Archives

All posts for the month July, 2015

Good evening friends, today we will see how to enable IPv6 on a cisco router with cisco ios. To know what is IPv6, go here. Enabling IPv6 routing on a cisco router is pretty easy and involves only a few commands.

First of all, we have to enable the router to pass IPv6 traffic. In global configuration mode of the router, type command “ipv6 unicast-routing”. Then go to the specific interface on which you want to configure IPv6 addressing by typing command “interface <type> <number>”  as shown below.  Type command “ipv6 enable”.

ipv6 on a cisco router

Now let’s check whether IPv6 is enabled or not on our specified interface. Go back to Privileged Exec Mode  and type command “show ipv6  interface ethernet1/0″. To know about different modes on Cisco IOS, go here. Now when we type the above command, we can see that our device has been assigned a IPv6 address as shown below.

ipv6 on a cisco router

 

Hi Everybody, today we are going to see how to make live USB of Kali Linux. Live USB installation has many advantages like system administation, forensics and testing of the OS before making a hard drive installation. However what prompted me to make kali live USB  was wifi hacking. My laptop has a compatible adapter for wifi hacking but Kali Linux in Vmware Workstation recognizes your host’s wifi adapter as a ethernet adapter. So I thought I could postpone buying a usb wifi adapter for some time by making a live usb installation of kali linux.

Whatever, let’s get to how to make Kali Live USB. First we need to download software called win32diskimager from here,  Install the software and launch it. It will look like below.

win32diskimage1

 

Plug a USB drive into your laptop. Make sure it is atleast 4 GB.  In the “device” tab, select your USB drive. In the “image file” tab, browse to the iso image of Kali Linux as shown below.

win32diskimage2

 

Click on “Write”. That’s it you have successfully made a live USB of Kali linux. Hope that was helpful.

win32diskimage3

WPA stands for Wifi Protected Access. It is an encryption system to secure WLAN networks. It eliminates all known vulnerabilites in WEP(Wired Equivalent Privacy).  WPA uses 128 bit key and  48 bit initialization vector while WEP uses 108 bit key with 24 bit initialization vector. WPA2 is the successor of WPA. Both WPA and WPA2 use temporal key integrity protocol(TKIP) for encryption and  pre-shared key(PSK) authentication.  The only difference between WPA and WPA2 is that they use Rivest Cipher(RC4) and Advanced Encryption Standard(AES) encryption algorithms respectively. Both can be configured to use counter cipher block chaining mode(CCM) though. They are by far consired  most secure for Wifi networks.

So, today we are going to see WPA/WPA2 password cracking with aircrack. For this howto, I am going to use Kali Linux. ( For this howto, if you are running Kali Linux in Vmware or Virtualbox you need to have a compatible wifi usb adapter). I am running Kali Linux in live USB mode(see how to make kali live usb) as my laptop has Atheros adapter. So let’s start.

Once you have booted into Kali Linux, open terminal and type command “iwconfig”. It lists your wireless interfaces just like ifocnfig shows wired interfaces.

wpacrack1

We can see that we have a wireless interface wlan0. Now we are going to start monitor mode on our wireless interface. Monitor mode is same as promiscuous mode in wired sniffing. Type command “airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

wpacrack2

Now let’s see all the traffic collected by our wireless interface. Type command airodump-ng mon0.

wpacrack3

Hit Enter. We can see all the wireless networks available as shown below.

wpacrack4

We can see that all the wifi networks are configured with  WPA2 or WPA. We are going to hack the network “shunya”. We will collect the shunya’s network traffic into a file. Open a terminal and type command “airodump-ng –bssid <Mac address of wifi access point> -c 13 –write wpacrack mon0″.

wpacrack5

where

–bssid stands for base station security identifier

<MAC address> is the Mac address of access point.

-c is used to specify the channel the wifi network is operating on.

–write to write to a file.

wpacrack  is the file name we are writing into.

mon0 is the interface

Hit Enter. We will see the result as below.

wpacrack6

We can only hack a WPA/WPA2 protected wifi network by capturing it’s handshake process or association( when the client is trying to connect to the wifi network.).  So let’s try to disconnect all the clients connected to the wifi network “shunya” first. Open a new terminal and type the command “aireplay-ng  –deauth 100 -a <MAC> –ignore-negative-one mon0″.

where

–deauth are the deauthentication packets,

100 are the number of deauthentication packets we want to send.

-a stands for access point.

<MAC> is the MAC address of the wifi access point.

wpacrack7

This command will send 100 deauthentication packets to the broadcast address of the wifi access point. This will make all the clients connected to the shunya get disconnected. As soon as this happens, all the clients will try to connect back to the wifi network once again. We can see that a WPA handshake has happened in the previous terminal.

wpacrack8

Now let’s see where our capture file is located. Type “ls”. We will do dictionary password cracking here. So let’s find out where the dictionaries are.  Type command “locate wordlists”. This will show us a number of wordlists available by default in kali linux.

wpacrack9

Our captured traffic is stored in .cap file. We will use the wordlist big.txt for cracking the password. Open a new terminal and type command “aircrack-ng wpacrack-01.cap -w /usr/share/dirb/wordlists/big.txt”.

wpacrack10

Hit Enter. If our dictionary has the password, the result will be as below. If our dictionary doesn’t have the password, we have to use another dictionary.

wpacrack11

Remember that the choice of dictionary will play a key role in WPA/WPA2 password cracking. So that was wpa/wpa2 password cracking with aircrack for you. Hope this was helpful.

Hello everybody. In a previous howto, we saw WPA/WPA2 password cracking using aircrack, a tool inbuilt in Kali Linux. But that needed lot of commands to be typed. So today we are going to see how to crack WPA/WPA2 passwords using a GUI tool also inbuilt in Kali Linux, Fern Wifi cracker. Open the tool, Fern Wifi cracker.

fernwifi1

Select our wireless interface WLAN). Click on the tab “Scan for access points”. The tool will search for available access points as shown below.

fernwifi2

 

Since we want to hack a WPA enabled wifi network, click on WPA tab. It will show all the available WPA enabled networks.

fernwifi3

 

Click on the wifi network whose password we want to crack( in my case “shunya”). Browse to the dictionary file we want to choose as shown below.

fernwifi4

 

Click on “Wifi attack” tab. The tool will automatically crack the password for you as shown below.

fernwifi5

 

Hope this was helpful. See the video version of this howto.

Good evening friends. We have seen how to perform dictionary password cracking on WPA/WPA2 wifi networks using both aircrack and Fern Wifi Cracker. Today we will see WPA/WPA2 password cracking with a tool called Bully which is inbuilt in Kali Linux. We will do this by cracking WPS pin. WPS stands for Wifi Protected Setup. It is a standard for easy and secure wireless network set up and connections and the pin is encoded on the Wifi router.  As always brute forcing password attack consumes lot of time. It took me 6 hours 37 mins to crack this pin. So please have lots and lots of patience. Let’s start.

First let’s see our  wireless interfaces. Open Terminal and type  command “iwconfig.

wpacrack1

Let’s place our wireless interface in monitor mode. Monitor mode is same as promiscuous mode in wired sniffing. Type command “airmon-ng start wlan0″. We can see below that monitor mode has been enabled on “mon0″.

wpacrack2

Open a new terminal and type command “airodump-ng mon0″ and hit Enter.

wpacrack3

 

We can see all the wireless networks available as shown below.Look for a WPA/WPA2 enabled network.

wpacrack4

 

Copy the MAC address of the wifi network whose password you want to crack. For this howto I will crack the password of wifi network “shunya”. Open Terminal and type command “bully -b <MAC address> -c 13 -B mon0″ and hit Enter.

<MAC address> is the MAC address of the Wifi network.

-c is the channel our wifi network is running on,

-B = bruteforcing.

bully5

We can see that the tool bully will try different pins to crack the password. After a long time( as I already told you) the tool will give out the current pin and the password of the wifi network as shown below.

bully6

Hope this was helpful.

Securing your company’s wireless network is different and more challenging than securing the wired network. Many factors come into consideration when setting up and securing a wi fi network. Regular pen testing of your wifi network is also very importsnt. Today we are going to see how to perform a pen test on a wifi network using android phone. WiFi pentesting with android simplifies the process of pen testing. For this we are going to use the tool Wifinspect tool available on google playstore. We need a rooted phone to install this application. Once you install this app on your android phone, connect to your wifi network. I am using a  wifi network whose SSID is “shunya” for this howto.

Now click on your app.( I think “click” would be a misnomer here, so from here on I will use the word “touch”). We will get a display as below.

wifinspect1

 

We see six options. Starting with the first option, we will see each and every option.

1. Network Info

Touch on network info. We will get a lot of information about the wifi network like the encryption used, frequency and the channel it is operating on and whether our access point is hidden or not as shown below.

wifinspect2

 

2. UPnP Device Scanner

The second option as its name implies scans for universal plug and play devices in our network.

wifinspect3

 

3. Host Discovery

The third option is for host discovery. This option is used to find out about OS and other information about devices in the wifi network. There are two options for host discovery, complete and partial scan. As shown below, compete scan option will scan the entire address space of your network while the partial scan option scans only your devices IP address/24. I am selecting complete scan option. Touch on “start scan” option.

wifinspect4

 

The result will show all the devices and any information about them in the network as shown below.

wifinspect5

wifinspect6

If you want to further analyze any host, long click on it to see more sub options. For example, I am gonna further analyze the device with IP address 192.168.1.4 because it is the only one whose vendor has been shown.

wifinspect7

First we will see the host information of 192.168.1.4. Touch on that option. The analysis of host information will take some time as shown below, so don’t lose patience.

wifinspect8

After some time, the result will be shown

wifinspect9

The same result for my gateway( the wifi router) is shown below.

wifinspect10

The next option is port scan. Let’s do a port scan on the gateway(192.168.1.1) to see if any ports are open. We can see that some ports are open.

wifinspect11

When I do a host vulnerability scan on the gateway i get the below message. It seems my gateway is vulnerable. We will see more about it later.

wifinspect12

Below are  the results for traceroute and ping respectively

wifinspect13

wifinspect14

4. Sniffer

The next option is sniffing. Start sniffing by touching on it. It will give you a warning as shown below.

wifinspect15

Touch on “Start sniffing”. Sniffing will start. After it collects sufficient packets, touch on “stop sniffing”.

wifinspect16

We have many options to analyze the pcap file as shown below.

wifinspect17

Packet distribution analysis shows packets sent and received by the devices.

wifinspect18

wifinspect19

wifinspect20

The bandwidth distribution analysis will show the bandwidth consumed by each host.

wifinspect21

Communication hosts analysis show the packets and bandwidth exchanged between different hosts.

wifinspect22

5. Pcap Analyzer

Our pcap files are stored in wi-fi probe folder on our phone. We can even analyze the pcap files later using the pcap analyzer.

wifinspect23

6. PCI DSS Menu

PCI DSS stands for payment card industry data security standard. If you want to know more about PCI DSS go here. This option will check our wifi network’s compliance with PCI DSS.

wifinspect24

Touch on the first option. Start the test. A brief description about this test is shown.

wifinspect25

Touch on “start test”. This test checks if our wifi router   is using default passwords for authentication.

wifinspect26

I am not using any default password and i get the below result.

wifinspect27

wifinspect28

The “Access Point Security Tester” tests if our wifi network is using strong encryption. Touch on “start scan”.

wifinspect29

The result will be as below. It says my access point is secure as it is using WPA i guess.

wifinspect30

The “Access point Scanner” test tests the wifi network’s compliance with PCI DSS requirement 11.1 as shown below.

wifinspect31

wifinspect32

The “internal vulnerability scanner” test checks if there are any of the devices in our wifi network have any vulnerabilities. It turns out that my gateway has some vulnerabilities as shown below.

wifinspect33

There is also a “external vulnerability scanner” option available to scan for external vulnerabilities.

wifinspect34

Hope this was helpful.