Recent Posts

Thursday, August 25, 2016

Hacking WPA/WPA-2 without dictionary/bruteforce : Fluxion

Fluxion (linset)

I hadn't ventured into Hackforums since a while, and this time when I went there I saw a thread about a script called Fluxion. It's based on another script called linset (actually it's no much different from linset, except for some bug fixes and additional options). I did once think about (and was asked in a comment about) using something like a man in the middle attack/ evil twin attack to get WPA password instead of going the bruteforce/dictionary route, but never looked the idea up on the internet nor spent much time pondering over it. However, once I saw the thread about this cool script, I decided to give it a try. So in this post I'll show you how I used Fluxion, and how you can too.
Disclaimer : Use this tool only on networks you own .Don't do anything illegal.

Just double checking

The first thing I did was make sure that Kali doesn't already have this tool. Maybe if you are reading this post a long time after it was written, then you might have the tool pre-installed in Kali. In any case, try this out:
fluxion
I, personally tried to check if linset or fluxion came pre-installed in Kali (though I didn't expect them to be there).


Getting the script

Getting the script is just a matter of cloning the github repository. Just use the git command line tool to do it.
git clone https://github.com/deltaxflux/fluxion
If you have any problems with this step, then you can just naviagate to the repostitory and manually download the stuff.

There are 4 dependencies that need to be installed

Running the script

Just navigate to the fluxion directory or the directory containing the scripts in case you downloaded them manually. If you are following the terminal commands I'm using, then it's just a simple change directory command for you:
cd fluxion
Now, run the script.
sudo ./fluxion




Dependencies

If you have any unmet dependencies, then  run the installer script.
sudo ./Installer.sh
I had 4 unmet dependencies, and the installer script run was a buggy experience for me (though it might be becuase I have completely screwed up my system, editing files I wasn't supposed to and now I can't get them back in order) .It got stuck multiple times during the process, and I had to ctrl+c my way out of it many times (though ctrl+c didn't terminate the whole installer, just the little update popup). Also, I ran the installer script twice and that messed up with some of the apt-get settings. I suggest that after installation is complete, you restore your /etc/apt/sources.list to it's original state, and remove the bleeding edge repositories (unless you know what you're doing). To know what your repository should look like, take a look here.












Anyways, one way or the other, your unmet dependencies will be resolved, and then you can use Flexion.

Fluxion

Once again, type the following:
sudo ./fluxion
This time it should run just fine, and you would be asked a few very simple questions. For the wireless adapter, choose whichever one you want to monitor on. For the channels question, choose all, unless you have a specific channel in mind, which you know has the target AP.

Then you will see an airodump-ng window (named Wifi Monitor). Let it run while it looks for APs and clients. Once you think you have what you need, use the close button to stop the monitoring.

You'll then be prompted to select target.

Then you'll be prompted to select attack.

Then you'll be prompted to provide handshake.

If you don't have a handshake captured already, the script will help you capture one. It will send deauth packets to achieve that.

After that, I quit the procedure (I was using the script in my college hostel and didn't want to cause any troubles to other students).

If you are with me so far, then you can either just close this website, and try to use the tool on your own (it look intuitive enough to me), or you can read through the test run that I'm going to be doing now.

Getting my wireless network's password by fooling my smartphone into connecting to a fake AP

So, in this example run, I will try to find out the password of my wireless network by making my smartphone connect to a fake AP, and then type out the password in the smartphone, and then see if my Fluxion instance on my Kali machine (laptop) gets the password. Also, for the handshake, I will de-authenticate the same smartphone.

PS: You can probably follow this guide without having any clue how WPA works, what handshake is, what is actually going on, etc., but I suggest you do read up about these things. Here are a few links to other tutorials on this website itself that would prove useful:
  1. Things you should know about Wireless Hacking - Beginner Level Stuff
  2. Things you should know about Wireless Hacking Part II - Intermediate Level Stuff
  3. Evil Twin Attack
This is the theoretical stuff. Experience with tools like aircrack-ng, etc. would also be useful. Take a look at the navigation bar at the top and look at the various tutorials under the "Wireless Hacking" category.

Anyways, with the recommended reading material covered, you can comfortably move on to the actual hacking now:

The real stuff begins!

This section is going to be a set of pictures with captions below them explaining stuff. It should be easy to follow I hope.

After selecting language, this step shows up. Note how I am not using any
external wireless card, but my laptop's internal card. However, some internal cards may
cause problems, so it's better to use an external card (and if you are on a virtual machine
you will have to use an external card).

The scanning process starts, using airodump-ng.

You get to choose a target. I'm going after network number 21, the one my smartphone
is connected to.

You choose an attack. I am going to choose the Hostapd (first one) attack.

If you had already captured a 4-way handshake, then you can specify the location
to that handshake and the script will use it. Otherwise, it will capture a handshake
in the next step for you. 
If you didn't capture a handshake beforehand, then you get to choose which
tool to use to do that. I'm go with aircrack-ng.

Once you have a handshake captured (see the WPA Handshake: [MAC Address] on top, if it's
there, then you have the handhake), then type 1 and enter to check the handshake. If everything's fine,
you'll go to the next step.

Use the Web Interface method. I didn't try the bruteforce thing, but I guess it's just
the usual bruteforce attack that most tools use (and thus no use to us, since that's
not what we are using this script for).

This offers a variety of login pages that you can use to get (phish) the
WPA network's password. I went with the first choice.

After making your decision, you'll see multiple windows. DHCP and DNS requests are being handled in
left two windows, while the right two are status reporting window and deauth window (to get users
off the actual AP and lure them to our fake AP)

In my smartphone, I see two network of the same name. Note that while the original network is WPA-2
protected, the fake AP we have created is an open network (which is a huge giveaway stopping most people
from making the mistake of connecting to it). Anyways, I connected to the fake AP, and the DNS and DHCP windows
(left ones), reacted accordingly.
After connecting to the network, I got a notification saying that I need to login to the wireless network.
On clicking that, I found this page. After I entered the password, and pressed submit, the script ran the
password against the handshake we had captured earlier to verify if it is indeed correct. Note how the
handshake is a luxury, not a necessity in this method. It just ensures that we can verify if the password
submitted by the fake AP client is correct or not. If we don't have the handshake, then we lose this ability,
but assuming the client will type the correct password, we can still make the attack work.

Aircrack-ng tried the password again the handshake, and as expected, it worked.
We successfully obtained the password to a WPA-2 protected network in a matter of minutes.

What now?

I illustrated one possible scenario. This script can work with other devices (laptops for example) too as the fooled clients (not just smartphones). One possible short-coming to this attack is that most smartphones/laptops these days don't automatically connect to open networks (unless they have before), and hence the user has to do it manually. If your fake AP has more signal strength than the real one, then a person who doesn't know about WPA and open networks could very easily end up connecting to your network instead. So, overall this attack has a fair chance of succeeding.

Have any problems/comments/suggestions, leave them in the comments below.

Saturday, August 13, 2016

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

Do you know ,you can hack facebook password with one fake fb page(phishing).

In this tutorial we will use Social Engineering tool i.e Credential Harvester attack in kali linux.
All you need to do is follow the tutorial as it is to see the Credentials Harvester into the action.




WHAT IS CREDENTIALS HARVESTER ATTACK ?

It is a part of SOCIAL ENGINEERING TOOLKIT. In this method the attack started with a creation of phishing page. Attacker set the post back ip address to receive the credentials like usernames and passwords. The attacker can shorten the ip address to make the ip address looks like a genuine url. When the victim visits the url and feed the login details, the post back feature of the page will send all the data to attacker.


LET'S DO THIS!!!!!!!!!

Follow this video..........



STEPS:

1. Boot up kali linux on your machine and open terminal.

2. Type this command in the kali linux terminal.
                    
                    root@kali~# setoolkit

3. Enter 'y' to agree the social engineering toolkit terms and conditions.

4. Select the following options one by one from the menu

                '1' (Social Engineering Attacks) then  
                '2'(Website Attack Vectors) then
                '3'(Credential Harvester Attack) then

5. Type '2' (Site cloner)

          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          
          set:webattack>Enter the url to clone: www.fb.com

    
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.

7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW. 

Comment down below for any problems.

SHARE THIS IF YOU LIKE IT :)

Happy Hacking
              







Monday, August 1, 2016

Things You Should Know : Wireless Hacking Basics

This is the first post in a new series of posts that don't involve any real hacking (and hence don't require that you have Kali installed on your system), but instead explain concepts in an interesting way (at least I hope so). If you have tried getting started into the world of hacking, but failed despite your best attempts, then this series will get you in a position where you'll find it easier to understand any tutorials you read in the future(on this site or any other). Note that I might use some technical jargon at some places, but would usually try to use laymen terms. Also, this guide is an oversimplification and hence factual precision is not it's strong suit, ease of understanding is.

Pre-requisites

You should know-
  • Nothing really.

Post-reading

You will know -
  • What are the different flavors of wireless networks you'll encounter and how difficult it is to hack each of them.
  • What are hidden networks, and whether they offer a real challenge to a hacker.
  • You'll have a very rough idea how each of the various 'flavors' of wireless networks is actually hacked.
(The last point would be covered in details in the next post)

Wireless Security Levels

Below is a (bad but hopefully helpful) analogue I'm using to explain various possible security implementations that a wireless network may have.
Suppose you are the owner of a club. There can be many possible scenarios as far as entry to the club is concerned :-


  • Open Entry

    Open networks- They don't require passwords to
    connect to the wireless router (access point).
    1. Open entry and unrestricted usage - Anyone can walk right in. They have unrestricted access to the dance floor, free beer, etc.
      This is open network. This is only used in public places (restaurants, etc.) which offer free Internet access to it's users (WiFi hotspots) . It's fairly uncommon to find such networks.
    2.  Open entry but restricted usage - Anyone can walk right in, but have to pay for drinks. For the router's security purposes, this is also an open network. However, connecting to the wireless router (entering the club) doesn't guarantee you unlimited access to the internet. There is another layer of authentication. These are seen in public places (airports, restaurants, fast food joints, shopping malls) where they let you connect to the wireless network without any password, but after that you have an additional layer between you and the internet. This layer usually restricts your ability to access the internet (either by bandwidth or by time). This layer can be used to charge you for the amount of data you use.

Sunday, February 7, 2016

Antivirus Evasion : Bypassing AV with Veil

In real life pentesting scenarios, the antivirus is an added layer of security, which we have conveniently ignored so far. However, in this tutorial we will see how we can encrypt the payload and make it harder for the AV(antivirus) to detect it.

Prerequisites

You should know how the basics of generating payloads using metasploit, i.e. have a basic idea about pentesting. I have covered these already, and won't do so again.
If you haven't got the prerequisites covered, I'd suggesting you start by hacking into an unpatched Windows XP machine.

Install Veil-evasion

This is one the rare moments when you actually have to install a hacking tool in Kali Linux. That said, the process is incredibly simple, and a simple apt-get will work.
sudo apt-get update
sudo apt-get install veil-evasion

Wednesday, January 27, 2016

Metasploit for the Future Hackers (msfvenom) : Hack Any Android Phone

msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.

Hacking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom in kali linux. Metasploit is now a outdated tool.

So, let's get started!!



Friday, October 9, 2015

Networking Basics - IP address, netmasks and subnets

In this tutorial, we will cover some networking basics. We won't be hacking anything, but by the end of the tutorial you'll learn a lot of things which will be useful later, especially when you'll use nmap. Please note that it is advised that you go through wikipedia pages of all the concepts covered here since the discussion won't be exhaustive in any way.

IP address

An IP address is simply a 32 bit address that every device on any network (which uses IP/TCP protocol) must have. It is usually expressed in the decimal notation instead of binary because it is less tedious to write it that way. For example,
Decimal notation - 192.168.1.1
Binary  - 11000000.10101000.00000001.00000001
It is clear from the binary form that the IP is indeed 32 bits. It can range from 0.0.0.0 to 255.255.255.255 (for the binary all 0s and all 1s respectively) [A lot of time, the first octet usually goes upto 127 only. However, we aren't concerned with that here.]


Tuesday, October 6, 2015

WPA/WPA-2 cracking using Dictionary attack with Aircrack-ng

WPA cracking involves 2 steps-

  1. Capture the handshake
  2. Crack the handshake to get the password

We have already covered WPA-handshake capture in a lot of detail. In this tutorial we will actually crack a WPA handshake file using dictionary attack. Our tool of choice for this tutorial will be aircrack-ng. We will not bother about the speed of various tools in this post. However, in the next post, we will compare various CPU and GPU algorithms for WPA hash cracking. I'd like to add that I already know the password of the network so I'll simply put it into the dictionary that I'm using. A full fledged dictionary attack is quite time consuming.

Also, a lot of people are facing problems with monitor mode in Kali 2.0. I have a post regarding that coming soon.
PS: If you stumbled on this post out of nowhere and find it hard to follow, I recommend you go through some of the easier posts first. How to use this site is a good place to begin.


Thursday, August 13, 2015

What's new in Kali 2.0

I'm sure a lot of you have been waiting for the launch of Kali 2.0. I've started looking into competitive programming, and hence now have a bit less time for this blog. That being said, I took a few screenshots for you guys to see what Kali 2.0 has to offer.
Kali installed in VMWare 11

Videos
© Kali Tutorials, 2016. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Shashwat Chaudhary and Kali Tutorials with appropriate and specific direction to the original content.