随笔分类 - 艺术
摘要:MITM - Code Injection Inject javascript or HTML code into pages. Code gets executed on target machine. Use - - inject plugin. Code can be: 1. Stored o
阅读全文
摘要:MITM - Capturing Screen Of Target & Injecting a Keylogger ScreenShotter Plugin: Inject Plugin: Test the ScreenShotter on Victim Windows PC. python2 mi
阅读全文
摘要:MITM-DNS Spoofing DNS Spoofing allows us to redirect any request to a certain domain to another domain, for example we can redirect any request from l
阅读全文
摘要:Session Hijacking What if the user uses the "remember me" feature? If the user uses this feature the authentication happens using the cookies and not
阅读全文
摘要:MITM - bypassing HTTPS Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for
阅读全文
摘要:ARP Poisoning - MITMf MITMf is a framework that allows us to launch a number of MITM attacks. MITMf also starts SSLstrip automatically to bypass HTTPS
阅读全文
摘要:ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used t
阅读全文
摘要:MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most dangerous and effective attacks that can be used, it is
阅读全文
摘要:Nmap Nmap is a network discovery tool that can be used to gather detailed information about any client or network. We shall have a look at some of its
阅读全文
摘要:Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Gathering Information Now that we are connected to a
阅读全文
摘要:Securing your Network From the Above Attacks. Now that we know how to test the security of all known wireless encryption(WEP/WPA/WPA2), it is relative
阅读全文
摘要:WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main issue in WEP is the short IV which means that they c
阅读全文
摘要:WEP Cracking Packet Injection What if the AP was idle, or had no clients associated with it? In this case, we have to inject packets into the traffic
阅读全文
摘要:WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. At the same time, we shall use aircrack-ng to try and crack the key
阅读全文
摘要:Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking WEP is old encryption, but it is still used in some
阅读全文
摘要:Creating a fake access point (honeypot) Fake access points can be handy in many scenarios, one example is creating an open AP, this will attract a lot
阅读全文
摘要:Deauthentication Attacks Theory This attack is used to disconnect any device from any network within our range even if the network is protected with a
阅读全文
摘要:Targeted packet sniffing Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark.
阅读全文
摘要:Change MAC Address using macchanger. Packet Sniffing Basics Airodump-ng airodump-ng is a program part of the aircrack-ng package, it's a packet sniffe
阅读全文
摘要:ALFA AWUS 1900 RTL8814AU https://www.alfa.com.tw/products_detail/2.htm Follow the guide on aircrack-ng/rtl8812au step by step. https://github.com/airc
阅读全文
浙公网安备 33010602011771号