Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Tuesday, June 13, 2017
Kali Linux Tutorial Hack Your Own Network and Beef Up Its Security
Kali Linux Tutorial Hack Your Own Network and Beef Up Its Security
Kali Linux is packed with a ton of software for testing security holes in your network. There are far too many to list here, but were so enamored with it that we decided to pick a few of our favorite tools and show how they work: Aircrack, Airbase, and ARPspoof. Well show you how to crack a Wi-Fi password with brute force techniques, create a fake router to trick machines into logging into it, and perform a man in the middle attack to eavesdrop on network communications. Remember: use these powers for good, not for evil. Knowing how to do these things can get you out of a jam or help you learn to secure your own network, but doing them to someone else is not something we recommend.
Read my previous article to know more about Kali Linux: An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial.
Crack a WPA Wi-Fi Password with Aircrack
Kali Linux comes with a whole suite of apps for cracking Wi-Fi networks, including Aircrack and Reaver—both of which weve mentioned before for cracking WEP and WPA passwords, respectively.
Recommend to read: How To Hack Wi-Fi WPA/WPA2 With Kali Linux
However, WEP passwords arent that popular anymore (because theyre so easy to crack), and Reaver only works if a network has WPS enabled. So today, were going take another look at Aircrack and use it to to brute force our way into a WPA network (with the help of a password list).
Step One: Configure Your Wireless Card
First things first: disconnect from all wireless networks. Then open up terminal. In order to use Aircrack, youll need a wireless card that supports injections. Type this into the Terminal to make sure your card supports it:
airmon-ngThis lists all the wireless cards that support this crack. If you card doesnt support injections, it wont show up here. Yours is likely listed under interface as wlan0, but it may depend on your machine.
Next, type in:
airmon-ng start wlan0Replace
wlan0 with your cards interface address. You should get a message back saying that monitor mode was enabled.Step Two: Monitor Your Network
Next, youre going to get a list of all the networks in your area and monitor yours.
Type in:
airodump-ng mon0Youll see all the networks in your area. Locate your network from the list, and copy the BSSID, while making a note of the channel its on. Tap Ctrl+C to stop the process.
Next, type this in, replacing the information in parentheses with the information you gathered above:
airodump-ng -c (channel) --bssid (bssid) -w /root/Desktop/ (monitor interface)It should read something like this:
airodump-ng -c 6 --bssid 04:1E:64:98:96:AB -w /root/Desktop/ mon0Now, youll be monitoring your network. You should see four files pop up on the desktop. Dont worry about those now; youll need one of them later. The next step is a bit of a waiting game, as youll be sitting around waiting for a device to connect to a network. In this case, just open up a device you own and connect to your Wi-Fi. You should see it pop up as a new station. Make a note of the station number, because youll need that in the next step.
Step Three: Capture a Handshake
Now, youre going to force a reconnect so you can capture the handshake between the computer and the router. Leave Airodump running and open up a new tab in Terminal. Then type in:
aireplay-ng -0 2 -a (router bssid) -c (client station number) mon0It should look something like:
aireplay-ng -0 2 -a 04:1E:64:98:96:AB -c 54:4E:85:46:78:EA mon0Youll now see Aireplay send packets to your computer to force a reconnect. Hop back over to the Airodump tab and youll see a new number listed after WPA Handshake. If thats there, youve successfully grabbed the handshake and you can start cracking the password.
Step Four: Crack the Password
You now have the routers password in encrypted form, but you still need to actually figure out what it is. To do this, youll use a password list to try and brute force your way into the network. You can find these lists online, but Kali Linux includes a few small lists to get you started in the /usr/share/wordlists directory, so well just use one of those. To start cracking the password type this in:
aircrack-ng -a2 -b (router bssid) -w (path to wordlist) /Root/Desktop/*.capSo, continuing with our above example and using one of the built-in wordlists, it should read something like:
aircrack-ng -a2 -b 04:1E:64:98:96:AB -w /usr/share/wordlists/fern-wifi/common.txt /Root/Desktop/*.capNow, Aircrack will try all of those passwords to see if one fits. If it does, youll get a message saying the key was found with the password. If not, give another one of the password lists a try until you find one that works. The bigger the password list, the longer this process will take, but the greater chance you have of succeeding.
How to Use This Information to Stay Safe
So, you just brute forced your way into your own network. Depending on how good your password is, it either took you five minutes or five hours. If your password is something simple, like "password123", then chances are one of the smaller wordlists was able to crack it pretty quickly. If it was more complicated, it probably took a long time or never surfaced the password at all (if so: good for you!).
The best protection here is a good, strong password on your router. The longer, weirder, and more complex it is, the better. Likewise, make sure youre using the WPA2 security protocol and you dont have WPS enabled.
Create a Fake Network with Airbase
Next up, lets take a look at how you can spoof a network address to trick people into signing into the wrong network so you can watch what theyre doing. Hackers might do this so you sign into the fake network thinking its your real one, then performing a man in the middle attack (more on that in the next section) to gather information about you from your traffic. This is amazingly easy to do with a tool in Kali Linux called Airbase.
Essentially, youll turn your Wi-Fi adapter on Kali Linux into an access point with the same name as another network. In order to do this, youll follow the same line of research as you did above, but the endings a bit different.
Step One: Configure Your Wireless Card
Just like last time, you need to set up your wireless card to monitor traffic. Open up Terminal and type:
airmon-ngThis lists all the wireless cards that support this crack. Yours is likely listed under interface as wlan0.
Next, type in:
airmon-ng start wlan0Now youre in monitor mode. Its time to find the network you want to spoof.
Step Two: Find a Wi-Fi Network to Spoof
In order to spoof a router, youll need some information about it. So, type in:
airodump-ng mon0Available link for download
Read more »
Tuesday, March 14, 2017
Kali Linux Tutorial Setting Up ProxyChains Tor For Anonymity And Security
Kali Linux Tutorial Setting Up ProxyChains Tor For Anonymity And Security
Hack anonymously is one of the important aspect of Information Security, if you want to conduct penetration testing on a remote computer then active connection is required which surely reveal your identity, sometimes you need to hide your identity while doing vulnerability assessment because of your anonymity and security. Proxy Chaining is a concept which is very helpful to hide an identity on the Internet.
The worst thing that can happen to any hacker is being detected by a security admin, the security technologies (IDS, firewall, etc.), or a forensic investigator.
Every time we send a packet to our intended target, that packet contains our IP address in the IP header. When we make a TCP connection, the target system will log our IP address as it logs all connections. If we set off any security alarms or alerts, our IP address will be logged. All of these events increase the possibility of detection.
In order to hack anonymously with the least chance of detection, we need to use an intermediary machine whose IP address will be left on the target system. This can be done by using proxies.
These systems are designed to accept our traffic and then forward it on to the intended target. Of course, the proxy will likely log our traffic, but an investigator would have to get a subpoena or search warrant to obtain the logs.
If we string multiple proxies in a chain, we make it harder and harder to detect our original IP address. If one of those proxies is outside the jurisdiction of the victim, it makes it very unlikely that any traffic can be attributed to our IP address.
In Kali Linux we have an excellent tool for proxying our traffic called proxychains. In this tutorial, I will show how to use this simple, but powerful tool.
Normal Proxy Vs Proxy Chaining
Normal Proxy Concept: Your Computer ?Proxy Server ? Target Computer
This is the concept of simple proxy, when a user uses one proxy server to hide his/her identity.
Read my previous post to know more about Proxies: Top Ten Free Proxy Websites For Anonymous Surfing
Proxy Chaining Concept: Your Computer ? Proxy Server 1 +.......+ Proxy Server N ? Target Computer
Now the usage of multiple proxies at a time is called Proxy Chaining, it is reliable in-terms to hide the identity. In simple words Proxy Chaning is the process to use multiple proxies in chain.
What is Proxy Chains?
The basic concept of proxy chaining is discussed now in this section we will discuss the practical aspect of Proxy Chaining, Proxy Chains (ProxyChains) is an open source program which allows you to make TCP and DNS connection by using proxy for example TOR.
TOR is not necessary for proxychains, you may use any SOCKS 4, SOCKS 5 and HTTPS proxy. There are so many advantages of Proxy Chains for example:
- Hide identity
- It can bypass Firewall (If you are behind a firewall or local proxy server)
- And many more
root@Kali:~# apt-get install proxychains
Lets start,
Step 1: Finding proxychains in Kali Linux
Type the following command in Kali:
root@Kali:~# locate proxychains
As we can see in the screenshot below, proxychains is in the /usr/bindirectory. Since /usr/bin is in our PATH variable, we can use it from any directory. This is just as we would want since we use proxychains with other commands, which may NOT likely be in the PATH variable.
Step 2: Proxychains Syntax
The syntax for the proxycahins command is simple and straightforward.
root@Kali:~# proxychains <the command you want proxied> <any arguments>
So, if I wanted to use proxychains to scan a site with nmap anonymously, I could type:
root@Kali:~# proxychains nmap -sS <IP address>
Step 3: Set Up the Config File
Now it is time to configure proxychains, there are two options that can be used whether use nano to edit config file on terminal and the other option is to use your favorite editor, both commands are mentioned below.
root@kali:~# nano /etc/proxychains.conf
--OR--
root@kali:~# sudo gedit /etc/proxychains.conf
When we do so, we will see a file like that displayed below. If we scroll down this file a bit, we will see a section that I have highlighted labeled "add proxy list here...".
To get proxychains to use intermediary proxies, we simply need to add the IP addresses of the proxies we want to use here. Its important to note that proxychains defaults to use Tor.
Notice the last line in the screenshot above. It directs proxychains to send the traffic first through our host at 127.0.0.1 on port 9050 (the default Tor configuration). If you are using Tor, leaves this as it is. If you are not using Tor, you will need to comment out this line.
Step 4: Lets Test It
Now that we have put a proxy between us and any traffic we send, lets test it out. In this case, I am simply going to do an nmap scan mytestsite.com anonymously by sending the scan through a proxy. The command would be as follows:
root@kali:~# proxychains nmap -sS 8.26.65.101
As you can see in the screenshot above, I have successfully scanned
mytestsite.com through my chosen proxy and returned the results back to me. In this way, it appears that my proxy scanned mytestsite.com and not my IP address.
Step 5: Add More Proxies
First, lets add some more proxies to our list.
Type the following command:
Type the following command:
root@kali:~# sudo gedit /etc/proxychains.conf
Then add more proxy IPs like Ive done below.
Step 6: Proxychaining
Now that we have multiple IPs in our proxychain.conf we can set up dynamic chaining. Dynamic chaining will enable us to run our traffic through every proxy on our list, and if one of the proxies is down or not responding, it will automatically go to the next proxy in the list without throwing an error.
To do so, lets first open the proxychains configuration file again.
To do so, lets first open the proxychains configuration file again.
root@kali:~# sudo gedit /etc/proxychains.conf
With this file open, uncomment out the "dynamic_chains" line. This will enable dynamic chaining of our proxies allowing for greater anonymity and trouble-free hacking.
Step 7: Random Chaining
Finally, we can also use "random chaining". With this option, proxychains will randomly choose IP addresses from our list and use them for creating our proxychain. This means that each time we use proxychains, the chain of proxy will look different to the target, making it harder to track our traffic from its source.
To do so, open the /etc/proxychains.conf file and comment out "dynamic chains" and uncomment "random chain". Since we can only use one of these options at a time, make certain that you comment out the other options in this section before using proxychains.
In addition; you may want to uncomment the line with "chain_len". This will determine how many of the IP addresses in your chain will be used in creating your random proxy chain.
Now that you know how to use proxychains, you can do your hacking with relative anonymity. I say relative, because there is no surefire way to remain anonymous with the NSA spying on all our activity. All we can do is make detection MUCH harder, and proxychains can help do this for us.
Recommended article: How To Setup Free VPN Service On Kali Linux For Anonymity
Available link for download
Thursday, February 23, 2017
Kaspersky Internet Security 2016 De por Vida
Kaspersky Internet Security 2016 De por Vida
BREVE DESCRIPCIÓN:
Kaspersky Internet Security - multidispositivos 2016 * Computadoras offers protection párr superior, tabletas y Teléfonos. Combina Facilidad de USO con Innovadoras Tecnologías de Seguridad para Proteger tu privacidad, dinero, identidad e hijos contra los virus y peligros Complejos Actuales de la Web.
Características
Los cibercriminales Liberan Cientos de Elementos de software malicioso Nuevos Cada Día. Por Este motivo m, Nuestra Seguridad Asistida por La Nube Aumenta tus defensas constantemente la contra software malicioso y Los peligros de Internet. También bloqueamos anuncios publicitarios y Te permitimos Filtrar los Molestos Mensajes no deseados.
· PRIVACIDAD: Resguarda tu privacidad y Te Defiende Contra el Robo de identidad:Los Ataques de suplantación de identidad (phishing) se bloquean automaticamente, y Nuestra Tecnología de Protección de Cámara Web * Evita Que los criminales utilicen Tu Propia Cámara web para espiarte. También evitamos Que se rastreen tus * Hábitos de navegación y Que se captura tu Información personal.· DINERO: Capas de Agrega ADICIONALES: de seguridad para compras y Banca en Línea:Cada Vez Que usas tu equipo o Mac Para Visitar Un sitio bancario web, de compras o de Pagos, Nuestra exclusiva tecnología f Caja de seguridad comprueba Que El Sitio Web Seguro mar, se cerciora de Que No Estés Siendo engañado por sitio UN Web falso y abre el site in ONU Modo especial y protegido.· NIÑOS: Te permite mantener un Tus Hijos Seguros de los Peligros de Internet y Más:Las galardonadas: funciones de control parental para Equipos y Mac te permiten facilmente Administrar las descargas de Aplicaciones, Evitar el Acceso a Juegos y contenido web inapropiados, Controlar los Mensajes en las redes sociales y Prevenir la Divulgación de información personal.· RENDIMIENTO: Brinda Seguridad de primera pecado afectar tu Rendimiento:En Nuestras Tecnologías: de seguridad se combinan los Conceptos de Protección y efficiency, de Manera Que Estas trabajen de forma silenciosa, sin afectar el Rendimiento de tu "vida digital".· Simplicidad: Simplifica la Administración de la Seguridad en Todos Tus Dispositivos:Una Cuenta Gratuita Mi Kaspersky te permite Administrar la Seguridad en computadoras, tabletas y Teléfonos, from any Lugar con Acceso a la Web. PUEDES Revisar el Estado de Seguridad y de licencia de Cada Dispositivo y Ajustar Configuraciones de Seguridad claves ***,: Además de acceder a este Ofertas Especiales y descargar Productos Gratuitos de Kaspersky Lab. CoN Mi Kaspersky Tienes ONU acceso acceso simplificado al Soporte Técnico.
FICHA TECNICA:
- Peso del archivo: 167 Mb- Formato final y de Compresión: Exe / RAR- Idioma: Multi- Registro de recuperacion rar: 10% (sin Errores descomprimir párrafo)
CAPTURAS
Kaspersky Internet Security - multidispositivos 2016 * Computadoras offers protection párr superior, tabletas y Teléfonos. Combina Facilidad de USO con Innovadoras Tecnologías de Seguridad para Proteger tu privacidad, dinero, identidad e hijos contra los virus y peligros Complejos Actuales de la Web.
Características
Los cibercriminales Liberan Cientos de Elementos de software malicioso Nuevos Cada Día. Por Este motivo m, Nuestra Seguridad Asistida por La Nube Aumenta tus defensas constantemente la contra software malicioso y Los peligros de Internet. También bloqueamos anuncios publicitarios y Te permitimos Filtrar los Molestos Mensajes no deseados.
· PRIVACIDAD: Resguarda tu privacidad y Te Defiende Contra el Robo de identidad:Los Ataques de suplantación de identidad (phishing) se bloquean automaticamente, y Nuestra Tecnología de Protección de Cámara Web * Evita Que los criminales utilicen Tu Propia Cámara web para espiarte. También evitamos Que se rastreen tus * Hábitos de navegación y Que se captura tu Información personal.· DINERO: Capas de Agrega ADICIONALES: de seguridad para compras y Banca en Línea:Cada Vez Que usas tu equipo o Mac Para Visitar Un sitio bancario web, de compras o de Pagos, Nuestra exclusiva tecnología f Caja de seguridad comprueba Que El Sitio Web Seguro mar, se cerciora de Que No Estés Siendo engañado por sitio UN Web falso y abre el site in ONU Modo especial y protegido.· NIÑOS: Te permite mantener un Tus Hijos Seguros de los Peligros de Internet y Más:Las galardonadas: funciones de control parental para Equipos y Mac te permiten facilmente Administrar las descargas de Aplicaciones, Evitar el Acceso a Juegos y contenido web inapropiados, Controlar los Mensajes en las redes sociales y Prevenir la Divulgación de información personal.· RENDIMIENTO: Brinda Seguridad de primera pecado afectar tu Rendimiento:En Nuestras Tecnologías: de seguridad se combinan los Conceptos de Protección y efficiency, de Manera Que Estas trabajen de forma silenciosa, sin afectar el Rendimiento de tu "vida digital".· Simplicidad: Simplifica la Administración de la Seguridad en Todos Tus Dispositivos:Una Cuenta Gratuita Mi Kaspersky te permite Administrar la Seguridad en computadoras, tabletas y Teléfonos, from any Lugar con Acceso a la Web. PUEDES Revisar el Estado de Seguridad y de licencia de Cada Dispositivo y Ajustar Configuraciones de Seguridad claves ***,: Además de acceder a este Ofertas Especiales y descargar Productos Gratuitos de Kaspersky Lab. CoN Mi Kaspersky Tienes ONU acceso acceso simplificado al Soporte Técnico.
FICHA TECNICA:
- Peso del archivo: 167 Mb- Formato final y de Compresión: Exe / RAR- Idioma: Multi- Registro de recuperacion rar: 10% (sin Errores descomprimir párrafo)
CAPTURAS
DESCARGAR
Available link for download
Subscribe to:
Posts (Atom)