Hack Wifi (WPA2-PSK) from Kali Linux - emiratespot.com

Breaking

emiratespot.com

GROW WITH EMIRATE

Wednesday, 10 January 2018

Hack Wifi (WPA2-PSK) from Kali Linux

Recently I had learned how to crack Wifi (WPA2-PSK) from Kali Linux, thought to share with you guys, this is just manipulation of some commands using Kali Linux terminal.

> First what is Wifi (WPA2-PSK) & (WEP)

WPA stands for Wi-Fi Protected Access

WEP stands for Wired Equivalent Privacy

Step 1:

The first step is to verify the router configuration. Normally in a real penetration test, we would not have this option, but since this is a home lab I have a little more flexibility.

In this case, the lab access point is securing the wireless network Wireless Lab with WPA2-PSK. It using the passphrase Cisco123. You can use any wireless router to set up your wireless lab.

Setup an old router and log into it setting it up as WEP for wireless security to use as a test router. Have one other computer, tablet, or smartphone connected to it wirelessly since the encrypted data between the two will need to be captured.

The basic idea of this attack is to capture as much traffic as possible using airodump-ng. Each data packet has an associated three-byte Initialization Vector called IV’s. After the attack is launched the goal is to get as many encrypted data packets or IV’s as possible then use aircrack-ng on the captured file and show the password.

Step 2:

The iwconfig command will show any wireless cards in the system. I am using a RealTek wireless card. Linux ships with the RealTek drivers, making it a Linux plug and play wireless card.

The operating system recognizes a  wireless interface named wlan0.

Breaking WPA2-PSK with Kali Linux-4

Step 3:

My next step will be to enable the wireless interface. This is accomplished issuing the ifconfig wlan0 up command.

Breaking WPA2-PSK with Kali Linux-5

Step 4:

I need to understand what wireless networks my wireless card sees. I issue the iwlist wlan0 scanning command.

Breaking WPA2-PSK with Kali Linux-6

This command forces the wireless card to scan and report on all wireless networks in the vicinity.

You can see from this example it found my target network: Wireless Lab. It also found the MAC address of my access point: 0E:18:1A:36:D6:22. This is important to note because I want to limit my attack to this specific access point (to ensure we are not attacking or breaking anyone else’s password).

Secondly, we see the AP is transmitting on channel 36.This is important because it allows us to be specific on what wireless channel we will want our wireless card to monitor and capture traffic from.

Breaking WPA2-PSK with Kali Linux-7

Step 5:

The next step is to change the wireless card to monitoring mode. This will allow the wireless card to examine all the packets in the air.

We do this by creating a monitor interface using airmon-ng. Issue the airmon-ng command to verify airmon-ng sees your wireless card. From that point create the monitor interface by issuing the command: airmon-ng start wlan0

Breaking WPA2-PSK with Kali Linux-8

Next, run the ifconfig command to verify the monitor interface is created. We can see mon0 is created.

Breaking WPA2-PSK with Kali Linux-9

Now verify the interface mon0 has been created.

Breaking WPA2-PSK with Kali Linux-10

Step 6:

Use airodump-ng to capture the WPA2 handshake. The attacker will have to catch someone in the act of authenticating to get a valid capture. Airodump-ng will display a valid handshake when it captures it. It will display the handshake confirmation in the upper right-hand corner of the screen.

Note: We will manually connect to the wireless network to force a handshake. In a future post, I will show you how to force a reauthorization to make a device automatically disconnect and reconnect without any manual intervention.

We used the following command: airodump-ng mon0 – -bssid 20:aa:4b:1f:b0:10 (to capture packets from our AP) – –channel 6 (to limit channel hopping) – –write BreakingWPA2 (the name of the file we will save to)

airodump-ng mon0 – -bssid 0E:18:1A:36:D6:22 – –channel 36 – –write BreakingWPA2

(make sure there is no space between “- -“)

"spoof"Most of us are very curious to know a method to send spoofed emails to our friends and family for fun. But the question is, is it possible to send spoofed emails in spite of the advanced spam filtering technology adopted by email service providers like Gmail, Yahoo etc?

The answer is YES, it is still possible to bypass their spam filters and send spoofed emails anonymously to your friends or family members. For example, you can send an email to your friend with the following sender details.

From: Bill Gates <billg@microsoft.com>

The art of sending this kind of email is known as Email Spoofing. One of the easy ways to send a spoofed email is by using our own local SMTP server. In the past, I have tried SMTP servers like QK SMTP server. This method used to work successfully in those days, but as of now, it has a very low success rate since Gmail and Yahoo (all major email service providers) blocks the emails that are sent directly from a home computer.

How to Send Spoofed Emails?

In this post, I have come up with a new method of sending spoofed emails to anyone without having to worry about being blocked or filtered as spam. In order to accomplish this, all you’ve to do is use a “relay server” while sending the spoofed emails.

What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by major companies as an authorized sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorized, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails to fail.

So, How to Find a Relay Server?

Now, all we have to do is find a trusted SMTP server so as to send spoofed emails successfully. Usually, all the emails that are sent from web hosting providers are trusted and authorized. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free web hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However, all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows sending emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email header to insert a fake From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. Here is a step-by-step procedure to set up your own anonymous email sender script:

  1. Go to X10 Hosting and register a new account.

  2. Download my script from the following link:

Download Anonymous Email Sender Script

  1. Log into your FreeWebHostingArea Account and click on File Manager.

  2. Uploadthe php, pngimg.php and bg1.PNG files to the server.

  3. Set permissions for php, pngimg.php and bg1.PNGto 777.

  4. Now type the following URL:

http://yoursite.x10hosting.com/sendmail.php

NOTE: your site must be substituted by the name of the subdomain that you have chosen during the registration process.

  1. Use the script to send spoofed emails anonymously to your friends and have fun. Enjoy!!!

Tell me whether it worked or not. Please pass your comments.

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUS

Have fun!!!

" data-medium-file="" data-large-file="" class="aligncenter size-full wp-image-229" src="https://i2.wp.com/www.drchaos.com/wp-content/uploads/2016/02/Breaking-WPA2-PSK-with-Kali-Linux-11.png?resize=1060%2C695" alt="Breaking WPA2-PSK with Kali Linux-11" width="548" height="359" style="margin: 0px auto; padding: 0px; border: 0px; font-weight: inherit; font-style: inherit; font-size: 12px; font-family: inherit; vertical-align: baseline; max-width: 100%; display: block;">
To capture the handshake you are dependent on monitoring a legitimate client authenticate to the network. However, it does not mean you have to wait for a client to legitimately authenticate. You can force a client to re-authenticate (which will happen automatically with most clients when you force a deauthorization).

When you see the WPA Handshake Command you know you have captured a valid handshake

example:

Breaking WPA2-PSK with Kali Linux-12

Step 7:

We will use aircrack-ng with the dictionary file to crack the password. Your chances of breaking the password are dependent on the password file.

The command on  is: aircrack-ng “name of cap file you created” -w “name of your dictionary file”

"spoof"Most of us are very curious to know a method to send spoofed emails to our friends and family for fun. But the question is, is it possible to send spoofed emails in spite of the advanced spam filtering technology adopted by email service providers like Gmail, Yahoo etc?

The answer is YES, it is still possible to bypass their spam filters and send spoofed emails anonymously to your friends or family members. For example, you can send an email to your friend with the following sender details.

From: Bill Gates <billg@microsoft.com>

The art of sending this kind of email is known as Email Spoofing. One of the easy way to send a spoofed email is by using our own local SMTP server. In the past, I have tried SMTP servers like QK SMTP server. This method used to work successfully in those days, but as of now, it has a very low success rate since Gmail and Yahoo (all major email service providers) blocks the emails that are sent directly from a home computer.

How to Send Spoofed Emails?

In this post, I have come up with a new method of sending spoofed emails to anyone without having to worry about being blocked or filtered as spam. In order to accomplish this, all you’ve to do is use a “relay server” while sending the spoofed emails.

What is a Relay Server?

In simple words, a relay server is an SMTP Server that is trusted by major companies as an authorized sender of the email. So, when you send an email using a relay server, the email service providers like Yahoo and Gmail blindly accept the emails and deliver it to the inbox of the recipient. If the SMTP server is not authorized, Google and Yahoo will reject all the emails sent from this SMTP server. This is the reason for which using our own SMTP server to send emails to fail.

So, How to Find a Relay Server?

Now, all we have to do is find a trusted SMTP server so as to send spoofed emails successfully. Usually, all the emails that are sent from web hosting providers are trusted and authorized. So, you have to find a free web hosting provider that allows you to send emails. But, most of the free web hosts disable the Mail feature and do not allow the users to send emails. This is done just to avoid spamming. However, all the paid hosting plans allow you to send any number of emails. Once you find a hosting service that allows sending emails from their servers, it’s just a cakewalk to send anonymous emails. All we have to do is just modify the email headerto insert a fake From address field into it.

I have created a PHP script that allows you to send emails from any name and email address of your choice. Here is a step-by-step procedure to set up your own anonymous email sender script:

  1. Go to X10 Hosting and register a new account.

  2. Download my script from the following link:

Download Anonymous Email Sender Script

  1. Log into your FreeWebHostingArea Account and click on File Manager.

  2. Uploadthe php, pngimg.php and bg1.PNG files to the server.

  3. Set permissions for php, pngimg.php and bg1.PNGto 777.

  4. Now type the following URL:

http://yoursite.x10hosting.com/sendmail.php

NOTE: yoursite must be substituted by the name of the subdomain that you have chosen during the registration process.

  1. Use the script to send spoofed emails anonymously to your friends and have fun. Enjoy!!!

Tell me whether it worked or not. Please pass your comments.

WARNING: ALL THE INFORMATION PROVIDED IN THIS POST ARE FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR ANY MISUS

Have fun!!!

" data-medium-file="" data-large-file="" class="aligncenter size-full wp-image-231" src="https://i1.wp.com/www.drchaos.com/wp-content/uploads/2016/02/Breaking-WPA2-PSK-with-Kali-Linux-13.png?resize=1024%2C74" alt="Breaking WPA2-PSK with Kali Linux-13" width="548" height="40" style="margin: 0px auto; padding: 0px; border: 0px; font-weight: inherit; font-style: inherit; font-size: 12px; font-family: inherit; vertical-align: baseline; max-width: 100%; display: block;">

The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 handshake airodump captured is stored in the BreakingWPA2-01.cap file.

Backtrack 5 ships with a basic dictionary. The dictionary file darkc0de.lst is a popular wordlist that ships with BackTrack5. We added our password Cisco123 in this file to make the test run a little smoother

Many attackers use large dictionaries that increase their chances of cracking a password. Many dictionaries contain passwords from real users and websites that have been cracked and posted on the Internet. Some sophisticated dictionaries combine multiple languages, permutations of each word, and keywords and phrases from social media sites such as Twitter and Facebook.

Kali does not come with the darkc0de.lst but you can download it from here

NOTE: Kali does have built-in worldlists in: /usr/share/worldlist 

In this blog, we created a file named “sample.lst” and added the word Cisco123 in it.

Success:

If the password is found in the dictionary file then Aircrack-ng will crack it.

Breaking WPA2-PSK with Kali Linux-14

No comments:

Post a Comment