Tag: Kali Linux

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will cover how to crack Wi-Fi. Now that we have finished setting up all of the necessary tools, we can begin with the demonstration.

The first thing that we will need to do is set our network wireless card in to monitor mode. Type in ifconfig, press Enter, and this will display all of the network interfaces that are available. My wireless interface is called wlp2s0. A bit of a strange name, I know, but Fedora has a custom of assigning strange names. For example, my wired connection is called p8p1, which is kind of weird, but OK, never mind. Just identify the name of your interface and adapt accordingly. Anyway, I’m going to use wlp2s0. We have two ways of configuring monitor mode. The first method is what I usually use to set it in monitor mode, and the second one is what I use to check for problems. Go ahead and type in ifconfig. Again, wlp2s0, which is the name of my wireless network card, and type in down. Let’s shut our wireless card down completely. Now we can make some modifications to it. Type in ipconfig wlp2s0, mode monitor. Again, ifconfig wlp2s0 up, and now our network card is configured to function in monitor mode. Before it was functioning in the promiscuous mode. There are several names for it, but promiscuous mode is the most common. The difference between the two modes is that in monitor mode network cards are configured to accept packages, regardless if it is meant for them or not, and in promiscuous mode they will only accept packages that are meant specifically for them.

I’m going to go ahead and clear the screen, and I’m finally going to start using some of the software packages that come with aircrack. I have a list of commands here which we will use today on the right side of my screen, and we’re going to use a few other ones, but these are the basic ones that you absolutely need to know. So, let me go ahead and type in airmon-ng check wlp2s0. I want to see if there are any possible processes that could cause interference, and I see that there are quite a few of them. One of the first things that you need to kill is the network manager. Even though it doesn’t actually directly interfere with the functioning of our software, it does spawn some other processes that might interfere, like your active internet connection here, the dhclient. For example, if your network manager is configured to automatically connect to a certain network, or to a wired network that you plug into your computer. So, let’s just go ahead and kill the process. I’m not going to take any chances, today. I’m going to go ahead and kill the network manager, and then I will begin killing the rest. So, let’s repeat the airmon-ng check, excellent! I have a few more of these. You will need to kill them in a certain order because they tend to spawn each other. Even though you’ve killed it as root, it will kill it, but it will restart it as well. I’ll just go ahead and kill the dhclient as well in order to prevent any interference, and the rest of killing can be done in any way you like. So, kill, let’s just go ahead and kill 1556, 1215, and 1216. Excellent! Let’s do a check one more time, something is still up. This is what I meant, it is highly annoying. Avahi-demons are the only ones running. Apparently, I have to kill the WPA supplicant first, and then I can kill these. It can be frustrating because you can’t kill them all at once. You will have to type in the commands time and time again. Let me just go ahead and clear the screen, and always perform an extra check. You see here that nothing is active, nothing should present any problems now.

Let me go ahead and clear the screen. The next thing that we need to do is perform a scan of our environment here to see what sort of networks are available, and who is connected to which networks. Now you cannot see with the network manager. With the network manager we can only see the visible wireless access points around us. While on the other hand, with one of the tools that comes with the aircrack, you can actually see wireless access points around you and who is connected to them, which is a very nice feature. I’ll go ahead and type in the first command from my selected list here, it’s airodump-ng wlp2s0, and press Enter. You can now see all of the wireless access points. This one is mine, it’s called Something. I’ve created this network specifically for the purposes for this tutorial. It has a good, strong password, and we are going to be cracking it today. Okay, let me cancel the scanning process, and I would like to explain a few of the things that you can see here during the scanning process itself. The BSSID is the MAC address of the wireless access point. The PWR is the strength of the signal. So, the smaller this negative number is, so let’s say -30, -15 is a stronger signal than -30. -57 will not be the greatest of connections. -78 or -84, yeah, you might be able to connect to them, but this will certainly result in a poor connection. However, even though the signals here are weak, if you have a good enough wireless card you will be able to perform the authentication, and therefore I will be able to render any of these networks that you see here inoperable. But, that we will save for the later tutorials.

For the time being, I would like to show you one of the ways in which you can crack the WPA2 encryption. DoS attacks are very useful. I mean, they can practically render almost any WiFi network out there useless. Nobody will be able to connect to it, or you can deauthenticate a specific client on the network which is also extremely useful. So, let’s go ahead and clear the screen. Once again, I will run airodump, and I will expand this terminal window so we can see some other things as well. It says something, it’s 90:F6. I am looking for something to be associated with 90:F6, and that is what I shall use in order to actually deauthenticate, because we are looking for a four-way handshake. It will appear in the top right corner. There we will be able to see all of the packets that are coming in, and there we will be able to actually capture a file and see what is going on. However, that is not possible to do at the time being because we are scanning for pretty much every single network available, and I just wanted to show you what it looks like.

The next thing that we need to do is perform a targeted scan. We will be targeting this network here, as it has a good signal. More importantly than that, I have permission to do whatever I want with this network, as it is mine. These down below are not mine. Also, keep in mind that we are not doing anything illegal here. Everything that you see here is public information. This is simply what all of the Wi-Fi routers around me are broadcasting. They are broadcasting their MAC address, and they are are broadcasting the name of the network, basically. The SSID name is not a technical term. ESSID is the term, but everybody refers to it as the name of a wireless access point. Anyway, as I said, all of this is public information. You will see that it’s WPA2 encryption, you will see the MAC address, and you will see the ESSID. The ESSID will be the first thing that you see on the network. Also, you will see the channels as well. Anyway, I will call the tutorial here, and in the next one we will be performing a specific scan where we will capture information, and use that capture file in order to crack the encryption. Until then I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how you can install aircrack and Reaver.

The aircrack setup is pretty simple. Just type in yum install aircrack-ng, and it’s going to pick up the right version by default. Go ahead and press Enter. In Fedora it runs through checks every time you call yum, you can pass the -c argument in order for the system not to do that. It says package aircrack-ng is already installed and is the latest version. You might be prompted for a question along the way. If you wish to skip that type in -y, that’s it. With this command that I am selecting you won’t be prompted for any questions, and you will have aircrack-ng installed on your system without any problems.

However, Reaver is quite a different story. Reaver cannot be found in Fedora’s repositories, and therefore it has to be downloaded from the internet. There are many places to download it, I have chosen to download it from Google code. Google code is one of the safest sources on the internet. Let’s go ahead and open up my favorite browser, which is Firefox, you can open whatever you wish. Type in “reaver google code.” Now we are on the Google code website where we have reaver-wps, you have a description here, and you have a pro version here. The difference between the pro version and the free one that we will be using is this graphical user interface. I mean, let’s face it, if you’re a pen-tester, or a white hat hacker, you’re not going to be using that many GUIs. Optimized PIN sequencing, this means that it’s going to try pins in a certain order, which is more likely to succeed than the default one, according to some but not necessarily true, and integrated WEP cracking. As I said, you don’t really need WEP support. You’re not going to be able to find this protocol these days pretty much anywhere. If you do, as I said before, those people don’t deserve to use WiFi. It’s basically and open WiFi network, regardless of how complex your password is. Make sure you are not one of the people using the WEP protocol. It’s a good idea to switch to WPA or WPA2.

Anyway, I’m going to go ahead and click on downloads in the upper left corner, and there are different versions here that can be downloaded. There are no fundamental differences in the way that Reaver works in between these versions, but there are bug fixes, definitely, and that is very nice. Reaver is maintained, there’s support for it, and so on. So, go ahead and click on Reaver 1.4.tar.gz, and it says reaver.tar.gz here, file description, etc. This is a checksum, you can use this in order to verify that your file is intact, but I’m not going to do that now. I’m going to go ahead and download it. Once it is downloaded, you can go ahead and open up the folder in which it actually exists. Go ahead and double click on this file, you can extract it through the GUI method, it’s far simpler. You can also extract it through the terminal, but I’m going to go ahead and use the GUI on this occasion. This is one of the advantages of Linux over Windows. By default, it will be able to unpack pretty much anything zip, tar, winrar, whatever, it’s going to be able to unpack it without any problems, which is fantastic! No extra installation is needed, this is all installed by default. Let’s go ahead and click on extract. Where would I like to extract the file to? Let’s say to desktop because I’m going delete it anyway, as I already have it installed. So, just go ahead and press OK, and give me desktop. Let’s go back to our terminal, navigate over to desktop, and I imagine I have a lot of things there. OK, so, cd /home/Chronic/Desktop, Enter, ls, and do I have it here? Yep, there we go. So, clear, let me just show you that I do in fact have it, ll. It’s much neater if I do it like this, and there we go, reaver-1.4. Let’s navigate over to that folder, reaver-1.4, clear the screen, list the contents of the directory. Go to docs first and let’s see what is in there.

You might think that I am some sort of an expert, and that I just do these things off of the top of my head, but no. People create readme files for a reason. They are there to be read because the developer has left specific instructions on how to do something within the software. So, let’s go ahead and cat it. Excellent! The following are Reaver source files. It has the description of what is located in each one of these files. You have 802.11.c functions for reading, sending, and parsing 802.11 management frames. 802.11 is a standard, as I said before, but look at this. The developer has actually left the entire installation process here. You have every single command that you need to run, explained in detail what it does, and how you can type it in and execute it. This is wonderful! That’s why when you download a new piece of software, check out the readme file. People do tend to leave instructions there on how to do essential tasks within the software. They’ve most likely encountered the same problems that you might have encountered so you can even see possible solutions. Reaver is only supported on Linux platforms. It requires libpcap, this libsqlite3, and one more, I can’t really pronounce this, and it can be built and installed by running the following command. So, execute the configuration script, and that’s it. It even tells you how to uninstall it.

Anyway, ls, of course you cannot run the configuration file from here. We need to reverse course, and go to source from, yep, src. Let’s see what is in there, there we go. We have configure, and you can see by default here it’s executable. If I give you a longer listing, configure, there you go. It has an x permission here, here, and here. So the user has it, and the group has it as well. Anyway, type in ./configure. So, now it’s checking for stuff, it has its dependencies, without which it cannot function. Type in make, there we go, it’s running through. I want to reiterate that I didn’t do any of this from memory. I just went on the internet, I found the safest place to download the code from, and I’m compiling it here as the developer of the code instructed me to do it. The instructions aren’t complicated, just three commands, and the final command is make install. It’s going to give me several errors here, well not errors but warnings, because I already have it installed. Here it says rm, I need to clear this out, and then I will be able to install Reaver. I will now abort the installation because Reaver is already installed on my machine. If you have any problems feel free to post it in the discussion section.

Lastly, let’s check to see if Reaver is functioning properly. So, type in reaver –help, excellent! It is installed, it is functional, it is responsive to our commands, and here is the syntax for reaver. This is the basic syntax. Of course, you can pass all of these arguments to it, and there are quite a lot of them. Basically, you can say -i for the network interface, and -b for BSSID, or for the MAC address, and of course we even have reaver -vv for double verbose output, which is fantastic! I’ll go ahead and clear the screen. That is how you install aircrack and Reaver on Linux. We will cover the Windows procedure in the next tutorial. Until then, I bid you farewell!

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will begin a chapter on wireless hacking.

So, first off, you need to know that there are different types of encryption. There is WEP, and whoever is still using WEP shouldn’t be on a wireless network. The WEP protocol is quite easy to crack, and it’s practically as if you are on an open WiFi network. However, if you’re using WPA or WPA2, that is another story. These two protocols are quite difficult to crack, especially if the passwords are complex. There are different methods for direct wireless hacking, and I would not recommend using them. There are some circumstances which are favorable to these sort of methods, however it is better to get the IP of the router, and then attack the router itself. Routers usually have far more vulnerabilities than WPA2 encryption.

However, since we are cracking wireless, I’m going to go ahead and type in ifconfig here, and you will notice that I don’t have a wireless interface here. Why is that? Well, even though I have a network integrated card, a wireless one, within my laptop, this is a virtual machine, and virtual machines do not support integrated network cards. They can only go through your host machine, and in such a way virtual machines are secure. So, you can install all sorts of programs on them, viruses, etc., and your host machine will be safe. However, we can use a USB wireless card, then you can set up a pass-through for your virtual machine, and in such a way be able to connect to a wireless network.

However, password cracking from a virtual machine is not a good idea. I mean, it’s a terrible idea. Especially using VirtualBox. Maybe if you were using Xen where you have 90-95% native performance, that would be great, but using VirtualBox for password cracking isn’t very effective. Let me show you why. If you go to devices, and I’m just going to go ahead and click on network settings and then I will get the menu for the other things. So, let’s just go ahead and click on general. Is it here? No, system, sorry. Look here at the base memory. This can be altered when the machine is off. You cannot change these settings here while the machine is turned on. First of all, it says that I have 2 gigs of RAM available for this particular virtual machine. Now, that’s great for day-to-day operations, especially for Linux which only requires 512 megabytes to run. However, if you want to brute-force a password, if you want to take that path, by generating huge password lists and trying to guess it, this is not a sufficient amount of memory. If we click on the processor you will see that the execution cap is 100%, but we only have a single core assigned to this virtual machine. It says here one CPU core in the upper bar, in the upper status bar, where it says processors. It’s gray at the moment because you can’t change the number of processors that a machine is using while it’s running. In any case, it only has one CPU assigned to it. I know it says 4 here, but I have an Intel i7 inside and the VirtualBox supports only 4 CPU cores for its machines. You shouldn’t need more than 4 for a virtual machine, unless you’re doing something that is strongly related to graphics. One CPU is perfect. You won’t need any more computing power.

Anyway, I’m going to go ahead and click OK here, and I want to show you that the resources of your virtual machine are simply not sufficient in order to support the brute force method. As I said, you can buy a wireless USB card for $20 or so, plug it in, pass through the ports, and it’s going to work, but it’s going to be terribly slow. You will need to run Linux as the primary operating system on your host machine. So, because my main machine is Fedora Linux, I have installed all the necessary tools on it. You can install the same tools on Fedora as you can on Kali, and I will be doing my pen-testing from here, from Fedora. Let me exit the virtual machine. However, if you are a Windows user, if you don’t have a native Linux system on your host machine, you will also be able to do this in Windows. I will only show you the installation process, I will not show an actual brute-force demonstration. But, the principles are the same. When you do it in Windows you have to use the GUI mode, and quite frankly for these sort of things I personally do not like to do them via a GUI. It’s far more effective to do them from the Linux terminal. Some of the tools that we will need I will mention them here, and feel free to read up on them a little bit on the net as you progress through the course, and then go through the videos as well. There’s a lot of extra information out there on the net, especially if you come accross any problems using the software. Also, feel free to post in the discussion section if something is not working. I will be more than happy to walk you through it.

So, just type in yum search. This is one of the tools that we will need, aircrack-ng, press enter, and it should find it shortly. There we go. Aircrack is in the default repositories of Fedora, and you will be able to find it there without any sort of problems. So, it says aircrack-ng.x86_64, this is a standard for wireless, and it says sniffer and WEP/WVP-PSK key cracker. We’re interested in this part, key cracker. Basically, you can install it anywhere, we can even install it on the virtual machine. We could capture the file on the virtual machine, and then transfer the file to the host machine to crack it. However, that is not what we wil be doing today. Let’s go ahead and install aircrack and I will teach you how to use it.

There a few more tools related to aircrack, but there is one more tool that we will use that employs a completely different method, it uses a completely different way of cracking wireless passwords, and we will mainly be covering the WPA and WPA2 password encryption methods. I will do a brief demonstration of how to crack WEP, but, I mean, chances of you encountering WEP in today’s world are practically non-existent. If you open up your cell phone, I don’t know if you’re using Android, or an Apple phone, or a Windows Phone, and whatever else is out there, just take a look at the wireless networks around you, and take a look at the encryption methods because they will be shown to you. You will almost never see WEP. If you ever do see it, it’s practically open Wi-Fi. WEP has been cracked, it takes a very short amount of time to break it. You don’t need to use any sophisticated methods, a child could crack it without any problems. Basically, just follow through the procedure, and that’s it.

Now, as I was saying, there is another method of doing this for WPA, and the name of the tool is Reaver. Reaver is not in Fedora’s default repository, so we will need to go through the installation process and find it on the net. But, basically, what Reaver does is guess the pins on your router. So, most routers these days have pin authentication. This enables you press a button and everybody around you can connect to that router. Basically, these things have been invented primarily for Windows users. Rarely, very rarely, will you find a Linux distro with support for pins. This method is highly insecure. I mean, that is really one of the downsides of wireless networks. If you’re using pin authentication, you should definitely disable it on your home routers as it enables malicious attackers to take your WiFi, get your IP address, and from there move on to more serious things. I will show you how to disable these things as well on one of my routers that I have here. I believe I have a tp-link router. I will plug it in later on and show you what it does.

As a part of the aircrack package you will get a few other programs which we will use. One program in the aircrack package enables you to perform a DoS attack on wireless networks around you. So, you will be able to deauthenticate whoever you want, whenever you want, as long as two conditions are met. The first condition is proximity, that you are close enough to the network, and the second condition is that you actually have to scan in monitor mode, with your network card, and figure out what is going on around you. You need the the MAC address of that access point, and the MAC address of the person you want to jam. This is not difficult to do, this is easy, as both MAC addresses are public information. All you need to do is listen for them. That is what monitor mode enables you to do. Network cards have multiple modes which they can operate in, but there are only two which are of interest to us. There is promiscuous mode where your card will receive all packets on the same network segment, whereas the normal mode will only accept packets addressed to your MAC address. Typically, your card will disregard encrypted information not addressed to it. However, if you put your network cards in to monitor mode, they will take all of this traffic, process it, and see what they can retrieve from it. Most of this information is encrypted, but some of it isn’t. MAC addresses can’t be encrypted. You can take it, and you can jam whoever you want. You can deny wireless access to pretty much everybody within the range using your laptop, no extra devices are needed. Of course, it is necessary that your network card supports monitor mode. There is a compatibility list on the net, I will show it to you in the follow-up tutorial.

For the time being, I just wanted to introduce you to the chapter, and to show you what we shall be doing. I would advise you perform a quick search of aircrack-ng on Google, or whatever your favorite search engine is. For Reaver as well. Read some additional information on these two software packages. I will show you how to install aircrack-ng and Reaver in the follow up tutorial. I will also show how to install aircrack-ng on Windows, and I will attempt Reaver as well. Reaver tends to break on Windows, and that can be problematic. I will show you how to install aircrack-ng. I’ll show you how to use it a bit, it’s not difficult, there’s a graphical interface. However, I restate once again, you should have a Linux host machine which you can use, to which you have access. These tools work much faster on Linux machines. They work much better, they’re faster, and quite frankly they are easier to install. Plus, you get a higher degree of anonymity. Anyway, I bid you all farewell, and I’ll see you in the follow up tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how to schedule tasks to run upon rebooting your system, or at a certain point of time. In this particular tutorial, we will create a script or a command to change your MAC address each time you restart your Linux system. So, every time you reset your computer, each time you turn off your computer and turn it back on, not only does it give you a random address that anonymizes you further on wireless networks, but it will make sure that you do not share your permanent MAC address. You might think to yourself, well, I can just change the MAC address every time I need to change it. Well, you will forget, trust me. It’s far simpler to set a cronjob once, and it will run each time you reboot your computer. If we take a look in ifconfig, I don’t actually have any wireless interfaces configured here, mostly because this is a virtual machine. We will be doing some of the things on my other machine, on my Fedora host machine, but for the time being we will use eth0, my wired interface, as an example. You can just as easily do this with any other interface that you have. The only thing that should vary is the name of interface. For example, this one is eth0, wireless1 would be eth1. On my Fedora system the wireless interface is wlp2s0.

In any case, what we need to do is clear the screen. There is is a Linux software utility called cron, it should be included with nearly every Linux distribution available, and this is what you use in order to schedule tasks to run for you in an automated fashion. Let’s type in crontab –help, press Enter, and there we go. Let’s take a look at the help menu for this command. It’s fairly small, there aren’t that many options, the tool is fairly simple. You use -e to edit user’s crontab, you use -u to specify the user for which you wish to edit the crontab. That’s helpful if you have multiple users on a single system, but by default it will edit the cronjobs for the current user. You can also list the user’s crontabs, delete the user’s crontabs, very important, and you can also always use -i to prompt before deleting. Remember, once you delete something in Linux it’s gone. There are some methods for retrieving deleted information, but more likely than not it’s permanently gone. You will find it very difficult to retrieve information that you have deleted through the usage of terminal. Anyway, enough about that, let’s go ahead and start editing our scripts that will run on startup. So, type in crontab -e, press ENTER, and there we go. We are prompted with this file. This is opened with VI text editor, so we will need to go through some of the basics. Here it says edit this file to introduce tasks to run by cron. I strongly advise reading through this entire file. It’s very small. Just read it. I’m 99% sure that you will be able to understand pretty much everything that is written here. Over here, the last line is actually the format. You have minutes, you have day of the month, you have day of the week, you have a command for the meaning of each of these separate sections. You can read this file here. So, mon is month, the dom is day of the month, this is hour, this is minute, and so on and so forth. Go through this file, read through it, and you will understand this format to the fullest extent.

For the time being, here is the command that I wish to use. In order for you to edit pretty much anything in VI, VI is a Linux text editor, you need to open a file and then press I. Just go ahead and press I on your keyboard, letter I, and it says you are currently in the insert mode. You can see how I’m highlighting it, now it says insert, and now you can actually type things in. What we want to type in is @reboot, and then type in the command macchanger -r, eth0. That is the command that we use in order to randomize the MAC address of our eth0 network interface. Here you have at reboot. So when do we want this to happen? We want it to happen when the system reboots. When we reboot our machine execute this command. If you wanted to run a script you would just need to specify a path to that script, and then a command to execute it. So just press escape now to exit insert mode, and press : on your keyboard. So just press colon on your keyboard and you will be prompted with a command line here. In the command line you need to type in “w” for write, so write these changes to the file, and then in addition to w you also need to write “q”, quit. After you’ve written to the file I want you to quit the file. If this doesn’t work you can also add an additional argument which is an exclamation mark to forcibly do it, but there is no need in this example, it’s going to work. So quit, there we go. This says installing new crontab, excellent! So we’ll just go ahead and clear the screen, type in macchanger -s to show the MAC address of my interface, eth0, press Enter, and you see it says permanent MAC, this one, current MAC that we are using, same one. Let’s go ahead and reboot the computer, and after the reboot we will see a different current MAC address listed. 08 were the first two places that were occupied in the MAC address. Once we reboot the system I will start up the ifconfig, actually not ifconfig, I will use macchanger from now on to actually verify the MAC addresses of my interfaces. Even though, even though, that is not a good thing. You should honestly be using ifconfig because it is the universal way of checking a MAC address on pretty much any Linux distro out there. While on the other hand, macchanger is most likely only installed by default on Kali Linux, and pretty much any other distro does not have it installed by default. Let’s go ahead and use ifconfig. We’re being logged in at the moment, sorry for any delays. This is a virtual machine so it’s bound to have some slight delays, but surprisingly I have found it very efficient. It’s working at a relatively fast pace. I’ll just go ahead and open up our terminal, type in ifconfig, and you can see that the hardware address has been changed. This one is no longer 08. So, to confirm this further, we’ll just go ahead and type in macchanger -s eth0, excellent! So you can see the permanent MAC is this, current Mac is this. It’s of an unknown type, unknown manufacturer that is. You can take a look at the macchanger help menu to specify the type of a MAC address that you want it to assign to your interface. Feel free to play around with that. Again, if you have any questions in regards to that, feel free to post them, I will be more than happy to help you out in any way that I can. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will discuss MAC addresses, what they are, how they can be used, and how you can change them in order to anonymize yourself.

So, what is a MAC address? A MAC address is a physical address for all of the individual network interface in your computer. All of your network interfaces have a MAC address, be it a wireless or wired interface, it will have a mac address burned into it. As soon as you connect to a wireless network, or a LAN with a wired cable, that particular MAC address is used to identify you in combination with an IP address within that LAN. The MAC addresses do not go further, they do not go outside the LAN, they do not go outside the first jump from the first router. So, as soon as you go through the first router from your computer, your MAC address is no longer being shared. Anyway, let’s see what a MAC address looks like. So, what command do we use if we want to list our network interfaces? We will be using ifconfig. Press Enter, there we go. I have a loopback interface which I’m not really that interested in, I would like to remove it for the time being, ifconfig eth0, and there we go. I just wanted a listing for this particular interface, and this is your hardware address. Do not confuse it with the ipv6 address which is here. You can see that it is quite a bit lot longer, and it has far more characters than a MAC address. The first three sets of the MAC address are used to identify the manufacturer of the device. You can’t really utilize these last three sets because you don’t really know what the manufacturer has done with them. But, you can use the first three sets in order to figure out who has produced the device, and if you know which company has made has made the device, then you can research the possible vulnerabilities for that device. This is also one of the methods of foot printing, or figuring out a MAC address of a device. If you have a MAC address, you can conclude with reasonable safety who produced the device, and in doing so you will get a better idea of what you can do with the device, how you can exploit it, and so on. Let’s take a closer look here, ifconfig eth0, you can also do this. Let me show you an application of the grep command. You can use | grep, and you type in HWaddr, and there you go, this is a far better listing. It will list eth0, link encap:Ethernet, and HWaddr, so you can see clearly what is written here. I could use the awk command to filter this out, and leave only the MAC address to be printed out, but this provides a good overview as well. Keep in mind that other things can be listed here from one system to another, but you can always view it using the ifconfig command. Once you know how MAC addresses are written, when you know their formats, you will be able to recognize them even in a vast mass of information.

Since MAC addresses are used to identify you within a wireless network, if somebody actually checks the devices within the network they will know who you are, they will be able to kick you off the network, and we would like to protect ourselves from being identified. We want to be anonymous. One of the downsides of MAC addresses and them being used as means of identification, is that you can view the other MAC addresses on the same network. You can then copy those MAC addresses, use them as your own, perform some sort of shenanigans on the network, admins will notice that there is a problem, then they will permanently ban that MAC address. You have successfully performed a denial of service attack. I have seen this used at university multiple times. Basically, what people would do is figure out what the professor’s laptop MAC address is, they would then deliberately perform some kind of malicious activity such as attempting to login in to the router, the administrators would notice, and they would permanently ban that MAC address. This would effectively render the laptop useless for that lecture because that laptop could no longer connect to the wireless projectors where the presentations were being held. They eventually did get caught, and it was a pretty messy situation, but I’m just giving you an example of how these things can be used and abused. I am not suggesting that you should do this. Instead, use it for a benevolent purpose. Don’t use it for silly things that literally have no benefit.

In this particular tutorial I would like to introduce you to a tool called macchanger, so macchanger, press enter, and there you go. You can see it is installed by default with Kali. So, it says Usage: macchanger [options] and then device. I’m going to clear this and type macchanger – -help. Let’s see what kind of options we have with this tool. So, you see you have a few options, not many, it’s a fairly simple tool. We just passed –help, we can print the version and exit, we can print the MAC address and exit. Actually, I have never tried this. Let’s give it a try. macchanger -s eth0. It does indeed give the address. I have always used ifconfig. It gives us the permanent MAC address, and then you have the current MAC address with which we can do whatever we want. Go ahead and clear the screen, for convenience sake, and call the help menu once more. Now this is what I was talking about a moment ago, it says do not change vendor bytes. So, if you want to change your MAC address but still stay within the same vendor, it says don’t change the vendor bytes. Those are the first six characters, the first three sets that is. We can set a random vendor Mac of the same kind, you can also use these parameters, however they are not used very often. Usually, what you would use is either a fully random MAC address, or you would use one for a particular vendor. So you would go online, see what the particular vendor MAC addresses are, or you can print known vendors. There is a list included with the program, let me just show you, -l, and there are a lot of them. So it is only showing you the first three sets, and then for the other three you can type in whatever you feel like typing in. If you would like to be discrete on a network, as a standardized device within that network and not raise any suspicions, this is a good way of doing it. You can have the MAC address of a device that the network administrator is familiar with. They won’t be able to tell the difference unless they actually dig deeper. The important thing here is that if anybody digs deep enough they will find that you are doing something, but the idea is not to raise any flags, any suspicion, and in such a way pass through unnoticed. You of course have the ability to generate a fully random MAC address, and you can also set your own. You can use the -m parameter, or –mac, and then you type in the MAC address that you would like. People will use the MAC addresses of legit devices on the network to conduct malicious activity, and then those devices would be banned.

Let me show you what changing a MAC address looks like. We will deal with this sort of an attack a bit later on when we get into wireless hacking, and breaking wireless encryption, and what you can do on a wireless LAN network. Here I just want to show you what a changed MAC address looks like. So let’s just show eth0. Ok, so, we’ve seen this a moment ago, now here’s what happens when I use macchanger. macchanger -random eth0, press Enter, and there we go. It says permanent, current, new. So this is the new MAC address and it says unknown, I haven’t assigned it to any particular vendor. If I now say show, excellent! So it says permanent and current. The current one is the one that is being shown, that can be seen within the LAN network, and that is used to identify you. You can’t actually destroy your own MAC address because it’s literally burned into the device, this one will be shared with everybody else, and this one will remain within your own computer. It will not exit your interface. Anyway, a good practice would be to set up a script which upon booting changes the MAC address, and sets it to random every time you boot your computer. I will show you this in the next tutorial. Until then I hope that you have enjoyed the tutorial, and thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will actually connect to a VPN service provider, and I will show you how to prevent DNS leaks as well. Anyway, before I go into all of those technical things, I just wanted to say that VPNs are also a cheap solution if you’re looking for a static IP address. So if you want to setup a home web server, or file-sharing server, with a static IP address you can have a VPN for around $10 a month. That’s a very economical solution for a static IP address, as opposed to going through your ISP provider who will sell it to you for a much larger sum of money. I just wanted to mention that as a bit of extra information.

What we are going to do today is open up this website. I’ve opened up this one, you can open up any other that you would like, but be sure to check the reviews. I am using OpenVPNbook.com because I didn’t need to register, or anything of a kind, I could just start using the VPN service. I don’t need to install any additional software, or anything like that, I just need to download a configuration file, and that is fantastic. That works great for me because there’s minimal work needed, and it’s going to work for you as well. However, if you wish to use a different VPN provider, please feel free to do so. In fact, I encourage you to go out on the internet and have a look around to see which VPN providers are out there, what people are saying about each one of them, and which are the best. Which are the best in terms of cost, privacy, speed, stability, and so on and so forth. Sometimes you will get a VPN and the connection tends to break from time to time. That can be a bit inconvenient. Let’s go ahead and begin the connection process. So, I don’t want PPTP, I want OpenVPN, and which one am I going to take? Okay, let’s take the Germany based VPN. This is a certificate bundle. It should open with ARC manager without any problems. Let’s extract this to the desktop, and then I’ll create a new folder for them. Let’s make it a bit neater, openVPN, there we go. Let’s copy these things into this folder here and move it right there.

Do you remember how we downloaded duplicates of packets with the same name, except one had gnome in the name of the packet and the other one didn’t? So you’ve downloaded the plugins for the gnome network manager, and we’ve downloaded the actual packages for which we can use via a terminal as well. Today, I’m going to connect to a VPN using nothing but terminal. You can also do it through the network manager here. It says VPN connections, configure VPN, as we’ve done before. You just say add, then you can choose here, or you can just import these files here. This is a very simple process and you can do it through a network manager. However, chances are that you will find yourself in an environment that doesn’t have a GUI, and you will need to do it via terminal. The process is not very complicated. You just have two to three commands that you need to type in, and that’s it, no additional configuration is needed. It’s going to auto-load without any problems. Go ahead and clear the screen, you see I’ve been doing some work there, and go ahead and navigate to your desktop. So, /root/Desktop/openVPN/. Let’s see what’s in there. No, I do not want that sort of listing, give me a detailed listing. The LS command has different forms of listings. I can say la, I’ve shown this in one of the first tutorials dealing with the Linux command line interface. So ls -l, and which one shall we choose? We have port 443 going over TCP, TCP port 80, UDP port 25,000, and UDP port 53. I’m going to go ahead with port 443. So type in openvpn – -config vpnbook-de233-, which one is it, tcp443.ovpn, press ENTER, and it’s going to prompt you for a username. Don’t panic. The username is right on the website. See here you have a username. I’m going to go ahead and copy that, press Enter, and we also need the password. I can’t imagine why they added password because it’s a public password for anyone to use. Paste it here, press ENTER, and the connection is now going, it’s being routed, it should be established any moment now. I’m going to go ahead and close this site because I will want to reinitialize Firefox. There you go. Initialization sequence completed. Let’s see where I am. What is my IP? Your IP is 178.162.193.233, and apparently I am in Germany. I can assure you that I am NOT in Germany. That is definitely the IP of the VPN. But, this sort of configuration that we have done now will not withstand the DNS leak test, so we need to actually do some alterations there as well.

In order to protect against DNS leaks, we will need a new terminal, so go ahead and open it. Type in nano /etc/resolv.conf, press enter, and there you go. Now this is generated by the network manager by default, and the nameserver is, this is basically your home router IP address in a LAN. This is not a public IP address, this is one in he LAN that you use to access the router from the LAN network. We don’t want our computer to use our ISP’s DNS servers, do let’s just comment that out. The way this works is your DNS requests are forwarded here to this nameserver, this is basically the IP address of your router, and then your router forwards them to your ISP provider. This in turn records all of your traffic, and this can eventually be used in order to reveal your physical location, which is something we want to avoid. So instead of using the DNS server of your ISP provider, what you want to do is go ahead and type opendns in your browser. I can’t do a DNS test like this because I will show you my IP address, but I assure you that this will not pass. So, where is it? For business, personal, partners, yes, there we go. Go ahead and scroll down and click on DNS, wait for it to open. So on the right side of the page you can see that you have these IP addresses. We have 208.67.222.222, so just go ahead and copy that. This is open DNS which is one of the fastest, safest DNS services on the planet. They’re very nice to use. Other than that, you also have Google’s DNS servers which are 8.8.8.8 and 8.8.4.4, if I’m not mistaken. Nameserver, space, paste, and now I want another one. Name server, space, and I would like to also have this one as well. Now the reason why you are using two IP addresses and not one is because you want to have a fallback. So if this fails, if for whatever reason this server appears to be down, or if your packets fail to reach it, you don’t want your web browser telling you that the connection can’t be established. Instead, you want it to fall back to this one, and then attempt here, and in all likelihood it’s going to pass. Control + O to save it, and Control + X to exit. Do not restart your network manager because it will preload the file once again, and you will again be stuck with the DNS servers of your ISP provider. So let’s just go ahead and see what our DNS leak test says, so check for DNS leak. We’re going to do a standard test. You see the IP address is still shown here. It’s telling me that I’m from Germany, but I’m not. Let’s do a standard test and see what happens here. It says hostname, you see ISP, which we can conclude from the hostname as well, and we have the IP addresses here. Let’s take a look at the ISP here. It says ISP OpenDNS, OpenDNS, OpenDNS. The ISP provider from my own country has not been revealed here, it has been hidden. If I didn’t do this I would definitely have a DNS leak here.

Anyway, that is how to protect yourselves, that is how to establish a tunnel, something of a kind. I strongly encourage you to establish VPN connections from the terminal. You will have pre-configured files, you can even do the configurations manually if you really feel like it. As I said before, you can also do it through the network manager, but I strongly advise against it. The network managers can be different from one system to another, so this is not really a universal way of doing it. Furthermore, there are environments, you will encounter a large amount of environments, that won’t have a GUI, or you will be in an environment that has GUI but you will not have the ability to use it. I advise to you to become comfortable doing such configurations in the terminal. If you really want to do it through the network manager, and if you can’t do it on your own, there are a lot of instructions on the net. If you don’t feel like going through forums, feel free to ask in the questions section, and I will be more than happy to help you out, depending on which network manager you are using. In any case, I bid you farewell, I thank you for watching, and I’ll see you next time.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I am going to introduce you to VPNs, or virtual private networks, and how you can actually connect to them.

If you try to connect to one here, open up your VPN connections here and say configure VPN, you will see that all of the options are unavailable. You will get an error message saying, no VPN plug-in available. Please install one to enable this button. First, we will need an internet connection in order to install these plugins, and if you are on an unsafe connection, or something like that, I would definitely not recommend doing this. Instead, do it from your home network. Install all of the plugins, do all of the necessary prep work, and then you can connect to the VPN of your choice through some other network. In any case, just go ahead and close the network manager. If I hover my mouse over it, it says wired network device not managed. This can present a bit of a problem, so let’s just go ahead and solve that. It’s a relatively easy fix. Go ahead and type in nano /etc/NetworkManager/, with a capital N, and, again, NetworkManager.conf. This is the configuration file for our network manager, and you see here it says managed=false. Let’s replaces this with true, and that’s going to be it. Ctrl + O to save it, Ctrl + X to exit. You will need to restart the network manager in order to apply the updated configuration. So, just type in service network-manager restart. Linux is case sensitive. So, for example, touch test and Test, and if I created these two files they would be completely different. I felt like I should mention that somewhere here as it can be useful, and there we go it says, Wired Network Ifupdown (eth0). Now the interface is managed, so this should work now. Let’s just go ahead and clear the screen.

I have a small file here, it’s basically a list of commands for things that we need to install. I figured it would save some time by writing them down here, and not writing them manually during the tutorial. We’re going to need a few additional plugins for our network manager. What we will need is open VPN and pptp, but I’m just going to go ahead and install the rest as well. So let’s just add the -y so we are not prompted with any questions during the setup process. I could actually do one more thing, so let’s see if we can have them all done in one line. So type in apt-get install, and we can just copy these package names. The amount of y’s that I’ve passed there was unnecessary, but perhaps if I had done it in a different way it would have made a difference. I can pass one -y at the end of this long command because I’m just going to list the packets that I wish to install, and it should work without any problems. So, what is the last one? I need network manager vpnc as well, so let’s just go ahead and paste that here. The last one is the gnome extension, of course, for the GUI. Paste it, pass -y at the end, press ENTER, and there we go. It’s going to proceed on with the installation. There’s going to be a lot of new packets installed. They’re pretty small as they are plugins, so they shouldn’t actually take too much of your hard-disk space, or anything like that. The installation process is fairly fast, this will not take a lot of our time, but you see at the end it actually, well not at the end, but it is restarting the network manager. I will perform an additional reset at the end to cofirm that everything is up-to-date. Actually, it did it by default which is very nice. So, just by stopping and starting the network manager, it’s actually loading up the new configuration, and it seems to be working just fine.

So we no longer need this set of commands. As you saw, you don’t need to actually use every one of these individually. You can just issue one apt-get install command, and then type in all of the packets that you wish. So let’s just go ahead and minimize this, as I’m not gonna need it now, and I can click on add. When I click on add, I will get a list of possible VPN connections that I can use here. I’m just going to stop the tutorial here. In the next one we will have a lot of work to do. We need to go onto a website, find a suitable VPN, and test them out. See how good they are, and see what sort of IP addresses we can actually get from them. In any case, I bid you farewell, and I hope to see you in part 2.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato