Cracking WPA2-PSK Passwords Using Aircrack-Ng

When Wi-Fi was first developed in the late 1990s, Wired Equivalent Privacy was created to give wireless communications confidentiality. WEP, as it became known, proved terribly flawed and easily cracked. You can read more about that in my beginner's guide to hacking Wi-Fi.

As a replacement, most wireless access points now use Wi-Fi Protected Access II with a pre-shared key for wireless security, known as WPA2-PSK. WPA2 uses a stronger encryption algorithm, AES, that's very difficult to crack—but not impossible. My beginner's Wi-Fi hacking guide also gives more information on this.

The weakness in the WPA2-PSK system is that the encrypted password is shared in what is known as the 4-way handshake. When a client authenticates to the access point (AP), the client and the AP go through a 4-step process to authenticate the user to the AP. If we can grab the password at that time, we can then attempt to crack it.

In this tutorial from our Wi-Fi Hacking series, we'll look at using aircrack-ng and a dictionary attack on the encrypted password after grabbing it in the 4-way handshake. If you're looking for a faster way, I suggest you also check out my article on hacking WPA2-PSK passwords using coWPAtty.
Step 1

Put Wi-Fi Adapter in Monitor Mode with Airmon-Ng

Let's start by putting our wireless adapter in monitor mode. For info on what kind of wireless adapter you should have, check out this guide. This is similar to putting a wired adapter into promiscuous mode. It allows us to see all of the wireless traffic that passes by us in the air. Let's open a terminal and type:

• airmon-ng start wlan0

Capture Traffic with Airodump-Ng

Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.

This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID). Let's do this by typing:

• airodump-ng mon0

Focus Airodump-Ng on One AP on One Channel

Our next step is to focus our efforts on one AP, on one channel, and capture critical data from it. We need the BSSID and channel to do this. Let's open another terminal and type:

• airodump-ng --bssid 08:86:30:74:22:76 -c 6 --write WPAcrack mon0

• 08:86:30:74:22:76 is the BSSID of the AP
• -c 6 is the channel the AP is operating on
• WPAcrack is the file you want to write to
• mon0 is the monitoring wireless adapter*

As you can see in the screenshot above, we're now focusing on capturing data from one AP with a ESSID of Belkin276 on channel 6. The Belkin276 is probably a default SSID, which are prime targets for wireless hacking as the users that leave the default ESSID usually don't spend much effort securing their AP.

Aireplay-Ng Deauth

In order to capture the encrypted password, we need to have the client authenticate against the AP. If they're already authenticated, we can de-authenticate them (kick them off) and their system will automatically re-authenticate, whereby we can grab their encrypted password in the process. Let's open another terminal and type:

• aireplay-ng --deauth 100 -a 08:86:30:74:22:76 mon0

• 100 is the number of de-authenticate frames you want to send
• 08:86:30:74:22:76 is the BSSID of the AP
• mon0 is the monitoring wireless adapter

Capture the Handshake

In the previous step, we bounced the user off their own AP, and now when they re-authenticate, airodump-ng will attempt to grab their password in the new 4-way handshake. Let's go back to our airodump-ng terminal and check to see whether or not we've been successful.

Let's Aircrack-Ng That Password!

Now that we have the encrypted password in our file WPAcrack, we can run that file against aircrack-ng using a password file of our choice. Remember that this type of attack is only as good as your password file. I'll be using the default password list included with aircrack-ng on BackTrack named darkcOde.

We'll now attempt to crack the password by opening another terminal and typing:

• aircrack-ng WPAcrack-01.cap -w /pentest/passwords/wordlists/darkc0de

Notice in the top line to the far right, airodump-ng says "WPA handshake." This is the way it tells us we were successful in grabbing the encrypted password! That is the first step to success!

Oh-auth

Lets Create A Facebook App

What is OAuth??

OAuth (Open Authorization) is an open standard for token-based authentication and authorization on the Internet. OAuth, which is pronounced "oh-auth," allows an end user's account information to be used by third-party services, such as Facebook, without exposing the user's password.

What is this token Facebook provides? actually Facebook provides two types of tokens. Access token and refresh token. Access token can be used several times before it gets expired. Once it is expired refresh token is sent to Facebook server in order to receive another access token along with a new refresh token.User can use this access token to get information from Facebook.

Before things getting started you need to have a developer's account in facebook.

https://developers.facebook.com/

Then you should login with your facebook credentials which will create a developers account related to your normal facebook account.

You can give any name to your App name proceed with "Get Started".

And you should provide a valid redirect URL. 
If you have a hosted website you can provide the path for that. 

For the moment I will set the redirection URL to my localhost. Which the server is glassfish.

Then you might need to add the domain of the Settings basic tab.

Obtain Authorization code from Facebook

For this we have to prepare the URL. This URL contains for elements.When we put these elements together all should be encoded using a URL encoding method. Parameter name, value and encoded value is given below. 

https://www.facebook.com/dialog/oauth?response_type=code&client_id=159330037933855&redirect_uri=http%3A%2F%2Flocalhost%2Fteam%2F&scope=public_profile%20user_posts%20user_friends%20user_photos

Enter that URL in the URL bar of your browser and hit enter. Now you will see something like this. This is called as user consent page. In there you can see "Edit this" button. If you click on that you can manage the accessing resources.

Since you are the owner of this App you don't have to worry about privacy. Click on continue.

This page will appear. 

This page appear because for real you don't have a project which supports http://localhost/team/.
But check the URL. You can see authorization code is sent to you from Facebook. (highlighted)

http://localhost/facebookapp/?code=AQBwPkipam2oyyypNH_AyGj0zx5-neWyNLcQEF4D1EvrU30aNBwuBGIvFptwSpQ3O9zAHz4sYw26gBSbTpFgjnuOwgCGY7hwhTH2qskEAxzml_liVN9XbUD6jbDW-8Vs0OQpSrzf_CjNpLZOTRjCfellS0Wu2ctYUPXKw1CHzwzBnHLGQMbhV1RqmO-gDgsz0z_9n9E0nfTbxWF5wIINGKHNYTG3r4mwgBN1EIjYdmvyepGxoWe_roMnRC0G7qllHncieEB4_DOXXWJBaCYIP6yii7DPQ1AMRJzlFZcnKYkqTWrEKP276OrakXry96YmnYQbpEBNxnXbygr3dwCvzMcr#_=_

Obtain access token

To obtain access token we have to have four parameters.

1. grant_type Authorization_code

2. client_id 159330037933855

3. redirect_uri http://localhost/facebookapp/

4. code AQAka5fVz7A0v78CuKDhUItSO-GnnQaGr-ZtcqlQS8CuSDNlyzYL2Qf-yGmpRCm6Kbhlh2J_-jZiYPnpNkTapKIQGl2RQxamgUa1rlARnvkd2xWWbwwcJVoYJNrvF0qqHt0M1rG0WCk2I3DPdSUqfmLndGpLoL9xspVxsF4nOYvRa1VqRE7qDpvnDC5MClTHUIg24zbhyl56DIUkOZDmgfLyoloCCDxJkAYwZvgWblmFQc3T5p4AZYpgMFOyZM4JYdyRotLNOSMrL1zFW_bjWiAJ0HtmQkN4NcVyLvafSTj3Nq0z4oHHxVPxpSEfmPhH639gT20M3M-jC_DckMmvU#_=_


In the HTTP Headers, we need to add the Authorization header with the App credentials. 

App ID -  159330037933855
App secret - 12098ed8b69fbd3b81355997b099566c

AppID:App_secret
159330037933855:12098ed8b69fbd3b81355997b099566c

Now we have to encode this whole value using a base64 encoder.

MTM2MzE4MDM0NzEwODkwNzpjMTJmYjk0MGNhOGU2N2Q0M2Q
0NDdmMzY0ODYxMjE4Yg==

To get the access token we have to specify the token endpoint. In this case it is this url
https://graph.facebook.com/oauth/access_token .  
  
Install RESTClient in your browser.

Give those values and obtain access token.

Retrieve resources using access token

Method - GET
URL - https://graph.facebook.com/v2.9/me?fields=id
Authorization: Bearer <access token value>

 This will give user's ID in JSON object format.
 Using this ID you can get any information you want.

ex- you can uploaded posts.


https://developers.facebook.com/docs/reference/php 

Okay, That's it.hope you guys got an idea about the Facebook apps and OAuth.

Now you can create your own app.

Check out my sample app : https://github.com/SilentGhostD/OAuth-with-Facebook.git

What is Tor? How Tor Works?

Tor or The Onion Router, allows anonymous use of internet veiling the actual identity of the user. It protects the user from any traffic analysis and network spying. Tor is perhaps the most popular and secure option available for anonymous internet connectivity.

Where it came from?

Tor is based on the principle of ‘onion routing’ which was developed by Paul Syverson, Michael G. Reed and David Goldschlag at the United States Naval Research Laboratory in the 1990’s. The alpha version of Tor named ‘The Onion Routing Project’ or simply TOR Project was developed by Roger Dingledine and Nick Mathewson, launched on September 20, 2002. Further development was carried under the financial roof of Electronic Frontier Foundation (EFF).
The Tor Project Inc. is a non-profit organisation that currently maintains Tor and is responsible for its development. It is mainly funded by the United States Government, further aid is provided by Swedish Government and different NGOs & individual sponsors.

 

How it Works?

 

Tor works on the concept of ‘onion routing’ method in which the user data is first encrypted, and then transferred through different relays present in the Tor network, thus creating a multi-layered encryption (layers like an onion), thereby keeping the identity of the user safe. At each relay, one layer is decrypted and the remaining data is forwarded to any random relay until it reaches its destination server. For the destination server, the last Tor node/exit relay appears as the origin of the data. It is thus very difficult to trace the identity of user or the server by any surveillance systems acting in the mid-way.
Other than providing anonymity to standalone users, Tor can also provide anonymity to websites and servers this comes under the category of hidden services. Also, P2P applications like Bittorrent can be configured to use tor network and download torrent files.

 

Controversies and Influence:

 

Tor has been eulogized for the anonymity and privacy it provides to the users who want to bypass censorship, who are abused and traumatized by stalkers and social activists who are afraid of being arrested by the authorities. It has been used by different security agencies to share confidential information.
The NSA whistle-blower Edward Snowden used Tor to leak information about PRISM to The Guardian and The Washington Post.
Tor has been criticized for the reason that it acts as a medium for different illegal activities like data breaching, drug dealing, gambling etc. Tor is also used by malevolent people to communicate over the internet while keeping their identity hidden which makes it difficult for the security agencies to trace them.
The U.S. National Security Agency (NSA) has called Tor “the king of high-secure, low-latency Internet anonymity” and similar comments by BusinessWeek magazine, “perhaps the most effective means of defeating the online surveillance efforts of intelligence agencies around the world”.
Another speculation made is that Tor takes its funding from the U.S. Government which may lead to the assumption that NSA may have compromised the identities of individual Tor users, but the executive director Andrew Lewman has disclaimed any confederations with NSA.
Also Read: Tor or VPN? What’s Best And Which One Should I Use?

 

Can it be Compromised?

 

Various claims have been made to compromise Tor’s anonymity and security from time to time. The most famous is the Bad Apple Attack in which the researchers claimed to have identified around 10k IP addresses of active Bittorrent users who were connected via Tor.
Another famous compromise was done by the Heartbleed bug in April 2014 which halted Tor network for several days.
Traffic Fingerprinting is a method used to analyse web traffic by analysing the patterns, responses and packets in a particular direction. This can be used to attack the Tor network by making the attacker’s computer act as the guard.
The main vulnerability found is at its exit points where the level of security is very low as compared to the rest of the Tor network.

 

Products based on Tor:

 

The Tor Project Inc. has released Tor Browser which is a modification of an Extended Support Release version of Mozilla Firefox browser. The browser is made portable so that it be used from an external media and reduces the hazel of installation. It removes the user history after every use, thus reducing the risk of any kind of cookie tracking.
Other products like Orbot – an android version of Tor, Orfox – a mobile version of Tor Browser are developed by The Guardian Project which is a global developer community founded by Nathan Freitas.
We can set-up SOCKS (Socket Secure) based applications to use the Tor network by configuring them with loop-back address.

 

Tor Alternatives:

 

Hornet is a new anonymity network that provides higher network speeds compared to Tor. I2P, Tails, SubgraphOS, Freenet and Freepto are other top alternatives that can be used.
To know more about these alternatives, please visit this link.

 

Winding Up:

 

Tor has proved to be a great medium for safe, secure and anonymous web presence that can be provided to a user at no cost. Although it is available for a positive intention, but is also used by malignant people in fulfilling their needs. The Tor project has led to an optimistic approach towards censorship and surveillance-free internet.

Create an encryption decryption Software

This Encryption is the process of translating plain text data (plain text) into something that

appears to be random and meaningless (cipher text).Decryption is the process of converting cipher text back to plain text. There are two types of encryption methods as symmetric encryption and asymmetric encryption.

Here is the encryption decryption software that i created   ----------->   http://bit.ly/2oZHj4E

In symmetric encryption, a symmetric key is used to encrypt and decrypt purposes. key is a secret like a password used to encrypt and decrypt information.

Symmetric encryption is an old encryption technique. The key which is used to encrypt and decrypt data is known as the secret key. Secret key can be either a number, a word or a string which contains random letters.It is blended with the plain text of a message to change the content in a particular way. In order to decrypt the message, receiver also should know the secret key. DES, 3DES, AES are some of the symmetric encryption algorithms. The biggest challenge in symmetric encryption is that both sender and the receiver has to securely share the secret key before sending the message.

package com.javapapers.java.security;

import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

public class EncryptionDecryptionAES {
 static Cipher cipher;

 public static void main(String[] args) throws Exception {
  KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
  keyGenerator.init(128);
  SecretKey secretKey = keyGenerator.generateKey();
  cipher = Cipher.getInstance("AES");

  String plainText = "AES Symmetric Encryption Decryption";
  System.out.println("Plain Text Before Encryption: " + plainText);

  String encryptedText = encrypt(plainText, secretKey);
  System.out.println("Encrypted Text After Encryption: " + encryptedText);

  String decryptedText = decrypt(encryptedText, secretKey);
  System.out.println("Decrypted Text After Decryption: " + decryptedText);
 }

 public static String encrypt(String plainText, SecretKey secretKey)
   throws Exception {
  byte[] plainTextByte = plainText.getBytes();
  cipher.init(Cipher.ENCRYPT_MODE, secretKey);
  byte[] encryptedByte = cipher.doFinal(plainTextByte);
  Base64.Encoder encoder = Base64.getEncoder();
  String encryptedText = encoder.encodeToString(encryptedByte);
  return encryptedText;
 }

 public static String decrypt(String encryptedText, SecretKey secretKey)
   throws Exception {
  Base64.Decoder decoder = Base64.getDecoder();
  byte[] encryptedTextByte = decoder.decode(encryptedText);
  cipher.init(Cipher.DECRYPT_MODE, secretKey);
  byte[] decryptedByte = cipher.doFinal(encryptedTextByte);
  String decryptedText = new String(decryptedByte);
  return decryptedText;
 }
}

Asymmetric encryption is also known as the public key cryptography where two keys are used as public key and private key. Public key is available to anyone. Private key is only known by yourself. outsiders don’t know the private key.A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key.

When the message is encrypted by the sender’s private key, it can only be decypted by sender’s public key. Here , as the public key is publicly available, anyone who get to know the sender’s public key can read the message, which is integrity and availability is not preserved.

when the message is encrypted using receiver’s public key, then receiver’s private key is needed to decrypt the message. As the receiver’s private key is known only by the receiver, it can only decrypted by the receiver.

In order to use asymmetric encryption, we have to find a way of discover correct public keys. For that, we can use digital certificates in a client-server model communication. A certificate is a package of information that identifies a user and a server. It contains information such as an organization’s name, the organization that issued the certificate, the user’s email address and country, and users public key.

When a server and a client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party’s public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.