AWUS036ACH，似乎不再注入数据包

Question

我使用的是 MacBook Pro 2018 并使用以下方法安装了 AWUS036ACH Wifi 驱动程序：

apt-get update
apt-get install realtek-rtl88xxau--dkms

我再次运行操作系统并重新连接我的设备（由于雷电插座，我使用 USB 集线器）并运行了一系列测试。

它似乎工作了一秒钟，注射了，然后灯熄灭了，从那以后它就停止工作了。

我看到它仍然连接，但它似乎不再注入数据包。

    root@kali:~# iwconfig

wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.



root@kali:~# airmon-ng check kill

Killing these processes:

  PID Name
  706 wpa_supplicant



root@kali:~# airmon-ng start wlan0


PHY Interface   Driver      Chipset

phy0    wlan0       88XXau      Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac WLAN Adapter
 (monitor mode enabled)



root@kali:~# iwconfig

wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.457 GHz  Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.


root@kali:~# aireplay-ng -9 wlan0

19:25:43  Trying broadcast probe requests...
19:25:44  Injection is working!
19:25:45  Found 1 AP 

19:25:45  Trying directed probe requests...
19:25:45  A0:04:60:1E:42:B3 - channel: 9 - 'SLOWWOLFJACK'
19:25:46  Ping (min/avg/max): 1.777ms/6.663ms/22.185ms Power: -40.46
19:25:46  26/30:  86%

root@kali:~# airodump-ng wlan   CH 13 ][ Elapsed: 6 s ][ 2019-03-02 19:26                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 CH 12 ][ Elapsed: 1 min ][ 2019-03-02 19:27                                                       

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSIDAR21                

 A0:04:60:1E:42:B3  -41       64       17    0   9  720  WPA2 CCMP   PSK  SLOWWOLFJACK             
 CC:40:D0:7F:D0:C2  -44      102      104    0   4  195  WPA2 CCMP   PSK  NETGEAR21                
                                                                                                    BSSID              STATION            PWR   Rate    Lost    Frames  Probe                        
                                                                                                    (not associated)   30:8C:FB:05:9E:F6  -33    0 - 1      0        4  NETGEAR21                     
 (not associated)   7C:2E:BD:62:F9:52  -35    0 - 1      0       27  NETGEAR21                      (not associated)   00:00:48:60:CC:77  -41    0 - 1     48       79  NETGEAR77                     
 CC:40:D0:7F:D0:C2  8C:85:90:34:72:10    0    0e- 0e   980       87  NETGEAR21                     
 CC:40:D0:7F:D0:C2  2C:AA:8E:09:BA:AA  -39    0e- 1      3       14                                
 CC:40:D0:7F:D0:C2  64:EB:8C:7B:D4:D7  -45    0 -24      0        3                                
 CC:40:D0:7F:D0:C2  74:81:14:A5:EE:E0  -54    1e-24      0        2                                
 CC:40:D0:7F:D0:C2  2C:AA:8E:09:1A:C1  -55    0e- 1e     0       17                                

root@kali:~# aireplay-ng -9 wlan0
19:27:13  Trying broadcast probe requests...
19:27:15  No Answer...
19:27:15  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:18  Trying broadcast probe requests...
19:27:20  No Answer...
19:27:20  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:21  Trying broadcast probe requests...
19:27:23  No Answer...
19:27:23  Found 0 APs

root@kali:~# aireplay-ng -9 wlan0
19:27:23  Trying broadcast probe requests...
19:27:25  No Answer...
19:27:25  Found 0 APs

root@kali:~# iwconfig

    wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.467 GHz  Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

lo        no wireless extensions.

eth0      no wireless extensions.

Answer 1

您首先向我们展示了这种无线芯片组能够注入数据包。唉，我敢打赌，如果这个过程被逐字重复（不容易），它的行为方式也会一样。

我认为那么问题应该更多的是“为什么它在使用后停止注入数据包airodump”？（而不是“Wifi 无法正常工作”……很抱歉为了表达观点而鞭打死马，但请继续阅读）

众所周知，在监控模式下使用 Alfa AWUS036ACH WiFi 芯片组时，必须手动更改 WiFi 频道。

因此，在此会话中，从iwconfig输出中，您开始收听频道 10 (2.457 GHz)。

要么缺少步骤，要么检测到通道 9 中的 BSSID/接入点，因为通道 9 与通道 10 的范围重叠，因此第一个aireplay成功。

在下一步中，airodump使用更改了频道（多次），并在退出时离开，wlan0监控频道 12 (2.467 GHz)。

随后，aireplay注入测试不再起作用，因为您附近没有在信道 12 上工作的 AP。

这可以通过消息“找到 0 个 AP”和您的airodump输出（看到 2 个 AP，通道 9 和 4）得到双重确认。

TLDR 当处于监控模式时，airodump被编码用于改变它自己的频道以进行扫描。反之，使用AWUS036ACH芯片组时，在使用前aireplay，需要手动将Wifi芯片组中的频道更改为有AP的频道。

我还有一个脚本可以在 Ubuntu 论坛中更改监控模式的频道无法更改 wlan0 固定频道

#!/bin/bash
# this script is to change the channel of the wireless card to the one specified, then puts it in monitor mode.
# make sure you uncheck enable wireless in nm-applet before continuing (this script will have no effect otherwise)
# note that if you are using airmon-ng you may want to manually remove all of the monitor devices it has created. (you don't need them)
# to do this run "airmon-ng stop mon0" and if you had more then run "airmon-ng stop mon1" etc.

# this script has undefined consequences if the commands fail (no error checking)
# it would be good idea to run each of the commands listed here separately to make sure they all work before making use of this script
# note that this is just sequence of commands which I would normally run manually on my system, they may not work on yours.
# also you need to run the script as root

#change this to the interface you wish to change
IFACE="wlan0"

ifconfig $IFACE down
iwconfig $IFACE mode managed
ifconfig $IFACE up
iwconfig $IFACE channel $@
ifconfig $IFACE down
iwconfig $IFACE mode monitor
ifconfig $IFACE up

PS 我建议不要 (ab) 使用工具而不尝试了解它们在做什么。

使用 20Mhz 频道时的 PPS 2.4GHz Wifi 频谱标准频道分配。