ScanLine
http://www.foundstone.com/resources/proddesc/scanline.htm
SuperScan v 3.0
http://www.foundstone.com/resources/proddesc/superscan3.htm
hydra
http://thc.org.segfault.net/thc-hydra/
第十章 阻斷 (癱瘓無線網路)
10.1 目的與原理
Macfld.pl
http://home.jwu.edu/jwright/code/macfld.pl
AirJack 系列工具
http://www.wi-foo.com/soft/attack/airjack26-0.1a.tar.bz2
10.3 反制之道
AirDefense
http://www.airdefense.net/
AirMagnet
http://www.airmagnet.com/
第十一章 綜合應用
11.1 目的與原理
WI-FI Countries 排名
http://ww.cnet.com/hotspot_zone/
11.2 Hotspot攻擊情境
The Shmoo Group
http://www.shmoo.com
"Airsnarf for Windows Mini How-To"
http://airsnarf.shmoo.com/airsnarf4win.html
TreeWalk
http://treewalkdns.com/download/TreeWalk.zip
Apache
http://apache.cdpa.nsysu.edu.tw/httpd/binaries/win32/apache_2.2.3-win32-x86-no_ssl.msi
ActivePerl http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.msi
Airsnarf for Windows
http://airsnarf.shmoo.com/airsnarf-0.2-win.zip
作者: Thomas Chuang / 莊添發
- CISSP。
- 美國卡內基美隆大學資訊安全及電腦輔助工程雙碩士。
- 『WiFi Hacking! 無線網路駭客攻防戰』一書作者。
- 目前為國際資訊安全公司資深技術顧問。
- 曾任職資訊公司亞太區資深資安顧問。主要領域為資安防護規劃、風險管理與弱點評估、攻擊與滲透測試,以及無線網路安全,並且也曾擔任Foundstone Ultimate Hacking 講師,於亞太區六個國家十餘個城市開課。
