John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Showing posts with label IT Security. Show all posts
Showing posts with label IT Security. Show all posts
Friday, February 13, 2015
How to Hack a WPA Wireless Network (Wifi) using Aircrack-ng and John the Ripper
John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Wednesday, February 4, 2015
Freeing Disk Space in Kali Linux (Basic steps), Especially the apt-get Cache
Kali is a Debian-based Linux developed with penetration-testers in mind. Think of it as a toolbox. It is basically a Debian Linux, but with all the penetration testing tools installed, for free. This includes Metasploit, OpenVAS vulnerability scanners, exploitDB, Hydra, aircrack-ng, John the Ripper, etc. These come on top Linux's common formidable tools such as OpenSSH (for creating tunnels), netcat, and nmap to name a few.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
Step 1: Check Disk space and where you are consuming space the most. Use df -h. the '-h' option in df is to format the result in 'human-readable' format.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
You get an error that you are running on disk space. Kali |
df -h results show the entire disk is "full" |
Thursday, April 26, 2012
How to Access Skype Chat History of Another Person or PC.
Internet messengers (IM) indeed made the world smaller, and skype is undoubtedly the major contributor to this phenomena.
Skype is simple to use, and hard to block. With skype, you can do free calls and videoconferencing; share your desktop; and, share files such as documents and photos with any other skype users anywhere. Skype has the ability to use any available open port to communicate to the internet which made it a bane for traditional port-based firewalls to block (a headache for most network engineers).
But is skype safe?
Saturday, April 14, 2012
Practical SSH Tunneling: Using Putty to Bypass Web Filters and Firewalls
About SSH v.2 and SSH tunneling
SSH (Secure Shell) was an Internet Task Force (IETF) protocol for encrypting traffic to access a remote host. SSH v2 standard came out in 2006 and is incompatible with SSH v.1. Version 2 uses Diffie-Hellman (DH) key exchanges to create a tunnel between a client and a server. Thus, SSH works very similary like a VPN and was, in fact, called a poor man's VPN. SSH has lower levels of security and encryption than VPN. Apart from that, I don't really know the exact difference between an SSH tunnel and a VPN and if you happen to do, please feel free to post a comment or link to your blog/article that explains SSH versus VPN.
SSH v.2 is both a boon and a bane for network engineers. I've been using SSH v.2 to do a myriad of things, some of which to purposely circumvent network policies that would normally disallow people to access other parts of the network. For this article, we will use SSH tunneling to bypass corporate firewall and webfiltering. This is possible using any Web Socket capable browser such as Mozilla Firefox and Opera (I've heard Google Chrome will support it soon).
SSH (Secure Shell) was an Internet Task Force (IETF) protocol for encrypting traffic to access a remote host. SSH v2 standard came out in 2006 and is incompatible with SSH v.1. Version 2 uses Diffie-Hellman (DH) key exchanges to create a tunnel between a client and a server. Thus, SSH works very similary like a VPN and was, in fact, called a poor man's VPN. SSH has lower levels of security and encryption than VPN. Apart from that, I don't really know the exact difference between an SSH tunnel and a VPN and if you happen to do, please feel free to post a comment or link to your blog/article that explains SSH versus VPN.
SSH v.2 is both a boon and a bane for network engineers. I've been using SSH v.2 to do a myriad of things, some of which to purposely circumvent network policies that would normally disallow people to access other parts of the network. For this article, we will use SSH tunneling to bypass corporate firewall and webfiltering. This is possible using any Web Socket capable browser such as Mozilla Firefox and Opera (I've heard Google Chrome will support it soon).
Wednesday, April 11, 2012
Paypal Spoof: How I knew the Paypal email I recieved was fraudulent
I had a recent experience with email spoofing involving Paypal, and I would like to share how I recognized the email as spoofed and thus was fraudulent.
My wife was selling her Macbook. Like most Gen X/Y couples do, we posted her for sale Macbook on eBay, and other trading sites. Two days later, we received an email from someone with a yahoo account asking what the prices would be in US dollars, including shipment to Nigeria. He didn't give a name and he didn't leave a shipping address. We told him the price would be US $450, but that he will have to shoulder the shipping cost depending on the address, and his favored shipping method/company would be. He said he wants to transact via Paypal, and even offered to up the price to US $580 including shipping cost -- what generosity.
So that night, I sent him an invoice from my Paypal account. 24 hours past and I received a notification claiming to have come from services@intl.paypal.com informing me that payment had been made. Careful examination reveals it was a spoofed/phishing email. He was bamboozling me! Here's how I immediately knew it was fake (click the picture to enlarge):
My wife was selling her Macbook. Like most Gen X/Y couples do, we posted her for sale Macbook on eBay, and other trading sites. Two days later, we received an email from someone with a yahoo account asking what the prices would be in US dollars, including shipment to Nigeria. He didn't give a name and he didn't leave a shipping address. We told him the price would be US $450, but that he will have to shoulder the shipping cost depending on the address, and his favored shipping method/company would be. He said he wants to transact via Paypal, and even offered to up the price to US $580 including shipping cost -- what generosity.
So that night, I sent him an invoice from my Paypal account. 24 hours past and I received a notification claiming to have come from services@intl.paypal.com informing me that payment had been made. Careful examination reveals it was a spoofed/phishing email. He was bamboozling me! Here's how I immediately knew it was fake (click the picture to enlarge):
Labels:
Consumer IT,
fraud,
IT Security,
Paypal,
Security,
Spoof
Friday, April 6, 2012
Interconnecting Different Sites Using VPN Hairpinning with Cisco ASA Sample Configuration
This is my first post in my newly created blog and I thought of sharing a project I did back in 2007. I was then working for a Danish company who have offices, and clients, in North America, South America, Europe, Asia, and Africa (North and East Africa to be more specific).
The problem was how to interconnect all our offices and clients in these 5 continents fast, and inexpensively. We had support centers in Denmark, US and the Philippines and all our support personnel, and subject matter experts need to have access to the company's servers and systems deployed inside client's data centers scattered worldwide. We need to be able to SSH the servers; access the web and databases of the system; and, access server iLO (HP servers' integrated lights out) and KVMs. The inexpensive and fast, yet secure solution, is VPN.
VPN is fast to deploy, is secure, and -- as most finance directors would like -- inexpensive. Do note that VPN is not the best solution when involving latency-sensitive traffic such as VoIP, and videoconferencing. For brevity, I did not include all other ASA configurations such as hostname, domain, and Firewalls. We will only show the VPN configurations and other relevant configuration lines.
The Scenario:
A certain Company ‘A’ has a Regional Office Headquarters (RoHQ) in Singapore that needs to access servers and systems deployed to a client in the US. Company ‘A’ has a contact and support center in the Philippines who also needs to access the system deployed in our US-based client. As is the usual case, both companies agreed that their respective networks should be NAT-ed to a public IP address.
Labels:
ASA,
B2B,
Cisco,
encryption,
hairpinning,
How to Guide,
ipsec,
IT Security,
L2L,
Network Engineering,
Site to site,
tunneling,
VPN
Subscribe to:
Posts (Atom)