Affichage des articles dont le libellé est wireless. Afficher tous les articles

WPA WPA2 Phishing Tool: Linset

Linset is not a social engineering tool that is used to hack without bruteforce; it requires only two programs that are lighttpd and php5-cgi.

apt-get install lighttpd

apt-get install php5-cgi

After you unzip the download, place the linset folder found in the download into root. This folder contains a php file, a backup php and an alldata.txt. You cannot change the name of the linset folder or place it in another location unless you change the bash coding.

How it works

• Scan the networks.
• Select network.
• Capture handshake (can be used without handshake).
• We choose one of several web interfaces tailored for me (thanks to the collaboration of the users).
• Mounts one FakeAP imitating the original.
• A DHCP server is created on FakeAP.
• It creates a DNS server to redirect all requests to the Host.
• The web server with the selected interface is launched.
• The mechanism is launched to check the validity of the passwords that will be introduced.
• It de-authenticate all users of the network, hoping to connect to FakeAP and enter the password.
• The attack will stop after the correct password checking.

How to Use

$ git clone https://github.com/chunkingz/linsetmv1-2.git

$ cd linsetmv1-2

$ chmod a+x linsetmv1-2

$ mv linset /

$ ./linsetmv1-2

Download

Download Now

by Malik korrich ~ mardi 27 septembre 2016 0 commentaires

Auto Reaver - multiple Access Point Attack using Reaver

This is bash script which provides multiple access point attack using reaver and BSSIDs list from a text file.

If processed AP reaches rate limit, script goes to another from the list, and so forth.

HOW IT WORKS ?

Script takes AP targets list from text file in following format

BSSID CHANNEL ESSID
For example:

AA:BB:CC:DD:EE:FF 1 MyWlan 
00:BB:CC:DD:EE:FF 13 TpLink 
00:22:33:DD:EE:FF 13 MyHomeSSID

And then following steps are being processed:

Every line of list file is checked separately in for loop
After every AP on the list once, script automatically changes MAC address of your card to random MAC using macchanger (you can also setup your own MAC if you need),
Whole list is checked again and again, in endless while loop, until there is nothing to check loop is stopped,
Found PINS/WPA PASSPHRASES are stored in {CRACKED_LIST_FILE_PATH} file.

REQUIREMENTS

Wireless adapter which supports injection (see [https://code.google.com/p/reaver-wps/wiki/SupportedWirelessDrivers Reaver Wiki])
Linux Backtrack 5
Root access on your system (otherwise some things may not work)
AND if you use other Linux distribution*
- Reaver 1.4 (I didn't try it with previous versions)
- KDE (unless you'll change 'konsole' invocations to 'screen', 'gnome-terminal' or something like that... this is easy)
- Gawk (Gnu AWK)
- Macchanger
- Airmon-ng, Airodump-ng, Aireplay-ng
- Wash (WPS Service Scanner)
- Perl

USAGE EXAMPLE

First you have to download lastest version

git clone https://code.google.com/p/auto-reaver/

Go to auto-reaver directory

cd ./auto-reaver

Make sure that scripts have x permissions for your user, if not run

chmod 700 ./washAutoReaver chmod 700 ./autoReaver

Run wash scanner to make a formatted list of Access Points with WPS service enabled
./washAutoReaverList > myAPTargets

Wait for 1-2 minutes for wash to collect APs, and hit CTRL+C to kill the script. Check if any APs were detected

cat ./myAPTargets

If there are targets in myAPTargets file, you can proceed attack, with following command:

./autoReaver myAPTargets

ADDITIONAL TOOLS

In auto-reaver directory you can find additional tools:

washAutoReaverList

Script that will scan network using wash, to search for Access points with WPS service enabled, and generate auto-reaver formatted list like:

AA:BB:CC:DD:EE:FF 1 MyWlan 00:BB:CC:DD:EE:FF 13 TpLink 00:22:33:DD:EE:FF 13 MyHomeSSID

Important: You can always block AP checking by simply adding # sign before each line, as follows:

# 00:22:33:DD:EE:FF 13 MyHomeSSID

so MyHomeSSID will be skipped during list check.

showPinDates

Script shows last PIN attempt dates for the certain BSSID
It depends on PIN_DATE_TMP_DIR variable (see configuration section), from configurationSettings file.
You can use this tool to adjust setting of LIMIT_WAIT_MINUTES, it should help you discover, for how long certain AP is blocked during AP rate limit.
Using:

./showPinDates [BSSID] [OPTIONS]

Example:

./showPinDates AA:BB:CC:DD:EE:FF

Example output:

2014-06-26 06:06:54 2014-06-26 08:06:09 2014-06-26 13:06:08 2014-06-26 14:06:06 2014-06-26 15:06:10

You can use additional options for grouping PIN dates:
Example:

./showPinDates AA:BB:CC:DD:EE:FF --group-by-day

Outputs:

Grouping PINs by day 2014-06-23: 24 PINs 2014-06-29: 20 PINs 2014-06-30: 51 PINs

Options available:
--group-by-day - Grouping PIN dates, by day and shows PIN count of each day
--group-by-hour - Grouping PIN hours, by day+hour and shows PIN count of each day+hour

Download & Learn More

by Malik korrich ~ jeudi 14 mai 2015 0 commentaires

EvilAP Defender: Protect Wireless Network from Evil Access Points!

EvilAP_Defender is an application that helps wireless network administrator to discover and prevent Evil Access Points (AP) from attacking wireless users.

The application can be run in regular intervals to protect your wireless network from Evil Twin like attacks.

By configuring the tool you can get notifications sent to your email whenever an evil access point is discovered.

Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react.
However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network.

The tool is able to discover evil APs using one of the following characteristics:

Evil AP with a different BSSID address
Evil AP with the same BSSID as the legitimate AP but a different attribute (including: channel, cipher, privacy protocol, and authentication)
Evil AP with the same BSSID and attributes as the legitimate AP but different tagged parameter - mainly different OUI (tagged parameters are additional values sent along with the beacon frame. Currently no software based AP gives the ability to change these values. Generally software based APs are so poor in this area).

Whenever an Evil AP is discovered the tool will alert the admin through email (SMS will be supported soon). Additionally the tool will enter into preventive mode in which the tool will DoS the discovered Evil AP.

The tool can be configured easily by starting in what we call “Learning Mode”. In this mode you can whitelist your legitimate network. This can be done by following the wizards during the Learning Mode. You can also configure the preventive mode and admin notification from there as well.
Finally, you need to change into Normal Mode or re-run the tool in this mode in order to start discovering Evil APs.

Requirements:

- Aircrack-ng suite
- Your wireless card must be supported by Aircrack-ng. Check the following URL
- MySQL
- Python

Learning Mode:

This Mode can be invoked with the “-L” switch. When running the tool in this mode the tool will start by scanning for the available wireless networks. Then it lists all the found wireless networks with whitelisted APs colored with green. It also lists the whitelist APs and OUIs (tagged parameters).
The tool also provides several options which allow you to add/remove SSIDs into/from whitelist. You need to whitelist your SSID first before running the tool in the Normal Mode. Moreover, you can configure Preventive Mode from “Update options -> Configure Preventive Mode”. First you need to set the Deauthentication time (in seconds) into a number bigger than 0 (setting the value to 0 will disable this mode).

Then you need to set the number of time to repeat the attack. This is so important for attacking more than Evil AP because the tool cannot attack all of them in the same time (how can you attack several APs on different channels? Later on we will improve the tool and allow it to attack (in the same time) several APs in the same channel).

The tool will attack the first Evil AP for specified deauthentication time then it will stop and attack the second one and so on. Be careful from increasing the Deatuth time so much because this may attack only one AP and leaving the others running. My recommendation is to set the Deauth time to something suitable such as 10 seconds and increasing the repeat time.

Finally, you can configure admin notification by setting admin email, SMPT server address, SMTP username (complete email address) for authentication purpose, and SMTP password. You can use any account on Gmail or your internal SMTP server account.

Normal Mode:

This is the mode in which the tool starts to discover Evil APs and notify the administrator whenever one is discovered. This mode can be invoked by “-N” switch.

Download and read more at

by Malik korrich ~ jeudi 30 avril 2015 0 commentaires

Use Software Defined Radio to Hack Wireless World

Ever wanted to spoof a restaurant's pager system? How about use an airport's Primary Surveillance RADAR to build your own bistatic RADAR system and track moving objects? What sorts of RF transactions take place in RFID systems, such as toll booths, building security and vehicular keyless entry? Then there's 'printing' steganographic images onto the radio spectrum.

"Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur - widely deployed and often vulnerable. If you have ever wondered what sort of information is buzzing around you, this talk will introduce how you can dominate the RF spectrum by 'blindly' analysing any signal, and then begin reverse engineering it from the physical layer up. I will demonstrate how these techniques can be applied to dissect and hack RF communications systems, such as those above, using open source software and cheap radio hardware. In addition, I'll show how long-term radio data gathering can be used to crack poorly-implemented encryption schemes, such as the Radio Data Service's Traffic Message Channel.If you have any SDR equipment, bring it along!" - Balint Seeber at Blackhat conference.

by Malik korrich ~ lundi 16 mars 2015 0 commentaires

WiFi Penetration Testing Tools

WiFi or wireless penetration testing is an important aspect of any security audit project, organizations are facing serious threats from their insecure WiFi network. A compromised wifi puts the entire network at risks. Consider the recent darkhotel attack, where the top business executives were the target and the attacker were targeting them by hacking into the insecure hotel WiFI network. The moral of the story is that, “the organizations should include a WiFi penetration testing process in their regular security procedure”.

There is the little difference between a network vulnerability assessment tool and WiFi vulnerability scanners, so here is the quick list of the tools that could be very useful while performing WiFi penetration testing.

Aircrack-ng

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.

Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.

Netstumbler

Netstumbler is the best known Windows tool for finding open wireless access points ("wardriving"). They also distribute a WinCE version for PDAs and such named MiniStumbler. The tool is currently free but Windows-only and no source code is provided. It uses a more active approach to finding WAPs than passive sniffers such as Kismet or KisMAC.

InSSIDer

inSSIDer is a wireless network scanner for Windows, OS X, and Android. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records.

KisMAC

This popular wireless stumbler for Mac OS X offers many of the features of its namesake Kismet, though the codebase is entirely different. Unlike console-based Kismet, KisMACoffers a pretty GUI and was around before Kismet was ported to OS X. It also offers mapping, Pcap-format import and logging, and even some decryption and deauthentication attacks.

Bonus Tools

Kali Linux the successor of backtrack linux has most of the tools configured already but if you need to configure the additional tools then it could be done easily. Beyond the tools mentioned above, we have some important and relevant tools that should be mentioned, so here we go:

Reaver-WPS

Reaver performs a brute force attack against an access point's WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP's wireless settings can be reconfigured.

Fern WiFi Cracker

Fern wifi crackeris a wireless security auditing application that is written in python and uses python-qt4. This application uses the aircrack-ng suite of tools.

If your favorite tool is not given above, then let us know with a reason to add it to the list :)

by Malik korrich ~ lundi 17 novembre 2014 0 commentaires

Hack an Isolated Computer - No Internet Connection Required

A proof-of-concept idea, which allows a person to send and receive data from a machine that has been kept completely isolated from the internet has been developed by researchers at the Ben Gurion University in Israel. This technique sends information from the machine to a mobile device, specially set up for this activity and later transfers that data to the outside world using normal modes of communications like internet/sms etc.

"With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter. This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation," the experts wrote in a paper published on Wednesday.

The attack has four main steps: getting the piece of malware onto the isolated computer, installing malicious code on one or more mobile phones, setting up a command and control (C&C) channel with the infected mobile device, and transmitting signals emanated by the isolated computer back to the attacker.

The malware that's installed on the mobile phone uses the device's FM radio receiver to pick up signals, which have been modulated with sensitive information, sent by the malware on the isolated computer through the monitor's cable. Once the data is sent to the phone, it can be forwarded to the attackers via the Internet or SMS messages.

AirHopper demonstrates how textual and binary data can be exfiltrated from physically a isolated computer to mobile phones at a distance of 1-7 meters, with effective bandwidth of 13-60 Bps (Bytes per second). Enough to steal your secret password.

by Malik korrich ~ samedi 1 novembre 2014 0 commentaires

iSniff GPS WiFi Sniffing Tool

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks.

iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks. iSniff GPS captures these ARPs and submits MAC addresses to Apple's WiFi location service (masquerading as an iOS device) to obtain GPS coordinates for a given BSSID. If only SSID probes have been captured for a particular device, iSniff GPS can query network names on wigle.net and visualise possible locations.

By geo-locating multiple SSIDs and WiFi router MAC addresses, it is possible to determine where a device (and by implication its owner) is likely to have been.

Below: Visualisation of WiFi router locations in Melbourne, AU returned by Apple Location Services

Dependencies

iSniff GPS was developed and tested on a Ubuntu 12.04 (32-bit) VM with Python 2.7.3, Django 1.5.4 and Scapy 2.2.0-dev. See requirements.txt for additional python modules required.

Components

iSniff GPS contains 2 major components and further python modules:

iSniff_import.py uses Scapy to extract data from a live capture or pcap file and inserts it into a database (iSniff_GPS.sqlite3 by default).
A Django web application provides a browser-based interface to view and analyse the data collected. This includes views of all detected devices and the SSIDs / BSSIDs each has probed for, a view by network, Google Maps views for visualising possible locations of a given BSSID or SSID, and a pie chart view showing a breakdown of the most popular device manufacturers based on client MAC address Ethernet OUIs.
wloc.py provides a QueryBSSID() function which looks up a given BSSID (AP MAC address) on Apple's WiFi location service. It will return the coordinates of the MAC queried for and usually an additional 400 nearby BSSIDs and their coordinates.
wigle.py provides a getLocation() function for querying a given SSID on the wigle.net database and returns GPS coordinates. It must be configured with a valid wigle.net auth cookie. Please respect the wigle.net ToS in using this module.

Download & Read More

by Malik korrich ~ jeudi 9 octobre 2014 0 commentaires

Hacking WPS - SILICA Wireless Assessments

Understanding the vulnerabilities of your WiFi network can be challenging as users can easily create networks on demand, or even perhaps unintentionally. But as recent events have demonstrated, scanning your WiFi network is an important part of understanding your security posture.

Most vulnerability assessment tools simply take their current network scanners and point them at the wireless infrastructure. This approach does not give you the information that is unique to wireless networks. Immunity has built the first automated, WiFispecific, vulnerability assessment and penetration tool.

Unlike traditional scanners that merely identify possible vulnerabilities, SILICA determines the true risk of a particular access point. SILICA does this by unintrusively leveraging vulnerabilities and determining what assets behind the vulnerable access point can be compromised.

Additionally while traditional scanners can enumerate the vulnerabilities of a particular target, they cannot evaluate whether a mitigating control is in place on the target or in the surrounding environ- ment. With SILICA’s unique methodology it can report on whether vulnerability can be successfully exploited.

More than simple scanning, the benefits of using SILICA include:

1) Improved security posture
2) Simplified trouble shooting
3) Network mapping
4) Create real threat profiles and vulnerability assessments
5) Build WiFi risk and vulnerability analysis for PCI, SOX
6) Rogue access point detection
7) Auditing wireless client security

Download the framework

Attacking WPS

Alternate

Source & Read more

by Malik korrich ~ mardi 7 octobre 2014 0 commentaires

Wireless Auditing, Intrusion Detection & Prevention System

WAIDPS is an open source wireless swissknife written in Python and work on Linux environment. This is a multipurpose tools designed for audit (penetration testing) networks, detect wireless intrusion (WEP/WPA/WPS attacks) and also intrusion prevention (stopping station from associating to access point). Apart from these, it will harvest all WiFi information in the surrounding and store in databases. This will be useful when it comes to auditing a network if the access point is ‘MAC filtered’ or ‘hidden SSID’ and there isn’t any existing client at that moment.

WAIDS may be useful to penetration testers, wireless trainers, law enforcement agencies and those who is interested to know more about wireless auditing and protection. The primarily purpose for this script is to detect intrusion. Once wireless detect is found, it display on screen and also log to file on the attack. Additional features are added to current script where previous WIDS does not have are :

· automatically save the attack packets into a file

· interactive mode where users are allow to perform many functions

· allow user to analyse captured packets

· load previously saved pcap file or any other pcap file to be examine

· customizing filters

· customize detection threshold (sensitivity of IDS in detection)

At present, WAIDS is able to detect the following wireless attacks and will subsequently add other detection found in the previous WIDS.

· Association / Authentication flooding

· Detect mass deauthentication which may indicate a possible WPA attack for handshake

· Detect possible WEP attack using the ARP request replay method

· Detect possible WEP attack using chopchop method

· Detect possible WPS pin bruteforce attack by Reaver, Bully, etc.

· Detection of Evil-Twin

· Detection of Rogue Access Point

The whole structure of the Wireless Auditing, Intrusion Detection & Prevention System will comprise of

Harvesting WiFi Information [Done]

Intrusion Detection [Partially Done]

Intrusion Prevention [Partially Done]

Auditing (Testing network) [Coming Soon]

Other additional item include analyzing of packets, display of captured dump, display network barchart and much more.

Tutorial & Source
Download

by Malik korrich ~ lundi 11 août 2014 0 commentaires

Evil Twin Tutorial

Prerequisites

You will also need to install a tool (bridge utils) which doesn't come pre-installed in Kali. No big deal-

apt-get install bridge-utils

Objectives

The whole process can be broken down into the following steps-

Finding out about the access point (AP) you want to imitate, and then actually imitating it (i.e. creating another access point with the same SSID and everything). We'll use airmon-ng for finding necessary info about the network, and airbase-ng to create it's twin.
Forcing the client to disconnect from the real AP and connecting to yours. We'll use aireplay-ng to deauthenticate the client, and strong signal strength to make it connect to our network.
Making sure the client doesn't notice that he connected to a fake AP. That basically means that we have to provide internet access to our client after he has connected to the fake wireless network. For that we will need to have internet access ourselves, which can be routed to out client.
Have fun - monitor traffic from the client, maybe hack into his computer using metasploit.

PS: The first 3 are primary objectives, the last one is optional and not a part of evil twin attack as such. It is rather a man in the middle attack. Picture credits : firewalls.com

Information Gathering - airmon-ng

To see available wireless interfaces-

iwconfig

To start monitor mode on the available wireless interface (say wlan0)-

airmon-ng start wlan0

To capture packets from the air on monitor mode interface (mon0)

airodump-ng mon0

After about 30-40 seconds, press ctrl+c and leave the terminal as is. Open a new terminal.

Creating the twin

Now we will use airbase-ng to create the twin network of one of the networks that showed up in the airodump-ng list. Remember, you need to have a client connected to the network (this client will be forced to disconnect from that network and connect to ours), so choose the network accordingly. Now after you have selected the network, take a note of it's ESSID and BSSID. Replace them in given code-

airbase-ng -a --essid -c

If you face any problems, a shorter code will be-

airbase-ng --essid mon0

Remove the angular brackets (< & >) and choose any channel that you want. Also, the BSSID can be randomly selected too, and doesn't have to match with the target. The interface would be mon0 (or whatever is the card you want to use) . The only thing identical about the twins has to be their ESSIDs (which is the name of the network). However, it is better to keep all parameters same to make it look more real. After you are done entering the parameters and running the command, you'll see that airbase turned your wireless adapter into an access point.
Note : We will need to provide internet access to our client at a later stage. Make sure you have a method of connecting to the net other than wireless internet, because your card will be busy acting like an AP, and won't be able to provide you with internet connectivity. So, either you need another card, or broadband/ADSL/3G/4G/2G internet.

Man in the middle attack : Pic Credits: owasp.net

Telling the client to get lost

Now we have to ask the client to disconnect from that AP. Our twin won't work if the client is connected to the other network. We need to force it to disconnect from the real network and connect to the twin.

For this, the first part is to force it to disconnect. Aireplay will do that for us-

aireplay-ng --deauth 0 -a mon0 --ignore-negative-one

The 0 species the time internal at which to send the deauth request. 0 means extremely fast, 1 would mean send a packet every 1 seconds, 2 would mean a packet every 2 seconds, and so on. If you keep it as 0, then your client would be disconnected in a matter of seconds, so fire up the command, and press ctrl+c after a few seconds only. Note that the deauth is sent on broadcast, so all the clients (not just one) connected to the network will disconnect. Disconnecting a specific client is also possible.

Not the real one, but why the fake one

Even after being disconnected from the real AP, the client may choose to keep trying to connect to the same AP a few more times, instead of trying to connect to ours. We need to make our AP stand out, and for that, we need more signal strength. There are 2 ways to do that-

Physically move closer to the client.
Power up your wireless card to transmit at more power.

The latter can be done with the following command -

iwconfig wlan0 txpower 27

Here 27 is the transmission power in dBm. Some cards can't transmit at high power, and some can transmit at extremely high power. Alfa cards usually support upto 30dBm, but many countries don't allow the card to transmit at such powers. Try changing 27 to 30 and you'll see what I mean. In Bolivia, however, you can transmit at 30dBm, and by changing the regulatory domain, we can overcome the power limitation.

iw reg set BO

iwconfig wlan0 txpower 30

It is strongly advised to not break laws as the transmission limits are there for a reason, and very high power can be harmful to health (I have no experimental evidence). Nevertheless, the client should connect to you if your signal strength is stronger than that you the real twin.

Note : If you are unable to get your client to connect to you, there is another option. You can leave him with no options. If you keep transmitting the deauth packets continuously (i.e. don't press ctrl+c after the client has disconnected), he will have no choice but to connect to you. However, this is quite an unstable situation, and the client will go back to the real twin as soon as it gets the chance.

Give the fake AP internet access

Now we need to provide internet access to the fake AP. This can be done in various ways. In this tutorial, we will consider that we have an interface x0 which has internet connectivity. Now, if you are connected to net via wireless, replace x0 with wlan1 or wlan0, a 3G modem will show up as ppp0. Nevertheless, you just have to know which interface is providing you with internet, and you can route the internet access to your client.

Interfaces

x0 - This has internet access
at0 - This is create by airbase-ng (wired face of the wireless access point). If you can somehow give internet access to at0, then the clients connected to your fake wireless network can connect to the net.
evil - This is an interface that we will create, whose job will be to actually bridge the networks.

Creating evil

We will use Bridge control utility provided by Kali, brctl. Execute the following code-

brctl addbr evil

This will create the bridge. Now we have to specify which two interfaces have to be bridged-

brctl addif evil x0

brctl addif evil at0

We can assign an IP to the interfaces and bring them up using-

ifconfig x0 0.0.0.0 up

ifconfig at0 0.0.0.0 up

Also bring up the evil interface (the interfaces aren't always up by default so we have to do this many times)

ifconfig evil up

Now to auto configure all the complicated DHCP settings, we'll use dhclient

dhclient3 evil &

Finally, all the configurations have been completed. You can execute ifconfig and see the results, which will show you all the interfaces you have created.
Officially, the evil twin attack is complete. The client is now connected to your fake network, and can use the internet pretty easily. He will not have any way to find out what went wrong. However, the last objective remains.

Have fun

Now that the client is using the internet via our evil interface, we can do some evil stuff. This actually comes under a Man In The Middle attack (MITM), and I'll write a detailed tutorial for it later. However, for the time being, I will give you some idea what you can do.

Sniffing using Wireshark

Now all the packets that go from the user to the internet pass through out evil interface, and these packets can be monitored via wireshark. I won't teach you how to use it here, since it is a GUI tool. You can take a look at their website to get an idea on how to use wireshark. Pic credits: The picture on the right has been directly taken from their website.

http://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html

Special Thanks

Matthew Bernard for his useful comment with some tips and a number of corrections http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html?showComment=1406591245609#c5539483407421385761
The screenshots have also been taken by him and provided to me for usage (I would love to see more helpful visitors like him).

by Malik korrich ~ lundi 14 juillet 2014 0 commentaires

Wireless Network Monitor & Analyzer

CommView for WiFi is a powerful wireless network monitor and analyzer for 802.11 a/b/g/n/ac networks. Loaded with many user-friendly features, CommView for WiFi combines performance and flexibility with an ease of use unmatched in the industry.

CommView for WiFi captures every packet on the air to display important information such as the list of access points and stations, per-node and per-channel statistics, signal strength, a list of packets and network connections, protocol distribution charts, etc. By providing this information, CommView for WiFi can help you view and examine packets, pinpoint network problems, and troubleshoot software and hardware.

CommView for WiFi includes a VoIP module for in-depth analysis, recording, and playback of SIP and H.323 voice communications.

Packets can be decrypted utilizing user-definedWEP or WPA-PSK keys and are decoded down to the lowest layer. With over 70 supported protocols, this network analyzer allows you to see every detail of a captured packet using a convenient tree-like structure to display protocol layers and packet headers. Additionally, the product provides an open interface for plugging in custom decoding modules.

What you can do with CommView for WiFi

· Scan the air for WiFi stations and access points.
· Capture 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac WLAN traffic.
· Specify WEP or WPA keys to decrypt encrypted packets.
· View detailed per-node and per-channel statistics.
· View detailed IP connections statistics: IP addresses, ports, sessions, etc.
· Reconstruct TCP sessions.
· Configure alarms that can notify you about important events, such as suspicious packets, high bandwidth utilization, unknown addresses, rogue access points, etc.
· View protocol "pie" charts.
· Monitor bandwidth utilization.
· Browse captured and decoded packets in real time.
· Search for strings or hex data in captured packet contents.
· Log individual or all packets to files.
· Load and view capture files offline.
· Import and export packets in Sniffer®, EtherPeek™, AiroPeek™, Observer®, NetMon, Tcpdump, hex, and text formats.

You can download evaluation versions of our products and try them for 30 days

Source

by Malik korrich ~ mardi 1 avril 2014 0 commentaires

Xiaopan OS Wireless Pentesting Distribution

http://www.ehacking.net/2014/02/xiaopan-os-wireless-pentesting.html

Xiaopan OS is an easy to use security and penetration testing with a collection of wireless security and forensics tools. It includes a number of advanced tools for network administrators, security professionals and home users to test the strength of their wireless networks and eliminate any vulnerabilities.

Based on the Tiny Core Linux (TCL) operating system (OS), it has a slick graphical user interface (GUI) requiring no need for typing Linux commands. Xiaopan OS is Windows, Mac and Linux compatible and users can simply install and boot this ~70mb OS through a USB pen drive or in a virtual machine (VM) environment.

Some of the tools included are Inflator, Aircrack-ng, Minidwep GTK, XFE, wifite and feeding bottle. Supported cards include RTL8187L, RT3070, AR9271 and many more.

Features

Run in Parallels Desktop / VMware / VirtualBox
Compatible with Yumi Boot / LiLi USB Creator
Run on Live CD
Packages include: Minidwep, Aircrack, Inflator, Reaver, Feeding Bottle, Wifite
70mb ISO
Based on TinyCore Linux
Recommended minimum requirements: Pentium 2 or better, 128mb of ram + some swap
Recommended: Wireless USB card that supports monitor mode and injection
Windows / Linux / Mac Compatible

Download

by Malik korrich ~ mardi 11 février 2014 0 commentaires

FruityWifi Wireless Network Auditing Tool

http://www.ehacking.net/2013/12/fruitywifi-wireless-network-auditing.html

Wireless (a network without wire) is the mean of communication and it has successfully replaced the wired network; the objective of this article is not to discuss the pros and cons of it, nor we are going to discuss how it replaced wire network. But we will discuss a tool that has been created to perform an auditing of wireless network.

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, BugTraq, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi).

SCANNER MODULES

Hostapd Karma

URLsnarf

DNSspoof

Kismet

Squid (code injection capabilities)

SSLstrip (code injection capabilities)

nmap

FruityWifi Tutorial

The following tutorial has been created on Kali Linux, however you can follow the same technique on different distributions of Linux.

Get the shell script from the websiteand open any text editor paste it there and save it to name.sh

Now open the terminal and locate the directory where you have saved the shell script, run the script as given. The installation part can be done by the script itself, so you need not to worry about it.

Installation Process

After the installation part, Go to http://localhost/FruityWifi (https)

user: admin
pass: admin

Ethical Hacking via Wifi Hacking Android Apps

In a world where most people are almost frequently connected via the internet even when on the go, it’s easy to forget about security. The need to stay in constant communication with friends, family, or colleagues tends to overshadow the need for privacy and security. As such, many are still using public Wi-Fi networks despite the uncertain safety or questionable authenticity of such networks.

Home network users are also getting too complacent with their network’s security. Little do they know that even if their Wi-Fi network is password-protected, it can still be easily hacked and accessed by other willing internet users. The result is a number of security risks, such as having their personal usernames, passwords, and even online banking details obtained. For the entrepreneurs who are using VoIP apps like RingCentral as a way of virtually expanding their office, there’s the risk of exposing sensitive data and business contacts. Speed of internet connection also suffers because of other people trying to…that is to say, borrow their internet connection.

Ethical Hacking to Find Security Loopholes

In order to alert internet users (whether they’re corporate users or regular home network subscribers) about security breaches or loopholes in their Wi-Fi networks, computer or network experts are resorting to ethical hacking.

Ethical hacking is the “white hat” hacking of a security system with the owners’ knowledge for the purpose of tracing vulnerabilities that any “black hat”, or malicious hacker, can take advantage of. In other words, it’s the permitted process of checking weaknesses in a security or network system by trying to permeate the system as a real hacker would.

This practice started around the ‘70s when a group dubbed as the red team was used by the US government to test and hack its computer systems. Since then, ethical hacking has become a common practice even in the private and corporate sectors. Companies like IBM have their own teams of ethical hackers.

Ethical Hacking in the Smartphone Age

As the number of smartphone users has increased, so did the number of public Wi-Fi networks. Coffee shops, restaurants, hotels, and many other public places are offering free Wi-Fi connection as a means of luring customers in. The problem is, not all public Wi-Fi networks scanned or detected by mobile devices are legit. Some are actually fake networks. People behind such fake Wi-Fi networks only have one goal – to obtain private user information such as usernames, passwords, and bank details.

In addition to this, private Wi-Fi networks are becoming more susceptible to piggybacking, or the use of a Wi-Fi network without the owner’s knowledge or consent. While the idea of piggybacking may mean using another person’s internet connection, it doesn’t necessarily mean that there’s the involvement of hacking. Hacking another person’s Wi-Fi network to gain internet access, however, has become extremely possible these days.

As already mentioned, many home network users are clueless when it comes to their own network’s security. Thus, Wi-Fi hacking apps on smartphones like those available for Android users are becoming helpful tools to test vulnerabilities in a Wi-Fi network.

Examples of Wi-Fi Hacking Android Apps

If you’re an Android phone user, by simply typing the keyword Wi-Fi hack on the Google Play homepage, you’re given a wide variety of Wi-Fi hacking apps in the search results. Some of them are:

Wifi Hacker Plus This app lets you decrypt the password of a Wi-Fi network in your area. If you need to know the password or even disable it, this is the app to use.

Wifi Hacker Real This app can break a WPA, WEP, or WPA2 password. To use, just tap to launch the app, press the rescan button, choose a network, wait for the app to do its work, and the chosen network’s password is revealed.

Hackers Handbook Pro Its description on Google Play says that the app “is for educational purposes only” and is “designed for security testers”. It’s an app that gives step-by-step instructions on hacking.

Though these apps allow Android phone owners to hack other peoples’ Wi-Fi networks, it’s advised to use them only for testing purposes and not for any malicious activities. Should you want to use any of these apps, inform the owner’s network about it first and show them how vulnerable their network is.

Author’s Bio:

Henry Conrad is a 29-year-old game developer from Albuquerque, New Mexico. Aside from gaming and being a tech junky, he also dabbles in creative writing, which allows him to create great storylines and backgrounds for his characters. Follow me on Twitter and join me in Google+

by Malik korrich ~ lundi 4 mars 2013 0 commentaires

5 Steps to Secure Your Wireless Network

In this post, we will discuss 5 effective ways by which you can secure your wireless network and protect your system from hackers. Honestly speaking, securing your wireless network isn’t difficult at all. The main objective of securing wireless network is to restrict others from gaining unauthorized access to your system. Given below are 5 steps by which you can secure your wireless network.

Know how to organize your wireless router

One of the most essential things you need to know is how to manage your wireless router. That is, knowing how to manage your configuration settings. Most wireless router vendors use a standard address which you can type in the address bar of your web browser. The address looks something like this: http://192.163.4.1 or may be slightly different. The address differs from one vendor to another. You can find your vendor’s address by looking at the user’s manual that will be given to you at the purchase of the wireless router. If you’ve lost it, then you may either Google-search for your vendor’s user manual or contact your vendor’s customer care.

Secure your wireless router login with a secure password

By the end of step 1, you’ve probably figured out how to manage your wireless router. The next step is to keep a safe and secure password for your admin account. This will ensure that no hacker or external user can hack or break into your wireless network. For this, you need to go to the “Administrative settings” section where you will have the option to change your password. There is a built-in database where your default username and passwords are saved. Here you can find all the default login details of all brands of routers, modems, switches, and other equipments that are a part of your wireless home network – regardless of whether your network system is wired or wireless. The general location information is something like this: http://www.cirt.net/pswds. Change your default login id and password to a strong and secure one.

Modify your SSID and disable the SSID broadcast

If you are not aware, the SSID is nothing but the default name given to your wireless router. The general SSID would be the word “default” or “your brand name” (e.g. Linksys). Changing your SSID will not only make your wireless network more safe and secure but will also restrict neighboring sources from knowing which network you are currently connected to. By changing your SSID name, you are making your wireless network completely yours and blocking all other sources from gaining entry into your network.

Switching off or disabling your SSID broadcast is another great idea to make your network much more secure and stronger. Also by disabling the SSID, you don’t have to worry about remembering the name of your network each time you login. Switching off your SSID broadcast makes it easy for the equipments in the network to be accessible to each other within a given range while going invisible to people outside the network.

Limit the number of login attempts

By limiting the number of user addresses or login attempts, you are allowing a very bleak chance for the hackers to try and crack your system – it’s highly unlikely though. Already enough security measure4s have been taken and this one is just to shield them.

Get assistance from the big boys

If your information is highly confidential and is worth a ton, then consider having a wireless hardware security system in place. For example, AirDefense is one such server application that intends to connect to the security sensors located near your access points. Systems like these ensure that your wireless network is completely safe from hackers, but they aren’t cheap – the price for these applications ranges from $10,000 to $100,000, depending on the number and type of sensors that you need.

About the Author:

This guest post is brought to you by Sandy Coops of cabletimenc.com, a site that offers savings and current information on time warner cable nc.

by Malik korrich ~ lundi 4 février 2013 0 commentaires

How to Secure your Computer When Using a Public Network

Most operating systems come with in-built firewalls and safeguards with their default setting turned on. Yet, there are increasing incidents of hackers obtaining sensitive information of web users. Today most critical activities like bank-to-bank funds transfer, shopping, mail, social networking, etc. are all carried out on public Wi-Fi connections and shared platforms.

Routers have their in-built firewalls but that doesn’t mean they can protect your information at all times. The data may reach a Wi-Fi hotspot that is not encrypted, which becomes which becomes a hacker’s paradise. But with just a few tweaks and adjustments you can strengthen the firewall and protect your data from potential hackers, as well as harmful viruses, trojans, etc. The first step towards better security is to have a network connection that is password protected. Now you can add some advanced safeguards to improve security.

Add muscle to the Firewall

You can configure your system settings to increase the security level of your firewalls. Other simple precautions to protect your personal and organizational information will also help to safeguard data. These basic measures will add muscle to your PC protector:

Turning on Firewall: In the system security option under Control Panel, first check whether your Firewall is turned on. It is best not to turn off the Firewall even when you are logging off and will be offline.

Install original anti-virus: Buy original anti-virus and install it on your computer instead of cutting costs and getting a pirated copy from your agent. The original will be automatically updated and protect your PC against new malware. If you have Windows 8, you can get free downloads from Microsoft that provide essential and additional protection for your computer.

Use unusual passwords: A password with a very unusual combination of alphabets and numbers will be difficult to hack so your personal information remains protected. It should not match any of your personal information like name, place of birth, date of birth, etc. This is especially crucial when you are in the habit of banking online. A really weird netbanking password is safer than a predictable one. But do yourself a favour – don’t forget it!

Being secretive is safer

When you are part of a Local Area Network (LAN) and are in the habit of sharing hardware, software applications and files across numerous terminals; you can’t be too generous when you are logging onto a Wi-Fi network. So turning off the sharing option when you go public will ensure the safety and confidentiality of your data. All websites don’t necessarily have Secure Sockets Layer (SSL) encryption so unauthorized access is relatively easy. When you are logged into the site, a hacker might be able to get into your system and gain access to your personal and company information that are sacrosanct. So being secretive really helps.

For Windows 8 users, under Control Panel, you can turn off the sharing settings and restrict it to Homegroup so that files are accessible only within the LAN. If you change the default settings under Network Discovery, your terminal will not even show as part of a LAN. You will be working in the stealth-mode at this point. If you are using Mac OS the option System Preferences will take you through the process.

Some web users opt for a Virtual Private Network (VPN) rather than a more public domain. This does provide a higher level of safeguards for your data by creating a HotSpot Shield when you are online via a public Wi-Fi connection. It is an application that runs in the system as long as you are connected to the Internet to strengthen the firewall. Another precaution that will safeguard your data is shutting off the Wi-Fi connection when not in use. If your modem is connected in idle mode, you never know who might be snooping around just ready to hack into the system and obtain sensitive information.

In the case of a LAN industrial secrets, prototypes and designs, accounts, proposed marketing strategies, etc. need to be protected. In the home environment, your netbanking passwords, email ids, IPINs, online transaction passwords, etc. need extra protection from hackers. So logging out of a website after a transaction and shutting off the modem when not in use provide extra security.

This is a guest post by Lance Goodman of dishtvoffer.com, a site that offers savings and current information on Dish TV. Click here for more info as well as dish.com services.

by Malik korrich ~ samedi 26 janvier 2013 0 commentaires