Wednesday, 27 May 2015

How to Crack WPA/WPA2 with Wifite



Hello Guys, I’m going to explain how to perform a dictionary attack on a WPA/WPA2 protected network with Wifite. Please note that this doesn’t work with WPA Enterprise For that end, you’d have to use an Evil Twin to get the “Enterprise” auth attempt, and then crack it.


But don’t worry, Enterprise isn’t common in many corporations, and I still haven’t seen it on any home network. That being said, let’s get started.
Step 1: Get Ready Your Dictionary File


First, we’re gonna need a dictionary, to perform the dictionary attack. If the network you’re attacking has WPS enabled, you may attempt to get the password that way first.

In Kali, you have a nice wordlist that comes bundled within your installation/live usb. It’s located in/usr/share/wordlists, but it comes compressed in .gz format (at least in the live version).

To get it ready for the attack, we need to type:

gzip -d /usr/share/wordlists/rockyou.txt.gz

And within seconds it’ll be extracted and ready to use.

Backtrack has them located in /pentest/passwords/wordlists. It has one that’s called darkc0de.lst along with the rockyou.txt one.

You can use them simply copying one of this after the ‘-dict’ option.

/pentest/passwords/wordlists/rockyou.txt
/pentest/passwords/wordlists/darkc0de.lst

For any other distros, search for “download wordlist rockyou” or “download wordlist darkc0de”, or just “download wordlist” in DuckDuckGo. It gives more precise results than Google for this kind of stuff.

For the rest of this, I’ll assume that you’re using Kali.
Step 2: Launch Wifite

To launch Wifite, you must be running with root permissions.

In a live Kali boot, you are logged on by default with the root user. If you let it running for a while (while cracking with the dictionary, pressumably) and it asks for a password to return to the session, it’s ‘toor’ (root backwards).

Same for BackTrack (confirmation needed), and for other distros you can gain root access by typing “su” or “sudo su” and entering the password. The first command requires you to know root’s password, and the second your current account’s and it must have root privileges.

TL;DR? Okay, you just want the command? Here it is!

wifite -mac -aircrack -dict /usr/share/wordlists/rockyou.txt

-mac | Anonymizes your MAC Address by randomizing it (it mustn’t be set to monitor mode, or this command won’t work).

-aircrack | Tells Wifite we’ll be doing an Aircrack only attack.

-dict | Select a dictionary to use for cracking the password after capturing the handshake, otherwise you’ll get the ‘.cap’ file and Wifite will terminate.


I have it located in a different folder because I’m not running Kali, but it’s pretty much the same.
Step 3: Select Your Wireless Adapter and Your Target

If you have a laptop, you’ll probably have to choose which adapter to use, if you have an external USB adapter. Please note that you’ll need acompatible adapter that’s able to inject packets and enter into promiscuous mode (monitor mode), or this won’t work.


If prompted, we select our adapter choosing the number Wifite has assigned it. In my case, I’ll type ‘1’, because that’s mine. One good indicator for knowing which one it is, is reading that name to the left ofphy. For example, I have one that says ‘usb’ in it, and one that doesn’t. And yep, I have it plugged to USB, so that one’s it.


Now we’ll see a list of wireless networks, and if we let it run, it will eventually display ‘client’ or ‘clients’ at the top right of the network info, showing that it has a client (or more) connected to it.

To stop the scan, press Ctrl+C. I’ll choose “Casa” (spanish for House).

Step 4: Sit and Wait

If the network you’re attempting to crack has WPS enabled, it’ll start cracking it like that first. To stop it, just press Ctrl+C

Now it will attempt to capture the handshake for a few minutes.

If no clients are connected, it’ll send a general deauth to the wireless adapter, so that clients may show up.

If it detects a client connected to the network, it’ll tell you it’s MAC Address, and proceed to send targeted deauths to that client.

When it succeeds deauthenticating a client (who has re-connect enabled by default), or a new client connects to the network, hopefully it will capture the handshake, and it’ll start attempting to crack it withaircrack-ng and the dictionary file you gave it.

If the passphrase is any of the words contained in that dictionary, it’ll stop and show it on screen. Otherwise, it’ll run through the whole dictionary, and say it couldn’t find the key. But it has a nice success rate.


I used my country in lowercase letters as the passphrase (argentina), and as it’s along the first words in this dictionary, it took only one second to crack it. For you it may take over an hour or two, depending on your processing power and if the passphrase is near the beginning or the end of the list.
Wifite Succeded but Failed!


If it failed, you still get the ‘.cap’ file (hopefully not empty).

You can use that file with the same dictionary (or others) with aircrack-ng, using this command:

aircrack-ng -w <location of dictionary> <location of your .cap file>

In Kali live, ‘.cap’ files get saved into a folder named ‘hs’ of the folder you’re standing.

After Wifite has ended, type:

ls ./hs

To see you ‘.cap’ files and other files for cracking.


Some More Words



Should I write a guide on how to install this script on a non-kali machine? It’s pretty illuminating about which programs it uses for which purpose…

Anyways, reviews, suggestions, questions are all welcome Keep making this forum the great thing it is!

Crash Windows 7 Using Metasploit and Remote Desktop Connection Vulnerability



Crashing Windows 7



Now while the story so far has been smooth and cozy, it gets a bit tough from here on. For modern operating systems like Windows 7, there aren’t any magical exploits like the ones we had for unpatched Windows XP machines. We had been able to hack Windows XP and try some meterpreter features on the exploited XP machine. However, when it comes to Windows 7, there aren’t any direct exploits for gaining access to the machine. We can try some client side attacks, etc. Social engineering toolkit would be great for stuff like that. However, there is still one vulnerability that waits to be exploited. In Windows 7, there is a hole in the RDP port (3389) which can work over LAN as well as over the internet. Over the internet stuff can get a bit tougher, however on the LAN, this should be a piece of cake (if you have successfully followed out pentest tutorials so far).

Requirements
Now you will require an attacker Kali machine, and a victim Windows machine, both running on Virtual machines. Windows 7 should be a fresh install, with no updates, as they can patch the vulnerability, making it unexploitable. Now when you have got all this setup, you can move on to further steps.

Information Gathering
Now we’ll have to find out the IP of out victim. This would have been complicated in a real life scenario, but in our case, you just go to Windows 7, open command prompt, and type ipconfig. You should be looking for IPv4 address of Local Area Network.



In our case thats where the information Gathering Stops

Starting Metasploit
Now execute the following commands to start metasploit framework
service postgresql start
service metasploit start
msfconsole
So now you have msf console opened up (note my codes will still display root@kali but you don’t mind it).

Exploit
Now select the exploit that we are going to be using-
use auxiliary/dos/windows/rdp/ms12_020_maxchannelids
Now do a show options, it will tell you that it only requires two options, RHOST and RPORT. Rport is obviously 3389, the remote desktop port. The RHOST is the one you found out in the information gathering step. The use the following code to set the RHOST
set RHOST 192.168.—.—
Surprising as it may seem, we are done already. Just type
exploit
The target machine will get a Blue Screen Of Death and will reboot. You can do this as many times as you feel like, and in real life scenario, it can be really annoying, considering it can be done over the internet too.

Possible Problems



If you get an error of this sort, then most probably your Windows 7 machine has firewall enabled, and is blocking your packets. An antivirus could do the same thing. There might be some issues with the LAN connection too. A good diagnosis test would be to ping the machine. Go to a kali terminal and execute
ping 192.168.—.—
After waiting for a while, press ctrl + c which will stop the pinging. Look at the result-



If you get something like this (0 packets received), then there is absolutely no communication between the Kali and Windows machine (in effect, they are not on the same network, even though they are). That’s why the exploit doesn’t work.



Something like this means that the connection is just fine, and probably the Windows machine has become immune to the attack due to some patch. (see : https://technet.microsoft.com/en-us/library/security/ms12-020.aspx)
If its the former case, then you’ll have to find a way to get the connection working, and if its the latter, then try disabling firewall, antivirus, and maybe setting the network as home instead of public. Then go to advanced sharing settings, and choose all the options that you think will make your computer easier to hack.
If possible, see if you can uninstall installed updates. The final thing to do is to get an early unpatched release of Windows 7. In some cases installing VMware tools might help.

Enable Remote Desktop
In many Windows releases, remote desktop is turned off by default. To enable it, follow these steps-
Go to System (Control Panel\System and Security\System). Click on Remote settings. Select the “Allow Remote Connections to this computer” button. Click ok.



Select the allow option. By default don’t allow is selected in many Windows releases.

Why Programming Is The Core Skill Of The 21st Century



It’s never been easier, more accessible, or more essential to learn coding skills.



In the 20th Century, meaningful education was all about learning your ABCs. Today, it’s centered on Alphas, Betas and C++.
Programming skills are becoming ever more important, quickly turning into the core competency for all kinds of 21st Century workers. That inescapable fact is leading individuals to seek out new ways of learning to code, startups and non-profits to find ways to help them and businesses to search for innovative approaches to finding the coders they so desperately need.

When daily deal site Living Social couldn’t find the coding help it needed, for example, the company took matters into its own hands and successfully created its own qualified programmers. Through an experiment called Hungry Academy, Living Social paid 24 people to learn computer programming within five months. All two dozen passed the class and became full-time developers at Living Social following their graduation.

“We believe that intelligence and passion are far harder to hire for and much more important than a specific technical skill,” Chad Fowler, LivingSocial’s senior vice president of technology, told the Washington Post last year. “We have enough of the kind of DIY sort of mentality here and, maybe it’s a little bit of hubris, we can teach faster than the industry.”

Likely due to Living Social’s larger troubles, the company won’t be repeating the experiment. However the concept it nurtured – teaching untechnical people technical skills – is gaining in popularity in a wide variety of ways. Learn-to-code programs bent on teaching anyone, even children, programming skills are on the upswing, at non-profits, at startups and at companies that need to hire programmers.



Plenty Of Ways To Learn Programming

Mark Lassoff, founder of Learntoprogram.tv, believes it’s not the place you learn to code that counts. It’s the portfolio you can show potential employers.

“People think you have to go back to school to learn programming and other computer skills, but you don’t,” he said in a statement. “There’s also the myth that you have to be some kind of math or science genius to learn it. Not true. You just need to learn the process, and then practice it. You can build a portfolio by doing volunteer work for a church or charity.”

Ordinarily, newly minted developers would be less desirable than experienced ones for employers. But the current developer drought means there are far more jobs that require programming skills than people who have those skills. So companies are more accepting of programming newbies.

Lots Of Coding Jobs Going Begging

The number of coding jobs is only expected to increase over time. According to the U.S. Bureau of Labor Statistics, there were 913,000 computer programmer jobs in 2010. That number is expected to jump 30% from 2010 to 2020. Meanwhile, the average growth of all other U.S. jobs is predicted to be just 14%.

“There aren’t enough people to fill these jobs because technology and the job market are moving much faster than education in high schools and colleges,” Lassoff said.



How Coding Can Boost Everyone’s Career

Developer and mentor Joe O’Brien believes that computer skills are essential even if you’ve already got a non-technical job.

“We all interact with computers in such a way that they’re no longer this extra thing you do on the side,” O’Brien told ReadWrite. “Computing is a vital part of what everybody does nowadays.

“Not that we want everyone to go out and create Web programs and write the next Twitter, but I think having a base understanding of what happens behind the curtain can be huge,” he added.

O’Brien never graduated from college, but he did recently sell Edgecase, the software development company he founded and operated himself. He thinks that his programming skills made him a better CEO than he would have been without them. Today, he mentors aspiring programmers in his hometown of Columbus, Ohio.

“Even if a CEO never codes for her company, just understanding what is happening is going to be huge for her from a risk standpoint, from an understanding standpoint,” he said. “CEOs need to have a lot of knowledge of a lot of different things and programming is a large part of that.”

Teaching Programming Is Big Business


CEOs who think like O’Brien might be the reason that learn-to-code startups have been able to fundraise millions in venture capital. Investors seem to realize that companies like Treehouse and Codecademy don’t just train the next generation of developers, but that the skill they teach are essential for managers, too.

Whether to boost your career or just to keep pace with the rest of the world, learning to code has never been more important or more accessible. If you haven’t started yet, what’s stopping you?

What is Deep Web and How To Access The Dark Web



Disclaimer
This article will show you how to access the Deep Web. There is some awesome stuff on the deep web as well as some not so awesome stuff. Be careful when browsing. Unlike the internet you use everyday, this portion of the web is largely unregulated and as such is host to the full-spectrum of what humans are capable of, from the incredible to the horrible. Note that I do not endorse any of the sites here, browse at your own risk.

Deep Web
the part of the World Wide Web that is not discoverable by means of standard search engines, including password-protected or dynamic pages and encrypted networks.
“the biggest weakness of the Deep Web is also its greatest strength: it’s really hard to find anything”

The Dark Web
So you’ve heard of the dark web before but aren’t quite sure what it is, or what to make of it. You may have also heard terms thrown out there like the deep internet, dark internet, and surface internet. These all refer to different yet sometimes overlapping spaces on the internet.

Surface Internet:

The surface internet refers to the internet most people access everyday. It’s largely where sites like Google, Facebook, YouTube, and Yahoo exist.

Deep Web:

The deep internet is the portion of the internet that is typically not indexed by search engines (i.e. Google, Bing).

Dark Internet:

The dark internet refers to web addresses and network hosts that no one is able to reach.

Dark Web:

Dark Web refers to the portion of the internet that people intentionally bury and is typically only accessible through the use of a special browser.

A lot of people use these terms interchangeably but they do in fact refer to different areas of the internet.

What I’ll be showing you here is how to access the dark web through the Tor browser bundle. The dark web has been the home to sites like The Silk Road Marketplace, a site where users often trade Bitcoin for drugs. Yet the dark web also plays an important role for political dissidents and the privacy conscious. Even Facebook recently set up a way to access their site via Tor, making Facebook one of the newest additions to the dark web.

Meet Your New Browser: Tor
So how do you get to the dark web?

Well first you’re going to need to download the Tor Browser Bundle from torproject.org. The Tor Browser Bundle contains a version of Firefox along with some additional software that keeps websites from seeing your IP address and other information as you browse the web. Versions of the Tor browser have been made for just about every operating system, from Windows to Mac to Linux and Android, so you shouldn’t have any problems there. I’m not going to go into the details of how Tor works here, for that I suggest you check out this overview of Tor from TorProject.org.

Once you have Tor downloaded go ahead and start it by running the file that you downloaded. For Windows users this will be a .exe file that will install the Tor browser bundle for you. For Linux users you’ll need to run the start-tor-browser file found in the folder that you just downloaded.

After you’ve downloaded and installed Tor just start the program. Soon you’ll see Tor’s version of Firefox pop up with a window that should look like this:



You can also use the Tor browser to visit websites anonymously. One of the simplest uses of Tor is to check how web sites render or display from different areas of the world. For instance, if you go to Google.com in Tor you’ll more than likely find yourself at the home page for another country’s version of Google.

Getting To The Dark Web
Once you are up and running with Tor the next step is to visit our first .onion sites. The .onion suffix is sort of like .com or .net. Sites that use the .onion suffix are largely what make up the dark web and are only accessible through the use of the Tor browser.

The first thing I’m going to have you do is to go to this article in Tor. Just copy and past the address into the Tor Browser and you should see it render just like here. We’re doing this so that you can click directly on the .onion addresses below and not have to copy and past them every time.

Note: When you navigate to this site you will see a warning sign saying that this site is trying to extract HTML5 canvas data…. This is from the code used to generate the bitcoin QR codes on the side of the page. You probably won’t even use those codes so feel free to click not now and not allow this site access. The only functionality you’ll be missing is the QR codes on the site. Also, if you’re not comfortable with this then just copy and paste the links from here into Tor.

How To Access The Dark Web

It should look like this:



Usually when you’re looking for something online you start with a search engine, so that’s what we’re going to do next.

Tor Search
Tor Search is a crude search engine for the dark web. To use it just type in kbhpodhnfxl3clb4.onion to your address bar like you would a normal site.

Tor Search (.onion link)

http://kbhpodhnfxl3clb4.onion

You should see something like this pop up on your browser:



If you get a web page from your ISP saying that the website wasn’t found and offering suggestions, then you probably just typed or entered the address into your regular web browser. Make sure you’re using the Tor browser you downloaded and installed earlier.

To test Tor Search enter the term bitcoin and you’ll see results for bitcoin mining pools among other things.



All You’re Wiki
So Tor Search was great and all, but let’s be honest, it isn’t quite the portal to the dark web you were looking for. In that case you might like this Wiki built specifically for .onion sites. It is a bit cleaner than some of the other places you might come across down there and lists a lot of useful Tor sites.

All You’re Wiki (.onion link)

http://allyour4nert7pkh.onion/wiki/index.php?title=Main_Page



Facebook
Now let’s try a site you might be more familiar with, Facebook. Late last year Facebook announced that they would be opening a .onionportal to their site (https://www.facebookcorewwwi.onion/).

Facebook (.onion link)

https://www.facebookcorewwwi.onion/

Now, you could access Facebook through their normal Facebook.com url, but you could also try through their new .onion url. For the record I have yet to use this version of Facebook and probably won’t. Still, navigating to their .onion url should look something like this:



DuckDuckGo
Now let’s say that you don’t want to search the dark web, but you want to search the surface web from the dark web. Well you’re in luck as there is a .onion portal to search engine DuckDuckGo.

DuckDuckGo (.onion link)

http://3g2upl4pq6kufc4m.onion/



Other Methods For Getting To The Dark Web
There is a handy site that acts as a layer between the surface internet and the dark web called Tor2Web.org. If you want to access a site on the Tor network but for whatever reason don’t care to use the Tor browser then you can use this site. Just replace the .onion suffix of the tor/onion site with .tor2web.org.

Tor2Web.org

Surface Internet Communities For Those Interested In The Dark Web
At the moment there are a number of subreddits and other sites that are the place to go if you’re interested in learning about the dark web and .onion sites but don’t actually want to poke around there.

Here is a short list:

/r/deepweb – general deep web dicussion

TheHiddenWiki.org – a wiki of .onion links

/r/darknetmarkets – discussion about dark web markets

/r/AgMarketplace – discussion about the Agora marketplace

/r/darknetplan – building a decentralized internet

Conclusions
Well there you have it, you are now fully able to access the dark web and visit .onion sites like a pro! You’ll find all sorts of sites down here, from sites for political organization to digital marketplaces to bitcoin mining pools. Now you might ask, but why would I need this? Well there are a number of possible reasons. For a lot of us, myself included, I’m curious about the workings of the dark web. The idea that another internet exists that is beyond the reach of a lot of law enforcement is both incredibly intriguing and somewhat terrifying.

Maybe you’re a journalist looking to dig up some information, or a political dissident. Maybe you’re an intel analyst looking form information about a criminal or terrorist organization, maybe you just like your privacy and want a more anonymous internet where your every move isn’t being recorded and marketed to. Or maybe you’re just curious and want to see what this wild-west of the internet is doing. Either way, thanks for reading and stay safe down here!

If you have any questions or suggestions be sure to leave them in the comments and I’ll get back to you with a response.

Tuesday, 26 May 2015

10 Best Black-Hat Hackers in the World



1. Kevin Mitnick



Kevin Mitnick was once the most wanted cybercriminal in the world. He had an obsession with computers that escalated into a two and half year hacking spree where he stole millions of dollars of corporate secrets from IBM, Motorola, telecom companies and even the National Defense warning system. He was caught twice in jail twice for his crimes, but now he is a computer security consultant .

2. Vladimir Levin



Vladimir Leonidovitch Levin is a Russian Hacker of genius proportions. In 1994 while working with a dialup connection and a laptop from Saint Petersburg, Apartment he accessed the accounts of several large corporate customers of Citibank stealing USD 10.7 million. He ended up spending three years in jail. However, in 2005 an anonymous hacker group came claiming that they were the ones truly responsible for the theft and that they only sold Vladimir the data needed to steal the money.

3. Mathew Bevan and Richard Pryce



In 1996, Mathew Bevan and Richard Pierce were 21 and 17 respectively, when they broke into military computers. They didn’t only hack into US military computers, but the officials thought they might have also hacked into North Korean Systems as well. These people have the unique distinction of saying that they almost started a war.

4. Michael Calce a.k.a MafiaBoy



Michael Calce, a Canadian Hacker was responsible for a series of high profile cyber attacks in 2000. Project Rivolta a project name he called it meaning riot in Italian was a distributed denial of service attack that took down major websites Yahoo, FIFA, Amazon, eBay, CNN, and Dell among others. He was caught after bragging about the attacks in an IRC chat room for which he got eight months in jail. Why such a short sentence? Michael was only in high school at the time.

5. Adrian Lamo



Adrian Lamo is best-known for hacking into major cooperation’s like Yahoo, Bank of America, Citigroup, The New York Times and Microsoft but the way he did it made him famous. He used public internet connections like libraries and coffee shops to hack to hack into major sites. Because of that style he was named as ‘Homeless Hacker’. In 2004 after being caught he was given six months house arrest in order to pay $65,000 in restitution.

6. Jeanson James Ancheta



Jeanson James Ancheta has been first hacker ever to create a botnet a group hijacked computers that work together for a legal means. In 2004 he started to work with botnets rxbot, a computer worm that can spread his net of infected computers which gave him control to 500,000 computers including US military computers. He was forced to give up his BMW, pay more than $58,000 and serve 60 months in prison.

7. Gary Mckinnon



Gary Mckinnon a.ka Solo is a Scottish hacker who masterminded the largest military computer hack of all time. He hacked into 97 US armed forces and NASA computers between 2001 and 2002within a period of just 24 hours he deleted critical files including weapon logs. In total the damage that his hacking cost, cost the government an estimated $ 700,000.

8. Owen Walker



Owen Walker a.ka AKILL was only 17 when he let in an international hacking group that cause over 26 million dollars in damages. The school teenager was responsible for creating the Bot virus which spread into 1.3 million computers around the world crashing them. Even though he was caught despite all the damage he was released without being convicted.

9. Astra



The hacker named Astra, whose real name was never revealed was a 58 year old Geek Mathematician, who was operated between 2002 and 2008 during that five year period. He stole weapons technology data in 3D modeling software from a company called the Salt Group, which he sold up to USD 361 million to buyers all around the world. He was tracked down in an apartment in Athens, Greece.

10. Albert Gonzalez



Albert Gonzalez, over a two year period he stole a total of 175 million credit card numbers selling them online. A massive yet undisclosed amount of money was stolen from his victims through identity theft, leaving them to battle to restore the credit ratings and get their money back. He was sentenced to 40 years jail.

Breaking a WPS PIN to Get the Password with Bully

Hello strangers,welcome to my blog  lets start Like anything in life, there are multiple ways of getting a hack done. In fact, good hackers usually have many tricks up their sleeve to hack into a system. If they didn’t, they would not usually be successful. No hack works on every system and no hack works all of the time.



I have demonstrated many ways to hack Wi-Fi here on Null Byte, including cracking WEP and WPA2 passwords and creating an Evil Twin and Rogue AP.

A few years back, Alex Long demonstrated how to use Reaver to hack the WPS PIN on those systems with old firmware and WPS enabled. Recently, a new WPS-hacking tool has appeared on the market and is included in ourKali hacking distribution. It’s name, appropriately, is Bully.
Why WPS Is So Vulnerable

WPS stands for Wi-Fi Protected Setup and was designed to make setting a secure AP simpler for the average homeowner. First introduced in 2006, by 2011 it was discovered that it had a serious design flaw. The WPS PIN could be brute-forced rather simply.

With only 7 unknown digits in the PIN, there are just 9,999,999 possibilities, and most systems can attempt that many combinations in a few hours. Once the WPS PIN is discovered, the user can use that PIN to find the WPA2 preshared key (password). Since a brute-force attack against a WPA2 protected AP can take hours to days, if this feature is enabled on the AP and not upgraded, it can be a much faster route to getting the PSK.
The Keys to Success

It’s important to note, though, that new APs no longer have this vulnerability. This attack will only work on APs sold during that window of 2006 and early 2012. Since many families keep their APs for many years, there are still many of these vulnerable ones around.

If you aren’t familiar with wireless hacking, I strongly suggest that you read my introduction on the Aircrack-ng suite of tools. In addition, make certain that you have an Aircrack-ng compatible wireless card, otherwise this will simply be an exercise in frustration.
Step 1: Fire Up Kali

Let’s start by firing our favorite hacking Linux distribution, Kali. Then open a terminal that looks like this:


To make certain we have some wireless connections and their designation, we can type:
kali > iwconfig


As we can see, this system has a wireless connection designated wlan0. Yours may be different, so make certain to check.
Step 2: Put Your Wi-Fi Adapter in Monitor Mode

The next step is to put your Wi-Fi adapter in monitor mode. This is similar to promiscuous mode on a wired connection. In other words, it enables us to see all the packets passing through the air past our wireless adapter. We can use one of the tools from the Aircrack-ng suite, Airmon-ng, to accomplish this task.
kali > airmon-ng start wlan0


Next, we need to use Airdump-ng to see the info on the wireless AP around us.
kali > airdump-ng mon0


As you can see, there are several APs visible to us. I’m interested in the first one: “Mandela2.” We will need its BSSID (MAC address), its channel, and its SSID to be able to crack its WPS PIN.
Step 3: Use Airdump-Ng to Get the Necessary Info

Finally, all we need to do is to put this info into our Bully command.
kali > bully mon0 -b 00:25:9C:97:4F:48 -e Mandela2 -c 9

Let’s break down that command to see what’s happening.
mon0 is the name of the wireless adapter in monitor mode.
–b 00:25:9C:97:4F:48 is the BSSID of the vulnerable AP.
-e Mandela2 is the SSID of the AP.
-c 9 is the channel the AP is broadcasting on.

All of this information is available in the screen above with Airdump-ng.

Step 4: Start Bully

When we hit enter, Bully will start to try to crack the WPS PIN.


Now, if this AP is vulnerable to this attack, bully will spit out the WPS PIN and the AP password within 3 to 5 hours.

Hands on Python Programming (Building an FTP Password Cracker)

Welcome back,


Python is probably the most widely used scripting language for hackers. This is primarily because it has some built-in modules and libraries that make many of the tasks we need to do as hackers much simpler and faster.

In this guide, I want to fill in some more of the basic information about Python and then build a password cracker for an FTP server using some of things we have learned in these three modules.
Dictionaries

In Python, dictionaries act like associative arrays in other languages. We use these when we want to store a list of items (elements) and give them a label. This could be such things as user IDs to names or associating known vulnerabilities to a specific host.

Dictionaries hold unordered pairs, a key and a value, where the keys must be unique. Like lists that I addressed in the previous tutorial, dictionaries are iterable. This means that we can go through them with a control structure such as a for statement, assigning each element of the dictionary to a variable until we come to the end of the dictionary. Among other things, you might use this structure for building a password cracker where we iterate through each password in a dictionary until one works or come to the end. Dictionaries provide fast lookups.

To instantiate a dictionary, the syntax looks like this:

dict = {key1:value1, key2:value2, key3:value3…}
Control Statements

Like any programming or scripting language, often we need our code to make a decision. There are a number of ways in Python to control the flow of the script. For instance, we may want to set a conditional statement that if this.. then that… else do that. Let’s look at some of these structures in Python.

if:

The if structure in Python is similar to the if…then in BASH. The syntax looks like this:


The control block in Python must be indented.

if …else:

The if…else structure in Python is similar to the if…then …else in BASH scripting. The syntax looks like this:


For example, here we have code snippet that checks the value of a user ID, if it is 0, then we print a message “You are root.” Else, if it is any other value, we print the message “You are not root.”


Loops:

Loops are another useful structure in Python. The two must widely used arewhile and for.

while:

The while statement evaluates a Boolean expression (evaluates to true or false) and continues execution while the expression evaluates to true. For example, we could create a code snippet that prints each number from 1 until 10 and then exits the loop.


for:

The for loop assigns values from a list, string, or other iterable structure such as a dictionary, to loop an index variable each time through the loop. For example we can use a for loop to attempt passwords like in our script below.

Creating an FTP Password Cracker

Now that we have three lessons in Python under our belt, let’s create a simple FTP password cracker in Python. Let’s open a text editor in Kali (I’m using Leafpad) and enter the following script below.

Note that we import the socket, re, and sys modules (Lines 3-7), then create a socket that attempts to connect to specified IP address on port 21 (lines 11-15), then create a variable username which is assigned “NullByte” (Line 33), then create a list called “passwords” with potential passwords (Line 35), then create a for loop trying each password until it receives a code 230 or exhausts the password list.


Of course, you can change the values in this script to any that you want and are appropriate to your circumstances. In future tutorials, we will modify this password cracker to give it even greater usability and versatility.

Save it as “ftpcracker.py” and give yourself execute permissions, then run the script against an FTP server.

kali > chmod 755 ftpcracker.py

kali > ./ftpcracker.py


If it finds the password, it will print the message ‘Password found: <password>” (Line 43).

Keep coming back, my novice hackers, as we continue to expand our scripting skills to the level of a pro hacker!

Enable Registry Editor disabled by Administrator or Malware



Welcome back,

This problem is faced by many windows users as they cant able to access there registry editor. here is quick solution

Registry Editor is a useful utility in Windows which allows users to easily change advanced Windows settings by altering registry keys present in a hierarchical arrangement called the Windows Registry. Despite being such a powerful tool, Registry Editor is not totally error-proof.

A simple virus infection is all it takes to render it useless. Or, there are times when your administrator has actually disabled Registry Editing. When you try to open the Registry Editor in one such computer, you are likely to receive the“Registry editing has been disabled by your administrator” error. Due to this error, it is impossible to remove this restriction using the Registry Editor itself.

Windows Registry Editor


This article suggests some workarounds for re-enabling Registry editing in a computer running Windows XP, Windows Vista, Windows Server 2003/ 2008, Windows 7,, Windows 8 or Windows 8.1.
Enable Registry Editor using the Group Policy Editor
Click on Start. Go to Run. Users running Windows 8.1, Windows 8, Windows 7 or Vista, go to Search.
Type gpedit.msc and press Enter.
Navigate to User Configuration/ Administrative Templates / System.
In the work area, double click on “Prevent Access to registry editing tools”.
In the popup window, encircle Disabled and click on OK.
Normally, Registry Editor will be immediately accessible. If it is not, restart your PC.

Group Policy Editor is not available on home editions of Windows.

Getting access to Registry editing


Related: Enable Task Manager disabled by Administrator or Virus
Enabling Registry Editor using UnHookExec.inf from Symantec

Symantec has created a small .inf file which can be installed to remove restrictions on modifying registry keys at the click of a mouse. Most viruses, spywares, Trojans or worms normally affect the shell\open\command keys which allows them to run each time when a file of specific type is executed. Normally, they associate their execution with .exe files. UnHookExec.inf not only enables registry editing but also removes such associations.

Just save UnHookExec.inf and install it by right clicking and selecting install. Installing the file will not show any popup or notice box.
Enable Regedit by simply running a CMD Command
Open Notepad.
Copy the code given below and paste it.


reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System” /t Reg_dword /v DisableRegistryTools /f /d 0
Save the file as EnableRegistry.bat. Run this file as Administrator if you use Windows 8, Windows 7 or Windows Vista. In Windows XP, simply open the file. CMD will flash for a second and then disappear. This indicates successful execution.
Log Off and Log Back On.


Visual Basic Script to Enable/ Disable Registry Editor

Doug Knox has created a VBS Script which allows users to easily enable and disable the Registry Editor. Just download regedit tools.zip, extract the VBS file and double click on it. This script reverses the current state of the Registry Editor. If registry editing is set to enabled, this script will disable it and if it is disabled, it will enable it.

If the above link does not work, copy the code given below in Notepad and save the file as *.vbs orRegistry Editor.vbs.


Option Explicit
Dim WSHShell, n, MyBox, p, t, mustboot, errnum, vers
Dim enab, disab, jobfunc, itemtype
Set WSHShell = WScript.CreateObject(“WScript.Shell”)
p = “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\”
p = p & “DisableRegistryTools”
itemtype = “REG_DWORD”
mustboot = “Log off and back on, or restart your pc to” & vbCR & “effect the changes”
enab = “ENABLED”
disab = “DISABLED”
jobfunc = “Registry Editing Tools are now “
t = “Confirmation”
Err.Clear
On Error Resume Next
n = WSHShell.RegRead (p)
On Error Goto 0
errnum = Err.Number
if errnum <> 0 then
WSHShell.RegWrite p, 0, itemtype
End If
If n = 0 Then
n = 1
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & disab & vbCR & mustboot, 4096, t)
ElseIf n = 1 then
n = 0
WSHShell.RegWrite p, n, itemtype
Mybox = MsgBox(jobfunc & enab & vbCR & mustboot, 4096, t)
End If