Sunday, May 21, 2017

Cracking WPA2-PSK Passwords Using Aircrack-Ng

When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.
As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this.
The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.


In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.
Step 1

 Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

 Let's start by putting our wireless adapter in monitor mode. For info on what kind of wireless adapter you should have, check out this guide. This is similar to putting a wired adapter into promiscuous mode. It allows us to see all of the wireless traffic that passes by us in the air. Let's open a terminal and type:
  • airmon-ng start wlan0

Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.

 This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:
  • airodump-ng mon0

Focus Airodump-Ng on One AP on One Channel

Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:
  • airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0

  • 08:86:30:74:22:76 is the BSSID of the AP
  • -c 6 is the channel the AP is operating on
  • WPAcrack is the file you want to write to
  • mon0 is the monitoring wireless adapter*
As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.

Aireplay-Ng Deauth

In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let's open another terminal and type:
  • aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0

  • 100 is the number of de-authenticate frames you want to send
  • 08:86:30:74:22:76 is the BSSID of the AP
  • mon0 is the monitoring wireless adapter

Capture the Handshake

In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful.

Let's Aircrack-Ng That Password!

Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde.
We'll now attempt to crack the password by opening another terminal and typing:
  • aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de

Notice in the top line to the far right, airodump-ng says "WPA handshake." This is the way it tells us we were successful in grabbing the encrypted password! That is the first step to success!










at No comments:

Tuesday, May 9, 2017

Oh-auth

Lets Create A Facebook App



What is OAuth??

 OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.


What is this token Facebook provides? actually Facebook provides two types of tokens. Access token and refresh token. Access token can be used several times before it gets expired. Once it is expired refresh token is sent to Facebook server in order to receive another access token along with a new refresh token.User can use this access token to get information from Facebook.

 Before things getting started you need to have a developer's account in facebook.

https://developers.facebook.com/


Then you should login with your facebook credentials which will create a developers account related to your normal facebook account.

 You can give any name to your App name proceed with "Get Started".


And you should provide a valid redirect URL. 
If you have a hosted website you can provide the path for that. 

 For the moment I will set the redirection URL to my localhost. Which the server is glassfish.

Then you might need to add the domain of the Settings basic tab.

Obtain Authorization code from Facebook

 For this we have to prepare the URL. This URL contains for elements.When we put these elements together all should be encoded using a URL encoding method. Parameter name, value and encoded value is given below. 

 https://www.facebook.com/dialog/oauth?response_type=code&client_id=159330037933855&redirect_uri=http%3A%2F%2Flocalhost%2Fteam%2F&scope=public_profile%20user_posts%20user_friends%20user_photos

Enter that URL in the URL bar of your browser and hit enter. Now you will see something like this. This is called as user consent page. In there you can see "Edit this" button. If you click on that you can manage the accessing resources.

Since you are the owner of this App you don't have to worry about privacy. Click on continue.

This page will appear. 





This page appear because for real you don't have a project which supports http://localhost/team/.
But check the URL. You can see authorization code is sent to you from Facebook. (highlighted)

http://localhost/facebookapp/?code=AQBwPkipam2oyyypNH_AyGj0zx5-neWyNLcQEF4D1EvrU30aNBwuBGIvFptwSpQ3O9zAHz4sYw26gBSbTpFgjnuOwgCGY7hwhTH2qskEAxzml_liVN9XbUD6jbDW-8Vs0OQpSrzf_CjNpLZOTRjCfellS0Wu2ctYUPXKw1CHzwzBnHLGQMbhV1RqmO-gDgsz0z_9n9E0nfTbxWF5wIINGKHNYTG3r4mwgBN1EIjYdmvyepGxoWe_roMnRC0G7qllHncieEB4_DOXXWJBaCYIP6yii7DPQ1AMRJzlFZcnKYkqTWrEKP276OrakXry96YmnYQbpEBNxnXbygr3dwCvzMcr#_=_

 Obtain access token

 To obtain access token we have to have four parameters.

 1. grant_type Authorization_code

 2. client_id 159330037933855

 3. redirect_uri http://localhost/facebookapp/

 4. code AQAka5fVz7A0v78CuKDhUItSO-GnnQaGr-ZtcqlQS8CuSDNlyzYL2Qf-yGmpRCm6Kbhlh2J_-jZiYPnpNkTapKIQGl2RQxamgUa1rlARnvkd2xWWbwwcJVoYJNrvF0qqHt0M1rG0WCk2I3DPdSUqfmLndGpLoL9xspVxsF4nOYvRa1VqRE7qDpvnDC5MClTHUIg24zbhyl56DIUkOZDmgfLyoloCCDxJkAYwZvgWblmFQc3T5p4AZYpgMFOyZM4JYdyRotLNOSMrL1zFW_bjWiAJ0HtmQkN4NcVyLvafSTj3Nq0z4oHHxVPxpSEfmPhH639gT20M3M-jC_DckMmvU#_=_


In the HTTP Headers, we need to add the Authorization header with the App credentials. 

 App ID -  159330037933855
App secret - 12098ed8b69fbd3b81355997b099566c

 AppID:App_secret
159330037933855:12098ed8b69fbd3b81355997b099566c

Now we have to encode this whole value using a base64 encoder.

 MTM2MzE4MDM0NzEwODkwNzpjMTJmYjk0MGNhOGU2N2Q0M2Q
0NDdmMzY0ODYxMjE4Yg==

To get the access token we have to specify the token endpoint. In this case it is this url
https://graph.facebook.com/oauth/access_token .  
  
Install RESTClient in your browser.

 Give those values and obtain access token.


Retrieve resources using access token

Method - GET
URL - https://graph.facebook.com/v2.9/me?fields=id
Authorization: Bearer <access token value>

 This will give user's ID in JSON object format.
 Using this ID you can get any information you want.

ex- you can uploaded posts.


https://developers.facebook.com/docs/reference/php 


Okay, That's it.hope you guys got an idea about the Facebook apps and OAuth.
Now you can create your own app.


Check out my sample app : https://github.com/SilentGhostD/OAuth-with-Facebook.git





at 1 comment:
Subscribe to: Posts (Atom)

Get Unlimited Free Trials Using a "Real" Fake Credit Card Number

When I see the words "free trial," I know I'm probably going to have to whip out my credit card and enter in the number to &qu...