Thomas的部落格

心血來潮把 『WiFi Hacking! 無線網路駭客攻防戰』 相關網址列表整理貼出來, 分享給有興趣的朋友...

第一章　無線網路安全簡介

1.2 無線網路駭客活動

『罐型天線』 (Cantenna)
http://www.cantenna.com/

Gregory Rehm 製作的品客洋芋片罐型天線
http://www.turnpoint.net/wireless/has.html

WarDriving
http://www.wardriving.com/

WiGLE
http://www.wigle.net/

Cantenna
　　http://www.netscum.com/~clapp/wireless.html/ (Andrew Clap)
　　http://www.oreillynet.com/cs/weblog/view/wlg/448/ (Rob Flickenger)
　　http://www.cantenna.com/ (Cantenna 專賣店)

第二章　攻擊前工具設備之準備

2.1 無線網卡選擇

無線網卡晶片對照表

這是目前最為完整的列表, 並且提供查詢功能
http://linux-wless.passys.nl/

Auditor CD 整理出來的對照表
http://www.remote-exploit.org/index.php/Auditor_dev_list1

支援 Airopeek Driver 的網卡
http://www.wildpackets.com/support/product_support/airopeek/hardware

Ralink 晶片網卡列表
http://ralink.rapla.net/

一個較舊的無線網卡晶片對照表,。
http://www.linux-wlan.org/docs/wlan_adapters.html.gz

2.2 軟體驅動的基地台 (Soft AP) 的介紹及準備

hostapd
http://hostap.epitest.fi/hostapd/

Host AP Driver
http://hostap.epitest.fi/

HotSpotter
http://www.remote-exploit.org/index.php/Hotspotter_main

Cqure
http://ap.cqure.net/

2.3 天線的種類

Gregory Rehm 的 Cantenna 製作教學
http://www.turnpoint.net/wireless/cantennahowto.html

Ez-12碟形反射器板形
http://www.freeantennas.com/projects/template2/index.html

Ez-10 10 dBi 角落反射器板形
http://www.freeantennas.com/projects/Ez-10/

2.4 準備作業環境 Windows & Linux

晶片
驅動程式
網址
Prism 2/2.5/3
linux-wlan-ng
http://www.linux-wlan.org
Atheros
Mad WiFi
http://madwifi.org
Prism GT
Prism54
http://prism54.org/
Cisco
Aironet
http://www.cisco.com
Orinoco
Wavelan
http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Orinoco.html
Ralink
Rt2x00
http://rt2x00.serialmonkey.com/wiki/index.php/Main_Page
Realtek
rtl818x
http://rtl8180-sa2400.sourceforge.net/
Broadcom
bcm43xx
http://bcm43xx.berlios.de/

2.5 利用可開機Linux光碟 (Knoppix Live CD的操作與版本介紹)

安全工具的瑞士刀 Auditor Security Collection
http://www.remote-exploit.org/index.php/Auditor
下載：
http://www.remote-exploit.org/index.php/Auditor_mirrors

新一代的主流工具 BackTrack
http://www.remote-exploit.org/index.php/BackTrack)
下載：
http://www.remote-exploit.org/index.php/BackTrack_Downloads

進階工具組 SkyRidr
http://skyridr.net/index.htm

其他相關可開機光碟

Live CD Portal
http://distrowatch.com/

Live CD Portal
http://www.frozentech.com/

Live CD List
http://www.frozentech.com/content/livecd.php

Knoppix CD
http://www.knoppix.org/

SLAX Pocket OS
http://slax.linux-live.org/

Damn Small Live CD
http://www.damnsmalllinux.org/

Insert
http://www.inside-security.de/INSERT_en.html

Ultimate Boot CD
http://www.ultimatebootcd.com/

Windows Live CD
http://www.nu2.nu/pebuilder/

BackTrack 硬碟安裝步驟：
http://www.remote-exploit.org/index.php/Backtrack_FAQ_Install2HD

第三章　偵查 (找尋可用或可攻擊的目標無線網路)

3.2 Windows 環境下最常使用的工具

NetStumbler
http://www.netstumbler.com/

Cain & Abel
http://www.oxid.it/cain.html

CommView for WiFi
http://www.tamos.com/products/commwifi/

Airopeek
http://www.wildpackets.com/products/airopeek/overview
http://ftp.wildpackets.com/pub/demos/apnxdemo301.exe

3.3 Linux 環境下最常使用的工具

Kismet
http://www.kismetwireless.net/

gkismet
http://gkismet.sourceforge.net/

Airodump / Airodump-ng
http://tinyshell.be/aircrackng/wiki/index.php?title=Aircrack-ng

Wellenreiter
http://www.wellenreiter.net/index.html

第四章　連線 (與無線基地台建立連線, 進入無線區網)

4.3 突破 MAC Address連線限制 (變造網卡的MAC Address)

SMAC
http://www.klcconsulting.net/smac/

第五章　監聽 (蒐集無線區網裡的有用資訊)

5.2 找尋資訊來做網路設定

Ethereal Network Protocol Analyzer
http://www.ethereal.com/

Ethereal Network Protocol Analyzer
http://www.ethereal.com/

5.3 工具使用及介紹

MSN Sniffer
http://www.effetech.com/msn-sniffer/

Cain & Abel
http://www.oxid.it/cain.html

HTTP Sniffer
http://www.effetech.com/sniffer/

第六章　WEP 破解 (突破 WEP Key 加密的無線網路)

6.3 AirCrack 工具集

Packet Generator
http://www.tamos.com/htmlhelp/commwifi/pgen.htm

6.4 WPA 的破解

WPA Cracker
http://www.tinypeap.com/html/wpa_cracker.html

coWPAtty
http://sourceforge.net/projects/cowpatty

Aircrack
http://freshmeat.net/projects/aircrack/

第七章　偽裝 (在無線區網中偽冒攻擊)

7.4 反制之道

Garuda
http://garuda.sourceforge.net/index.html

AirDefense Enterprise
http://www.airdefense.net/

AirMagnet
http://www.airmagnet.com/

AirTight
http://www.airtightnetworks.net

Aruba
http://www.arubanetworks.com

第八章　攻擊 Client (攻擊無線區域網路裡的其他使用者)

8.1 目的與原理

nmap
http://www.nmap.com/

scanline http://www.foundstone.com/resources/termsofuse.htm?file=scanline.zip&warn=true

SuperScan
http://www.foundstone.com/resources/proddesc/superscan.htm

Nessus
http://www.nessus.org/

GFI Languard
http://www.gfi.com/lannetscan/

Wikto
http://www.sensepost.com/research/wikto/

Nikto
http://www.cirt.net/code/nikto.shtml

N-Stealth
http://www.nstalker.com/eng/products/nstealth/

Metasploit
http://www.metasploit.com/

Exploit 網站
http://www.securiteam.com/exploits/

Exploit 網站
http://www.packetstormsecurity.nl/

Sub7
http://hackpr.net/~sub7/main.shtml

灰鴿子
http://www.huigezi.net/

8.2 開放埠掃描, 弱點掃描, 網頁掃描

nmap
http://www.nmap.com/

ScanLine
http://www.foundstone.com/resources/termsofuse.htm?file=scanline.zip&warn=true

SuperScan
http://www.foundstone.com/resources/proddesc/superscan.htm

Nessus
http://www.nessus.org/

GFI Languard
http://www.gfi.com/lannetscan/

eEye
http://www.eeye.com/

Foundstone
http://www.foundstone.com/

Nessus
http://www.nessus.org/

Nessus 下載的網址為：
http://www.nessus.org/download/index.php?product=nessus3-win

Nessus 註冊的網址為：
http://www.nessus.org/plugins/index.php?view=register

GFi LANguard
http://www.gfi.com/lannetscan/

GFi LANguard 註冊網址：
http://www.gfi.com/downloads/register.aspx?pid=lanss&vid=7&lid=en

GFi LANguard 下載網址：
http://www.gfi.com/downloads/mirrors.aspx?pid=lanss&vid=7&lid=en

Acunetix Web Vulnerability Scanner
http://www.acunetix.com/

SPIDynamics
http://www.spidynamics.com/

Watchfire
http://www.watchfire.com/

Nikto
http://www.cirt.net/code/nikto.shtml

ActivePerl
http://www.activestate.com/Products/ActivePerl/

Wikto
http://www.sensepost.com/research/wikto/

Johnny’s Google Hacking
http://johnny.ihackstuff.com/

Google API 註冊碼申請
https://www.google.com/accounts/Login?continue=http://api.google.com/createkey&followup=http://api.google.com/createkey

N-Stealth
http://www.nstalker.com/eng/products/nstealth/

8.3 必備攻擊工具

MetaSploit Framework
http://www.metasploit.com/

DameWare Mini Remote Control
http://www.dameware.com/

VNC
http://www.realvnc.com/

Remote Admin
http://radmin.com/

Sub7
http://hackpr.net/~sub7/main.shtml

灰鴿子
http://www.huigezi.net/

SecuriTeam
http://www.securiteam.com/exploits/

Packet Storm Security
http://www.packetstormsecurity.nl/

第九章　攻擊 AP (攻佔基地台, 控制基地台)

9.2 攻擊基地台

ScanLine
http://www.foundstone.com/resources/proddesc/scanline.htm

SuperScan v 3.0
http://www.foundstone.com/resources/proddesc/superscan3.htm

hydra
http://thc.org.segfault.net/thc-hydra/

第十章　阻斷 (癱瘓無線網路)

10.1 目的與原理

Macfld.pl
http://home.jwu.edu/jwright/code/macfld.pl

AirJack 系列工具
http://www.wi-foo.com/soft/attack/airjack26-0.1a.tar.bz2

10.3 反制之道

AirDefense
http://www.airdefense.net/

AirMagnet
http://www.airmagnet.com/

第十一章　綜合應用

11.1 目的與原理

WI-FI Countries 排名
http://ww.cnet.com/hotspot_zone/

11.2 Hotspot攻擊情境

The Shmoo Group
http://www.shmoo.com

"Airsnarf for Windows Mini How-To"
http://airsnarf.shmoo.com/airsnarf4win.html

TreeWalk
http://treewalkdns.com/download/TreeWalk.zip

Apache
http://apache.cdpa.nsysu.edu.tw/httpd/binaries/win32/apache_2.2.3-win32-x86-no_ssl.msi

ActivePerl http://downloads.activestate.com/ActivePerl/Windows/5.8/ActivePerl-5.8.8.817-MSWin32-x86-257965.msi

Airsnarf for Windows
http://airsnarf.shmoo.com/airsnarf-0.2-win.zip

作者: Thomas Chuang / 莊添發

• CISSP。
• 美國卡內基美隆大學資訊安全及電腦輔助工程雙碩士。
• 『WiFi Hacking! 無線網路駭客攻防戰』一書作者。
• 目前為國際資訊安全公司資深技術顧問。
• 曾任職資訊公司亞太區資深資安顧問。主要領域為資安防護規劃、風險管理與弱點評估、攻擊與滲透測試，以及無線網路安全，並且也曾擔任Foundstone Ultimate Hacking 講師，於亞太區六個國家十餘個城市開課。