Wireless Hacking

This is just a quick post to provide the presentation I gave tonight at PwnSchool.  If you’d like to review it you can download it here.  Thanks!

Topics covered:

  • Introduction to Radio Frequency
  • Wireless  Hacking (WEP and WPA2)
  • RFID Hacking (HID Prox and MIFARE)
  • Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)

QuickHit: wget Website Mirroring

You may often need to mirror all (or part) of a website for offline analysis.  The ‘wget’ program has some easy features to use when you want to quickly get a local copy of a site and correct common issues (like links pointing to server locations).  Set up one of these behind the scenes while you work on other aspects, then peruse at your leisure.

Update 2018-07-21: Or just use the script I wrote to simplify this for my customized Kali build, available here.

Continue reading “QuickHit: wget Website Mirroring”

Multi-OS Boot Build

One of the most frustrating things to do is shuffle various USB drives trying to remember which one you were using last (for persistent OS boots), or which one has the working version of “X” operating system/which installer.  This article covers how to take an external USB drive (whether a large thumb drive or an actual external hard drive) and turn it into a whizbang multi-OS booting device.

Continue reading “Multi-OS Boot Build”

Bruteforcing ESSID Values

If you need to reveal an (E)SSID you can do this simply through MDK3.  To do so we’ll use the “p” mode, as follows:

mdk3 {INTERFACE} p -f /path/to/file/of/potential_names -t {AP_MAC_ADDRESS} -b {CHARSET}

For the “CHARSET” you can use “a” (for all characters, not recommended except for tiny names), or one or more of the following:

  • u – Uppercase
  • l – Lowercase
  • n – Numbers
  • s – ASCII symbols

Good hunting!

MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation

This is quick-hit version of part three of a three part series on Metasploit Fundamentals that I wrote to update my previous work (from 2014) on Metasploit. If you’re looking for a more hands-on/in-depth version of this article you can access training on this topic here: MSF Fundamentals – Part 3 of 3 (Pivoting and Automation) (basic_0x04)

The purpose of this article is to cover pivoting, port-forwarding, and automation to expand the reach of your tools and reduce the amount of time you spend on repetitive work.  Part one covered starting up the MSF, finding an exploit, finding a matching payload, and configuring everything up to the point of launching the exploit. Part two covered exploitation and post-exploitation modules to the point where you are comfortable with the various ways of manipulating a system after you’ve opened a session to it.  This training assumes you’re using a 2016 variant of Kali Linux and that it’s patched up to at least August 2016. If that’s true, then let’s go!

Continue reading “MSF Fundamentals 2017 (Part 3 of 3) – Pivoting and Automation”

Create a website or blog at WordPress.com

Up ↑