Easily bypass MAC address filtering on WiFi

MAC Address filtering is included in all modern routers and access points. Normally you would think this is a secure way of stopping people connecting to your network? Using Kali Linux and the Aircrack/Airomon suite it only takes a few second to get around this. Start by launching the airodump utility to see wireless networks … Read moreEasily bypass MAC address filtering on WiFi

Cracking WPS Enabled WPA/WPA2 networks with Reaver

Wi-Fi Protected Setup (WPS; originally, Wi-Fi Simple Config) is a network security standard to create a secure wireless home network. Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to … Read moreCracking WPS Enabled WPA/WPA2 networks with Reaver

Remotely stealing windows credentials with WordSteal

Microsoft Word has the ability to include images from remote locations. This is an undocumented feature but was found used by malware creators to include images through http for statistics. We can also include remote files to a SMB server and the victim will authenticate with his logins credentials. This is very useful during a … Read moreRemotely stealing windows credentials with WordSteal

Exploiting Microsoft Office and delivering a payload using Microsoft DDE

Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange (DDE) protocol. The DDE protocol is a set of messages and guidelines. It sends messages between applications that share data and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time … Read moreExploiting Microsoft Office and delivering a payload using Microsoft DDE

Kali VMWare Tools Installation

It is very important that you install VMware Tools in the guest operating system. With the VMware Tools SVGA driver installed, Workstation supports significantly faster graphics performance. The VMware Tools package provides support required for shared folders and for drag and drop operations. Other tools in the package support synchronization of time in the guest … Read moreKali VMWare Tools Installation

Capturing packets and cracking WPA with Airmon/Airodump (Wordlists)

This example assumes that you have a wireless adapter capable of entering motor mode and that you have the aircrack-ng suite of tools installed. These come pre-installed on the Kali Linux distribution. Determine the adapter to use for capturing: Make note of your wireless adapter interface, e.g. wlan0. Next we need to use airmon to … Read moreCapturing packets and cracking WPA with Airmon/Airodump (Wordlists)

Wordlists to use in Kali for password cracking

Wordlists are invaluable when looking at breaking passwords. Wordlists are used over brute force as they’re made up of real words and phrases that people would generally use as passwords. Wordlists can be faster to process before looking at brute-force password cracking. There are now a horde of wordlists available to use; some of which … Read moreWordlists to use in Kali for password cracking

Using Steganography to hide data in images

Steganography is the hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted data. There are a few … Read moreUsing Steganography to hide data in images

Attack Simulation: Meterpreter payload over reverse HTTP/HTTPS

This example will show you how to create a Meterpreter HTTP listener on a specific port and generate a payload for the target machine to connect back to. Using a reverse HTTP/HTTPS payload is more unsuspecting to the target as it appears to be normal web traffic going to a domain through port 80 or … Read moreAttack Simulation: Meterpreter payload over reverse HTTP/HTTPS

Scanning networks with Zenmap (nmap GUI)

One of the most useful tools already included in Kali Linux is a front-end UI to nmap. This will allow you to visually see scan results and perform tasks on hosts; without knowing the command line options of nmap. Although included in Kali by default, Zenmap can be easily installed on any Linux distribution. Zenmap … Read moreScanning networks with Zenmap (nmap GUI)