RN-QQHFzQYtPGkUCfyu8eve2qf0

Monday, 7 April 2014

Hack WPA/WPA2 WPS - Reaver - Kali Linux

Posted by Unknown at 01:23 0 comments

WPA/WPA-2


When it was known that a WEP network could be hacked by any kid with a laptop and a network connection (using easy peasy tutorials like those on our blog), the security guys did succeed in making a much more robust security measure WPA/WPA2.
Now hacking WPA/WPA2 is a very tedious job in most cases. A dictionary attack may take days, and still might not succeed. Also, good dictionaries are huge. An exhaustive bruteforce including all the alphabets (uppercase lowercase) and numbers, may take years, depending on password length. Rainbow tables are known to speed things up, by completing a part of the guessing job beforehand, but the output rainbow table that needs to be downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the security folks were at peace. But it was not over yet, as the new WPA technology was not at all easy for the users to configure. With this in mind, a new security measure was introduced to compliment WPA. Wifi Protected Setup (WPS). Now basically it was meant to make WPA even tougher to crack, and much easier to configure (push a button on router and device connects). However, it had a hole, which is now well known, and tools like reaver can exploit it in a single line statement. It still might take hours, but it is much better than the previous scenario in which months of brute-forcing would yield no result.



Here's what wikipedia says about WPS-
Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases. Prior to the standard, several competing solutions were developed by different vendors to address the same need. A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2 pre-shared key. Users have been urged to turn off the WPS feature, although this may not be possible on some router models.

 Working Of WPS

Now while most of the things are the same as in WPA, there is a new concept of using pins for authentication. So basically, the client sends 8 digit pins to the access point, which verifies it and then allows the client to connect. Now a pin has 8 digits, and only contains numbers, so its a possible target for bruteforece. Under normal bruteforcing of WPA passwords, you have to consider the fact that there may be number, alphabets, and sometimes symbols (and more than 8 letters). This make the task a billion billion times tougher. However, we can try thousands of keys per second, which make it a tad bit easier. Now in WPS, there is a delay because we have to wait for APs response, and we may only try a few keys per second (practically the best I've seen on my PC is 1 key per 2 sec). Basically, 8 digits and 10 possibilities per digit (0-9) make it 10^8 (interpret ^ as raised to the power of)seconds if we assume one key per second. Now that'll be years. So, where is this taking us? The answer is, there are flaws in this technology that can be used against it. 
  • The 8th digit is a checksum of first 7 digits. 10^7 possibilities, i.e. one-tenth time. Two months, still a way to go.
  • The pin number for verification goes in two halves, so we can independently verify the first four and the last four digits. And believe me, its easy to guess 4 digits correct two times, than to guess 8 correct digits at once. Basically, the first half would take 10^4 guess and the second would take 10^3.
Now the guesses would be 10^4 + 10^3 (not 10^4 *10 ^3). Now we need 11,000 guesses.
So that'll take 3 hours approximately. And that's all the combinations, and most probably the correct pin will not be the last combination, so you can expect to reach the result earlier. However, the assumption is that bruteforcing will take place at a key per second. My personal best is a key every 2 seconds, and yours might drop to as low as a key every 10 seconds. 



How to carry out the attack

Now it might have been tough to carry out this attack at some point in history, but now, its a breeze. If you have all the prerequisites, then hacking the network would be as easy as
reaver -i <interface-name> -b <BSSID of target>
And if you are already familiar with hacking WEP, then just go to your Kali Linux terminal and type the above command (replacing what needs to be replaced). Leave your machine as is, come back 10 mins later, check the progress (must be 1% or  something), and go take a nap. However, if you're a newbie, then tag along.

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Reaver on your own. Now if you don't have Kali Linux installed, you might want to go to this page, which will get you started on hacking with Kali Linux. (Reaver has a known issue : Sometimes it doesn't work with Virtual Machines, and you might have to do a live boot using live CD or live USB of Kali Linux. See the last section of this post on = troubleshooting by scrolling down a bit)

Information Gathering

Now you need to find out the following about you target network-
  • Does it have WPS enabled. If not, then the attack will not work.
  • The BSSID of the network.
Now to check whether the network has WPS enabled or not, you can either use wash or just use the good old airodump-ng. Wash is specifically meant to check whether a network has WPS enabled or not, and thereby is much easier to use. Here are the steps-

  • Set your wireless interface in monitor mode- 
airmon-ng start wlan0

  •  Use wash (easy but sometimes unable to detect networks even when they have wps enabled). If any network shows up there, it has WPS enabled.
wash -i mon0

This will show all the networks with WPS enabled

This is an error which I haven't figured out yet. If you see it, then you'll have to do some howework, or move on to airodump method. Update :  wash -i mon0 --ignore-fcs  might solves the issue.


  • Use airodump-ng. It will show all networks around you. It tells which of them use WPA. You'll have to assume they have WPS, and then move to next steps.
airodump-ng mon0
None of them has WPS enabled, just saying.

BSSID of the network - Now irrespective of what you used, you should have a BSSID column in the result that you get. Copy the BSSID of the network you want to hack. That's all the information you need.

So by now you must have something like XX:XX:XX:XX:XX:XX, which is the BSSID of your target network. Keep this copied, as you'll need it.

Reaver

Now finally we are going to use Reaver to get the password of the WPA/WPA2 network. Reaver makes hacking very easy, and all you need to do is enter-
reaver -i mon0 -b XX:XX:XX:XX:XX:XX 
Explanation = i  - interface used. Remember creating a monitor interface mon0 using airmon-ng start wlan0. This is what we are using. -b species the BSSID of the network that we found out earlier.
This is all the information that Reaver need to get started. However, Reaver comes with many advanced options, and some are recommended by me. Most importantly, you should use the -vv option, which increases the verbosity of the tool. Basically, it writes everything thats going on to the terminal. This helps you see whats happening, track the progress, and if needed, do some troubleshooting.  So final command should be-
reaver -i mon0 -b XX:XX:XX:XX:XX:XX -vv
After some hours, you will see something like this. The pin in this case was intentionally 12345670, so it was  hacked in 3 seconds.



Here is an extra section, which might prove useful (or more like consoling, to let you know you are not the only one who is having troubles)

Known problems that are faced - Troubleshooting

  1. As in the pic above, you saw the first line read "Switching wlan0 to channel 6". (Yours will be mon0 instead of wlan0). Sometimes, it keeps switching interfaces forever.
  2. Sometimes it never gets a beacon frame, and gets stuck in the waiting for beacon frame stage.
  3. Sometimes it never associates with the target AP.
  4. Sometimes the response is too slow, or never comes, and a (0x02) or something error is displayed.
In most cases, such errors suggest-
  1. Something wrong with wireless card.
  2. AP is very choosy, won't let you associate.
  3. The AP does not use WPS.
  4. You are very far from the AP.
Possible workarounds-
  1. Sometimes, killing naughty processes helps. (see pictures below)
  2. Move closer to target AP
  3. Do a fakeauth using aireplay-ng (Check speeding up WEP hacking) and tell Reaver not to bother as we are already associated using -A (just add -A at the end of your normal reaver code)
  4. If you are using Kali Linux in Vmware, try booting into Kali using USB. I don't know why, but sometimes internal adapters work wonders, and can't be used from inside of a VM. In my case, booting up from USB and using internal adapter increased the signal strength and speeded up the bruteforce process. Update : It has nothing to do with internal adapter. I have verified my observation with various hackers, and it is now a known problem with Reaver. It does not work well inside Virtual machines. It is recommended that you do a live boot.
processes causing problems

Kill 'em all

All that I have written above (the troubleshooting section) is based on personal experience, and might not work. All the problems mentioned above, are well known on forums, and no 100% working solution could be found anywhere (I do my homework before posting). If you are aware of solution to any of these, do comment (anonymous comments are enabled)
Read full post »
Labels: , , , , , , , , , , , , ,

Thursday, 13 February 2014

Complete Detailed Guide on Installing Kali linux in Vmware

Posted by Unknown at 23:39 0 comments
This tutorial will walk you through the difficult process of installing Kali Linux in VMware Player, a free virtual machine manager that can be downloaded from www.vmware.com. This tutorial assumes that you have some basic knowledge of your computer (amount of RAM number of processors, etc.) This tutorial is also intended for beginners who haven’t worked with VMware or Kali Linux before.




Step One:

First we need to download Kali from http://kali.org/downloads/. If you have a 64-bit capable computer (like me), then you probably will want the 64-bit version of Kali for performance reasons. Expand the drop down menu’s to find the version you need. Select the 64-bit version ONLY if you have a 64-bit computer.

step 1
Step Two:
If you don’t have a torrent program, then click the link highlighted above and select “Save” when the download notification appears. Make sure you know where you saved it.
step 2
If you have a torrent program, then I highly recommend using the torrent option. Click on theTorrent link, it will open the torrent file in your browser. Just copy the URL of it and enter it in your torrent program.

step 2.1
step 2.2
Now wait for Kali to download, this might take several hours, depending on your internet speed.
Step Three:
When Kali has finished downloading, open VMware Player and click Create a new virtual machine.

step 3
Step Four: 
In the window that opens, select Installer disc image file (iso) and browse to the location of and select the Kali Linux ISO file that you just downloaded.

step 4step 4.1
Once you have selected the file, click Next.
step 4.2
Step Five:
In the next step, select a name for the virtual machine. I’m going to name it Tutorial Kali for this tutorial. You also need to select a location for it, I recommend creating a folder called “Virtual machines” in My Documents. Then click Next.
step 5
Step Six:
Next step, you need to select a maximum size for Kali. I recommend doing at least 30 GB’s as Kali tends to expand over time. After you’ve entered your desired value (no less than 20 GB) change the next option to Store virtual disk as a single file and click Next
step 6
Step Seven:
In the next window, we need to customize some hardware settings, so click on the Customize Hardware… button.
step 7
Step Eight:
You will now be presented with a Hardware window. In the left pane select Memory in the left pane of the window, and slide the slider on the right side to at least 512 MB*. This is for performance. Since I have 8 GB of RAM on my computer, I’m going to put it at 2 GB’s (2000 Mb’s).*Note, you should give a virtual machine a maximum of half the RAM installed on your computer. If your computer has 4 GB of RAM, then the max you want to slide it to is 2 GB. If your computer has 8 GB, then you can go to a max of 4 GB etc.. 
step 8

Now highlight Processors in the left pane. This option really depends on your computer, if you have multiple processors, then you can select two or more. If you have a regular computer, with two or less, then I suggest leaving this number at one.
step 8.1

Moving on, click on Network Adapter in the left pane. On the right side, move the dot to theBridged (top) option. Now click on the Configure Adapters button.
8.2
In the small window that pops up, uncheck all the boxes except for the one next to your regular network adapter and hit OK.
8.4
You can now click on Close at the bottom of the Hardware window and then click on Finishin the Wizard.
step 8.5

Step Nine
After you click Finish the window will close and the new virtual machine file will be added to the VM library. Now all we have to do is start Kali and install it! To do this, highlight the name of the newly created virtual machine by clicking on it, and click Play virtual machine in the right pane.
step 9
This will start Kali for the first time.
Step 10:
At the boot menu, use the arrow keys to scroll down to Graphical install and hit enter.
step 10
Step 11:
The next screen will ask you to select your preferred language, you can use the mouse to select this, then click Continue.
step 11
Step 12
On the next screen, select your location and hit Continue.
step 12
It’ll now ask you for your standard keymap. If you use the standard American English keyboard, then just click Continue.
step 13
Step 14:
Wait until Kali finishes detecting the hardware on your computer. During this, you might be presented with this screen:
step 14
Just hit Continue and select Do not configure the network at this time on the next screen.
step 14.5
Step 15:
You will now be asked to supply a hostname, which is kind of like a computer name. You can enter anything you want, or you can just leave it as kali. When you’re done, hit Continue.
step 15
Step 16:
Kali will now ask you to enter a password for the root (main) account. Make sure you can easily remember this password, if you forget it, you’ll have to reinstall Kali. Hit Continue after you’ve enter and re-entered the password of your choice.
step 16
Step 17:
The next step will ask you for your time zone, select it and click Continue.
step 17
Step 18:
Wait until Kali detects the disk partitions. When you are presented with the next step, selectGuided – use entire disk. (this is usually the top option) then click Continue.
step 18
The installer will now confirm that you want to use this partition. Hit Continue.
step 18.5
One more question about the partition will appear. Select the option that says All files in one partition and hit Continue.
step 18.9
Step 19:
Confirm that you want to make these changes by selecting Finish partitioning and write changes to disk. Then hit Continue.
step 19
Step 20:
The last question! Confirm that you really want to make these changes by moving the dot toYes and hitting Continue for the last time.
step 20
Kali will now start installing! Wait until it has completed, this might take upwards of 30 minutes.
Step 21:
Alright, Kali has finished installing and now you are presented with a window that asks you about a network mirror. You can just select No and hit Continue.
step 21
Step 22:
After a few minutes, the installer will ask you if you want to install GRUB boot loader. Click Yesand Continue.
step 22
Step 23:
The installation should now complete, and you’ll be shown with the following notification message:
step 23
Click Continue.
Step 24:

After it restarts, login to it with the user name root and the password that you created earlier. 
































Read full post »
Labels: , , , , , , , , , , , ,

Friday, 8 November 2013

VMWare Tools

Posted by Unknown at 08:19 0 comments
Once you are done setting Kali Linux with VMWare, there is still stuff that you might want to do.
Note: This article assumes that you have basic knowledge about linux cli and have already installed kali linux. If not, read this article about installing kali linux and getting acquainted to command line interface.

Should you decide to create your own VMware installation of Kali Linux rather than using the  pre-made VMware images available at Kali Linux official site, you will need to follow the instructions below in order to successfully install VMware Tools in your Kali installation. You can opt to install either open-vm-tools, or the native VMWare tools.

Installing open-vm-Tools

This is probably the easiest way to get “VMWare tools” functionality inside a kali VMWare guest.
apt-get install open-vm-tools

This should be sufficient, but if you are feel that this was way too easy, then you are up for an adventure. Without knowledge of cli, what follows might look like a nightmare.

Installing VMware Tools in Kali

If open-vm-tools does not work for you, or if you prefer using native VMWare tools, begin by installing some packages that are required by the VMware Tools installer:
echo cups enabled >> /usr/sbin/update-rc.d
echo vmware-tools enabled >> /usr/sbin/update-rc.d

apt-get install gcc make linux-headers-$(uname -r)
ln -s /usr/src/linux-headers-$(uname -r)/include/generated/uapi/linux/version.h /usr/src/linux-headers-$(uname -r)/include/linux/
Next, mount the Vmware tools ISO by clicking “Install VMware Tools” from the appropriate menu. Once the VMware Tools ISO has been attached to the virtual machine, we mount the drive and copy the VMware Tools installer to /tmp/.
mkdir /mnt/vmware
mount /dev/cdrom /mnt/vmware/
cp -rf /mnt/vmware/VMwareTools* /tmp/
Then, change directory to /tmp/, extract the tarball and start the installer:
cd /tmp/
tar zxpf VMwareTools-*.tar.gz
cd vmware-tools-distrib/
./vmware-tools-install.pl
Follow the prompts for the VMware Tools installation and you are done.
Lastly, to get rid of possible VMWare service errors, edit the /etc/init.d/vmware-tools script, and at around line 876, change:
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r`
to :
 # POSIX shell uses '!' for negation during bracket expansion.
   # See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
   IFS=.
   set -- `uname -r|cut -d"-" -f1`
Once changed, proceed to restart the VMWare tool service.

Slow Mouse Movement in VMware

If your mouse movement is slow and sluggish in a Kali Linux VMware guest, try installing the xserver-xorg-input-vmmouse package in the Kali guest.
apt-get install xserver-xorg-input-vmmouse
reboot

Read full post »
Labels: , , , , ,