Skip to main content

Posts

Showing posts from February, 2017

Wifi Hacking : coWPAtty

Hacking WiFi through coWPAtty (Kali Linux)
Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed

Above defination was technical....simply speaking...coWPAtty disconnects the currently connected user from wifi and for the user to reconnect it from wifi..as soon as user connects from wifi it steals the password....




cowpatty – WPA-PSK dictionary attack
genpmk – WPA-PSK precomputation attack
genpmk Usage ExampleUse the provided dictionary file (-f /usr/share/wordlists/nmap.lst) to generate a hashfile, saving it to a file (-d cowpatty_dict) for the given ESSID (-s securen…

Analyzing Packets in Wireshark

Downloads
Windows and Macintosh user can download it from here.Kali already contains this tool .If You have not downloaded kali linux yet click here to download it


How To
1.   Start the wireshark using command line or from menu option. 

2.   It will open Wireshark as shown below:

3.  Here we go, we will require moniter mode to start packet sniffing. So, here we will start sniffing using monitor mode.

4.  As soon as start of sniffing, it will start capturing packets.

5.  You will get thousands of packets. We can categorize as per requirement. For example, apply filter as per bssid.

6.  We can filter the packets for only management frame. (wlan.fc.type.==0)

7.  Filter to show only data packets. (wlan.fc.type==2)


Wardriving

Wardriving is a term where a pearson with vehicle and having laptop, wireless card and gps setup, drives in all of the city and identifies status of different wireless access points at different geographical locations in city.

The wireless range can be extended using wireless an…

DracOS : A New Alternative

Hacking with DracOS : You must be thinking about kali and other pentesting operating system like kali,backtrack but this time a new pentesting tool called DracOS .The difference is that unlike kali and bactrack is not uses gnome repository , it use the yum repository...





Dont Forget to read burning topics of all time :--> 1. Social Engineering Toolkit 2.Password Cracking Softwares 3.Wifi Password Cracking by Fern(GUI)



Dont forget to like us on facebook -->


NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Burpsuite – Use Burp Intruder to Bruteforce Forms

Using Burp Intruder to Bruteforce passwords.
Burpsuite is a collection of tools and plugins for any web application security testing bundled into a single executable jar file. It contains about 8 useful tools for performing spidering, fuzzing, decoding etc. But the prime feature is that, it is an intercepting proxy which works on application layer. So even HTTPS connections passing through burpsuite are visible. In this article, we will see how to use burp intruder to bruteforce inputs in a web application. For those who are new to burpsuite, read this article on Getting started with Burpsuite. Others can proceed straightaway.


Burp IntruderThe burp intruder is a feature in burpsuite which helps to perform extensive fuzz testing. It helps us to enumerate varaious parameters in a request with supplied wordlist. From password bruteforcing to XSS testing, we can perform all kinds of fuzzing using this amazing plugin in burpsuite.
How Intruder works ? In order to get started with intruder, …

Burpsuite

Getting Started with Burpsuite & Running a basic Web-SpiderBurpsuite is a collection of tools bundled into a single suite made for Web Application Security or Penetration testing. Its a java executable and hence its cross platform. Kali Linux comes with Buprsuite free edition installed. There is also a professional version available. The main features of burpsuite is that it can function as an intercepting proxy. Burpsuite intercepts the traffic between a web browser and the web server. Other Features include: Application AwareSpider : Used for spidering/crawling a given scope of pages.Scanner :  Automatically scans for vulnerabilities just like any other automated scannersIntruder : Used to perform attacks & bruteforces on pages in a highly customize-able manner.Repeater : Used for manipulating and resending individual requests.Sequencer : Used mainly for testing/fuzzing session tokens.Extensibility, allowing you to easily write your own plugins, to perform complex and …

Understanding Open Source Intelligence

OSINT is accessing  the information  which is available in public by applying different  search techniques.OSINT is nothing but simply a research which is carried out by specialized website, software solution and creative search query.

In order to carry out crime investigation  applying right search approach to gather information available in public is very important such as Facebook profile data, website owner information, IP addresses of users,  Additional account of the users, public government record, Hidden website, data available of uploaded photograph or video.

Big Data from the Deep Web is OSINT. Whatever you want to call it – online Big Data, OSINT, or open-source intelligence – your organization can benefit from exploiting that information. There is information publicly available online right now that you are missing by searching with Google, or not searching for at all because you aren’t even aware it exists.

There are different tools available in order to carry out meaningful…