WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main issue in WEP is the short IV which means that they can be repeated, therefore by collecting a large number of IVs aircrakp-ng can determine the key stre…
ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. 1. Tell the target client th…
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…
MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administartors to keep track of what is happening in their network and analyse all the packtes. Wireshark works by logging each packet that flows through the d…
Securing your Network From the Above Attacks. Now that we know how to test the security of all known wireless encryption(WEP/WPA/WPA2), it is relatively easy to secure our networks against these attacks as we know all the weaknesses that can be used…
MITM - Code Injection Inject javascript or HTML code into pages. Code gets executed on target machine. Use - - inject plugin. Code can be: 1. Stored on a local file --js-file or --html-file 2. Stored online --js-url or --html-url 3. Or you can supply…
MITM - Capturing Screen Of Target & Injecting a Keylogger ScreenShotter Plugin: ScreenShotter: Uses HTML5 Canvas to render an accurate screenshot of a clients browser --screen Load plugin 'ScreenShotter' --interval SECONDS Interval at which screensho…
MITM-DNS Spoofing DNS Spoofing allows us to redirect any request to a certain domain to another domain, for example we can redirect any request from live.com to a fake page !! 1. Edit DNS settings leafpad /etc/mitmf/mitms.conf 2. Run ettercap to arp…
MITM - bypassing HTTPS Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid. SSLstrip is a tool that canbe used…
ARP Poisoning - MITMf MITMf is a framework that allows us to launch a number of MITM attacks. MITMf also starts SSLstrip automatically to bypass HTTPS/SSL. Download and Install the MITMf tool from the following website: https://github.com/byt3bl33d3r…