Blog - Page 45 of 48 - Hackercool Magazine

Posted on July 20, 2015August 19, 2024 by kanishka10 — 6 Comments

How to crack wpa2 psk wifi password

Hello, aspiring ethical hackers. In one of our previous blogposts, you learnt what WiFi hacking is and various WiFi hacking techniques. In this blogpost, you will learn various methods to crack wpa2 psk WiFi password. Before we try to crack wpa2 psk wifi password, you need to first understand how WPA /WPA2 encryption works.

Wi-Fi Protected Access (WPA)

Also known as Temporal Key Integrity Protocol (TKIP) standard, WPA implements the TKIP encryption method and was introduced in 2003. TKIP introduced three new methods to overcome weaknesses in Wired Equivalent Privacy (WEP) standard.

1. TKIP implements a key mixing function that combines the secret root key with the initialization vector before passing it to the RC4 cipher initialization. WEP on the other hand merely concatenated the initialization vectors to the root key and passed this value to the RC4 cipher.
2. A sequence counter is implemented to protect against replay attacks. Hence, packets received out of order will be rejected by the Access point.
3.TKIP implements a 64-bit Message Integrity Check (MIC) replacing Cyclic Redundancy Check (CRC) used in WEP. This re-initializes the sequence number each time when a new key (Temporal Key) is used.

Wi-Fi Protected Access 2 (WPA2)

WPA 2 was introduced in 2004 to replace WPA. It implemented the mandatory elements of IEEE 802.11i. 802.11i makes use of the Advanced Encryption Standard (AES) block cipher instead of RC4 stream cipher used by both WEP and WPA. It also uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) encryption protocol. It provides the following security services.

1. Data Confidentiality: It ensures only authorized parties can access the information.
2. Authentication: provides proof of genuineness of the user
3. Access control in conjunction with layer management.

WPA uses 128 bit key and 48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and pre-shared key(PSK) authentication. The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far considered most secure for Wifi networks.

WPA – versions:

There are two versions of WPA. They are,

1. WPA – Personal:

Wi-Fi Protected Access (WPA) – Personal is designed for home and small office networks. This version uses Pre- Shared Key (PSK) and hence it is also referred as WPA-PSK (pre-shared key) mode. The network traffic is encrypted using a 128-bit encryption key derived from a 256-bit shared key. WPA-Personal mode is available on all three WPA versions.

2. WPA – Enterprise:

As its name implies, this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup but provides additional security like protection against dictionary attacks on short passwords. Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. WPA-Enterprise mode is available on all three WPA versions.

Let’s see how to crack WPA2 with aircrack first. For this tutorial, I am going to use Kali Linux. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). I am using the ALFA wireless adapter. So let’s start. Once you have turned on Kali Linux, open terminal and type command “iwconfig”. It lists all your wireless interfaces just like ifconfig shows wired interfaces.

We can see that we have a wireless interface wlan0. Now we are going to start monitor mode on our wireless interface. Monitor mode is same as promiscuous mode in wired sniffing. Type command“airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

Now let’s see all the traffic collected by our wireless interface. Type command airodump-ng mon0.

Hit Enter. We can see all the wireless networks available as shown below.

We can see that all the wifi networks are configured with WPA2 or WPA. We are going to hack the network “shunya”. We will collect the shunya’s network traffic into a file. Open a terminal and type command “airodump-ng –bssid <Mac address of wifi access point> -c 13 –write wpacrack mon0″.

where

–bssid stands for base station security identifier

<MAC address> is the Mac address of access point.

-c is used to specify the channel the wifi network is operating on.

–write to write to a file.

wpacrack is the file name we are writing into.

mon0 is the interface

Hit Enter. We will see the result as below.

We can only hack a WPA/WPA2 protected wifi network by capturing it’s handshake process or association( when the client is trying to connect to the wifi network.). So let’s try to disconnect all the clients connected to the wifi network “shunya” first. Open a new terminal and type the command “aireplay-ng –deauth 100 -a <MAC> –ignore-negative-one mon0″.

where

–deauth are the deauthentication packets,

100 are the number of deauthentication packets we want to send.

-a stands for access point.

<MAC> is the MAC address of the wifi access point.

This command will send 100 DE authentication packets to the broadcast address of the wifi access point. This will make all the clients connected to the shunya get disconnected. As soon as this happens, all the clients will try to connect back to the wifi network once again. We can see that a WPA handshake has happened in the previous terminal.

Now let’s see where our capture file is located. Type “ls”. We will do dictionary password cracking here. So let’s find out where the dictionaries are. Type command“locate wordlists”. This will show us a number of wordlists available by default in kali linux.

Our captured traffic is stored in .cap file. We will use the wordlist big.txt for cracking the password. Open a new terminal and type command “aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt”.

Hit Enter. If our dictionary has the password, the result will be as below. If our dictionary doesn’t have the password, we have to use another dictionary.

That is how we crack wpa2 psk wifi password with aircrack. Remember that the choice of dictionary will play a key role in WPA/WPA2 password cracking. So that is one way in which we crack wpa wpa2 password with aircrack for you. Hope this was helpful. Learn how to crack wpa wpa2 with a graphical tool.

Posted on July 20, 2015July 10, 2024 by kanishka10

Cracking Wifi Passwords with Fern Wifi cracker

Hello aspiring ethical hackers. In one of our previous blogposts, you have learnt what is wifi hacking, types of WiFi hacking attacks etc. In this blogpost, you will learn how to crack WPA/ WPA2 password with a tool called Fern WiFi cracker.

Fern Wifi Crackeris a Wireless security auditing and attack software program written in Python. It can crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.

As already explained, WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilities in WEP(Wired Equivalent Privacy). WPA uses 128 bit key and 48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and pre-shared key(PSK) authentication. The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far considered most secure for Wifi networks.

So today we are learn cracking WPA/WPA2 passwords using a GUI tool also inbuilt in Kali Linux, Fern Wifi cracker. Open the tool, Fern Wifi cracker.

Select our wireless interface WLAN). Click on the tab “Scan for access points”. The tool will search for available access points as shown below.

Since we want to hack a WPA enabled wifi network, click on WPA tab. It will show all the available WPA enabled networks.

Click on the wifi network whose password we want to crack( in my case “shunya”). Browse to the dictionary file we want to choose as shown below.

Click on “Wifi attack” tab. The tool will automatically crack the password for you as shown below.

Hope this was helpful. Learn how to crack WiFi passwords with aircrack.

Posted on July 20, 2015July 10, 2024 by kanishka10 — 6 Comments

Crack WPS pin with Bully

Hello aspiring ethical hackers. In our previous posts, you have learnt how to crack WiFi passwords with aircrack and Fern WiFi cracker. have seen how to crack WPA2 password and WPA password using both aircrack and Fern Wifi Cracker. In this blogpost, you will learn how to crack wireless password using a tool named Bully. For this, we will crack WPS pin. WPS stands for Wifi Protected Setup. It is a standard for easy and secure wireless network set up and connections and the pin is encoded on the Wifi router. As always brute forcing password attack consumes lot of time. It took me 6 hours 37 mins to crack this pin. So please have lots and lots of patience. Let’s start.

First let’s see our wireless interfaces. Open Terminal and type command “iwconfig“.

Let’s place our wireless interface in monitor mode. Monitor mode is same as promiscuous mode in wired sniffing. Type command“airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

Open a new terminal and type command “airodump-ng mon0″ and hit Enter.

We can see all the wireless networks available as shown below. Look for a WPA/WPA2 enabled network.

Copy the MAC address of the wifi network whose password you want to crack. For this howto I will crack the password of wifi network “shunya”. Open Terminal and type command “bully -b <MAC address> -c 13 -B mon0″ and hit Enter.

<MAC address> is the MAC address of the Wifi network.

-c is the channel our wifi network is running on,

-B = bruteforcing.

We can see that the tool bully will try different pins to crack the password. After a long time( as I already told you) the tool will give out the current pin and the password of the wifi network as shown below.

This is how we crack WPS with Bully.

Posted on July 19, 2015February 27, 2024 by kanishka10

Wifi pentesting with Android

Securing your company’s wireless network is different and more challenging than securing the wired network. Many factors come into consideration when setting up and securing a wi fi network. Regular pen testing of your wifi network is also very important. Today we are going to see how to perform a pen test on a wifi network using android phone. WiFi pentesting with android simplifies the process of pen testing. For this we are going to use the tool Wifinspect tool available on google playstore. We need a rooted phone to install this application. Once you install this app on your android phone, connect to your wifi network. I am using a wifi network whose SSID is “shunya” for this howto.

Now click on your app.( I think “click” would be a misnomer here, so from here on I will use the word “touch”). We will get a display as below.

We see six options. Starting with the first option, we will see each and every option.

1. Network Info

Touch on network info. We will get a lot of information about the wifi network like the encryption used, frequency and the channel it is operating on and whether our access point is hidden or not as shown below.

2. UPnP Device Scanner

The second option as its name implies scans for universal plug and play devices in our network.

3. Host Discovery

The third option is for host discovery. This option is used to find out about OS and other information about devices in the wifi network. There are two options for host discovery, complete and partial scan. As shown below, compete scan option will scan the entire address space of your network while the partial scan option scans only your devices IP address/24. I am selecting complete scan option. Touch on “start scan” option.

The result will show all the devices and any information about them in the network as shown below.

If you want to further analyze any host, long click on it to see more sub options. For example, I am gonna further analyze the device with IP address 192.168.1.4 because it is the only one whose vendor has been shown.

First we will see the host information of 192.168.1.4. Touch on that option. The analysis of host information will take some time as shown below, so don’t lose patience.

After some time, the result will be shown

The same result for my gateway( the wifi router) is shown below.

The next option is port scan. Let’s do a port scan on the gateway(192.168.1.1) to see if any ports are open. We can see that some ports are open.

When I do a host vulnerability scan on the gateway i get the below message. It seems my gateway is vulnerable. We will see more about it later.

Below are the results for traceroute and ping respectively

4. Sniffer

The next option is sniffing. Start sniffing by touching on it. It will give you a warning as shown below.

Touch on “Start sniffing”. Sniffing will start. After it collects sufficient packets, touch on “stop sniffing”.

We have many options to analyze the pcap file as shown below.

Packet distribution analysis shows packets sent and received by the devices.

The bandwidth distribution analysis will show the bandwidth consumed by each host.

Communication hosts analysis show the packets and bandwidth exchanged between different hosts.

5. Pcap Analyzer

Our pcap files are stored in wi-fi probe folder on our phone. We can even analyze the pcap files later using the pcap analyzer.

6. PCI DSS Menu

PCI DSS stands for payment card industry data security standard. If you want to know more about PCI DSS go here. This option will check our wifi network’s compliance with PCI DSS.

Touch on the first option. Start the test. A brief description about this test is shown.

Touch on “start test”. This test checks if our wifi router is using default passwords for authentication.

I am not using any default password and i get the below result.

The “Access Point Security Tester” tests if our wifi network is using strong encryption. Touch on “start scan”.

The result will be as below. It says my access point is secure as it is using WPA i guess.

The “Access point Scanner” test tests the wifi network’s compliance with PCI DSS requirement 11.1 as shown below.

The “internal vulnerability scanner” test checks if there are any of the devices in our wifi network have any vulnerabilities. It turns out that my gateway has some vulnerabilities as shown below.

There is also a “external vulnerability scanner” option available to scan for external vulnerabilities.

Hope this was helpful.

Posted on February 14, 2014June 15, 2024 by kanishka10 — 2 Comments

Complete guide to sqlmap

Hello, aspiring ethical hackers. In our previous blogpost, you learnt what SQL injection is, different types of sql injection attacks etc. In this blogpost, how to perform SQL injection with a tool named sqlmap. Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. For this tutorial I am using Vulnerawa as target.

sqlmap is pre-installed in Kali Linux. Open sqlmap from the path as shown below.

Now copy the vulnerable url and type the following command the terminal. Here -u stands for url.

The result will be as shown below. It will reveal the website technology and the scripting language used.

1. Grab the banner of the target:

Now let’s grab the banner of the website. Type the following command and hit “Enter”.

You can see the banner as shown below.

2. Find the current user of the website:

To see the current user of the website, type the following command.

The current user can be seen as below.

3. List the current database:

Now let us see the current database used by the website. Type the following command.

We can see that the current database is “Vulneraw”.

4. List all the tables in a specific database:

Now let us see all the tables present in the database “Vulneraw” by using following command.

We see that we have only one table in the current database. The table is “users”.

5. List the number of columns in a specific table:

Now lets see the number of columns in the table “users”. Type the following command.

We see there are four columns in table “users”.

6. Dump the values of specific columns in a table:

Now let’s dump the values of two columns username and password by typing the following command.

The result is as below. we got the username and passwords.

7. Dump all values of a table:

If we want to dump all the entries of the table, type the following command.

Here are the entries.

8. Grab a shell on the target:

Now let’s see if we are lucky enough to get the shell of the target. Shell is the target machine’s command line or terminal. Type the following command.

It will prompt us to enter the application language being used by the website. We already know it is PHP. Enter its value. Next it will prompt you to enter the writable directory. You cam choose your option wisely. I chose the default root directory for Wamp server. Hit on “Enter”.

I successfully got the os-shell. Now let’s try some commands. Type “dir” to see the contents of the root directory. It works as shown below.

Let’s see how many users are there on the system. Type the command “net user” . We can see the users listed as below. Happy hacking practice.

To find sites vulnerable to this sql injection use google dork “site:.com inurl:id=1” or similar dorks. That’s all in this tutorial.

Click on “Wifi attack” tab. The tool will automatically crack the password for you as shown below.

Categories