Wifi Hacking : coWPAtty

Hacking WiFi through coWPAtty (Kali Linux)


Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed


Above defination was technical….simply speaking…coWPAtty disconnects the currently connected user from wifi and for the user to reconnect it from wifi..as soon as user connects from wifi it steals the password….





cowpatty – WPA-PSK dictionary attack

genpmk – WPA-PSK precomputation attack

genpmk Usage Example

Use the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securenet):


NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Also Read :– Analyzing Packets in Wireshark

cowpatty Usage Example

Use the provided hashfile (-d cowpatty_dict), read the packet capture (-r Kismet-20140515-16-21-37-1.pcapdump), and crack the password for the given ESSID (-s 6F36E6):


Happy Pentesting/Hacking….. 🙂
Don’t forget to like us on facebook –> 

 Grey Hat Hackers

Analyzing Packets in Wireshark

Wireshark is best packet analyser tool.
Downloads
  • Windows and Macintosh user can download it from here .
  •  Kali already contains this tool . 
 If You have not downloaded kali linux yet click here to download it



How To

1.   Start the wireshark using command line or from menu option. 

For Kali Users


2.   It will open Wireshark as shown below:


 3.  Here we go, we will require moniter mode to start packet sniffing. So, here we will start sniffing using monitor mode.

4.  As soon as start of sniffing, it will start capturing packets.

5.  You will get thousands of packets. We can categorize as per requirement. For example, apply filter as per bssid.

6.  We can filter the packets for only management frame. (wlan.fc.type.==0)

7.  Filter to show only data packets. (wlan.fc.type==2)

Wardriving

Wardriving is a term where a pearson with vehicle and having laptop, wireless card and gps setup, drives in all of the city and identifies status of different wireless access points at different geographical locations in city.

The wireless range can be extended using wireless antennas. To get details about geographical locations you can use gps to find out latitude and longitude.

WifiInfoView is windows based tool which can be used to see Wireless Access Points and with other information.
Download it from Here.

Like Us on Facebook :-

https://adf.ly/1kW1LQ

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader. 

DracOS : A New Alternative

Hacking with DracOS :

You must be thinking about kali and other pentesting operating system like kali,backtrack but this time a new pentesting tool called DracOS .The difference is that unlike kali and bactrack is not uses gnome repository ,
it use the yum repository…

 Download DracOS

Dont Forget to read burning topics of all time :–>

Dont forget to like us on facebook –>
 Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Burpsuite – Use Burp Intruder to Bruteforce Forms

Using Burp Intruder to Bruteforce passwords.


Burpsuite is a collection of tools and plugins for any web application security testing bundled into a single executable jar file. It contains about 8 useful tools for performing spidering, fuzzing, decoding etc. But the prime feature is that, it is an intercepting proxy which works on application layer. So even HTTPS connections passing through burpsuite are visible. In this article, we will see how to use burp intruder to bruteforce inputs in a web application. For those who are new to burpsuite, read this article on Getting started with Burpsuite. Others can proceed straightaway.

Burp Intruder

The burp intruder is a feature in burpsuite which helps to perform extensive fuzz testing. It helps us to enumerate varaious parameters in a request with supplied wordlist. From password bruteforcing to XSS testing, we can perform all kinds of fuzzing using this amazing plugin in burpsuite.

How Intruder works ?

In order to get started with intruder, we need to get the request captured. This can be a GET or POST request depending on the web-application. Once the rwquest is captured, it can be sent to intruder. Then intruder analyses variable positions in the request where a payload can be inserted. The payload is simply a wordlist we supply. After the wordlist is supplied, the intruder can run through all the combinations in the wordlist on the positions set.

Related Post :- Social Engineering Toolkit (SET)

Lab Setup

For this tutorial I am using Mutillidae as the target, Burpsuite running on Kali as attacker. Mutillidae download link is given at the end of the tutorial.
Target : OWASP-BWA – Mutillidae – IP=10.0.2.4
Target URL: 10.0.2.4/mutillidae/index.php/page=login.php
Attacker: Kali Linux 2.0 – IP=10.0.2.5

Lab 1: Brute force Login Form

In this, lab a simple brute-force against a password is performed. This tutorial shows performing this on mutillidae. You can perform this on any login form.

Step 1: Setup Burp as Intercepting Proxy

For this you need to setup the burp as proxy first. If you are not clear on this, refere to Getting Started with Burpsuite article.

Step 2: Capture the request

After you have configured burp, start intercepting & open the target page.
Opening the Target Page
Forwarding the Request

Step 3: Capture the POST request

Capture the POST request where the username & password is supplied to the web-application. This can occasionally be a GET request also. Anyway the idea is we need to capture a request in which some variable value is supplied to the server.
Capturing POST Request

Step 4: Send it to Intruder & Configure Options

Click on the Action button in the top right and select send to intruder.
Sending to Intruder
Then, you will be shown the Intruder options and first target will be shown. This page/tab contains target options like host port use SSL etc. Just cross verify whether the target you are attacking is displayed correctly in this section and proceed to next
Intruder – Host Options
Next, go to Positions Tab. This is where we set the variables to be attacked/fuzzed. Burp will automatically populate all positions where a fuzz test can be run. You can customize it by using the options in the Right side of the tab.
Intruder Positions
In this case, clear all positions & add position in the password variable. It’s seen at the bottom of the whole request. Do this by clicking the add button. First keep the cursor just after the “=” and click add. Then go to the last letter of  feild and place the cursor there. Add a position there also otherwise the whole content after the position will be taken as a single position. Just like closing brackets in programing or in Maths make sure to open a position and close it.
Setting Position & Type
Once the position is set, confirm whether the Attack type is Sinper. This attack type works just like sniper gun. It fires the payload precisely at a single point. If you have multiple positions, it will fire the payload at the first position and then move on to the second and so on.(One at a time). Speaking of payload, keep reading, it will be explained in the next para so move on to the Payloads tab.
The Payloads tab is where you set the wordlist or list of variables to be run against the payload positions we set previously. There are numerous possibilities & combinations you can try here. You can load a list containing all the words or strings, or you can generate words based on the characters you supply etc. It can be specified in the Payload type drop down menu. Try browsing trhough all of them and you will understand the power of Intruder. For now we supply a simple list. Select the payload type as simple list & click the load button to open an explorer window. Select your wordlist that contains passwords. In Kali, sme default wordlists are supplied inside “/usr/share/wordlists/”. For this one I have selected, “/usr/share/wordlists/metasploit-jtr/password.lst”.
Loading word list
After it has been loaded successfully, you can see the contents of the list in the area beside the Load button. You can also edit the contents using the other buttons present there.

Step 5: Start Attack.

Once everything is set, click the intruder menu from the top and select Start Attack.
Starting the Attack
Now the intruder attack window pops up which shows the ongoing attack. Here you can see details like HTTP code & length of the response. Now comes the difficult part of analysing the results. Depending upon the target and nature of attack, the results vary. From a bunch of results, you need to analyse it properley. One method to do it is to analyze the pattern of results. For some entries, there may be a difference in the response code or length. This may be a successful attack or may be the failed attack. It depends on the target & nature of attack. In this case, I know the server would return an HTTP 302 if the username & password are right. So I will be on the lookout for this. The idea here is what I said just now, look for patterns & variations from patterns. Check the variation in detail first. It may contain the details of a successful attack.
Successful Result
In the above screenshot, we have a 302 response which concludes it may be a successful attack. If you have such a result, click on the particular request from the main area, and look at the results tab below.
Attack Results
Here we have got a cookie with uid=1 for a request with username = admin, which means this particular request has been successful. Look for the payload in the top section or analyze the Request tab to view the password which was supplied. Here in this case, the password is “admin”. So you have successfully carried out a password brute force.
This article has been lengthy and lot of concepts & procedures were involved. Carry out this by yourself along with this post open if you haven’t done this yet. Then you will come across many issues and you will understand the different techniques to run this attack.
If you find this informative or like this, Please share this article.

References & Links

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Burpsuite

Getting Started with Burpsuite & Running a basic Web-Spider

 

Burpsuite is a collection of tools bundled into a single suite made for Web Application Security or Penetration testing. Its a java executable and hence its cross platform. Kali Linux comes with Buprsuite free edition installed. There is also a professional version available. The main features of burpsuite is that it can function as an intercepting proxy. Burpsuite intercepts the traffic between a web browser and the web server.

 

Other Features include:
  • Application Aware Spider : Used for spidering/crawling a given scope of pages.
  • Scanner :  Automatically scans for vulnerabilities just like any other automated scanners
  • Intruder : Used to perform attacks & bruteforces on pages in a highly customize-able manner.
  • Repeater : Used for manipulating and resending individual requests.
  • Sequencer : Used mainly for testing/fuzzing session tokens.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
  • Comparer & Decoder used for misc purposes that might come along the way when you conduct a Web Security test

Spidering a Website

A web crawler is a bot program which systematically browses the pages of a website for the purpose of indexing. Precisely a web crawler  maps the structure of a website by browsing all its inner pages. The crawler is also reffered to as spider or automatic indexer.
Burpsuite has got its own spider called the burpspider. The burp spider is a program which crawls into all the pages of a target specified in the scope. Before starting the burp spider, burpsuite has to to be configured to intercept the HTTP traffic.

Interface & Options

Like any other GUI/Windows tool, burpsuite contains a standard menu bar, 2 rows of tabs & different set of panels as seen below.

Burpsuite

The above figure shows the options & details about the target. In the above figure there are mainly 4 sections. They are described against the corresponding numbers as follows:

  1. Tool & Options selector Tabs – Select between Various tools & settings of burpsuite
  2. Sitemap View – Displays the sitemap once spider has started
  3. Requests Queue – Displays the requests being made
  4. Request/Response Details – The HTTP requests made & the responses from the servers.

Lab 1 : Spidering a website

Spidering is a major part of recon while performing Web security tests. It helps the pentester to identify the scope & archetecture of the web-application.As described earlier, burpsuite has it’s own spider called the burp spider which can crawl into a website.

Scenario: Attacker – Kali Linux VM, IP = 192.168.0.105

Target – OWASP Broken Web Application VM, IP = 192.168.0.160

Download OWASPBWA

Step 1 : Setup Proxy.
First start burpsuite and check details under proxy tab in Options sub-tab. Ensure IP is localhost IP & port is 8080.

burpsuite
Proxy Options & Information

Also ensure that Intercept is ON in the Intercept Sub-Tab

burpsuite
Turning ON intercept

Then on IceWeasel/Firefox, Goto Options > Preferences > Network > Connection Settings.
Choose Manual Proxy Configuration

Burpsuite
Setting Proxy in IceWeasel

If you want, you can try installing proxy add-ons. Here is one such.
Install the proxy selector from addons page and goto preferences

burpsuite
Setting Up Addons

Goto Manage Proxies & add a new proxy filling out the relevant information. It’s simple.

burpsuite
Configuring Addon Proxy

Click the Proxy Selector button at the Top right & select the Proxy you just created.

burpsuite
Setting Up Addons

Step 2 : Getting Content into Burp 
After you have setup the proxy, goto the target normally by entering the URL in the address bar. You can notice that the page will not be loading up. This is because burpsuite is intercepting the connection.

burpsuite
Page Loading

Meanwhile in burpsuite, you can see the request details. Click forward to forward the connection. Then you can see that the page has loaded up in the browser.

burpsuite
burp intercepting
burpsuite
Page Loaded

Comming back to burpsuite, you can see that all sections are populated.

burpsuite
Sitemap, Requests & Request/Response Details

Step 3 : Scope Selection & Starting Spider
Now narrow down the target as you want. Here the target/mutillidae is selected. Right click the mutillidae from the sitemap & select Spider from Here option

burpsuite
Selecting the target

After the spider starts, You get a prompt as shown in the following figure. It’s a login form. If you know the details, fill in as needed & thus the spider wil be able to crawl from the inside also. You can skip this step by pressing the Ignore Form button.

burpsuite
Submitting a Login form

Step 4 : Manipulating Details
Now you can see as the spider runs, the tree inside of the mutillidae branch gets populated. Also the requests made are shown in the queue and the details are shown in the Request tab.

burpsuite
More details get Populated

Move on to different Tabs and see all the underlying information.

burpsuite
Interesting Cookie information
burpsuite
Response Details from the target
burpsuite
The page source

Finally check if spider is finished by viewing the Spider tab.

burpsuite
Spider Status

These are the very basics & starting point of a web security test. Spidering is an important part of the recon during the test and by clearly executing this, we can understand about the architecture of the target site.  In upcomming tutorials, we will extend this to other tools in the Burpsuite set of tools.

Source :–  http://kalilinuxtutorials.com/burpsuite/

Like Our Page on Facebook :– Grey Hat Hackers
 
NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Understanding Open Source Intelligence


OSINT is accessing  the information  which is available in public by applying different  search techniques.OSINT is nothing but simply a research which is carried out by specialized website, software solution and creative search query.

In order to carry out crime investigation  applying right search approach to gather information available in public is very important such as Facebook profile data, website owner information, IP addresses of users,  Additional account of the users, public government record, Hidden website, data available of uploaded photograph or video.

Big Data from the Deep Web is OSINT. Whatever you want to call it – online Big Data, OSINT, or open-source intelligence – your organization can benefit from exploiting that information. There is information publicly available online right now that you are missing by searching with Google, or not searching for at all because you aren’t even aware it exists.

There are different tools available in order to carry out meaningful search, custom search tools : Name search tool, Documents search by format, photo Meta data search, Email assumption search tool. To investigate a photograph alone we have picture search, TinEye, Yankee, Camera Summary (EXIF viewer), image manipulation (identify edited image) few among many other such tools which are freely available on the Internet.

Maltego is an extremely powerful OSINT framework, covering 
infrastructural exploring and personal scouting.

Shodan is an acronym for Sentient Hyper Optimized Data Access Network. Unlike traditional search engines that crawl the website to display results, attempts to grab data from the ports.

Metagoofil is used to extract metadata from the target. It supports various file types, including pdf, doc, xls and ppt. This open source intelligence tool can also be used to extract MAC addresses.
Google happens to be the most powerful OSINT tool for a user to perform attacks, and forms the basis for  Google Hacking Database.
 FOCA is a network infrastructure mapping tool that can be used for OSINT. It can analyze metadata from various files, including doc, pdf and ppt files.
Social Engineer Toolkit is an open source tool to perform online social engineering attacks. The tool can be used for various attack scenarios including spear phishing and website attack vectors.
Likewise we can carry out search of Public Record through SSN Death Index to verify death records, Custom phone search tool search for the data associated with phone caller ID test etc. Specialized courses and training are available over the Internet to learn such searching skills.
Source :― https://digital4n6journal.com
Like us on Facebook :― Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

How to Root Android 4.4 KitKat (4.4.2 & 4.4.4) with KingoRoot




KingoRoot Android is a one-click root method for devices running Android 4.4, including flagship devices from manufacturers like SamSung, HTC, SONY and else. The newly integrated script in Kingo ROOT is a universal one for Android 4.3, 4.4 and some 5.0 devices.

Root Android 4.4.2 and 4.4.4 via KingoRoot APK without connecting to PC

It is suggested that you try KingoRoot Apk first for that it is more convenient and easy to use without connecting to a computer.
    • Allow installation of apps from unknown sources on your Android device.
 Settings > Security > Unknown Sources    
  • Free download KingoRoot.apk on your Android.
  • Install and launch KingoRoot.
  • Press “One Click Root” on the main interface.
  • Wait a few seconds until the result appear.
  • Try a few more times for different rooting methods if failed.
  • If still failed, refer to KingoRoot Android PC Version, which has a higher success rate.

Root Android 4.4.2 and 4.4.4 via KingoRoot (PC Version)

 
Prerequisites:
  • A Windows-based computer with Internet Access;
  • Android device powered ON with at least 50% battery level;
  • An original USB cable or a quality one at least.
Settings:
  • Turn off any sort of firewalls or anti-virus software on your Windows;
  • USB Debugging Mode enabled on your Android device;
     Settings > About Phone > Build number > Tap 7 times Settings > Developer Options > USB Debugging        
  • Allow installation of apps from unknown sources on your Android device.

 Settings > Security > Unknown Sources        

 Start rooting…

 

  • Step 1: Download, install and launch Kingo Android Root.

 

Free download the latest KingoRoot Android(PC Version).
Double click the desktop icon to launch KingoRoot Android PC Version.
 
 
    • Step 3: Enable USB Debugging mode. (Skip this step if it’s enabled)
USB Debugging mode enabled is a necessary step of Android rooting process.
 
[IMPORTANT NOTICE] Pay attention to your device screen for a prompt window. Tick “Always allow from this computer”. If you don’t, you will probably get yourself an OFFLINE DEVICE.
    • Step 4: Things you need to know before rooting your device.
Rooting your Android has its own advantages and at the same time disadvantages. It is a matter of weighing pros and cons.

Android rooting is a modification process to the original system, in which the limitations are removed and full-access is allowed and thus resulting in the ability to alter or replace system applications and settings, run specialized apps and even facilitate the removal and replacement of the device’s operating system with a custom one. Rooting your device will immediately void your warranty..

      • Step 5: Click “ROOT” to begin the process.
Kingo Android Root will employ multiple exploits on your device, which will probably take a couple of minutes. In the rooting process, your device may be rebooted several times. Do not be panic, it is normal. And once it begins, please DO NOT touch, move, unplug or perform any operation on your device.
 
   
      • Step 6: Getting results, succeed or fail.
Hopefully your device is well supported and successfully rooted by Kingo.

 

Like us on facebook :― Grey Hat Hackers

Source :- kingo root website

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Donald Trump’s Website Just Got Hacked

Some hackers, who call themselves Pro_Mast3r, have managed to hack Donald Trump’s website and deface a CloudFlare server. The server in question is associated with campaign donations. Currently, the server is offline. In another development, Congressman Ted Lieu has said that Trump’s use of an insecure Android phone demands an investigation.

While numerous speculations are continuously being made regarding Donald Trump’s unsafe website and smartphone, a hacker, who uses the name Pro_Mast3r, has defaced a server associated with his campaign fundraising website.

The hacked server, secure2.donaldjtrump.com, which isn’t directly linked to the campaign’s home page, is behind CloudFlare’s content management and security system, Ars Technica reports.

The certificate of the server is legitimate and it looks like a real Trump campaign server. However, the image displayed is linked to some other website. The picture shows the following text:

Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible 
Peace From Iraq

It’s worth mentioning that the source code of the page, which is now offline, contains a link to JS on a Google Code account that’s now non-existent. The archive of the script shows that it’s not some malware.

In another related development, Democratic Congressman Ted Lieu, on Friday, demanded that an investigation should be launched into Trump’s use of an insecure Android phone.

What are your thoughts on this sad state of security and website hack? Don’t forget to share your views and feedback.

 Like us on Facebook :- Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader. 

Human-based social engineering


In human-based social engineering  attacks, the social  engineer interacts directly   with the target to get information.

An example of this type of attack would be where the attacker calls the database administrator asking to reset the password for the targets account from a remote location by gathering the user information from any remote social networking site   of the XYZ company.

Human-based social engineering can be categorized as follows: 

•  Piggybacking: In this type of  attack the  attacker takes advantage by tricking authorized personnel to get inside a restricted area of the targeted company, such as the server room. For example, attacker X enters the ABC company as a candidate for an interview but later  enters a restricted area by tricking an authorized person, claiming that  he is a new employee of the company and so doesn’t have an employee ID, and using the targets ID card. 

•  Impersonating: In this type of  attack, a social engineer pretends to be a valid employee of the organization and gains physical access. This can be perfectly carried out in the real world by  wearing a suit or duplicate ID for the company. Once inside the premises, the social engineer can gain valuable information from a desktop computer. 

•  Eavesdropping: This is the  unauthorized listening to of communication between two people or the  reading of private messages. It can be performed using communication channels such as telephone lines and e-mails. 

•  Reverse social engineering: This  is when the attacker creates a persona that appears to be in a position of  authority. In such a situation, the target will ask for the information that they want.  Reverse engineering attacks usually occur in areas of marketing and technical support. 

•  Dumpster diving: Dumpster diving involves looking in the trash can for information written on pieces of  paper or computer printouts. The hacker   can often find passwords, filenames,  or other pieces of confidential information in trash cans. 

•  Posing as a legitimate end user: In this type of attack, the social engineer assumes the identity of a legitimate  user and tries to get the information, for example, calling the helpdesk and saying, “Hi, I am Mary from the X department. I do not remember my account password; can you help me out?”

Related Posts :- 
social engineering toolkit
Computer-based social engineering

Like us on Facebook :- Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.
                               

Computer-based social engineering

Computer-based social  engineering refers to attacks carried out with the help of computer software to get the desired information. Some of these attack  types are listed as follows:

  • Pop-up windows: Pop ups trick  users into clicking on a hyperlink that redirects them to visit an attacker’s  web page, asking them to give away their personal information or asking them to download software that could have attached viruses in the backend.

  • Insider attack: This type of  attack is performed from inside the target network. Most insider attacks  are orchestrated by disgruntled employees who are not happy with their position in the organization or because they have personal grudges against another employee or the management.


  • Phishing: Spammers often send  e-mails  in bulk to e-mail accounts, for example, those claiming to be from the UK lottery department and informing you that you have won a  million pounds. They request you to click on a link in the e-mail to provide your credit card details or enter information such as your first name, address, age, and city. Using this method the  social engineer can  gather  social security numbers and network information.                                                   

 Related Post :- Social Engineering Toolkit (SET)

  • The “Nigerian 419” scam: In the  Nigerian scam, the attacker asks the target to make upfront payments or make money transfers. It is called 419 because “4-1-9” is a section of the Nigerian Criminal Code that  outlaws this practice. The attacker or scammers usually send the target e-mails or letters with some lucrative offers stating that their money has been trapped in some country that is currently at war, so they need help in taking out the money and that they will give the target a share, which never really comes. These scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges, or taxes to help release or transfer the money out of the country through your bank. These “fees” may start out as small amounts. If paid, the scammer comes up with new fees that require payment before you can receive your “reward”.   They will keep making up these excuses until they think they have got   all the money they can out of you. You will never be sent the money that   was  promised. 
  • Social engineering attack through a fake SMS: In this type of attack,   the social engineer will send an SMS to the target claiming to be from   the security department of their bank and also claiming that it is urgent   that the target call the specified number.  If the target  is not too technically sound, they will call the specified number and the attacker can get the desired information.

Like us on facebook :- Grey Hat Hackers 

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.