Nmap can be a tool to verify whether there is any sniffer running in your network.
Here is an example of using Nmap to address the sniffer, and 192.168.30.29 is the PC hosting a sniffer.
root@is:~# nmap -sn --script=sniffer-detect 192.168.30.0/24
Starting Nmap 7.40 ( https://nmap.org ) at 2018-07-06 11:27 EDT
Nmap scan report for 192.168.30.1
Host is up (0.025s latency).
MAC Address: 00:24:C4:92:C3:21 (Cisco Systems)
Host script results:
|_sniffer-detect: Unknown (tests: "________")
Nmap scan report for 192.168.30.29
Host is up (0.069s latency).
MAC Address: 9C:4E:36:9E:36:2C (Intel Corporate)
Nmap scan report for 192.168.30.128
Host is up (0.024s latency).
MAC Address: EC:88:92:72:20:8C (Motorola Mobility, a Lenovo Company)
Host script results:
|_sniffer-detect: Unknown (tests: "_______1")
Nmap done: 256 IP addresses (3 hosts up) scanned in 12.06 seconds
Friday, July 6, 2018
Thursday, July 5, 2018
Performing ARP SPOOFING/POISONING on Kali Linux #2
1) Enable "net.ipv4.conf.all.forwarding" by executing the command below.
#sysctl net.ipv4.conf.all.forwarding=1
2) Run the "ettercap-graphical".
3) Click "Sniff"->"Unified sniffing...". When a small window pops up, choose the appropriate network adapter as the "Network interface" before tapping the "OK" button.
4) Click "Hosts"->"Scan for hosts".
5) Click "Mitm"->"ARP poisoning...". When a small window shows up, check "Sniff remote connections." before clicking the "OK" button.
6) Finally, tap "Start"->"Start sniffing".
7) Any usernames and passwords will show up on the bottom of the ettercap window if any.
#sysctl net.ipv4.conf.all.forwarding=1
2) Run the "ettercap-graphical".
3) Click "Sniff"->"Unified sniffing...". When a small window pops up, choose the appropriate network adapter as the "Network interface" before tapping the "OK" button.
4) Click "Hosts"->"Scan for hosts".
5) Click "Mitm"->"ARP poisoning...". When a small window shows up, check "Sniff remote connections." before clicking the "OK" button.
6) Finally, tap "Start"->"Start sniffing".
7) Any usernames and passwords will show up on the bottom of the ettercap window if any.
Performing ARP SPOOFING/POISONING on Kali Linux #1
1) Utilize the "netdiscover" command to address those nodes located in the same subnet. An example:
#netdiscover -i wlan0 -r 192.168.0.0/24
P.S.: The "wlan0" is the corresponding network adapter, and "192.168.0.0/24" is the corresponding subnet.
2) Enable "net.ipv4.conf.all.forwarding" by executing the command below.
#sysctl net.ipv4.conf.all.forwarding=1
3) Leverage the "arpspoof" command to perform ARP SPOOFING. An example is shown below.
#arpspoof -i wlan0 -t 192.168.0.7 -r 192.168.0.1
P.S.: The "wlan0" is the corresponding network adapter, and "192.168.0.7" is the target IP address. Furthermore, "192.168.0.1" is the gateway.
4) After the commands above are executed, run the Wireshark so that such confidential information as passwords can be gathered by us.
#netdiscover -i wlan0 -r 192.168.0.0/24
P.S.: The "wlan0" is the corresponding network adapter, and "192.168.0.0/24" is the corresponding subnet.
2) Enable "net.ipv4.conf.all.forwarding" by executing the command below.
#sysctl net.ipv4.conf.all.forwarding=1
3) Leverage the "arpspoof" command to perform ARP SPOOFING. An example is shown below.
#arpspoof -i wlan0 -t 192.168.0.7 -r 192.168.0.1
P.S.: The "wlan0" is the corresponding network adapter, and "192.168.0.7" is the target IP address. Furthermore, "192.168.0.1" is the gateway.
4) After the commands above are executed, run the Wireshark so that such confidential information as passwords can be gathered by us.
Wednesday, July 4, 2018
WIFI Security Inspection Checklist
1) The security of Access Points and Access Controllers
Connect into the corresponding wlan before leveraging either Nessus or OpenVAS to fully scan those Access Points and Access Controllers.
2) The robustness of Wireless protocols
Run Kismet by executing the command, kismet, in a shell.
Manually check the encryption algorithm of each WIFI signal.
Bear in mind that there is a sequence listing the security robustness towards each of those WIFI protocols as shown below.
WPA2 Enterprise > WPA Enterprise > WPA2 PSK > WPA PSK > WEP > None Encryption
3) Wi-Fi Protected Setup (WPS) function
Run Fern WIFI Cracker and select the appropriate wlan0 interface before clicking the "Scan for Access points" button.
Check each access point and see if each of them enables the WPS function.
4) Rogue AP
Run Kismet by executing the command, kismet, in a shell.
Check all signals stronger than -40dBm while walking around.
5) Twins of Evil
Run the command, iwlist wlan0 scanning|grep -i 'address:\|essid:'.
There is an example as shown below.
root@alex-kali:~# iwlist wlan0 scanning|grep -i 'address:\|essid:'
Cell 01 - Address: 90:2B:CF:DC:09:15
ESSID:"alex11"
Cell 02 - Address: 80:29:94:D2:2A:1C
ESSID:"Highbridge26"
Cell 03 - Address: 00:26:62:9B:47:87
ESSID:"E5426"
Cell 04 - Address: B0:C2:87:B5:2B:79
ESSID:"TC8717T73"
Cell 05 - Address: 90:1A:CA:DC:12:10
ESSID:"alex6"
Cell 06 - Address: 00:14:D1:D4:64:02
ESSID:"ling23828"
Cell 07 - Address: 58:EF:68:60:C9:87
ESSID:"Linksys15"
Cell 08 - Address: 48:5D:36:56:44:0E
ESSID:"FiOS-TQ4TB"
Cell 09 - Address: 48:5D:36:21:6D:BA
ESSID:"FiOS-Q9BY2"
Cell 10 - Address: D8:D7:75:A8:59:5E
ESSID:"MySpectrumWiFi58-2G"
Cell 11 - Address: 80:29:94:D2:2A:1D
ESSID:"Highbridge23"
Cell 12 - Address: 58:EF:68:60:C9:88
ESSID:"Linksys15"
Cell 13 - Address: 58:EF:68:60:C9:89
ESSID:"Linksys15"
Cell 14 - Address: 20:C0:47:D3:4D:CA
ESSID:"Fios-DRARW-5G"
Cell 15 - Address: 22:C0:47:D3:4D:CB
ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
Cell 16 - Address: 48:5D:36:56:44:0C
ESSID:"FiOS-TQ4TB-5G"
Cell 17 - Address: 4A:5D:36:56:44:0D
ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
Cell 18 - Address: B8:D9:4D:4B:AA:0F
ESSID:"MySpectrumWiFi08-5G"
Check the output in order to filter out those Twins of Evil.
Connect into the corresponding wlan before leveraging either Nessus or OpenVAS to fully scan those Access Points and Access Controllers.
2) The robustness of Wireless protocols
Run Kismet by executing the command, kismet, in a shell.
Manually check the encryption algorithm of each WIFI signal.
Bear in mind that there is a sequence listing the security robustness towards each of those WIFI protocols as shown below.
WPA2 Enterprise > WPA Enterprise > WPA2 PSK > WPA PSK > WEP > None Encryption
3) Wi-Fi Protected Setup (WPS) function
Run Fern WIFI Cracker and select the appropriate wlan0 interface before clicking the "Scan for Access points" button.
Check each access point and see if each of them enables the WPS function.
4) Rogue AP
Run Kismet by executing the command, kismet, in a shell.
Check all signals stronger than -40dBm while walking around.
5) Twins of Evil
Run the command, iwlist wlan0 scanning|grep -i 'address:\|essid:'.
There is an example as shown below.
root@alex-kali:~# iwlist wlan0 scanning|grep -i 'address:\|essid:'
Cell 01 - Address: 90:2B:CF:DC:09:15
ESSID:"alex11"
Cell 02 - Address: 80:29:94:D2:2A:1C
ESSID:"Highbridge26"
Cell 03 - Address: 00:26:62:9B:47:87
ESSID:"E5426"
Cell 04 - Address: B0:C2:87:B5:2B:79
ESSID:"TC8717T73"
Cell 05 - Address: 90:1A:CA:DC:12:10
ESSID:"alex6"
Cell 06 - Address: 00:14:D1:D4:64:02
ESSID:"ling23828"
Cell 07 - Address: 58:EF:68:60:C9:87
ESSID:"Linksys15"
Cell 08 - Address: 48:5D:36:56:44:0E
ESSID:"FiOS-TQ4TB"
Cell 09 - Address: 48:5D:36:21:6D:BA
ESSID:"FiOS-Q9BY2"
Cell 10 - Address: D8:D7:75:A8:59:5E
ESSID:"MySpectrumWiFi58-2G"
Cell 11 - Address: 80:29:94:D2:2A:1D
ESSID:"Highbridge23"
Cell 12 - Address: 58:EF:68:60:C9:88
ESSID:"Linksys15"
Cell 13 - Address: 58:EF:68:60:C9:89
ESSID:"Linksys15"
Cell 14 - Address: 20:C0:47:D3:4D:CA
ESSID:"Fios-DRARW-5G"
Cell 15 - Address: 22:C0:47:D3:4D:CB
ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
Cell 16 - Address: 48:5D:36:56:44:0C
ESSID:"FiOS-TQ4TB-5G"
Cell 17 - Address: 4A:5D:36:56:44:0D
ESSID:"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
Cell 18 - Address: B8:D9:4D:4B:AA:0F
ESSID:"MySpectrumWiFi08-5G"
Check the output in order to filter out those Twins of Evil.
Subscribe to:
Posts (Atom)