In this tutorial we are going to use Nmap in Kali Linux to scan for open ports scan and we will be using OS detection. Nmap stands for Network Mapper and is an open source tool for network exploration and security auditing which comes standard with Kali Linux but is also available for Windows, OSX and many other UNIX platforms. Nmap also has a graphical user interface called Zenmap. First I want to start off with a little warning: Please be careful using the more aggressive functions of Nmap against hosts you do not own or do not have permission to scan. It may be against your ISP’s terms to use some Nmap features. Open Port Scanning and OS Detection Let’s start with a ping scan on an IP range to determine live hosts using the following command: nmap -sP 192.168.0.0-100 Next we will start a SYN scan with OS detection on one of…
Author: Hacking Tutorials
In this tutorial we will show you how to hack a TP link WR841N router wireless network with the default wifi password using Kali Linux. TP Link routers use the default WPS PIN as wifi password out of the box Which consists of 8 characters. We will try the following techniques to hack a TP link WR841N router wireless network: 1. First we try to get the password using Reaver 1.5.2 with Pixiedust WPS and the Aircrack-ng suite.2. Than we try to get the WPS PIN using Reaver.3. The last method is capturing a 4-way handshake using Airodump-ng, generate a default password list with Crunch and bruteforce it with oclHashcat. 1. Pixie Dust WPS Attack with Reaver Let’s put the wifi interface in monitoring mode using:airmon-ng start wlan0 For anyone getting the following error in Kali Linux 2.0 Sana: [X] ERROR: Failed to open ‘wlan0mon’ for capturing try this as a…
Pixie Dust Attack WPS with Reaver In this tutorial we are going to do a pixie dust attack using Reaver 1.5.2, Aircrack-NG and Pixiewps. Pixie Dust attack is an offline attack which exploits a WPS vulnerability. The tool, Pixiewps, is written in C and works with a modified version of Reaver. When a wireless router is vulnerable for this attack retrieving the passphrase can be done in seconds. A link to the list of pixie dust vulnerable routers is included at the bottom of this tutorial. Pixie Dust Attack Let’s put the wifi interface in monitoring mode using: airmon-ng start wlan0 If necessary kill the processes Kali is complaining about: For anyone getting the following error in Kali Linux 2.0 Sana: [X] ERROR: Failed to open ‘wlan0mon’ for capturing Try the following as a solution: 1. Put the device in Monitor mode Airmon-ng start wlan0 2. A monitoring interface will be started on…
In this tutorials we will show you how to hack UPC wireless networks with the default password which is a common thing for many UPC customers. The first step is to create a password list which contains all possible combinations of 8 capital letters. We will be using Maskprocessor in Kali Linux to create the password list. Than we will be capturing a 4 way handshake with Airodump-ng by deauthentication of a connected client with Aireplay-ng. The last step is to brute force the password using Aicrack-ng. In part 2 of this tutorial we will be using oclHashcat with the power of GPU since CPU will take way too much time with this passwords list. How to hack UPC wireless networks in 3 steps Step 1: Creating the password list with Maskprocessor Step 2: Capturing the 4-way handshake with Airodump-ng Step 3: Brute forcing the password with Aircrack-ng Creating the password list with Maskprocessor We will…
In this tutorial we’re going to crack the WPA/WPA2 wireless network key using oclHashcat on Windows. Instead of using CPU power to brute force the password we’re going to use the GPU’s, short for Graphics Processing Unit. The benefit of using the GPU instead of the CPU for brute forcing is the huge increase in cracking speed. A GPU is designed to perform repetitive tasks very fast because it has many more cores than a CPU that can be used to process tasks in parallel. Because of the number of cores in a GPU even an older GPU can outperform a modern CPU by using heavy parallelism. The difference between older and newer graphics cards and GPU’s is even larger. The older Radeon 7670M video card in a 2012 laptop does an average of 20kh (20.000 attempts) per second where an AMD HD7970 videocard can do 142kh (142.000 attempts) per second and 8 x NVidea Titan X cards can do 2.233 kh per second. This…
In this tutorial we will be using the Crunch Password list generation tool in Kali Linux. Crunch is an easy to use tool for generating a custom made password list used for brute force password cracking. Crunch comes as a standard tool in Kali Linux. This tutorial shows you how easy it is to generate a password list containing all combinations of 4 letters, 5 letters and a password list containing 5 letters followed by a year. You can also use Crunch to generate password lists based on default router passwords as demonstrated in a few other tutorials. UPC Broadband routers use 8 capital letters as default password for Wifi and TP Link routers use the 8 digit default WPS PIN. Both can be easily generated with Crunch. Crunch password list generation Let’s use the following command to have Crunch generate a wordlist containing all combinations of 4 letters: crunch 4 4 ABCDEFGHIJKLMNOPQRSTUVWXYZ -o /root/Desktop/wordlist.txt The generated…
Kali Linux Wash is a tool to find WPS enabled routers in your area. A lot of routers support Wifi Protected Setup (WPS) and it’s likely enabled by default by your internet service provider or by the router manufacturer. Like UPnP, it is an insecure feature that makes your wireless network more vulnerable to certain attacks. Pixie dust vulnerable routers with WPS turned on for example, can be cracked in a matter of seconds. Make sure to disable it in your router settings to avoid attacks like these. In this tutorial we’re going to use Kali Linux Wash to scan for WPS enabled networks in the area. Wash can also be used to determine whether an access point is locked or not. A lot of routers tend to lock WPS when the PIN is being brute forced with a tool like Reaver, usually after 5 or 6 attempts. Unlocking WPS has to be done manually in…