home > A computer > Igor Naidyonov. Best Password Cracking Programs Sniffing Data in Other Programs

Igor Naidyonov. Best Password Cracking Programs Sniffing Data in Other Programs

But some readers complain that it takes too long to crack WPA2, and WPS protection is not enabled on all access points (in my opinion, there are still quite a lot of access points with WPS). To help you in such situations, I will tell you about a practically guaranteed way to get a Wi-Fi password without any hacking using

Hidden from guests

Stages of the Wifiphisher Strategy

The idea is to create and then deauthenticate the user from its original point (a DoS attack is also suitable for this). After reconnecting, it will land on your fake hotspot with the same SSID and see what appears to be a real webpage asking for a password due to a "firmware update". Once the password is entered, you will intercept him and let him use the evil twin as a real access point so that he does not suspect anything. Great plan!

So Wifiphisher does the following:

Kicks the user out of the real access point.
Allows him to enter your fake hotspot.
Shows the user a web page notifying the user of a successful "firmware update" and the need to re-enter credentials.
Gives a Wi-Fi password to a hacker while an unsuspecting user continues to surf the Internet.

Such scripts are nothing new, take Airsnarf for example. But Wifiphisher compares favorably with them in its advancement. This automatic script greatly simplifies your work, however, if you wish, you can always follow the above steps manually

To achieve your goal, you will also need two , one of which is capable of injecting packets. In this case, I used the . You can choose other adapters, but before doing so, make sure they are compatible with (support package injection). Please don't complain that nothing works for you until you check your wireless adapter and don't make sure it's capable of doing packet injection. Most models do not have this option.

Now, let's take a look at Wifiphisher.

Step 1: Download Wifiphisher

To get started, fire up Kali and open a terminal. Then download Wifiphisher from

Hidden from guests

And unzip the code.

Kali > tar -xvzf /root/wifiphisher-1.1.tar.gz

The screenshot below shows what I unpacked source Wifiphisher.

Alternatively, you can copy the code from GitHub by running the following command:

Kali > git clone https://github/sophron/wifiphisher

Step 2: Open the utility directory

Kali > cd wifiphisher-.1.1

Looking through the contents of this directory, you will see the wifiphisher.py script there.

Kali > ls -l

Step 3: Run the script

You can run the Wifiphisher script with this command:

Kali > python wifiphisher.py

Please note that before the name of the script, I put the name of the interpreter - python.

During the first run, the script will most likely tell you that "hostapd" was not found and prompt you to install it. Enter "y" (yes) to start installing hostapd.

Once the installation is complete, run the Wifiphisher script again.

Kali > python wifiphisher.py

This time it will start a web server on port 8080 and 443 and then find all available Wi-Fi networks.

After that, you will see a list of all detected WiFi networks on the screen. In my example, the utility was able to find a network called "wonderhowto". She will be the target of our attack.

Step 4: Start the attack and get the password

Click ctrl+c on your keyboard and the application will ask you to enter the number of the access point you want to attack. In my case, this is point number 12.

After pressing the Enter key, Wifiphisher will show you the page that you can see in the screenshot below. This means that the interface is currently in use and the SSID is being cloned and the selected access point is being attacked.

The user will be disconnected from their access point. During the reconnect, it will be directed to our .

Once this happens, the proxy on the web server will intercept the request and present the user with a fake login page informing them of the installation. new version router firmware and the need to re-authenticate.

As you can see, I entered my password (nullbyte) and clicked Submit.

When the user enters their password, it will be sent to you via the open Wifiphisher terminal. Then the utility will allow the user to access the Internet through your system so that he does not suspect anything.

Now you can get even the most complex password from wifi ! Do not forget to come back to us sometimes for new interesting articles on various hacking techniques!

The material was not created for hacking and capturing personal data. And in order to make it clear the scheme and principle of protection to a simple user of his data. If you know the scheme from the inside, then you will understand how to protect yourself in a cafe or other public places by connecting to any available network. Let's say, as an example, WiFi in a cafe, perhaps everything described below is already included in the program staff of this cafe. All this is real, if the article does not convince you, try to do it yourself. If you don’t understand something, you can ask for help at the very bottom of the article in the comment.

Let's take one of many examples: Google asks all Site Administrators to switch from HTTP to HTTPS, thereby creating encrypted connections between the client and the server (Between you and the site). Hosters (Site Administrators) are in no hurry to switch to HTTPS, many clients still use operating system Windows XP, which does not support this HTTPS protocol, but runs on the old HTTP. Thus, a client using Windows XP will simply not go to such a site with an encrypted HTTPS connection. One of the reasons why hosts don't use HTTPS. Below is a more detailed description:
Very often they (your data) are transmitted over the network in an unsecured form. Therefore, if the site on which you are trying to log in uses the HTTP protocol, then it is very easy to capture this traffic, analyze it using Wireshark, and then use special filters and programs to find and decrypt the password. But do not despair, in order to intercept your passwords, you need to connect to your network. WiFi, for example, you need to find out the password from the beginning, and only then other passwords for your resources. Why at this time there is a lot of talk about not connecting to WiFi in cafes or other unfamiliar places. Because your traffic will go through this network, and then, what's next, read on.
The best place to intercept passwords is the core of the network, where the traffic of all users goes to closed resources (for example, mail) or in front of the router to access the Internet when registering on external resources. We set up a mirror and we are ready to feel like a hacker.

Now everything is in order:

Step 1. Install and run Wireshark to capture traffic

Sometimes for this it is enough to select only the interface through which we plan to capture traffic, and click the Start button. In our case, we capture wirelessly.
Traffic capture has begun.

Step 2. Filtering captured POST traffic

We open the browser and try to log in to any resource using the username and password. Upon completion of the authorization process and the opening of the site, we stop capturing traffic in Wireshark. Next, open the protocol analyzer and see a large number of packages. This is the stage where most IT professionals give up because they don't know what to do next. But we know and we are interested in specific packets that contain POST data that is generated on our local machine when filling out a form on the screen and sent to remote server when you click the "Login" or "Authorization" button in the browser.
Enter a special filter in the window to display captured packets: http.request.method == “POST”
And instead of a thousand packages, we see only one with the data we are looking for.

Step 3. Find the username and password

Quick right-click and select Follow TCP Steam from the menu
After that, text will appear in a new window, which in the code restores the page content. Let's find the "password" and "user" fields, which correspond to the password and username. In some cases, both fields will be easy to read and not even encrypted, but if we are trying to capture traffic when accessing very well-known resources such as: Mail.ru, Facebook, Vkontakte, etc., then the password will be encoded:
HTTP/1.1 302 Found
Date: Mon, 10 Nov 2014 23:52:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
set-cookie: non=non; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Set-Cookie: password=e4b7c855be6e3d4307b8d6ba4cd4ab91; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
set-cookie: scifuser=networkguru; expires=Thu, 07-Nov-2024 23:52:21 GMT; path=/
Location: loggedin.php
Content Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
So in our case:
Username: networkguru
Password:

Step 4Determine the type of encoding to decrypt the password

We go, for example, to the site and enter our password in the window for identification. Choose an encoding protocol:

Step 5: Decrypt User Password

At this stage, we can use the hashcat utility:
~# hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt
At the output, we received a decrypted password: simplepassword
Thus, with the help of Wireshark, we can not only solve problems in the operation of applications and services, but also try ourselves as a hacker by intercepting passwords that users enter in web forms. You can also find out passwords for user mailboxes using simple filters to display:
The POP protocol and filter looks like this: pop.request.command == "USER" || pop.request.command == "PASS"
IMAP protocol and filter would be: imap.request contains "login"
SMTP protocol and the following filter will be required: smtp.req.command == "AUTH"