Use Aircrack-ng To Test Your WiFi Password on Kali Linux

Objective

Test the security of your WiFi password by attacking it

Distributions

This will work with any Linux distribution, but it’s recommended that you use Kali.

Requirements

A working Linux distribution with a WiFi adapter and root privileges.

Difficulty

Easy

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Introduction

Most people have terrible passwords, and WiFi is no exception. Your WiFi password is your primary line of defense against unwanted access to your network. That access can result in a whole host of other nasty things because an attacker can monitor the traffic on your network and even gain direct access to your computers.

The best way to prevent such an intrusion is to use the same tools an attacker would to test the security of your WiFi password.

Read more

Create An Evil Twin Of Your Network With Fluxion on Kali Linux

Objective

Use Fluxion to create a evil twin access point to steal WiFi login credentials, demonstrating the need for user education.

Distributions

Kali Linux is preferred, but this can be done with any Linux distribution.

Requirements

A working Linux install with root privileges and two wireless network adapters.

Difficulty

Easy

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Introduction

Users are always the least secure part of a network. Anyone who has any experience as an admin will tell you that most users know absolutely nothing about security. That’s why they’re by far the easiest way for an attacker to gain access to your network.

Read more

Wireshark dialog for creating a capture filter

Filtering Packets In Wireshark on Kali Linux

Introduction

Filtering allows you to focus on the exact sets of data that you are interested in reading. As you have seen, Wireshark collects everything by default. That can get in the way of the specific data that you are looking for. Wireshark provides two powerful filtering tools to make targeting the exact data you need simple and painless.

There are two way that Wireshark can filter packets. It can filter an only collect certain packets, or the packet results can be filtered after they are collected. Of course, these can be used in conjunction with one another, and their respective usefulness is dependent on which and how much data is being collected.

Read more

Introduction to Nmap on Kali Linux

Introduction

Nmap is a powerful tool for discovering information about machines on a network or the Internet. It allows you to probe a machine with packets to detect everything from running services and open ports to the operating system and software versions.

Like other security tools, Nmap should not be misused. Only scan networks and machines that you own or have permission to investigate. Probing other machines could be seen as an attack and be illegal.

That said, Nmap can go a long way in helping to secure your own network. It can also help you to ensure that your servers are properly configured and don’t have any open and unsecured ports. It will also report if your firewall is correctly filtering ports that should not be externally accessible.

Nmap is installed by default on Kali Linux, so you can just open it up and get started.

Read more

crunch kali brute force password attack

Creating Wordlists with Crunch on Kali Linux

crunch kali brute force password attack

Introduction

Wordlists are a key part of brute force password attacks. For those readers that aren’t familiar, a brute force password attack is an attack in which an attacker uses a script to repeatedly attempt to log into an account until they receive a positive result. Brute force attacks are fairly overt and can cause a properly configured server to lock out an attacker or their IP.

This is the point of testing the security of log in systems this way. Your server should ban attackers that attempt these attacks, and should report the increased traffic. On the user end, passwords should be more secure. It’s important to understand how the attack is carried out to create and enforce a strong password policy.

Kali Linux comes with a powerful tool for creating wordlists of any length. It’s a simple command line utility called Crunch. It has simple syntax and can easily be adjusted to suit your needs. Beware, though, these lists can be very large and can easily fill an entire hard drive.

Read more

wordpress login test penetration test

Test WordPress Logins With Hydra on Kali Linux

wordpress login test penetration test

Introduction

There are web forms all over the Internet. Even sites that don’t usually allow regular users to log in probably have an admin area. It’s important when running and deploying a site to make sure that the passwords gating access to sensitive controls and admin panels are as secure as possible.

There are different ways to attack a web application, but this guide is going to cover using Hydra to perform a brute force attack on a log in form. The target platform of choice is WordPress. It is easily the most popular CMS platform in the world, and it is also notorious for being managed poorly.

Remember, this guide is intended to help you protect your WordPress or other website. Use on a site that you don’t own or have written permission to test is illegal.

Read more

Kali Linux Burp Suite Tutorial

When it comes to testing the security of web applications, you’d have a hard time finding a set of tools better than Burp Suite from Portswigger web security. It allows you to intercept and monitor web traffic along with detailed information about the requests and responses to and from a server.

This tutorial covers setting up Burp Suite and using it as a proxy for Firefox, how to gather information and use the Burp Suite proxy, a realistic testing scenario using information gathered through the Burp Suite proxy and many of the other features that Burp Suite has to offer.

Read more

How to change MAC address using macchanger on Kali Linux

Objective

The objective is to change or fake an original network card’s hardware MAC address. The following article will show how to change MAC address using macchanger on Kali Linux.

Requirements

Privileged access to you Kali Linux system.

Difficulty

EASY

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

Instructions

Change to a Random MAC address

First, let’s see how we can use macchanger to change network card’s hardware MAC address to a random address. We can start by investigating our current MAC address of eg eth0 network interface. To do this we execute macchanger with an option -s and an argument eth0.

Read more

Nagios Compile Configuration On Ubuntu 18.04

Install Nagios on Ubuntu 18.04 Bionic Beaver Linux

Objective

Install and configure Nagios on Ubuntu 18.04 Bionic Beaver

Distributions

Ubuntu 18.04

Requirements

A working install of Ubuntu 18.04 with root privileges

Difficulty

Easy

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – requires given linux commands to be executed as a regular non-privileged user

What is Nagios

Nagios is one of the best enterprise grade server monitoring solutions available. Unlike cPanel, it’s available across a wide range of Linux distributions, including Debian and Ubuntu.

Since Ubuntu 18.04 is an LTS release, upgrading your servers and running Nagios on them could be a great idea. Even though Nagios isn’t up to date in the Ubuntu repositories, and setup isn’t turn-key, it’s still not too hard to get it running.

Read more

Ubuntu Bionic ClamTK

Scan Ubuntu 18.04 For Viruses With ClamAV

Objective

Install ClamAV on Ubuntu, and scan for viruses.

Distributions

Ubuntu 18.04

Requirements

A working install of Ubuntu 18.04 with root privileges

Difficulty

Easy

Conventions

  • # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
  • $ – given linux commands to be executed as a regular non-privileged user

Introduction

Viruses on Linux aren’t all that common, but they do still exist. So, it’s a good idea to set up an antivirus on your Linux desktop, and perform a scan every so often. It’s also a good idea to scan any new files you bring on to your computer to ensure that they’re safe.

On Linux, there isn’t the same wealth of antivirus options as there is on other operating systems. That’s mostly because there isn’t a need. That’s alright, though. ClamAV does the job very well.

It’s also worth noting that ClamAV doesn’t behave like a Windows antivirus. It doesn’t hog up RAM or run in the background all the time. It also doesn’t have all of the extra bells and whistles. It scans for viruses, and that’s about all.

Read more

How to deny all incoming ports except FTP port 20 and 21 on Ubuntu 18.04 Bionic Beaver Linux

Objective

The objective is to enable UFW firewall, deny all incoming ports however only allow FTP port 20 and 21 on Ubuntu 18.04 Bionic Beaver Linux

Operating System and Software Versions

  • Operating System: – Ubuntu 18.04 Bionic Beaver

Requirements

Privileged access to your Ubuntu 18.04 Bionic Beaver will be required.

Difficulty

EASY

Conventions

Read more