Follow by Email

Search This Blog

Youtube Videos

Featured post

SocialFish V3 - The Ultimate Phishing Tool

SocialFish V3 - The Ultimate Phishing Tool Educational Phishing Tool & Information Collector Setting Up SocialFish Prerequis...

Recent PostAll the recent news you need to know

how to install and use bettercap 2

Bettercap 2 A to Z
Bettercap is another realization of the desire to improve Ettercap (along with MITM ). Let's say right away - the Bettercap program succeeded. In the Bettercap program, you can do almost everything that Ettercap can do. In this case, we do not need additional programs and a lot of open consoles.
bettercap-tutorial

Bettercap features include:
  • ARP spoofing and sniffing
  • network monitoring
  • WiFi and BLE monitoring
  • performing attacks on wireless networks
  • performing man-in-the-middle attacks with support for a variety of techniques: HTTPS bypass, DNS spoofing, launching a web server, etc.
  • support for caplets - caplets, files, which allow scripting to describe complex and automated attacks
  • works on Linux, macOS, Windows, Android, ARM

    Bettercap 2 versus bettercap 1.6


    Bettercap
    At the end of February, 2018 bettercap 2 came out and since then it is this version that is being actively developed, new functions are added to it. The bettercap version 1.6 is outdated and no longer supported.

    There are a lot of changes in the latest versions of bettercap - the program was rewritten again, and in a different programming language: instead of Ruby, now Go. Due to the change of language and other methods used, the performance has increased dramatically, the use of CPU and memory has been optimized.

    The model of interaction with the program has changed - it used to be a command line utility, at the start of which various options were used. The new version can also be launched in non-interactive mode, using options, but now interactive mode is available, as well as API.

    Even the purpose of the program has changed: it used to be a modular platform for implementing complex man-in-the-middle attacks; now, in addition to supporting man-in-the-middle attacks, there is functionality for monitoring the network, monitoring and attacks on 802.11 wireless networks and BLE.

    Wireshark Filters

    Wireshark Filters
    Wireshark is the world's most advanced network protocol analyzer. It allows you to see at the microscopic level what is happening in your network.
    Wireshark Filters

    Table of contents

      Wireshark Starter Filters

      In Wireshark just a huge number of various filters. And there is a lot of documentation on these filters, which is not so easy to understand. I collected the most interesting and most frequently used Wireshark filters for me. For novice users, this can be a bit of a Wireshark filter reference, a starting point for exploring. Also here in the comments I suggest you share the running filters that you often use, as well as interesting finds - I will add them to this list.

      Remember that Wireshark has display filters and capture filters. Here I consider the display filters that are entered in the main window of the program in the top field immediately below the menu and icons of the main functions.

      Metasploit with Docker and Kubernetes

      Running Metasploit with Docker and Kubernetes
      Metasploit with Docker and Kubernetes

      About this article
      This article is intended to make it easy to build a penetration test environment without complicated settings if Docker and Kubernetes are introduced.

      [If you implement the contents of this article to a server or network that you do not manage yourself, please be aware that it may violate the unauthorized access prohibition law]
      Environment used in this article
      $ cat /etc/lsb-release 
      DISTRIB_ID=Ubuntu
      DISTRIB_RELEASE=16.04
      DISTRIB_CODENAME=xenial
      DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
      $ docker --version
      Docker version 18.09.0, build 4d60db4
      $ minikube version
      minikube version: v0.29.0
      Things necessary
      All things to use this time are in GitHub and Docker Hub . Since GitHub also has a Dockerfile of Metasploit images etc., please remodel it so that it is easy to use. Let's get the things we need by executing the commands below in order.
      $ git clone https://github.com/SauravBrahma/MetasploitImage.git
      $ docker pull sauravbrahma/metasploit_image
      $ docker pull tleemcjr/metasploitable2
      Now that you have got what you need, let's move it.

      Intercept Passwords With Wireshark

      Interception of passwords with Wireshark
      Many users do not even realize that by filling in the login and password when registering or authorizing on a closed Internet resource and pressing ENTER, this data can easily be intercepted. Very often they are transmitted over the network in a non-secure manner. Therefore, if the site on which you are trying to log in uses the HTTP protocol, it is very easy to capture this traffic, analyze it using Wireshark and then use special filters and programs to find and decode the password.

      The best place to intercept passwords is the core of the network, where all users' traffic goes to closed resources (for example, mail) or in front of the router to access the Internet when registering with external resources. Adjust the mirror and we are ready to feel like a hacker.


        Install and run Wireshark to capture traffic

        .
        capture traffic
        Sometimes for this purpose it is enough to select only the interface through which we plan to capture traffic, and click the Start button. In our case, do capture over the wireless network.
        Wireshark
        Traffic capture has begun.

        Filtering captured POST traffic

        We open the browser and try to log in to any resource using the login and password. Upon completion of the authorization process and the opening of the site, we stop capturing traffic in Wireshark. Next, open the protocol analyzer and see a large number of packets. It is at this stage that most IT professionals give up, because they do not know what to do next. But we know and we are interested in specific packages that contain POST data that is generated on our local machine when the form is filled on the screen and sent to the remote server when you click the "Login" or "Authorization" button in the browser.

        Enter in the window a special filter to display captured packets: http. request. method == “ POST”
        And we see instead of a thousand packages, only one with the data we are looking for.

         Find the username and password using Wireshark

        Quick-click the right mouse button and select the Follow TCP Steam item from the menu.
        After that, a new window will display the text, which in the code restores the contents of the page. Find the fields “password” and “user”, which correspond to the password and user name. In some cases, both fields will be easily readable and not even encrypted, but if we try to capture traffic when accessing very well-known resources like Mail.ru, Facebook, Vkontakte, etc., then the password will be encoded:
        HTTP / 1.1 302 Found
        Date: Mon, 10 Nov 2014 23:52:21 GMT
        Server: Apache / 2.2.15 (CentOS)
        X-Powered-By: PHP / 5.3.3
        P3P: CP = "NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
        
        Set-Cookie: non = non; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
        
        Set-Cookie: password = e4b7c855be6e3d4307b8d6ba4cd4ab91 ; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
        
        Set-Cookie: scifuser = networkguru; expires = Thu, 07-Nov-2024 23:52:21 GMT; path = /
        Location: loggedin.php
        Content-Length: 0
        Connection: close
        Content-Type: text / html; charset = UTF-8
        Thus, in our case:
        Username: networkguru
        Password: e4b7c855be6e3d4307b8d6ba4cd4ab91

        Determining the type of encoding for decrypting the password

        We go, for example, to the site http://www.onlinehashcrack.com/hash-identification.php#res and enter our password into the window for identification. I was given a list of coding protocols in order of priority:
        • MD5
        • NTLM
        • MD4
        • LM

        Deciphering user password

        At this stage, we can use the hashcat utility:
        ~ # hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
        At the output we got the decrypted password: simplepassword

        Thus, using Wireshark, we can not only solve problems in the operation of applications and services, but also try ourselves as a hacker, intercepting passwords that users enter in web forms. You can also learn passwords to user mailboxes using simple filters to display:
        • The POP protocol and filter looks like this: pop.request.command == "USER" || pop.request.command == "PASS"
        • IMAP protocol and filter will be: imap.request contains "login"
        • SMTP protocol and you will need to enter the following filter: smtp.req.command == "AUTH"
        and more serious utilities to decrypt the encoding protocol.

        What if the traffic is encrypted and using HTTPS?

        There are several options for answering this question.
        Option 1: Connect to the disconnection between the user and the server and capture traffic at the time the connection is established (SSL Handshake). At the time of the connection, you can intercept the session key.

        Option 2: You can decrypt HTTPS traffic using the session key log file written by Firefox or Chrome. To do this, the browser must be configured to write these encryption keys to a log file ( example based on FireFox), and you must receive this log file. In essence, it is necessary to steal a file with a session key from another user's hard drive (which is illegal). Well, then grab traffic and use the received key to decrypt it.

        Refinement. We're talking about the web browser of the person who is trying to steal the password. If we mean decoding our own HTTPS traffic and want to practice, then this strategy will work. If you are trying to decrypt HTTPS traffic of other users without access to their computers, this will not work - for that it will encrypt and private space.

        After receiving the keys for option 1 or 2, you must register them in WireShark:
        • Go to the menu Edit - Preferences - Protocols - SSL.
        • Set the flag “Reassemble SSL records spanning multiple TCP segments”.
        • "RSA keys list" and click Edit.
        • Enter data in all fields and set the path in the file with the key
        WireShark can decrypt packets that are encrypted using the RSA algorithm. If the algorithms used are DHE / ECDHE, FS, ECC, the sniffer is not our helper.

        Option 3. Get access to the web-server, which the user uses, and get the key. But it is even more challenging. In corporate networks for the purpose of debugging applications or content filtering, this option is implemented on a legal basis, but not in order to intercept user passwords.

        How to decrypt WiFi traffic in Wireshark

        Decrypt WPA traffic in Wireshark
        Let's start with the theory to understand why the process of decrypting Wi-Fi traffic in Wireshark requires some effort and why one cannot simply decrypt any captured Wi-Fi traffic even if there is a password from the Access Point.

        Decrypt WPA traffic in Wireshark

        When transmitting over Wi-Fi, the traffic is encrypted using PTK (the Pairwise transient key can be translated as a Pair of Transition Key). At the same time, PTK is dynamic, that is, it is created anew for each new connection. Thus, it turns out that Wi-Fi traffic for each connection in the same Access Point is encrypted with different PTK, and even for one Client after reconnection, PTK changes. To calculate PTK, you need data from a four-stage handshake, as well as a password from a Wi-Fi network (in fact, you also need other information, such as the network name (SSID), but obtaining this data is not a problem).

        How to increase WiFi TXPower

        How to increase Wifi power (TX Power) Kali Linux
        Different countries have different laws and technical regulations, including on Wi-Fi. In some countries, it is not allowed to use the frequencies of some Wi-Fi channels (for example, in the USA, channels 12, 13 and 14 cannot be used). In most countries, the limit on the power of Wi-Fi signal is 20.0 dBm. But there are countries in which there is a limit of 30.0 dBm. You can use this loophole (make Wi-Fi card think that it is in a country where 30.0 dBm is allowed) and increase its power (TX Power) to 30.0 dBm.
        How to increase WiFi TXPower

        For Wi-Fi devices, there is such a thing as a controlling domain (regulatory domain or "regdomain") - it is in this parameter that the country in which this device is supposed to work is indicated. There is also a companion database in which the permitted frequencies and the power allowed for them are recorded for each country.

        How to bypass MAC address filtering

        Bypass MAC filtering on wireless networks
        Bypass MAC filtering on wireless networks

        Filtering by MAC address (along with creating a “ hidden WiFi network ”) Wi-Fi access point is another unsuitable method of protection that costs about one or two times. And for all its worthlessness, it can cause trouble to legitimate Wi-Fi users. For example, you set up your wireless router, turned on filtering by MAC address and everything works fine. A couple of months later a friend came to you and asked to connect to your Wi-Fi - if you have not forgotten that you have MAC address filtering, then you, on behalf of the administrator, need to go into the settings of the router and enter another MAC address. Or a year later (by this time you will forget about your settings), you bought yourself a new phone or laptop and spent the evening to figure out why the Internet does not work on it ...

        what is Handshake and how to capture it in Kali Linux

        What is a handshake
        Handshake in Kali Linux

        From a technical point of view, a handshake in wireless networks is the exchange of information between the access point and the client at the time the client connects to it. This information contains a variety of keys, the exchange takes place in several stages. The process of connecting to a wireless access point is well documented and you can find a lot of information about it.
        From a practical point of view, it’s enough for us to know only two very simple things:
        • a handshake can be captured while connecting a client who knows a valid password to a wireless access point
        • the handshake contains enough information to decrypt the password.
        All wireless access points do it.
        Decrypting the password from the handshake is done by brute force (brute force, brute-force). That is why the decryption of the password in the captured handshake has a probabilistic character. Those. does not always end well.

        How to find out the name of the hidden WiFi network

        What is hidden WiFi networks
        The owners of some wireless access points configure them so that they do not broadcast their name (ESSID). This is considered, in their opinion, additional protection (along with the password) .
        hidden WiFi network

        Simply put, the hidden Wi-Fi network (hidden) is a network that is not visible in the list of available networks. To connect to it, you must enter its name manually.

        In fact, this method of protection is untenable, if only because at certain moments the name of the wireless network (ESSID) is still broadcast in an open form.

        WiFite Automated Wi-Fi hacking tool

        WiFite2 Automated Wi-Fi hacking tool
        WiFite2 Automated Wi-Fi hacking tool

        There are many ways to attack a Wi-Fi network. The type of encryption, default settings of the manufacturer and the number of connected clients can determine how easy it will attack the target and which method of hacking will work best. Wifite2 is a powerful tool that automates Wi-Fi hacking, allowing you to select targets within your adapter's coverage area, and then selects the best hacking strategy for each network.
        As a rule, programs are sharpened to perform one specific function:
        • customer deauthentication
        • handshake
        • brute force
        • brute force WPS
        • etc., there are a lot of separate stages, methods.
        Features:
        • sorts targets by signal (in dB); hacking the closest access points first
        • automatically deauthenticates hidden network clients to reveal their SSID
        • a set of filters to accurately indicate what to attack (wep / wpa / both, above a certain signal strength, channels, etc.)
        • flexible settings (timeouts, packets per second, other)
        • “anonymity” functions: changing the MAC to a random address before an attack, then a reverse change when the attack is completed
        • all captured WPA handshakes are copied to the current wifite.py directory
        • WPA smart deauthentication; cycles between deauthenticating all clients and broadcast
        • stop any hacking with Ctrl + C with options to continue, go to the next target, skip hacking or exit
        • display of general information on the session upon exit; show all cracked keys
        • all passwords are saved in cracked.txt
        Homepage:  https://github.com/derv82/wifite2
        When a wireless network tester gets to work, it moves from one program to another to perform different stages of penetration, to use different methods.

        How to reset Kali Linux Password

        How to reset a forgotten password in Linux
        reset Kali Linux Password

        If you are unable to log in to the Kali Linux due to the fact that you have forgotten the password of the user account, or even if it's the right password but still wont let you login then all is not lost! Although this password cannot be recognized (using simple methods), but it can be reset and replaced with a new one, this instruction will tell you what to do if you forgot your Linux user password .

        How to change password for Linux user
        Any users from the group of administrators (whose account belongs to the wheel group ) can change the password for any other user - both for unprivileged accounts and for other administrators, including root. Those. if you have forgotten the root password, but remember the password of a user who has the right to execute commands with sudo , you can restore the password with the passwd command . To change the root password, do:
        sudo passwd
        To change the password of any user run:
        sudo passwd username
        Where instead of username you need to substitute the name of a Linux user account.
        What to do if you forget your Linux login password
        If you do not have other administrative accounts and, having forgotten the password of your Linux account, you cannot log in to the operating system, then you need a single user mode to reset the password .

        In single-user mode, no credentials (login, password) are asked for entry, while the logged in user has superuser rights. In this mode, using the familiar command passwd , it is possible to set a new password.

        The algorithm in all Linux distributions is similar:
        • Aborting the GRUB bootloader
        • Adding a boot option that includes single user mode
        • Resume boot
        • Password change with the passwd command
        • Reboot in normal mode
        Please note that the changes made in the second step (changing the boot options) are temporary - they affect only one subsequent load. Therefore, when you restart at the fifth step, you do not need to do anything - the system will turn on as usual.

        To move to the end of the line and to the beginning of the line (in the second step), use the keyboard shortcuts Ctrl + a and Ctrl + e .

        Although the algorithm for resetting the root password is similar, but there may be some nuances in different distributions, consider them in more detail.
        reset Kali Linux Password and Linux Mint, Ubuntu, Debian,  (should also work for other Debian derivatives)
        To interrupt the GRUB boot (first step) while starting the computer, press and hold the SHIFT key - it always works, even on Linux Mint, where the GRUB menu is turned off by default.
        Press the " e " key and you will proceed to edit the boot settings:

        The screen does not have the line we need, scroll with the cursor keys down and find the line starting with linux :

        First change "ro" to "rw" and then add at then end of the line the following command:
         "init =/bin/bash"
        It should look like this :
        When everything is ready, press Ctrl + x or F10 to continue.

        You will see a shell prompt, also note that we are logged in as root , i.e. we have elevated privileges, including the use of the passwd command :
        Using the passwd command, we can change the password :
        after you type the passwd command enter the new password you want
        As you can see, after this password change was successful
        Now reboot with a physical button and don't use reboot command now !
        What is the wheel group in Linux
        For computers, the term wheel refers to user accounts with the wheel bit, a system parameter that provides additional special system privileges that allow the user to execute commands for official use that other users cannot access. The term is derived from the big wheel slang phrase (literally “big wheel”), referring to a person with great power or influence. It was first used in this context with respect to the TENEX operating system, later distributed under the name TOPS-20 in the 1960s and early 1970s.

        This term was adopted by Unix users in the 1980s due to the movement of operating system developers and users from TENEX / TOPS-20 to Unix.

        Modern Unix systems typically use user groups as a security protocol for managing access rights. The wheel group is a special group of users used on some Unix systems to control access to the sudo command , which allows the user to disguise as another user (usually the superuser).

        What is single-user mode in unix
        Single-user mode is a mode in which a multi-user computer operating system is loaded into a single super-user. This mode is mainly used to serve multi-user environments such as network servers. Some tasks may require exclusive access to shared resources, for example, running fsck on a network share. This mode can also be used for security purposes — network services do not start, which eliminates the possibility of external interference. In some systems, the lost superuser password can be changed by switching to single user mode. Since at the entrance to this we decide that no password is requested, this can be considered as a security vulnerability.

        Unix-like operating systems provide a single-user mode of operation, either through the execution level in System V style, or with BSD-style loaders, or with other boot parameters.

        The run level is usually changed using the init command , the run level 1 or S will be loaded into single user mode.

        Bootloader parameters can be changed during startup before executing the kernel. On FreeBSD and DragonFly BSD, it can be changed before rebooting the system using the nextboot -o "-s" -k kernel command , and its bootloader will offer the option of booting into single-user mode.

        How to update Kali Linux

        Checking / restoring / cleaning repositories (application sources) Kali Linux Rolling 2019
        Original sources of applications (repositories) are the main key to the health of your Kali Linux.
        The warning that changing / adding new repositories, as a rule, kills the system is on the official website.
        Numerous experiences indicate that a huge number of problems are caused by errors in the sources of applications. If the standard Kali Linux instructions that work for most other users do not work for you, then 99% are due to modified kali repositories.

        The most important thing in kali linux sources list  is this  line:
        deb https://http.kali.org/kali kali-rolling main non-free contrib
        and there were no third-party application sources.
         In Kali Linux, application sources are listed in the /etc/apt/sources.list file . The normal, default content for kali sources list is as follows:
        root@Kalitut:~# cat /etc/apt/sources.list
         
        deb https://http.kali.org/kali kali-rolling main non-free contrib
        # deb-src https://http.kali.org/kali kali-rolling main non-free contrib
        if your file doesn't look like this then type this command in your terminal:
        echo -e "deb https://http.kali.org/kali kali-rolling main non-free contrib" > /etc/apt/sources.list
        This command will completely wipe the /etc/apt/sources.list file and add one line to it (you can do it manually following those commands :
        leafpad /etc/apt/sources.list
        Delete all the lines in your Repository file and add just add this one:
        deb https://http.kali.org/kali kali-rolling main non-free contrib
        Now you can update and upgrade to do so follow those commands:
        apt-get clean && apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y
        and you can follow this video showing the same steps: