Category Archives: (I) Linux Hacking

Install Kali Linux On Raspberry Pi 3 : Creation of a Hacking Machine

INSTALLATION REQUIREMENTS :

DOWNLOAD LINKS :

STEPS:

1. Download all files from the above links.
2. Insert SD CARD and open Win32DiskImager . Locate your kali linux image file and sd card. Hit        write.
3. After the writing process is done. Insert SD card in Raspberry Pi and do setup as shown
4. Open Network sharing. Do the settings as shown.
5. Open cmd and type arp -a .Note your ip address.
6. Open Putty () and do configuration as shown.
7. Commands to install GUI
     apt-get update
     apt-get install lxde
     apt-get install lightdm
8. Open Xming  and type startlxde
9. Successfully Installed

How to use urlcrazy in kali linux

Intro – URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

  1. How to open
  2. GUI Method

Application → kali Linux → information gathering → DNS analysis → UrlCrazy

                                                                  (click image for large view)

Open Terminal type urlcrazy and hit enter.

  • This command is used to scan a url after scanning we can see names of the characters on the wrong web, Spelling reversed etc kindly use this command and see yourself I cant show you whole image here.

Syntax – urlcrazy domain

Ex – urlcrazy www.google.com

  • This command is used to check domain popularity.

Syntax – urlcrazy –p domainname

EX – urlcrazy –p www.mcdonalds.com

  • This command is used to show invalid domain name

Syntax – urlcrazy –I domainname

EX – urlcrazy –I www.mcdonalds.com

  • This command is used to do not resolve the DNS

Syntax – urlcrazy –r domainname

Ex- urlcrazy –r www.mcdonalds.com

Ubertooth – Open Source Bluetooth Sniffer

Ubertooth is an open source Bluetooth sniffer and is essentially a development platform for Bluetooth experimentation. It runs best as a native Linux install and should work fine from within a VM.

 

Ubertooth - Open Source Bluetooth Sniffer

Ubertooth ships with a capable BLE (Bluetooth Smart) sniffer and can sniff some data from Basic Rate (BR) Bluetooth Classic connections.

 

Features

The Ubertooth is able to capture and demodulate signals in the 2.4GHz ISM band with a bandwidth of 1MHz using a modulation scheme of Frequency Shift Keying or related methods.

This includes, but is not limited to:

  • Bluetooth Basic Rate packets
  • Bluetooth Low Energy (Bluetooth Smart)

The following may be possible:

  • 802.11 FHSS (1MBit)
  • Some proprietary 2.4GHz wireless devices

You can download Ubertooth here:

ubertooth-2017-03-R2.zip

Hacking router with Reaver, guide to brute forcing Wifi Protected Setup

I thought I would share how easy it is to take down a router that is vulnerable against WPS attacks like my own. Reaver is an open source tool that brute forces WPS (Wifi Protected Setup). This is the pin (usually printed on the bottom of your router) that you can use to authenticate other devices to your wireless network without typing in a password. With enough time, reaver can crack this pin and reveal the WPA or WPA2 password.

Getting Started
To get started you will need to be on Linux, you will need the aircrack suite and reaver installed, and your wireless nic will need to be put into monitor mode. I’m using Ubuntu for this post from a friends computer. You’ll notice I’ve masked some personal details in the images below to hide my router details. I’ll explain as we move along.

In Ubuntu(debian) you can install aircrack and reaver just like you install everything else.

If you need to download, and need help installing Ubuntu, you can use this page for help.
http://www.ubuntu.com/download/desktop

Next you need to put your wireless card into monitor mode (mon0). I’m using an internal wireless card so my wireless interface is wlan0, however you can run ifconfig to ensure your using wlan0 or wlan1. To put your interface into monitor mode you would run the following:

Next you need to obtain the unique identifier for the router you wish to crack. Here’s a screenshot of me running airodump to grab my access points bssid. Masked for privacy reasons but you get the point.

bssid

 

If you like, you can use the tool Wash to test to see if WPS is enabled on the router in question. Notice that I used the arguement –ignore-fcs in my syntax to hide any fcs errors.You can see from the picture below that WPS is enabled on the router found.

wash

Now you can start up reaver.

startingreaver

 

 

Now reaver runs for a while, trying to bruteforce the WPS pin.

reaverinprogress

 

 

In After about 2 hours, reaver hits my pin and gives up the password for the router. In the screenshot I re-run reaver with my pin used first to save time. And that’s it. It’s that easy.

 

passwordgot

 

 

If you need any help with the commands you can ask for help, or read the man pages.

Protecting yourself
The easiest way to protect yourself is to turn WPS off, however some routers don’t have an option to turn it off, and some routers are still vulnerable even if the feature is turned off. Personally I would recommend using a third party firmware on your router like DD-WRT. DD-WRT doesnt support WPS, so no worries there.

Further reading:
If your looking to learn more about wireless hacking and reaver here are some links I would suggest.

http://www.aircrack-ng.org – aircrack suite
http://code.google.com/p/reaver-wps/
– Reaver webpage, also has a point and click commercial version.

How to Bypass a Fortinet Internet Filter

 

Bypass a Fortinet Internet Filter

Fortinet is Web filtering software that helps educational institutions, corporations and other network administrators to block a variety of websites. Usually, websites are blocked because they display inappropriate sexual content and violence or because they use too much bandwidth and slow down networks.

The Fortinet filtering software can also block websites that provide harmless and useful content. But there are various proxy websites that will help you bypass Fortinet Internet filters, giving you access to reliable websites you need to view.

 
 

BYPASS A FORTINET INTERNET FILTER USING ACCESS TO BLOCKED SITES

STEP A

Visit the Access to Blocked Sites official Web page. This website will give you access to blocked websites at no cost, bypassing security firewalls and Internet content filter software such as Fortinet.

STEP b

Type the Web address for the site that Fortinet is blocking in the text box located in the middle of the Access to Blocked Sites website.

STEP C

Click on the “Go” tab and wait for Access to Blocked Websites to direct you to the Web page that was previously being blocked by a Fortinet Internet filter.

BYPASS A FORTINET INTERNET FILTER USING FREEZE THE FIREWALL

STEP A 

Go to the official Freeze the Firewall website. This website helps users unblock school proxy sites and bypass Internet filtering software like Fortinet.

STEP B

Enter the address of the website being filtered by the Fortinet software in the text box on the top of the Freeze the Firewall screen.

STEP C

Click the “Search” tab and wait for Freeze the Firewall to bypass the Fortinet Internet filter.

BYPASS A FORTINET INTERNET FILTER USING PROXY.ORG

STEP A

Browse to the Proxy.org official website. Proxy.org offers users a free service that bypasses Internet restrictions and websites that are being blocked by Internet filters such as Fortinet.

STEP B

Type the URL for the website you want to visit in the text box located on the upper right side of the screen, below where it says “Enter a URL to visit:”

STEP C

Click on the “Go” tab located below the text box and allow time for Proxy.org to redirect you to the site that was previously being filtered by Fortinet.

 

Enable SSH on Kali Linux

Kali Linux does not come with SSH enabled. SSH is the preferred method of remote management for most Linux based systems. Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers. It connects, via a secure channel over an insecure network, a server and a client running SSH server and SSH client programs.

1) Install OpenSSH Server

The first step is to go the terminal window and install OpenSSH Server. You do this by typing the following command in the terminal window:

root@kali~:#

apt-get install openssh-server Enable SSH on Kali Linux Enable SSH on Kali Linux-1

2) Configure SSH to run on persistently. In other words survive a reboot.

a) First we need to remove run levels for SSH by issuing the command:

root@kali~:#

update-rc.d -f ssh remove b) 

Now we need load the default SSH run level by issuing the following command:
root@kali~:#

update-rc.d -f ssh defaults Enable SSH on Kali Linux Enable SSH on Kali Linux-2

3) Change the default SSH keys

We now need to change the default SSH keys. The reason for this is because every Linux and Unix system uses similar keys. An Attacker could potentially guess or crack your SSH keys and exploit your system using Man-in-the-Middle techniques.

a) Backup and move default Kali Linux Keys

root@kali:~#

cd /etc/ssh/

root@kali:/etc/ssh#

mkdir insecure_original_default_kali_keys

 
root@kali:/etc/ssh# 
root@kali:/etc/ssh#

mv ssh_host_* insecure_original_default_kali_keys/

 
root@kali:/etc/ssh#

Enable SSH on Kali Linux Enable SSH on Kali Linux-3

b) Create new keys

Type the following command in the terminal window:

dpkg-reconfigure openssh-server

root@kali:/etc/ssh#

dpkg-reconfigure openssh-server

Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
[ ok ] Restarting OpenBSD Secure Shell server: sshd.
root@kali:/etc/ssh#

Enable SSH on Kali Linux Enable SSH on Kali Linux-4

4) Root login via SSH on Kali

Kali ssh Permission denied, please try again.

By default in Kali 2.0 root login in disabled thru SSH. If you want to SSH in thru root (which has tons of security risks) you will need to do the following:

a) edit /etc/ssh/sshd_config, change:

b) change line PermitRootLogin without-password Enable SSH on Kali Linux Enable SSH on Kali Linux-5

to

PermitRootLogin yes Enable SSH on Kali Linux Enable SSH on Kali Linux-6

c) restart SSH:

sudo service ssh restart d) Make sure SSH service always restarts on reboot in Kali Linuxupdate-rc.d -f ssh enable 2 3 4 5

5) MOTD – Message of the Day banner

You can create login banner, also known as a Message of the Day (MOTD) banner on Kali Linux that is displayed when users login. 

Just edit the /etc/motd file (restart ssh after you have completed the edit).

Edit the following file and add your text.

root@kali:~#

vi /etc/motd

root@kali:~#

service ssh restart Enable SSH on Kali Linux Enable SSH on Kali Linux-7

a) MOTD – Message of the Day banner

I personally like combining some ASCII art with my message of the day. Go to http://patorjk.com/software/taag to create some of your own ASCII art

Enable SSH on Kali Linux Enable SSH on Kali Linux-8

We added the following text to our login banner:

 

________          _________ .__                         
\______ \_______  \_   ___ \|  |__ _____    ____  ______
 |    |  \_  __ \ /    \  \/|  |  \\__  \  /  _ \/  ___/
 |    `   \  | \/ \     \___|   Y  \/ __ \(  <_> )___ \ 
/_______  /__|     \______  /___|  (____  /\____/____  >
        \/                \/     \/     \/           \/

----------------------------------------------------------------- Warning: This system is restricted to private use authorized users for business purposes only. Unauthorized access or use is a violation of company policy and the law. This system may be monitored for administrative and security reasons. By proceeding, you acknowledge that (1) you have read and understand this notice and (2) you consent to the system monitoring. ----------------------------------------------------------------- 

5) Enjoy remote access via SSH to your Kali Linux


 

BREAKING SSH, VNC, AND OTHER PASSWORDS WITH KALI LINUX AND HYDRA

Hydra is a very fast and effective network login cracker. It will help you perform brute force attacks against SSH servers, VNC, and other services. When you launch Hydra it will launch the GUI in Kali, however in this tutorial we will use xHydra, which is the command line version of the tool. The command line version of the tool gives you much for flexibility in how to use the tool.

Wordlists

This attack requires a wordlist. You can locate the default wordlist. This demo works well with the rockyou word list located at /usr/share/wordlists/rockyou.txt.gz in Kali. You will need to extract it first before using it.

Scanning for SSH Servers using NMAP

The first thing we will do is scan for SSH services listening on port 22. We are going to scan for the entire 10.1.100/24 subnet, but we could also scan for single host or a range.

Here’s a simple example that will scan all computers on the subnet and report any devices listening on port 22. . All of this along with the version of SSH that the server is running is output to a text file ssh_hosts:

nmap –p 22 –open –sV 10.1.100.0/24 > ssh_hosts

We could have also scanned it this way

nmap -p22 –open -PN -sV -oG ssh_hosts 10.1.100.0/24

Or another way, this presents a list if IPs that have SSH up:

nmap -p 22 10.44.46.0/27|awk ‘/scan report for/ {print $0}’|grep -Eo ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}’

Next I am going to use Hydra. Hydra is very well-known and respected network log on cracker which can support many different services. (Similar projects and tools include medusa and John The Ripper).

Hydra is able to use external files for passwords, usernames, or username and password combinations. Hydra can be used to brute-force the following services:

As a password/ log on cracker (hacking tool) – Hydra has been tested on the following protocols:

afp cisco cisco-enable cvs
firebird ftp http-get http-head
http-proxy https-get https-head https-form-get
https-form-post icq imap imap-ntlm
ldap2 ldap3 mssql mysql
ncp nntp oracle-listener pcanywhere
pcnfs pop3 pop3-ntlm postgres
rexec rlogin rsh sapr3
sip smb smbnt smtp-auth
smtp-auth-ntlm snmp socks5 ssh2
teamspeak telnet vmauthd vnc

We are going to enter the command

hydra -l root -P /root/password.txt 192.168.0.128 ssh

The options in Hydra are very straightforward:

-l telling Hydra you will provide a static login (you can use a file for multiple usernames instead).

-P password file, or (lowercase) -p for (static) password

-t TASKS of number of connected in parallel (per host, default is 16).

ssh – you can specify the protocol being used.

How Linux can save small businesses

Many small businesses with tight budgets are facing a tough choice: Stick with obsolete systems and remain vulnerable to hackers, or spend a lot to install new gear. David Gewirtz shows how Linux can help you preserve your investment while staying safe and secure.

Earlier this week, my phone rang. I looked at the Caller ID. It was from a neighbor in the community. Since I was writing, I ignored it. Next came a text from the same guy: “Please call me.” Like I said, I was working, so I ignored it. Then came a succession of text alerts on my phone. I turned off my phone, and finished my article.

When I finally looked at my phone, there were three scrolls of alerts, all from Fred. I don’t know Fred all that well, but we often bump into each other around town and at events. He normally seems like a cheerful, calm sort of guy. Not today.

I listened to his voicemail message, where he sounded like he’d been crying. “We’re done, Dave. Don’t know what to do. [Expletive] computers.”

It was a busy week, but it sounded like he was genuinely desperate. I reluctantly decided to get involved.

I called him back. “Hey, Fred. What’s going on? You sound upset.”

“Dave, can you come over? I think we might be done for. If there’s a chance…”

Fixing computers is not my favorite thing. But I’d been inside all day and getting out would be nice. So I headed over to his office.

What I walked into seemed more like a war zone than an office. A cluster of workers were staring at a chunky old LCD monitor. They looked like they’d seen a ghost.

Here’s what I discovered. Fred’s service business has 20 PCs, all more than a decade old. He’s still running Windows XP. He’s been hit by malware before, but antivirus fixes have always bailed him out. This time, it was ransomware. This time, he wasn’t going to recover quickly, or cheaply.

 

Fred was running XP for a few reasons. His hardware was running solidly, he didn’t want to pay for a set of Windows upgrades (remember, the free Windows 10 upgrade didn’t upgrade Windows XP), and he couldn’t afford to buy new machines.

But this was a Rubicon. The ransomware he’d been hit with didn’t have a decryption tool. He did have his original XP disks, and was prepared to do a fresh install, but given the rate at which malware was blasting through the now-unsupported OS, he’d be down again in no time.

Now, he was facing a no-win situation. He didn’t have the credit, or the bank balance, to replace all of his machines. He could, theoretically, lay off a chunk of his staff, and use that money to upgrade fewer machines. But then he wouldn’t have the staff to run his business. From his perspective, he was doomed.

There are a lot of small business owners in Fred’s position. They are limping along on dangerously out of date hardware and software, because they just can’t afford to rip and replace. It’s not like the hardware isn’t working. He has a bunch of old machines that were built like tanks. Windows XP is essentially unprotected. He, and many small business owners like him, are a target-rich environment for bad guys.

 

So I told Fred about Linux. I also told him a little about Chrome OS.

Here’s the thing: it’s wildly dangerous for Fred to run XP anymore, especially since he’s got employees actively going online. But that doesn’t mean his hardware can’t be used. That old hardware will run Linux quite nicely.

MANA Toolkit – Rogue Access Point (evilAP) And MiTM Attack Tool

MANA Toolkit is a set of tools for rogue access point (evilAP) attacks and wireless MiTM.

MANA Toolkit - Rogue Access Point (evilAP) And MiTM Attack Tool

More specifically, it contains the improvements to KARMA attacks implemented into hostapd, as well as some useful configs for conducting MitM once you’ve managed to get a victim to connect.

Contents

MANA Toolkit contains:

  • kali/ubuntu-install.sh – simple installers for Kali 1.0.9 and Ubuntu 14.04 (trusty)
  • slides – an explanation of what we’re doing here
  • run-mana – the controller scripts
  • hostapd-mana – modified hostapd that implements our new mana attacks
  • crackapd – a tool for offloading the cracking of EAP creds to an external tool and re-adding them to the hostapd EAP config (auto crack ‘n add)
  • sslstrip-hsts – our modifications to LeonardoNVE’s & moxie’s cool tools
  • apache – the apache vhosts for the noupstream hacks; deploy to /etc/apache2/ and /var/www/ respectively

Installation

The simplest way to get up and running is it “apt-get install mana-toolkit” on Kali. If you want to go manual to get the latest version, check below. Make sure to edit the start script to point to the right wifi device.

 

To get up and running setup a Kali box (VM or otherwise), update it, then run kali-install.sh

To get up and running setup a Ubuntu 14.04 box (VM or otherwise), update it, then run ubuntu-install.sh

If you’re installing from git, you can use the following commands after you have grabbed the necessary dependencies:

You can download MANA Toolkit here:

Source: mana-1.3.1.zip
Binary: mana-toolkit-1.3-1debian1_amd64.deb