Penetration Testing for Begginer using Kali Linux

Now, hackers come in all shapes, sizes and colors. Hacking is a very wide term. And by the first sentence, I'm not referring to the physical characters of the hackers, I'm talking about the field of specialization. Believe me, there is a lot of work to do on the Wireless domain that we had been working on so far (we have only touched wireless networks for the time being - you are a beginner), but wireless hacking is but a small island in the vast sea of hacking. A relatively large landmass is unarguably Penetration Testing, and a large name in this context is Metasploit. So here's a guide which will give you a good idea about what Penetration testing is, and if you're feeling to lazy, I've got it summarized here.

What is a penetration test?

What is penetration testing? Penetration testing, often called “pentesting”,“pen testing”, or “security testing”, is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. The person carrying out a penetration test is called a penetration tester or pentester.

How legal is it?

Let’s make one thing crystal clear: Penetration testing requires that you get permission from the person who owns the system. Otherwise, you would be hacking the system, which is illegal in most countries – and trust me, you don’t look good in an orange jump suit (or maybe you do, still I don't recommend going to jail for it, buy one if you need it).

In other words: The difference between penetration testing and hacking is whether you have the system owner’s permission. If you want to do a penetration test on someone else's system, it is highly recommended that you get written permission. Much better, get your virtual machine up and running, with your already acquired VMWare skills, and practice on your own system.

What is a vulnerability?

A vulnerability is a security hole in a piece of software, hardware or operating system that provides a potential angle to attack the system. A vulnerability can be as simple as weak passwords or as complex as buffer overflows or SQL injection vulnerabilities. (SQL injection is another topic I'd like to touch. Later maybe. I'm taking up too many tasks at hand at once.)

What is security research?

Vulnerabilities are typically found by security researchers, which is a geeky term for smart people (how much we hackers love to call our self smart, especially the beginners who get too cocky) who like to find flaws in systems and break them. 

What is an exploit?

To take advantage of a vulnerability, you often need an exploit, a small and highly specialized computer program whose only reason of being is to take advantage of a specific vulnerability and to provide access to a computer system. Exploits often deliver a payload to the target system to grant the attacker access to the system.

The Metasploit Project host the world’s largest public database of quality-assured exploits. Have a look at their exploit database – it’s right here on the site mentioned in the beginning of the article.

What is a payload?

A payload is the piece of software that lets you control a computer system after it’s been exploited. The payload is typically attached to and delivered by the exploit. Just imagine an exploit that carries the payload in its backpack when it breaks into the system and then leaves the backpack there. Yes, it’s a corny description, but you get the picture.

Metasploit’s most popular payload is called Meterpreter, which enables you to do all sorts of funky stuff on the target system. For example, you can upload and download files from the system, take screenshots, and collect password hashes. You can even take over the screen, mouse, and keyboard to fully control the computer. If you’re feeling particularly bad-ass, you can even turn on a laptop’s webcam and be a fly on the wall.

I would say that a payload is what exploits the 'exploit' and gives you some control over the exploited victim. Meterpreter is THE exploit, cause it doesn't give you 'some' control, it gives you ALL of it (that's some way to put it, yes,but not completely true. It still is the best payload. Beginners/noobs really enjoy the GUI feature available in this payload)

CC : http://www.kalitutorials.net/2014/02/penetration-testing-for-beginners.html

Breaking WPA2-PSK With Kali Linux

WPA2-PSK may not be as safe as you think. There are a few attacks against WAP2-PSK. One of the most common attacks is against WPA2 is exploiting a weak passphrase.

Below you will find a few easy steps on how to break WPA2 with a weak passphrase.

Breaking the Wireless Lab Home Network:

I set up a test network for this blog article. The client box is logging into my Wireless Lab test network. This is the network we will break.

Step 1:

The first step is to verify the router configuration. Normally in a real penetration test we would not have this option, but since this is a home lab I have a little more flexibility.

In this case the lab access point is securing the wireless network Wireless Lab with WPA2-PSK. It using the passphrase Cisco123. You can use any wireless router to setup your wireless lab.

 Step 2:

We will be using Kali Linux to complete this task. Kali will need a wireless card configured before it can be used by the operating system. I am using the Alfa AWUS051NH adapter. Almost any Alfa wireless adapter will work. I am a big fan of the AWUS051NH adapter because it a duel band adapter. However, this card is very difficult to obtain since it is no longer sold.

The iwconfig command will show any wireless cards in the system. I am using a RealTek wireless card. Linux ships with the RealTek drivers, making it a Linux plug and play wireless card.

The operating system recognizes a  wireless interface named wlan0.

Step 3:

My next step will be to enable the wireless interface. This is accomplished issuing the ifconfig wlan0 up command.

Step 4:

I need to understand what wireless networks my wireless card sees. I issue the iwlist wlan0 scanning command.

This command forces the wireless card to scan and report on all wireless networks in the vicinity.

You can see from this example it found my target network: Wireless Lab. It also found the MAC address of my access point: 0E:18:1A:36:D6:22. This is important to note because I want to limit my attack to this specific access point (to ensure we are not attacking or breaking anyone else’s password).

Secondly, we see the AP is transmitting on channel 36.This is important because it allows us to be specific on what wireless channel we will want our wireless card to monitor and capture traffic from.

Step 5:

The next step is to change the wireless card to monitoring mode. This will allow the wireless card to examine all the packets in the air.

We do this by creating a monitor interface using airmon-ng. Issue the airmon-ng command to verify airmon-ng sees your wireless card. From that point create the monitor interface by issuing the command: airmon-ng start wlan0

Next, run the ifconfig command to verify the monitor interface is created. We can see mon0 is created.

Now verify the interface mon0 has been created.

Step 6:

Use airodump-ng to capture the WPA2 handshake. The attacker will have to catch someone in the act of authenticating to get a valid capture. Airodump-ng will display a valid handshake when it captures it. It will display the handshake confirmation in the upper right hand corner of the screen.

Note: We will manually connect to the wireless network to force a handshake. In a future post I will show you how to force a reauthorization to make a device automatically disconnect and reconnect without any manual intervention.

We used the following command: airodump-ng mon0 – -bssid 20:aa:4b:1f:b0:10 (to capture packets from our AP) – –channel 6 (to limit channel hopping) – –write BreakingWPA2 (the name of the file we will save to)

airodump-ng mon0 – -bssid 0E:18:1A:36:D6:22 – –channel 36 – –write BreakingWPA2

(make sure there is no space between “- -“)

To capture the handshake you are dependent on monitoring a legitimate client authenticate to the network. However, it does not mean you have to wait for a client to legitimately authenticate. You can force a client to re-authenticate (which will happen automatically with most clients when you force a deauthorization).

When you see the WPA Handshake Command you know you have captured an valid handshake

example:

Step 7:

We will use aircrack-ng with the dictionary file to crack the password. Your chances of breaking the password are dependent on the password file.

The command on  is: aircrack-ng “name of cap file you created” -w “name of your dictionary file”

The BreakingWPA2-01.cap file was created when we ran the airodump-ng command. The valid WPA2 handshake airodump captured is stored in the BreakingWPA2-01.cap file.

Backtrack 5 ships with a basic dictionary. The dictionary file darkc0de.lst is a popular worldlist that ships with BackTrack5. We added our password Cisco123 in this file to make the test run a little smoother

Many attackers use large dictionaries that increase their chances of cracking a passwords. Many dictionaries contain passwords from real users and websites that have been cracked and posted on the Internet. Some sophisticated dictionaries combine multiple languages, permutations of each word, and key words and phrases from social media sites such as Twitter and Facebook.

Kali does not come with the darkc0de.lst but you can download it from here

NOTE: Kali does have built-in worldlists in: /usr/share/worldlist 

In this blog we created a file named “sample.lst” and added the word Cisco123 in it.

Success:

If the password is found in the dictionary file then Aircrack-ng will crack it.

CC : http://www.drchaos.com/breaking-wpa2-psk-with-kali-linux/

Tutorial DNS Server, FTP Server, Mail Server, Web Mail, Web Server HTTP pada Linux Debian 7

Tutorial DNS Server, FTP Server, Mail Server, Web Mail, Web Server HTTP pada Linux Debian 7
Download PDF disini

Cara Sniffing Username & Password dengan WireShark

oke , kembali lagi ke pembahasan tentang wireshark. Kali ini saya akan mengupas tentang penggunaan wireshark untuk sniffing atau penyadapan. Untuk yang belum baca posting saya kemarin tentang sniffing, saya akan menerangkan dengan singkat apa itu proses sniffing. Sniffing merupakan kegiatan menyadap dan menginspeksi paket data menggunakan software sniffing atau hardware sniffing di internet. Untuk wireshark sendiri dapat membaca data secara langsung dari Ethernet, FDDI, token ring, serial (PPP dan SLIP), 802.11 Wireless LAN, dan koneksi ATM. Nah, sekarang kita akan mencoba melakukan sniffing dengan menggunakan wireshark. Dalam percobaan kali ini menggunakan 2 laptop/desktop/gadget yang sama-sama terhubung dalam 1 access point. So, sebelumnya jangan lupa dihubungkan dengan access point dulu yah.

Pada Laptop Alpha :
Pertama, masuk ke wireshark, kemudian pilih interface list.

Kemudian jendela berikutnya memilih capture interfaces. Klik interface yg aktif mengirimkan data, dan klik start.

Kemudian muncul paket-paket data yang berseliweran pada access point tersebut :)

Oke setelah itu, pada laptop beta dicoba untuk masuk ke dalam situs lokal yang menggunakan username dan password. Misalnya kaskus, elearning mahasiswa, super scanner, dll. Misal kita mencoba dengan web super scanner.

Setelah masuk, kita perhatikan lagi pada laptop alpha, kemudian tulis filter pada kolom filter.

Kemudian, wireshark mencari http alamat yang kita masukkan tadi.

Pada kolom yang diblok tadi, kemudian kita klik kanan dan pilih follow TCP stream.

Voila ! Muncul username dan password dari situs yang dikunjungi oleh laptop beta tadi. 
It's so easy, right? :)

Sekian dulu sharing ilmu kita kali ini. Semoga bermanfaat yah ..

Monitoring Jaringan Menggunakan WireShark

saya akan membahas tentang cara-cara menggunaan wireshark.
jika file aplikasi WireShark sudah di download, sekarang kita akan memulai proses instalasi terlebih dahulu.

1. Masuk ke setup WireShark, kemudian klik next.

2. Masuk ke Licence agreement, lalu klik I Agree.

3. Setelah itu, masuk ke Choose Component. Centang semua menu lalu klik next.

4. Kemudian masuk ke jendela Select Additional Task, langsung klik next. Jika ingin menu WireShark berada di desktop, centang Desktop Icon kemudian klik next.

5. Setelah itu memilih lokasi penginstalan terlebih dahulu, jika sudah klik next.

6. Selanjutnya, akan muncul aplikasi penginstalan WinPcap secara otomatis. WinPcap ini merupakan tool standar yang digunakan untuk mengakses link layer network pada lingkungan kerja windows. Win Pcap mengizinkan aplikasi untuk mengambil dan mentransmisikan paket-paket jaringan. Pertama, setelah muncul aplikasi WinPcap akan ada jendela notifikasi apakan akan menginstall WinPcap atau tidak. Dalam praktek kali ini pilih install untuk menginstall WinPcap.

7. Setelah itu, tunggu beberapa saat karena terjadi proses installing pada WireShark. 

8. Setelah menunggu beberapa saat, proses instalasi pending dan terdapat menu instalasi WinPcap. Klik next untuk melanjutkan.

9. Masuk ke jendela setup WinPcap, kemudian klik next.

10. Masuk ke jendela Licence Agreement, kemudian klik I Agree.

11. Kemudian masuk ke jendela installation options dan klik install.

12. Tunggu sebentar karena terjadi proses installing

13. Instalasi WinPcap telah selesai. Klik finish.

14. Terjadi penerusan pada instalasi WireShark yang tadi tertunda untuk proses penginstalan WinPcap untuk melengkapi proses instalasi WireShark. Setelah instalasi komplit, kemudian klik next.

15. Proses instalasi telah selesai. Klik finish dan software siap untuk digunakan.

Untuk  tutorial penggunaannya, pertama-tama bukalah software WireShark seperti berikut.

Klik interface list, akan tampil menu seperti berikut.

Centang description microsoft dan klik start untuk memulai monitoring. Setelah itu, muncul jendela yang berisi paket-paket yang kita tangkap dan siap untuk melakukan proses monitoring seperti berikut.

Selamat mencoba :)

Monitoring Jaringan Komputer Menggunakan Network View

NetworkView menyediakan fasilitas untuk melihat user atau host yang terkoneksi dalam suatu jaringan yang tampilannya berupa gambar host atau user beserta jaringannya. Untuk mendownload software ini, bisa di download di link berikut : http://majorgeeks.com/NetworkView_d1447.html

Adapun tutorial instalasi NetworkView adalah sebagai berikut.

1. Setelah mendownload software, masuk ke aplication untuk memulai instalasi.

2. Pada jendela Licence Agreement pilih I accept the agreement untuk dapat meneruskan proses instalasi lalu klik next.

3. Berikutnya langsung klik next.

4. Kemudian pilih lokasi file, jika sudah klik next.

5. Berikutnya memilih folder menu start, jika sudah kemudian klik next.

6. Software telah siap untuk proses penginstalan. Langsung klik install untuk memulai proses penginstalan.

7. Berikutnya adalah menunggu proses pengistalan. Setelah itu terdapat kotak informasi, abaikan saja, langsung klik next lagi. Software telah siap digunakan.

Selanjutnya, kita akan mencoba untuk memonitoring jaringan komputer. Pertama, laptop/komputer/gadget yang kita gunakan untuk memonitoring harus terlebih dahulu terkoneksi dengan jaringan hotspot. Selanjutnya, masuk ke software NetworkView hingga terlihat tampilan seperti berikut.

Oke, setelah itu kita pilih tool di kiri atas, yakni di bawah menu "file" yang bergambar gelombang berwarna hijau seperti berikut.

Setelah itu muncul jendela discover. Isi map information yang terdiri dari title, description, dan author. Setelah itu, pilih discovery type. Kali ini memilih discovery range. Selanjutnya, mengisi IP address atau kisaran nomor IP address jika ingin mengetahui dalam suatu range IP address tertentu dalam jaringan tersebut yang sedang terkoneksi ke jaringan.

Selanjutnya, aplikasi sedang melakukan proses discovering network, tunggu beberapa saat hingga proses discovering selesai. Lamanya proses discovering tergantung dengan banyaknya range IP yang ingin kita ketahui. Semakin banyak range IPnya, semakin lama pula proses discovering network selesai.

Setelah proses discovering network selesai, maka terlihat tampilan dalam bentuk gambar pada host yang terkoneksi dengan jaringan komputer.

Kita dapat melihat atau memonitoring satu per satu host untuk dilihat IP addressnya, NetBIOS, SNMP, dan lain-lain dengan mengklik gambar host yang kita cari. Tampilannya adalah sebagai berikut.

Sedangkan untuk melihat semua host bisa dengan mengklik gambar tabel seperti di bawah ini, dan memilih menu yang akan ditampilkan sehingga tampilannya sebagai berikut.

Tabel di atas menunjukkan IP address, DNS time, type, dan lain-lain yang terkoneksi dengan jaringan komputer.