MAC 地址绑定攻击

一、MAC绑定

管理员误以为MAC绑定是一种安全机制

限制可以关联的客户端MAC地址

准备AP

  • AP基本配置
  • 开启无线过滤

修改MAC地址绕过过滤

二、演示

 1、路由器限制

2、网卡修改MAC并接入WiFi

复制代码
┌──(root💀kali)-[/home/kali]
└─# iwconfig         
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short  long limit:2   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

┌──(root💀kali)-[/home/kali]
└─# ifconfig wlan0 down                                                               1 ⨯
                                                                                          
┌──(root💀kali)-[/home/kali]
└─# macchanger -m 7A:56:70:E8:D4:3E  wlan0      #7A:……:3E 地址的获取,可通过 airodump-ng wlan0mon 侦听推测允许连接的 MAC 地址
Current MAC:   1c:bf:ce:3b:5f:be (unknown)
Permanent MAC: 1c:bf:ce:3b:5f:be (unknown)
New MAC:       7a:56:70:e8:d4:3e (unknown)
                                                                                          
┌──(root💀kali)-[/home/kali]
└─# ifconfig wlan0 up                                                                                                            
                                                                                          
┌──(root💀kali)-[/home/kali]
└─# ifconfig         
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.135  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fe80::20c:29ff:fee1:6677  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:e1:66:77  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 2778 (2.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 71  bytes 6768 (6.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8  bytes 400 (400.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 400 (400.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.105  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::68eb:d6e0:4201:e552  prefixlen 64  scopeid 0x20<link>
        ether 7a:56:70:e8:d4:3e  txqueuelen 1000  (Ethernet)     #注意MAC地址,由于当前与AP相连的设备有两个MAC相同的STA,所以在AP传信息给STA时会有丢包的情况(发给另一个相同MAC的STA了)
        RX packets 165  bytes 28960 (28.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 81  bytes 10301 (10.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
                                                                                          
┌──(root💀kali)-[/home/kali]
└─# ping www.baidu.com
PING www.a.shifen.com (36.152.44.96) 56(84) bytes of data.
64 bytes from 36.152.44.96 (36.152.44.96): icmp_seq=1 ttl=128 time=4.06 ms
64 bytes from 36.152.44.96 (36.152.44.96): icmp_seq=2 ttl=128 time=5.52 ms
复制代码
posted @   z9m8r8  阅读(209)  评论(0编辑  收藏  举报
编辑推荐:
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛