Sunday, December 29, 2013

The missing ingredient

It didn't work!

Followed that tutorial right from the first line to the last one. Did everything it said, but still didn't get what you were looking for? Believe me, it was supposed to be that way. Step by step code execution on the cli is not what it takes to be a hacker. Every wireless adapter, computer system, operating system, and wireless network is different. There is no fixed set of code which is bound to work with all wifi's on all machines. Hacking is like mathematics. Knowing the formula doesn't mean you can solve all the problems, and seeing the solution of one problem will definitely not help you with another one. So, when you are hacking a WEP wifi network, what are you actually doing?






What were you doing?

Firstly, you are capturing the packets that the wifi network is... like throwing away in the air. The sole purpose of those packets is to indicate its presence. Airodump just takes all the packets that come its way and collects them. These packets usually contain some useful information.Secondly, you are using a program to extract the password from the captured data packets.


How were you doing it?

Now, firstly, we do something not completely required. We turn on monitor mode. Its just like creating a virtual interface which you'll use solely for monitoring purpose. Now this task is achieved my using airmon-ng and the new interface is called mon0.
Secondly, we use airodump-ng to capture packets from mon0 and store them in a file. Finally, we use aircrack-ng to use the data in the dump file to extract the password.


What problems are you going to face?

Most of the time, I have seen beginners are unable to configure their machines properly to a state where they can execute the commands. For this, look at the other tutorials.I am assuming you have Kali completely setup and running fine and accepting your wireless cards. So the problems-
  1. Not enough data packets.
  2. Not WEP enrypted. (i.e. WPA or WPA-2)
  3. Hidden
Now the last two problems will be dealt with in the tutorials to come. The first problem is very common and there is no straightforward way to deal with it. You can only try to speed up the data capture rate. There are a lot of ways to do that. A lot depends on how far you are from the network. I am writing a complete tutorial for this. But remember, hacking requires patience. You're gonna need it when you get to higher levels where you will bruteforce networks for the passwords.
For now, here is a great tutorial on getting data packets fast.

Speeding Up WEP Hacking

Friday, November 8, 2013

Installing Kali On Hard Disk using usb

Booting and installing Kali from a USB stick is the easiest and fastest method of getting up and running. In order to do this, we first need to create the Kali ISO image on a USB drive. 

Preparing for the USB copy

  1. Download Kali linux.
  2. If running Windows, download Win32 Disk Imager.
  3. No special software is needed for a *nix OS.
  4. A USB Key (at least 2GB capacity).

Kali Linux Live USB Install Procedure

Imaging Kali on a Windows Machine

  1. Plug your USB stick into your Windows USB port and launch the Win32 Disk Imager software
  2. Choose the Kali Linux ISO file to be imaged and verify that the USB drive to be overwritten is the correct one.
  3. kali-usb-install-windows
  4. Once the imaging is complete, safely eject the USB drive from the Windows machine. You can now use the USB device to boot into Kali Linux.
If you just want to use Kali live, you can stop right here. Reboot and press F-12 or whatever shows up the multiboot menu, select the USB drive and run kali live.

Imaging Kali on a Linux Machine

Creating a bootable Kali Linux USB key in a Linux environment is easy. Once you’ve downloaded your Kali ISO file, you can use dd to copy it over to your USB stick as follows:
WARNING. Although the process of imaging Kali on a USB stick is very easy, you can just as easily destroy arbitrary partitions with dd if you do not understand what you are doing. 
In other words, you can completely mess up your hard drive to a state from which repair would required professional help. You have been warned.
  1. Plug in your USB device to your Linux computer’s USB port.
  2. Verify the device path of your USB storage with dmesg.
  3. Proceed to (carefully!) image the Kali ISO file on the USB device:
 dd if=kali.iso of=/dev/sdb bs=512k
That’s it, really! You can now boot into a Kali Live / Installer environment using the USB device.

Adding Persistence to Your Kali Live USB

Adding persistence (the ability to save files and changes across live boots) to your Kali Linux image can be very useful in certain situations. To make your Kali Linux USB stick persistent, follow these steps. In this example, we assume our USB drive is /dev/sdb. If you want to add persistence, you’ll need a larger USB device than we listed in our prerequisites above.
  1. Image the Kali Linux ISO to your USB stick as explained above, using the “Linux Method” and dd.
  2. Create and format an additional partition on the USB stick. In our example, we usegparted by invoking: 

     gparted /dev/sdb
  3. Your current partitioning scheme should look similar to this: 

    usb-persistence-basic-partitioning
  4. Proceed to format a new partition of your desired size to be used for persistence. In our example, we used all the remaining space available. Make sure the volume label of the newly created partition is persistence, and format it using the ext4 filesystem.
    usb-persistence-creating-partition
  5. Once the process is complete, mount your persistence USB partition using the following commands:

     mkdir /mnt/usb
     mount /dev/sdb2 /mnt/usb
     echo "/ union" >> /mnt/usb/persistence.conf
     umount /mnt/usb
  6. Plug the USB stick into the computer you want to boot up. Make sure your BIOS is set to boot from your USB device. When the Kali Linux boot screen is displayed, select “Live boot” from the menu (don’t press enter), and press the tab button. This will allow you to edit the boot parameters. Add the word “persistence” to the end of the boot parameter line each time you want to mount your persistent storage. 
    usb-persistence

Installing Kali - Dual Booting Kali With Windows

Kali Linux Dual Boot with Windows

Installing Kali alongside a Windows installation can be quite useful. However, you need to exercise caution during the setup process. First, make sure that you’ve backed up any important data on your Windows installation. Since you’ll be modifying your hard drive, you’ll want to store this backup on external media. Once you’ve completed the backup, we recommend you peruse Kali Linux Hard Disk Install, which explains the normal procedure for a basic Kali install.
In our example, we will be installing Kali Linux alongside an installation of Windows 7, which is currently taking up 100% of the disk space in our computer. We will start by resizing our current Windows partition to occupy less space and then proceed to install Kali Linux in the newly-created empty partition.
Download Kali Linux and either burn the ISO to DVD, or prepare a USB stick with Kali linux Liveas the installation medium. If you do not have a DVD or USB port on your computer, check out the Kali Linux Network Install. Ensure you have:
  • Minimum of 8 GB free disk space on Windows
  • CD-DVD / USB boot support

Preparing for the Installation

  1. Download Kali Linux.
  2. Burn The Kali Linux ISO to DVD or copy Kali Linux Live to USB.
  3. Ensure that your computer is set to boot from CD / USB in your BIOS.

Dual Boot Installation Procedure

  1. To start your installation, boot with your chosen installation medium. You should be greeted with the Kali Boot screen. Select Live, and you should be booted into the Kali Linux default desktop.
  2. Now launch the gparted program. We’ll use gparted to shrink the existing Windows partition to give us enough room to install Kali Linux. 

    dual-boot-kali-01
  3. Select your Windows partition. Depending on your system, it will usually be the second, larger partition. In our example, there are two partitions; the first is the System Recovery partition, and Windows is actually installed in /dev/sda2. Resize your Windows partition and leave enough space (8GB minimum) for the Kali installation. 

    dual-boot-kali-03
  4. Once you have resized your Windows partition, ensure you “Apply All Operations” on the hard disk. Exit gparted and reboot.
    dual-boot-kali-05

Kali Linux Installation Procedure

  1. The installation procedure from this point onwards is similar to a Kali Linux Hard Disk install, until the point of the partitioning, where you need to select “Guided – use the largest continuous free space” that you created earlier with gparted.

    dual-boot-kali-09
  2. Once the installation is done, reboot. You should be greeted with a GRUB boot menu, which will allow you to boot either into Kali or Windows. 
    dual-boot-kali-11

VMWare Tools

Once you are done setting Kali Linux with VMWare, there is still stuff that you might want to do.
Note: This article assumes that you have basic knowledge about linux cli and have already installed kali linux. If not, read this article about installing kali linux and getting acquainted to command line interface.

Should you decide to create your own VMware installation of Kali Linux rather than using the  pre-made VMware images available at Kali Linux official site, you will need to follow the instructions below in order to successfully install VMware Tools in your Kali installation. You can opt to install either open-vm-tools, or the native VMWare tools.

Installing open-vm-Tools

This is probably the easiest way to get “VMWare tools” functionality inside a kali VMWare guest.
apt-get install open-vm-tools

This should be sufficient, but if you are feel that this was way too easy, then you are up for an adventure. Without knowledge of cli, what follows might look like a nightmare.

Installing VMware Tools in Kali

If open-vm-tools does not work for you, or if you prefer using native VMWare tools, begin by installing some packages that are required by the VMware Tools installer:
echo cups enabled >> /usr/sbin/update-rc.d
echo vmware-tools enabled >> /usr/sbin/update-rc.d

apt-get install gcc make linux-headers-$(uname -r)
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/
Next, mount the Vmware tools ISO by clicking “Install VMware Tools” from the appropriate menu. Once the VMware Tools ISO has been attached to the virtual machine, we mount the drive and copy the VMware Tools installer to /tmp/.
mkdir /mnt/vmware
mount /dev/cdrom /mnt/vmware/
cp -rf /mnt/vmware/VMwareTools* /tmp/
Then, change directory to /tmp/, extract the tarball and start the installer:
cd /tmp/
tar zxpf VMwareTools-*.tar.gz
cd vmware-tools-distrib/
./vmware-tools-install.pl
Follow the prompts for the VMware Tools installation and you are done.
Lastly, to get rid of possible VMWare service errors, edit the /etc/init.d/vmware-tools script, and at around line 876, change:
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r`
to :
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r|cut -d"-" -f1`
Once changed, proceed to restart the VMWare tool service.

Slow Mouse Movement in VMware

If your mouse movement is slow and sluggish in a Kali Linux VMware guest, try installing the xserver-xorg-input-vmmouse package in the Kali guest.
apt-get install xserver-xorg-input-vmmouse
reboot

Monday, August 5, 2013

Wifi Hacking - WEP - Kali Linux Aircrack-ng suite

Alright, this post is written assuming you have Kali Linux up and running on your computer. If not, here is a post on hacking with kali linux. It will tell you about what Kali Linux is, and how to use it. It will guide you through installation process.
So if you are still following, then just follow these simple steps-


Firstly, create a wireless network to crack. Don't use this method on others. It is illegal. Then proceed with the steps below.

1. Find out the name of your wireless adapter.



Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know-
  • lo - loopback. Not important currently.
  • eth - ethernet
  • wlan - This is what we want. Note the suffix associated.
Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan(0/1/2) adapter.





2. Enable Monitor mode

Now, we use a tool called airmon-ng to  create a virtual interface called mon. Just type 
airmon-ng start wlan0
 Your mon0 interface will be created.



3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack.
airodump-ng mon0


4. Store the captured packets in a file 

This can be achieved by giving some more parameters with the airodump command
airodump-ng mon0 --write name_of_file

Now the captured packets will be stored in name_of_file.cap
You have to wait till you have enough data (10000 minimum)


5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)
aircrack-ng name_of_file-01.cap 
The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

Note : This will not work with WPA-2. Here is a tutorial on -
Hacking wpa/wpa-2 wps with reaver on kali linux


Troubleshooting : Check this link if you failed to hack the network. 

The missing ingredient

Here is a comparatively advanced tutorial which will require you to have gone through this tutorial as well as the missing ingredient one. After you have got the big picture, you can move on to complicated things like speeding up wifi hacking.
Speeding Up WEP Hacking



Saturday, August 3, 2013

Virtual Private Networks, Another Way To Ensure Privacy

Before we get to the interesting part, first a little bit introduction about what a VPN is -
Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the internet. Businesses use VPNs to connect remote datacenters, and individuals can use VPNs to get access to network resources when they're not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they're using an untrusted public network. When you connect to a VPN, you usually launch a VPN client on your computer (or click a link on a special website), log in with your credentials, and your computer exchanges trusted keys with a far away server. Once both computers have verified each other as authentic, all of your internet communication is encrypted and secured from eavesdropping. (lifehacker)
 So basically, what happens here is that the data you send is protected from eavesdropping. It is encrypted in  a way that can't be decrypted easily. So, other than the two methods discussed earlier, VPN is a method to stay anonymous too.

What are the advantages of using a VPN?

  1. Your data is encrypted.
  2. No-one can eavesdrop your communications.
  3. Your privacy is ensured.
  4. You can pretend to be someone you are not (You wanna use some service which is banned in your country, VPN is the answer).
  5. You can overcome browsing restrictions imposed on you.

What makes a good VPN?

  1. Price - Hell yeah, it should be priced reasonably (did I forget to mention VPNs are not free of cost)
  2. Free? Yeah, there are some free VPNs too. They serve you ads and are more or less useless. They dont do what they promise. They are good for beginners though, who want to learn, and privacy is not much of a problem.
  3. They should use SSL. If you have no idea what this means, then, simply put, its the best protocol the VPNs use, and all others come next to SSL. (other protocols have their own pros and cons)
  4. Logging- Some VPNs log your data. Not good.
  5. Exit location - There must be a lot of them. That is, you can pretend to be a lot of people. Also, if there are very less exit locations, then it will affect browsing.

How VPNs work?


If you need more info, google it. I'm not going to name specific VPN service for you, all have their pros and cons. You'll have to do your homework. However, if you need reference, then lifehacker has a good article about it.

Staying Anonymous

Alright Guys, this is the first post of this blog. But I won't waste time with formalities. But before you become a hacker, you must know how to stay anonymous online. There are various levels in which this can be done
(Note: None of these methods are completely foolproof. If you are doing something illegal, then you'll go to jail. That's it.)

Tails OS

"Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly."
This is what their official website has to say about it. Actually, it is nothing but an OS that comes with all applications customized for privacy and anonymity.
Thats what tails OS looks like.


How To Use
  1. Go to their official website and read the stuff there. 
  2. Download the latest version of the OS.
  3. Put it on a USB and boot.
  4. Explore the OS, and learn more about it from their documentation.
Once you are through with the documentation and have practiced enough with the OS, your identity is safe.


Tips
  1. You should have some experience with linux if you want to become a hacker. Ubuntu is good for beginners.
  2. Do not assume that you are completely anonymous. You are not.

TOR BROWSER BUNDLE

"The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.
The Tor Browser Bundle lets you use Tor on Windows, Mac OS X, or Linux without needing to install any software. It can run off a USB flash drive, comes with a pre-configured web browser to protect your anonymity, and is self-contained." - Official Website
If the idea of downloading a whole OS sounds boring to you, then this browser is made for you. It, however, is not as robust as tails, and its usage is limited to anonymous browsing.

    How To Use
    1. Go to their website and read the documentation.
    2. Download the latest browser bundle.
    3. Read the documentation.
    4. Install and run.
    Note:
    Browsing is annoyingly slow, since the traffic passes through three relays.

    That's all for this post. In the next post we'll talk about VPNs.