Wednesday, February 15, 2017

Creating WordList for Password Cracking

1. Using tool crunch

2. Cracking the password


WPA Cracking

1. Crack WPS Pin and then crack WPA PSK


Fake Authentication the Wificard with Access Point

1. Fake authentication
airplay-ng --fakeauth 0 -a MAC-AP -h MAC-my-wificard mon0

2. Packet injection
- wait for an ARP packet, then capture this packet and inject it into the traffic, this will force AP to generate a new ARP packet with a new IV, we capture this packet and inject into the traffic again, this process is repeated until the number of IV's captured is sufficient enough to crack the key.

> aireplay-ng --arpreplay -b [target MAC] -h [your MAC] [interface]


Creating a Fake Access Point (Honeypot)

1.  apt-get install mana-toolkit

2. use a wireless card (through USB) to broadcast the signals

3. leafpad /etc/mana-toolkit/hostpad-mana.conf

- set the configurations of the fake access point

4. leafpad /usr/share/mana-toolkit/run-mana/

- upstream=eth0

5. bash  /usr/share/mana-toolkit/run-mana/

6. crack WAP encryption approaches, by collecting enough packets to find packets with same IV


Deauthentication attack on any device


Disassociate the device from the network

- once the target is deauthenticated, the client will try to connect with the AP again, so that the attackers can capture these connection packets for password cracking

Friday, February 10, 2017

Thursday, February 9, 2017

Nmap port scan

1. Scan the 100 most common ports (Fast)

nmap -T4 -F xx.xx.xx.0/24

2. Detect OS and Services

nmap -T4 -A -v xx.xx.xx.1-254

zenmap is the UI for nmap, which help organize and visualize the scanned information

Wednesday, February 8, 2017

Vulnerability Checking Tools

1. Check the devices that have been scanned to have vulnerabilities

2. Port scanning tools
- pentest-tools
- mxtoolbox

3. Check if your IP is in vulnerable database
- techmonkeys

The Home Router

1. Command to get router address: Desktop$ route -n get default
   route to: default
   destination: default
   mask: default
   gateway: xx.xx.xx.1
   interface: en4
 recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
       0         0         0         0         0         0      1500         0

Monday, February 6, 2017

Security Courses

  • Cyber Security
    • Instructor: Robert Bunge
    • Rate: ***
    • Easiness: *****
    • Date taking: 02/06/2017 - 02/08/2017
    • Comments: Very basic introduction to security.

  • The Complete Cyber Security Course : Network Security!
    • Instructor: Nathan House
    • Rate: ****
    • Easiness: ***
    • Date taking: 02/08/2017 - 02/11/2017
    • Comments: 
      • This course provides hands-on experience by introducing several tools and techniques
      • Network Security, WiFi Security, WiFi Hackers, Firewalls, Wireshark. Plus the Best Password Managers

Security blogs