Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed
Above defination was technical….simply speaking…coWPAtty disconnects the currently connected user from wifi and for the user to reconnect it from wifi..as soon as user connects from wifi it steals the password….
cowpatty – WPA-PSK dictionary attack
genpmk – WPA-PSK precomputation attack
genpmk Usage Example
Use the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securenet):
NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.
If You have not downloaded kali linux yet click here to download it
1. Start the wireshark using command line or from menu option.
For Kali Users
2. It will open Wireshark as shown below:
3. Here we go, we will require moniter mode to start packet sniffing. So, here we will start sniffing using monitor mode. 4. As soon as start of sniffing, it will start capturing packets. 5. You will get thousands of packets. We can categorize as per requirement. For example, apply filter as per bssid. 6. We can filter the packets for only management frame. (wlan.fc.type.==0) 7. Filter to show only data packets. (wlan.fc.type==2)
Wardriving is a term where a pearson with vehicle and having laptop, wireless card and gps setup, drives in all of the city and identifies status of different wireless access points at different geographical locations in city.
The wireless range can be extended using wireless antennas. To get details about geographical locations you can use gps to find out latitude and longitude.
WifiInfoView is windows based tool which can be used to see Wireless Access Points and with other information. Download it from Here.
Like Us on Facebook :-
NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.
You must be thinking about kali and other pentesting operating system like kali,backtrack but this time a new pentesting tool called DracOS .The difference is that unlike kali and bactrack is not uses gnome repository ,
it use the yum repository…
Dont Forget to read burning topics of all time :–>
Burpsuite is a collection of tools and plugins for any web application security testing bundled into a single executable jar file. It contains about 8 useful tools for performing spidering, fuzzing, decoding etc. But the prime feature is that, it is an intercepting proxy which works on application layer. So even HTTPS connections passing through burpsuite are visible. In this article, we will see how to use burp intruder to bruteforce inputs in a web application. For those who are new to burpsuite, read this article on Getting started with Burpsuite. Others can proceed straightaway.
The burp intruder is a feature in burpsuite which helps to perform extensive fuzz testing. It helps us to enumerate varaious parameters in a request with supplied wordlist. From password bruteforcing to XSS testing, we can perform all kinds of fuzzing using this amazing plugin in burpsuite.
How Intruder works ?
In order to get started with intruder, we need to get the request captured. This can be a GET or POST request depending on the web-application. Once the rwquest is captured, it can be sent to intruder. Then intruder analyses variable positions in the request where a payload can be inserted. The payload is simply a wordlist we supply. After the wordlist is supplied, the intruder can run through all the combinations in the wordlist on the positions set.
In this, lab a simple brute-force against a password is performed. This tutorial shows performing this on mutillidae. You can perform this on any login form.
Step 1: Setup Burp as Intercepting Proxy
For this you need to setup the burp as proxy first. If you are not clear on this, refere to Getting Started with Burpsuite article.
Step 2: Capture the request
After you have configured burp, start intercepting & open the target page.
Opening the Target Page
Forwarding the Request
Step 3: Capture the POST request
Capture the POST request where the username & password is supplied to the web-application. This can occasionally be a GET request also. Anyway the idea is we need to capture a request in which some variable value is supplied to the server.
Click on the Action button in the top right and select send to intruder.
Sending to Intruder
Then, you will be shown the Intruder options and first target will be shown. This page/tab contains target options like host port use SSL etc. Just cross verify whether the target you are attacking is displayed correctly in this section and proceed to next
Intruder – Host Options
Next, go to Positions Tab. This is where we set the variables to be attacked/fuzzed. Burp will automatically populate all positions where a fuzz test can be run. You can customize it by using the options in the Right side of the tab.
In this case, clear all positions & add position in the password variable. It’s seen at the bottom of the whole request. Do this by clicking the add button. First keep the cursor just after the “=” and click add. Then go to the last letter of feild and place the cursor there. Add a position there also otherwise the whole content after the position will be taken as a single position. Just like closing brackets in programing or in Maths make sure to open a position and close it.
Setting Position & Type
Once the position is set, confirm whether the Attack type is Sinper. This attack type works just like sniper gun. It fires the payload precisely at a single point. If you have multiple positions, it will fire the payload at the first position and then move on to the second and so on.(One at a time). Speaking of payload, keep reading, it will be explained in the next para so move on to the Payloads tab.
The Payloads tab is where you set the wordlist or list of variables to be run against the payload positions we set previously. There are numerous possibilities & combinations you can try here. You can load a list containing all the words or strings, or you can generate words based on the characters you supply etc. It can be specified in the Payload type drop down menu. Try browsing trhough all of them and you will understand the power of Intruder. For now we supply a simple list. Select the payload type as simple list & click the load button to open an explorer window. Select your wordlist that contains passwords. In Kali, sme default wordlists are supplied inside “/usr/share/wordlists/”. For this one I have selected, “/usr/share/wordlists/metasploit-jtr/password.lst”.
Loading word list
After it has been loaded successfully, you can see the contents of the list in the area beside the Load button. You can also edit the contents using the other buttons present there.
Step 5: Start Attack.
Once everything is set, click the intruder menu from the top and select Start Attack.
Starting the Attack
Now the intruder attack window pops up which shows the ongoing attack. Here you can see details like HTTP code & length of the response. Now comes the difficult part of analysing the results. Depending upon the target and nature of attack, the results vary. From a bunch of results, you need to analyse it properley. One method to do it is to analyze the pattern of results. For some entries, there may be a difference in the response code or length. This may be a successful attack or may be the failed attack. It depends on the target & nature of attack. In this case, I know the server would return an HTTP 302 if the username & password are right. So I will be on the lookout for this. The idea here is what I said just now, look for patterns & variations from patterns. Check the variation in detail first. It may contain the details of a successful attack.
In the above screenshot, we have a 302 response which concludes it may be a successful attack. If you have such a result, click on the particular request from the main area, and look at the results tab below.
Here we have got a cookie with uid=1 for a request with username = admin, which means this particular request has been successful. Look for the payload in the top section or analyze the Request tab to view the password which was supplied. Here in this case, the password is “admin”. So you have successfully carried out a password brute force.
This article has been lengthy and lot of concepts & procedures were involved. Carry out this by yourself along with this post open if you haven’t done this yet. Then you will come across many issues and you will understand the different techniques to run this attack.
If you find this informative or like this, Please share this article.
Getting Started with Burpsuite & Running a basic Web-Spider
Burpsuite is a collection of tools bundled into a single suite made for Web Application Security or Penetration testing. Its a java executable and hence its cross platform. Kali Linux comes with Buprsuite free edition installed. There is also a professional version available. The main features of burpsuite is that it can function as an intercepting proxy. Burpsuite intercepts the traffic between a web browser and the web server.
Other Features include:
Application AwareSpider : Used for spidering/crawling a given scope of pages.
Scanner : Automatically scans for vulnerabilities just like any other automated scanners
Intruder : Used to perform attacks & bruteforces on pages in a highly customize-able manner.
Repeater : Used for manipulating and resending individual requests.
Sequencer : Used mainly for testing/fuzzing session tokens.
Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
Comparer & Decoder used for misc purposes that might come along the way when you conduct a Web Security test
Spidering a Website
A web crawler is a bot program which systematically browses the pages of a website for the purpose of indexing. Precisely a web crawler maps the structure of a website by browsing all its inner pages. The crawler is also reffered to as spider or automatic indexer. Burpsuite has got its own spider called the burpspider. The burp spider is a program which crawls into all the pages of a target specified in the scope. Before starting the burp spider, burpsuite has to to be configured to intercept the HTTP traffic.
Interface & Options
Like any other GUI/Windows tool, burpsuite contains a standard menu bar, 2 rows of tabs & different set of panels as seen below.
The above figure shows the options & details about the target. In the above figure there are mainly 4 sections. They are described against the corresponding numbers as follows:
Tool & Options selector Tabs – Select between Various tools & settings of burpsuite
Sitemap View – Displays the sitemap once spider has started
Requests Queue – Displays the requests being made
Request/Response Details – The HTTP requests made & the responses from the servers.
Lab 1 : Spidering a website
Spidering is a major part of recon while performing Web security tests. It helps the pentester to identify the scope & archetecture of the web-application.As described earlier, burpsuite has it’s own spider called the burp spider which can crawl into a website.
Scenario: Attacker – Kali Linux VM, IP = 192.168.0.105
Target – OWASP Broken Web Application VM, IP = 192.168.0.160
Step 1 : Setup Proxy. First start burpsuite and check details under proxy tab in Options sub-tab. Ensure IP is localhost IP & port is 8080.
Also ensure that Intercept is ON in the Intercept Sub-Tab
Then on IceWeasel/Firefox, Goto Options > Preferences > Network > Connection Settings. Choose Manual Proxy Configuration
If you want, you can try installing proxy add-ons. Here is one such. Install the proxy selector from addons page and goto preferences
Goto Manage Proxies & add a new proxy filling out the relevant information. It’s simple.
Click the Proxy Selector button at the Top right & select the Proxy you just created.
Step 2 : Getting Content into Burp After you have setup the proxy, goto the target normally by entering the URL in the address bar. You can notice that the page will not be loading up. This is because burpsuite is intercepting the connection.
Meanwhile in burpsuite, you can see the request details. Click forward to forward the connection. Then you can see that the page has loaded up in the browser.
Comming back to burpsuite, you can see that all sections are populated.
Step 3 : Scope Selection & Starting Spider Now narrow down the target as you want. Here the target/mutillidae is selected. Right click the mutillidae from the sitemap & select Spider from Here option
After the spider starts, You get a prompt as shown in the following figure. It’s a login form. If you know the details, fill in as needed & thus the spider wil be able to crawl from the inside also. You can skip this step by pressing the Ignore Form button.
Step 4 : Manipulating Details Now you can see as the spider runs, the tree inside of the mutillidae branch gets populated. Also the requests made are shown in the queue and the details are shown in the Request tab.
Move on to different Tabs and see all the underlying information.
Finally check if spider is finished by viewing the Spider tab.
These are the very basics & starting point of a web security test. Spidering is an important part of the recon during the test and by clearly executing this, we can understand about the architecture of the target site. In upcomming tutorials, we will extend this to other tools in the Burpsuite set of tools.
OSINT is accessing the information which is available in public by applying different search techniques.OSINT is nothing but simply a research which is carried out by specialized website, software solution and creative search query. In order to carry out crime investigation applying right search approach to gather information available in public is very important such as Facebook profile data, website owner information, IP addresses of users, Additional account of the users, public government record, Hidden website, data available of uploaded photograph or video. Big Data from the Deep Web is OSINT. Whatever you want to call it – online Big Data, OSINT, or open-source intelligence – your organization can benefit from exploiting that information. There is information publicly available online right now that you are missing by searching with Google, or not searching for at all because you aren’t even aware it exists. There are different tools available in order to carry out meaningful search, custom search tools : Name search tool, Documents search by format, photo Meta data search, Email assumption search tool. To investigate a photograph alone we have picture search, TinEye, Yankee, Camera Summary (EXIF viewer), image manipulation (identify edited image) few among many other such tools which are freely available on the Internet. Maltego is an extremely powerful OSINT framework, covering infrastructural exploring and personal scouting. Shodan is an acronym for Sentient Hyper Optimized Data Access Network. Unlike traditional search engines that crawl the website to display results, attempts to grab data from the ports.
Metagoofil is used to extract metadata from the target. It supports various file types, including pdf, doc, xls and ppt. This open source intelligence tool can also be used to extract MAC addresses.
Google happens to be the most powerful OSINT tool for a user to perform attacks, and forms the basis for Google Hacking Database.
FOCA is a network infrastructure mapping tool that can be used for OSINT. It can analyze metadata from various files, including doc, pdf and ppt files.
Social Engineer Toolkit is an open source tool to perform online social engineering attacks. The tool can be used for various attack scenarios including spear phishing and website attack vectors.
Likewise we can carry out search of Public Record through SSN Death Index to verify death records, Custom phone search tool search for the data associated with phone caller ID test etc. Specialized courses and training are available over the Internet to learn such searching skills.
KingoRoot Androidis a one-click root method for devices running Android 4.4, including flagship devices from manufacturers like SamSung, HTC, SONY and else. The newly integrated script in Kingo ROOT is a universal one for Android 4.3, 4.4 and some 5.0 devices.
Root Android 4.4.2 and 4.4.4 via KingoRoot APK without connecting to PC
It is suggested that you try KingoRoot Apk first for that it is more convenient and easy to use without connecting to a computer.
Allow installation of apps from unknown sources on your Android device.
Double click the desktop icon to launch KingoRoot Android PC Version.
Step 3: Enable USB Debugging mode. (Skip this step if it’s enabled)
USB Debugging mode enabled is a necessary step of Android rooting process.
[IMPORTANT NOTICE] Pay attention to your device screen for a prompt window. Tick “Always allow from this computer”. If you don’t, you will probably get yourself an OFFLINE DEVICE.
Step 4: Things you need to know before rooting your device.
Rooting your Android has its own advantages and at the same time disadvantages. It is a matter of weighing pros and cons.
Android rooting is a modification process to the original system, in which the limitations are removed and full-access is allowed and thus resulting in the ability to alter or replace system applications and settings, run specialized apps and even facilitate the removal and replacement of the device’s operating system with a custom one. Rooting your device will immediately void your warranty..
Step 5: Click “ROOT” to begin the process.
Kingo Android Root will employ multiple exploits on your device, which will probably take a couple of minutes. In the rooting process, your device may be rebooted several times. Do not be panic, it is normal. And once it begins, please DO NOT touch, move, unplug or perform any operation on your device.
Step 6: Getting results, succeed or fail.
Hopefully your device is well supported and successfully rooted by Kingo.
Some hackers, who call themselves Pro_Mast3r, have managed to hack Donald Trump’s website and deface a CloudFlare server. The server in question is associated with campaign donations. Currently, the server is offline. In another development, Congressman Ted Lieu has said that Trump’s use of an insecure Android phone demands an investigation.
While numerous speculations are continuously being made regarding Donald Trump’s unsafe website and smartphone, a hacker, who uses the name Pro_Mast3r, has defaced a server associated with his campaign fundraising website.
The hacked server, secure2.donaldjtrump.com, which isn’t directly linked to the campaign’s home page, is behind CloudFlare’s content management and security system, Ars Technica reports.
The certificate of the server is legitimate and it looks like a real Trump campaign server. However, the image displayed is linked to some other website. The picture shows the following text:
Hacked By Pro_Mast3r ~ Attacker Gov Nothing Is Impossible
Peace From Iraq
It’s worth mentioning that the source code of the page, which is now offline, contains a link to JS on a Google Code account that’s now non-existent. The archive of the script shows that it’s not some malware.
In another related development, Democratic Congressman Ted Lieu, on Friday, demanded that an investigation should be launched into Trump’s use of an insecure Android phone.
In human-based social engineering attacks, the social engineer interacts directly with the target to get information. An example of this type of attack would be where the attacker calls the database administrator asking to reset the password for the targets account from a remote location by gathering the user information from any remote social networking site of the XYZ company. Human-based social engineering can be categorized as follows: • Piggybacking: In this type of attack the attacker takes advantage by tricking authorized personnel to get inside a restricted area of the targeted company, such as the server room. For example, attacker X enters the ABC company as a candidate for an interview but later enters a restricted area by tricking an authorized person, claiming that he is a new employee of the company and so doesn’t have an employee ID, and using the targets ID card. • Impersonating: In this type of attack, a social engineer pretends to be a valid employee of the organization and gains physical access. This can be perfectly carried out in the real world by wearing a suit or duplicate ID for the company. Once inside the premises, the social engineer can gain valuable information from a desktop computer. • Eavesdropping: This is the unauthorized listening to of communication between two people or the reading of private messages. It can be performed using communication channels such as telephone lines and e-mails. • Reverse social engineering: This is when the attacker creates a persona that appears to be in a position of authority. In such a situation, the target will ask for the information that they want. Reverse engineering attacks usually occur in areas of marketing and technical support. • Dumpster diving: Dumpster diving involves looking in the trash can for information written on pieces of paper or computer printouts. The hacker can often find passwords, filenames, or other pieces of confidential information in trash cans. • Posing as a legitimate end user: In this type of attack, the social engineer assumes the identity of a legitimate user and tries to get the information, for example, calling the helpdesk and saying, “Hi, I am Mary from the X department. I do not remember my account password; can you help me out?” Related Posts :- social engineering toolkit Computer-based social engineering
Computer-based social engineering refers to attacks carried out with the help of computer software to get the desired information. Some of these attack types are listed as follows:
Pop-up windows: Pop ups trick users into clicking on a hyperlink that redirects them to visit an attacker’s web page, asking them to give away their personal information or asking them to download software that could have attached viruses in the backend.
Insider attack: This type of attack is performed from inside the target network. Most insider attacks are orchestrated by disgruntled employees who are not happy with their position in the organization or because they have personal grudges against another employee or the management.
Phishing: Spammers often send e-mails in bulk to e-mail accounts, for example, those claiming to be from the UK lottery department and informing you that you have won a million pounds. They request you to click on a link in the e-mail to provide your credit card details or enter information such as your first name, address, age, and city. Using this method the social engineer can gather social security numbers and network information.
The “Nigerian 419” scam: In the Nigerian scam, the attacker asks the target to make upfront payments or make money transfers. It is called 419 because “4-1-9” is a section of the Nigerian Criminal Code that outlaws this practice. The attacker or scammers usually send the target e-mails or letters with some lucrative offers stating that their money has been trapped in some country that is currently at war, so they need help in taking out the money and that they will give the target a share, which never really comes. These scammers ask you to pay money or give them your bank account details to help them transfer the money. You are then asked to pay fees, charges, or taxes to help release or transfer the money out of the country through your bank. These “fees” may start out as small amounts. If paid, the scammer comes up with new fees that require payment before you can receive your “reward”. They will keep making up these excuses until they think they have got all the money they can out of you. You will never be sent the money that was promised.
Social engineering attack through a fake SMS: In this type of attack, the social engineer will send an SMS to the target claiming to be from the security department of their bank and also claiming that it is urgent that the target call the specified number. If the target is not too technically sound, they will call the specified number and the attacker can get the desired information.