Forum Replies Created
- AuthorPosts
Diego Pérez
ModeratorHi!
You can use bettercap, no matter if the wireless adapter is in AP mode, you can set it to sniff from eth0, which is providing internet connection, as showed in the previous lectures, just avoid starting the arp.spoof module. So only net.probe, net.sniff and hstshijack are needed.Greetings!
DiegoDiego Pérez
ModeratorHi!
As ethical hackers we need to develop researching skills, so maybe it’s a good chance to start improving such skills. Here is a link that ecplains about brute forcing attacks, but do your own research, don’t misunderstand me but it will help you a lot sharping your google-fu.
https://medium.com/swlh/using-hydra-to-spray-user-passwords-dcc12f016ba9
Greetings!
DiegoDiego Pérez
ModeratorHi!
You are using an old version, can you try it with the latest one?
https://github.com/mitmproxy/mitmproxy/blob/v6.0.2/examples/contrib/sslstrip.pyLet me know how it goes!
DiegoDiego Pérez
ModeratorHi!
Have you installed netfilterqueue? If so which exact command did you use?Let me know.
DiegoDiego Pérez
ModeratorHi!
Which OS are you using?I’ll suggest to use custom kali for the course, it will work just as expected.
Greetings!
DiegoFebruary 15, 2021 at 6:17 pm in reply to: Crack WPA2 wifi network without a wordlist not working #52070Diego Pérez
ModeratorHi!
As mentioned in the lecture this method only works against some routers, it won’t work against modern routers or ones that use PBC, Zaid still covered this though cause if it works then its a very good method to get the password as it is guaranteed, if it didn’t work then please try the method explained in the next lectures.
See this method only works if the target uses pin authentication, because when PBC is enabled the router will refuse all requests and all pins even if we send it the right pin unless the wps button is pressed. If you are the attacker you won’t know if your target is using PBC authentication or not, you have to try this method, it is still works against some routers and if it is working it will give you a clear way to get a key.So it looks like you can’t change it’s configuration, in this case this attack will not work.
Greetings!
DiegoDiego Pérez
ModeratorHi!
Basically you can try it but Instagram implements a protection by blocking the account after some failed attempts, so you can only try it like 5 times (I think) as a maximum and you’ll need to wait 24 hours to try it again. So the attack will be very very slow as you can only test 5 passwords per day.
You can make a disposable account and try it out.Greetings!
DiegoDiego Pérez
ModeratorHi!
Yes, if you want sniff from https sites you’ll need to downgrade the connection as well, the only difference is that you don’t have to use the arp.spoof module as you are the MITM already.Greetings!
DiegoDiego Pérez
ModeratorHi bro!
Google.com will not be downgraded as it uses hsts but winzip.com should work fine. Did you clear the entire browser’s cache in victim machine? Where did you get the sslstrip.py from? Can you share the lnk?
Thanks!
DiegoDiego Pérez
ModeratorHi!
Have you run apt upgrade? Because that will undo all the custom changes made by Zaid.Can you share a screenshot with the command used and the result please?
Thanks!
DiegoDiego Pérez
ModeratorHi!
Are you sure you are using the latest custom kali image provided by Zaid? It’s important!Let me know.
DiegoFebruary 12, 2021 at 6:21 pm in reply to: When I run the my arp spoof tool the connection on the windows machine goes off #52023Diego Pérez
ModeratorYou’re welcome!
Greetings!
DiegoDiego Pérez
ModeratorHi!
There are some slides available to download, you can find them at the beginning of a section, do you have any issue to download them?Let me know.
DiegoFebruary 11, 2021 at 6:37 pm in reply to: When I run the my arp spoof tool the connection on the windows machine goes off #52002Diego Pérez
ModeratorHi!
Did you enable ip forwarding? echo 1 > /proc/sys/net/ipv4/ip_forwardYou have to do it everytime you boot kali and want to run an arp spoof attack.
Let me know.
DiegoDiego Pérez
ModeratorHi!
You can upload images to an image hosting service and share the links here.As mentioned in the lecture this method only works against some routers, it won’t work against modern routers or ones that use PBC, Zaid still covered this though cause if it works then its a very good method to get the password as it is guaranteed, if it didn’t work then please try the method explained in the next lectures.
See this method only works if the target uses pin authentication, because when PBC is enabled the router will refuse all requests and all pins even if we send it the right pin unless the wps button is pressed. If you are the attacker you won’t know if your target is using PBC authentication or not, you have to try this method, it is still works against some routers and if it is working it will give you a clear way to get a keyGreetings!
Diego- AuthorPosts