John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Friday, February 13, 2015
How to Hack a WPA Wireless Network (Wifi) using Aircrack-ng and John the Ripper
John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR. In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!
Wednesday, February 4, 2015
Freeing Disk Space in Kali Linux (Basic steps), Especially the apt-get Cache
Kali is a Debian-based Linux developed with penetration-testers in mind. Think of it as a toolbox. It is basically a Debian Linux, but with all the penetration testing tools installed, for free. This includes Metasploit, OpenVAS vulnerability scanners, exploitDB, Hydra, aircrack-ng, John the Ripper, etc. These come on top Linux's common formidable tools such as OpenSSH (for creating tunnels), netcat, and nmap to name a few.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
Step 1: Check Disk space and where you are consuming space the most. Use df -h. the '-h' option in df is to format the result in 'human-readable' format.
Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.
Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.
 |
| You get an error that you are running on disk space. Kali |
 |
| df -h results show the entire disk is "full" |
Tuesday, January 27, 2015
Practical Advice in Pursuing the Project Management Professional (PMP) Credential
Recently, I became a Project Management Professional (PMP) credential holder. I personally find the exam tough and the entire process stringent. Thus, I consider this achievement a milestone in my career.
In this blog, I will give advice, based on my own experience, how one can maximize the effort, and financial resources required to achieve the credential.
Just recently somebody asked me what my foremost advice would be if someone is seriously working into achieving the PMP certification. My foremost advice is also the most obvious.
1. Become a member of Project Management Institute (PMI). The benefits of membership are numerous. First, you get an immediate savings of approximately $10.00 in your application fee. The application fee for CBT (Computer Based Test) is $405 for members, and $555 for non members. To become a member, you are charged some $140 membership fee. Thus, in all, a new PMI member PMP applicant is charged $545, versus $555 for non-members. BUT (the big BUT), as a member you get free access to the Project Management Book of Knowledge (PMBok), latest edition, which is the basis of 90% of the PMP exam questions. Also, as a PMI member, you get access to the MyPMI dashboard (a portion of which is shown above). The dashboard makes it easy for you to apply for the credential online. Applying online is a big relief. PMI requires you to fulfill 4,500 project hours for degree holders, or 7,500 project hours for secondary school (high school) diploma holders. These project hours should have spanned all five process groups (initiating, planning, executing, monitoring and controlling, closing); and they have to be non-overlapping. These hours also need to be logged for each project, and confirmed by your direct supervisor.
I had a colleague who did the project hours logging using PMI paper forms. They are tedious, and tend to be messy. . The online application form is cleaner (shown in the right), and makes it easier for you to track if you already reached the required number of hours to apply for the credential.
Which brings me to my next advice.
2. Make sure to log your project hours accurately, and discuss the project description with your manager. The application process allows for certain liberties, after all the project hours are estimations. But if your application is selected for audit, your manager will be required to confirm (by a signature, with comments on a sealed envelop) your application - particularly the project hours, duration, and description. This also means...
In this blog, I will give advice, based on my own experience, how one can maximize the effort, and financial resources required to achieve the credential.
1. Become a member of Project Management Institute (PMI). The benefits of membership are numerous. First, you get an immediate savings of approximately $10.00 in your application fee. The application fee for CBT (Computer Based Test) is $405 for members, and $555 for non members. To become a member, you are charged some $140 membership fee. Thus, in all, a new PMI member PMP applicant is charged $545, versus $555 for non-members. BUT (the big BUT), as a member you get free access to the Project Management Book of Knowledge (PMBok), latest edition, which is the basis of 90% of the PMP exam questions. Also, as a PMI member, you get access to the MyPMI dashboard (a portion of which is shown above). The dashboard makes it easy for you to apply for the credential online. Applying online is a big relief. PMI requires you to fulfill 4,500 project hours for degree holders, or 7,500 project hours for secondary school (high school) diploma holders. These project hours should have spanned all five process groups (initiating, planning, executing, monitoring and controlling, closing); and they have to be non-overlapping. These hours also need to be logged for each project, and confirmed by your direct supervisor.
I had a colleague who did the project hours logging using PMI paper forms. They are tedious, and tend to be messy. . The online application form is cleaner (shown in the right), and makes it easier for you to track if you already reached the required number of hours to apply for the credential.
Which brings me to my next advice.
2. Make sure to log your project hours accurately, and discuss the project description with your manager. The application process allows for certain liberties, after all the project hours are estimations. But if your application is selected for audit, your manager will be required to confirm (by a signature, with comments on a sealed envelop) your application - particularly the project hours, duration, and description. This also means...
Subscribe to:
Posts (Atom)
