Diferències
Ací es mostren les diferències entre la revisió seleccionada i la versió actual de la pàgina.
| Ambdós costats versió prèvia Revisió prèvia Següent revisió | Revisió prèvia | ||
| info:cursos:pue:ethical-hacker:sesion4 [20/02/2025 07:11] – mate | info:cursos:pue:ethical-hacker:sesion4 [20/02/2025 07:54] (actual) – [Lab 2: Perform Wireless Attacks] mate | ||
|---|---|---|---|
| Línia 98: | Línia 98: | ||
| - A CWE website appears in Microsoft Edge web browser, displaying the details of CWE-319 ClearText Transmission of Sensitive Information. | - A CWE website appears in Microsoft Edge web browser, displaying the details of CWE-319 ClearText Transmission of Sensitive Information. | ||
| - Similarly, click the http:// | - Similarly, click the http:// | ||
| - | - Scroll down to the DESCRIPTION here, we can observe that the X-Frame-Options Header is Missing which will make this site vulnerable to click-jacking.{{: | + | - Scroll down to the DESCRIPTION here, we can observe that the X-Frame-Options Header is Missing which will make this site vulnerable to click-jacking.{{: |
| - Now, expand X-Content-Type-Options Header is Missing node and click on http:// | - Now, expand X-Content-Type-Options Header is Missing node and click on http:// | ||
| - | - Under DESCRIPTION section we can observe that the browsers can perform MIME sniffing which can cause the browsers to transform non-executable content into executable content.{{: | + | - Under DESCRIPTION section we can observe that the browsers can perform MIME sniffing which can cause the browsers to transform non-executable content into executable content.{{: |
| - Similarly, you can view the the RECOMMENDATION section and click on the reference link under REFERENCES section. | - Similarly, you can view the the RECOMMENDATION section and click on the reference link under REFERENCES section. | ||
| - You can also use other web application vulnerability scanning tools such as: | - You can also use other web application vulnerability scanning tools such as: | ||
| Línia 116: | Línia 116: | ||
| - Click the Show hidden icons icon, observe that the WampServer icon appears. | - Click the Show hidden icons icon, observe that the WampServer icon appears. | ||
| - Wait for this icon to turn green, which indicates that the WampServer is successfully running. | - Wait for this icon to turn green, which indicates that the WampServer is successfully running. | ||
| - | - Launch the Mozilla Firefox web browser and go to http:// | + | - Launch the Mozilla Firefox web browser and go to http:// |
| - Here, we will perform a brute-force attack on the designated WordPress website hosted by the Windows Server 2022 machine. | - Here, we will perform a brute-force attack on the designated WordPress website hosted by the Windows Server 2022 machine. | ||
| - | - Now, we shall set up a Burp Suite proxy by first configuring the proxy settings of the browser.In the Mozilla Firefox browser, click the Open application menu icon in the right corner of the menu bar and select Settings from the drop-down list. The General settings tab appears. In the Find in Settings search bar, search for proxy and in the Search Results, click the Settings button under the Network Settings option.{{: | + | - Now, we shall set up a Burp Suite proxy by first configuring the proxy settings of the browser.In the Mozilla Firefox browser, click the Open application menu icon in the right corner of the menu bar and select Settings from the drop-down list. The General settings tab appears. In the Find in Settings search bar, search for proxy and in the Search Results, click the Settings button under the Network Settings option.{{: |
| - | - The Connection Settings window appears; select the Manual proxy configuration radio button and specify the HTTP Proxy as 127.0.0.1 and the Port as 8080. Tick the Also use this proxy for HTTPS checkbox and click OK. Close the Settings tab and minimize the browser window.{{: | + | - The Connection Settings window appears; select the Manual proxy configuration radio button and specify the HTTP Proxy as 127.0.0.1 and the Port as 8080. Tick the Also use this proxy for HTTPS checkbox and click OK. Close the Settings tab and minimize the browser window.{{: |
| - | - Now, minimize the browser window, click the Applications menu form the top left corner of Desktop, and navigate to Pentesting --> Web Application Analysis --> Web Application Proxies --> Burpsuite CE to launch the Burpsuite CE application.{{: | + | - Now, minimize the browser window, click the Applications menu form the top left corner of Desktop, and navigate to Pentesting --> Web Application Analysis --> Web Application Proxies --> Burpsuite CE to launch the Burpsuite CE application.{{: |
| - In the next window, select the Use Burp defaults radio-button and click the Start Burp button. | - In the next window, select the Use Burp defaults radio-button and click the Start Burp button. | ||
| - | - The Burp Suite main window appears; click the Proxy tab from the available options in the top section of the window.{{: | + | - The Burp Suite main window appears; click the Proxy tab from the available options in the top section of the window.{{: |
| - | - In the Proxy settings, by default, the Intercept tab opens-up. Observe that by default, the interception is active as the button says Intercept is on. Leave it running.{{: | + | - In the Proxy settings, by default, the Intercept tab opens-up. Observe that by default, the interception is active as the button says Intercept is on. Leave it running.{{: |
| - Switch back to the browser window. On the login page of the target WordPress website, type random credentials, | - Switch back to the browser window. On the login page of the target WordPress website, type random credentials, | ||
| - Switch back to the Burp Suite window; observe that the HTTP request was intercepted by the application. | - Switch back to the Burp Suite window; observe that the HTTP request was intercepted by the application. | ||
| - | - Now, right-click anywhere on the HTTP request window, and from the context menu, click Send to Intruder.{{: | + | - Now, right-click anywhere on the HTTP request window, and from the context menu, click Send to Intruder.{{: |
| - | - Now, click on the Intruder tab from the toolbar and observe that under the Intruder tab, the Positions tab appears by default. In the Positions tab under the Intruder tab observe that Burp Suite sets the target positions by default, as shown in the HTTP request. Click the Clear § button from the right-pane to clear the default payload values. {{: | + | - Now, click on the Intruder tab from the toolbar and observe that under the Intruder tab, the Positions tab appears by default. In the Positions tab under the Intruder tab observe that Burp Suite sets the target positions by default, as shown in the HTTP request. Click the Clear § button from the right-pane to clear the default payload values. {{: |
| - | - Once you clear the default payload values, select Cluster bomb from the Attack type drop-down list. Cluster bomb uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through each payload set in turn so that all permutations of payload combinations are tested. For example, if there are two payload positions, the attack will place the first payload from payload set 2 into position 2 and iterate through all payloads in payload set 1 in position 1; it will then place the second payload from payload set 2 into position 2 and iterate through all the payloads in payload set 1 in position 1. {{: | + | - Once you clear the default payload values, select Cluster bomb from the Attack type drop-down list. Cluster bomb uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through each payload set in turn so that all permutations of payload combinations are tested. For example, if there are two payload positions, the attack will place the first payload from payload set 2 into position 2 and iterate through all payloads in payload set 1 in position 1; it will then place the second payload from payload set 2 into position 2 and iterate through all the payloads in payload set 1 in position 1. {{: |
| - | - Now, we will set the username and password as the payload values. To do so, select the username value entered in Step#14 and click Add § from the right-pane. Similarly, select the password value entered in Step#14 and click Add § from the right-pane.{{: | + | - Now, we will set the username and password as the payload values. To do so, select the username value entered in Step#14 and click Add § from the right-pane. Similarly, select the password value entered in Step#14 and click Add § from the right-pane.{{: |
| - | - Once the username and password payloads are added. The symbol ‘§’ will be added at the start and end of the selected payload values. Here, as the screenshot shows, the values are admin and password.{{: | + | - Once the username and password payloads are added. The symbol ‘§’ will be added at the start and end of the selected payload values. Here, as the screenshot shows, the values are admin and password.{{: |
| - Navigate to the Payloads tab under the Intruder tab and ensure that under the Payload Sets section, the Payload set is selected as 1, and the Payload type is selected as Simple list. Under the Payload settings [Simple list] section, click the Load… button. | - Navigate to the Payloads tab under the Intruder tab and ensure that under the Payload Sets section, the Payload set is selected as 1, and the Payload type is selected as Simple list. Under the Payload settings [Simple list] section, click the Load… button. | ||
| - | - A file selection window appears; navigate to the location / | + | - A file selection window appears; navigate to the location / |
| - | - Observe that the selected username.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: | + | - Observe that the selected username.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: |
| - | - Similarly, load a password file for the payload set 2. To do so, under the Payload Sets section, select the Payload set as 2 from the drop-down options and ensure that the Payload type is selected as Simple list.{{: | + | - Similarly, load a password file for the payload set 2. To do so, under the Payload Sets section, select the Payload set as 2 from the drop-down options and ensure that the Payload type is selected as Simple list.{{: |
| - | - Observe that selected password.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: | + | - Observe that selected password.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: |
| - | - Once the wordlist files are selected as payload values, click the Start attack button to launch the attack.{{: | + | - Once the wordlist files are selected as payload values, click the Start attack button to launch the attack.{{: |
| - | - The Intruder attack of 10.10.1.22 window appears as the brute-attack initializes. It displays various username-password combinations along with the Length of the response and the Status.{{: | + | - The Intruder attack of 10.10.1.22 window appears as the brute-attack initializes. It displays various username-password combinations along with the Length of the response and the Status.{{: |
| - After the progress bar completes, scroll down and observe the different values of Status and Length. Here, Status=302 and Length= 1155. | - After the progress bar completes, scroll down and observe the different values of Status and Length. Here, Status=302 and Length= 1155. | ||
| - | - In the Raw tab under the Request tab, the HTTP request with a set of the correct credentials is displayed. (here, username=admin and password=qwerty@123), | + | - In the Raw tab under the Request tab, the HTTP request with a set of the correct credentials is displayed. (here, username=admin and password=qwerty@123), |
| ==== Task 2: Perform Remote Code Execution (RCE) Attack | ==== Task 2: Perform Remote Code Execution (RCE) Attack | ||
| Línia 152: | Línia 152: | ||
| - Now, open any web browser, and go to http:// | - Now, open any web browser, and go to http:// | ||
| - A WordPress webpage appears. Type Username or Email Address and Password as admin and qwerty@123. Click the Log In button. | - A WordPress webpage appears. Type Username or Email Address and Password as admin and qwerty@123. Click the Log In button. | ||
| - | - Hover your mouse cursor on Plugins in the left pane and click Installed Plugins, as shown in the screenshot.{{: | + | - Hover your mouse cursor on Plugins in the left pane and click Installed Plugins, as shown in the screenshot.{{: |
| - Open Mozilla Firefox web browser and go to https:// | - Open Mozilla Firefox web browser and go to https:// | ||
| - You get signed in successfully in the website. Now, click the Get Started button and click Start for free button under Researcher section. | - You get signed in successfully in the website. Now, click the Get Started button and click Start for free button under Researcher section. | ||
| - | - The Edit Profile page appears; in the API Token section and observe the API Token. Note down or copy this API Token; we will use this token in the later steps.{{: | + | - The Edit Profile page appears; in the API Token section and observe the API Token. Note down or copy this API Token; we will use this token in the later steps.{{: |
| - In the Parrot Security machine, open a Terminal window and execute sudo su to run the programs as a root user (When prompted, enter the password toor). | - In the Parrot Security machine, open a Terminal window and execute sudo su to run the programs as a root user (When prompted, enter the password toor). | ||
| - | - In the Terminal window, run '' | + | - In the Terminal window, run '' |
| - | - The result appears, displaying detailed information regarding the target website.{{: | + | - The result appears, displaying detailed information regarding the target website.{{: |
| - Scroll down to the Plugin(s) Identified section, and observe the installed vulnerable plugins (wp-upg) on the target website. | - Scroll down to the Plugin(s) Identified section, and observe the installed vulnerable plugins (wp-upg) on the target website. | ||
| - | - In the Plugin(s) Identified section, within the context of the wp-upg plugin, an Unauthenticated Remote Code Execution (RCE) vulnerability has been detected as shown in the screenshot.{{: | + | - In the Plugin(s) Identified section, within the context of the wp-upg plugin, an Unauthenticated Remote Code Execution (RCE) vulnerability has been detected as shown in the screenshot.{{: |
| - | - To perform RCE attack, run curl -i ' | + | - To perform RCE attack, run curl -i ' |
| - This curl command exploits a WordPress plugin vulnerability by sending a malicious request to the admin-ajax.php file, allowing an attacker to execute arbitrary system commands via the exec function, potentially leading to remote code execution. | - This curl command exploits a WordPress plugin vulnerability by sending a malicious request to the admin-ajax.php file, allowing an attacker to execute arbitrary system commands via the exec function, potentially leading to remote code execution. | ||
| === Lab 3: Detect Web Application Vulnerabilities using Various Web Application Security Tools | === Lab 3: Detect Web Application Vulnerabilities using Various Web Application Security Tools | ||
| ==== Task 1: Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner | ==== Task 1: Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner | ||
| - | - In the terminal window run '' | + | - In the terminal window run '' |
| - | - Now, run '' | + | - Now, run '' |
| - | - Run '' | + | - Run '' |
| - | - After installing the tool run wapiti -u https:// | + | - After installing the tool run wapiti -u https:// |
| - | - Now, in the terminal run cd / | + | - Now, in the terminal run cd / |
| - | - Run ls command to view the contents of the directory. we can see that the certifiedhacker.com_xxxxxxxx_xxxx.html file is created.{{: | + | - Run ls command to view the contents of the directory. we can see that the certifiedhacker.com_xxxxxxxx_xxxx.html file is created.{{: |
| - | - Run cp certifiedhacker.com_xxxxxxxx_xxxx.html / | + | - Run cp certifiedhacker.com_xxxxxxxx_xxxx.html / |
| - | - Open a new terminal and run firefox certifiedhacker.com_xxxxxxxx_xxxx.html command to open the .html file in Firefox browser.{{: | + | - Open a new terminal and run firefox certifiedhacker.com_xxxxxxxx_xxxx.html command to open the .html file in Firefox browser.{{: |
| - | - Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.{{: | + | - Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.{{: |
| - | - Scroll down to view the detailed information regarding each discovered vulnerability.{{: | + | - Scroll down to view the detailed information regarding each discovered vulnerability.{{: |
| === Lab 4: Perform Web Application Hacking using AI | === Lab 4: Perform Web Application Hacking using AI | ||
| Línia 228: | Línia 228: | ||
| - Navigate to http:// | - Navigate to http:// | ||
| - Once you are logged into the website, click the View Profile tab on the menu bar and, when the page has loaded, make a note of the URL in the address bar of the browser. | - Once you are logged into the website, click the View Profile tab on the menu bar and, when the page has loaded, make a note of the URL in the address bar of the browser. | ||
| - | - Right-click anywhere on the webpage and click Inspect (Q) from the context menu, as shown in the screenshot.{{: | + | - Right-click anywhere on the webpage and click Inspect (Q) from the context menu, as shown in the screenshot.{{: |
| - | - The Developer Tools frame appears in the lower section of the browser window. Click the Console tab, type document.cookie in the lower-left corner of the browser, and press Enter.{{: | + | - The Developer Tools frame appears in the lower section of the browser window. Click the Console tab, type document.cookie in the lower-left corner of the browser, and press Enter.{{: |
| - Select the cookie value, then right-click and copy it, as shown in the screenshot. Minimize the web browser. Note down the URL of the web page. | - Select the cookie value, then right-click and copy it, as shown in the screenshot. Minimize the web browser. Note down the URL of the web page. | ||
| - As root, Run '' | - As root, Run '' | ||
| - In this query, -u specifies the target URL (the one you noted down in Step#7), --cookie specifies the HTTP cookie header value, and --dbs enumerates DBMS databases. | - In this query, -u specifies the target URL (the one you noted down in Step#7), --cookie specifies the HTTP cookie header value, and --dbs enumerates DBMS databases. | ||
| - | - The above query causes sqlmap to enforce various injection techniques on the name parameter of the URL in an attempt to extract the database information of the MovieScope website.{{: | + | - The above query causes sqlmap to enforce various injection techniques on the name parameter of the URL in an attempt to extract the database information of the MovieScope website.{{: |
| - If the message Do you want to skip test payloads specific for other DBMSes? [Y/n] appears, type Y and press Enter. | - If the message Do you want to skip test payloads specific for other DBMSes? [Y/n] appears, type Y and press Enter. | ||
| - | - If the message for the remaining tests, do you want to include all tests for ‘Microsoft SQL Server’ extending provided level (1) and risk (1) values? [Y/n] appears, type Y and press Enter.{{: | + | - If the message for the remaining tests, do you want to include all tests for ‘Microsoft SQL Server’ extending provided level (1) and risk (1) values? [Y/n] appears, type Y and press Enter.{{: |
| - sqlmap retrieves the databases present in the MSSQL server. It also displays information about the web server OS, web application technology, and the backend DBMS, as shown in the screenshot. | - sqlmap retrieves the databases present in the MSSQL server. It also displays information about the web server OS, web application technology, and the backend DBMS, as shown in the screenshot. | ||
| - | - Now, you need to choose a database and use sqlmap to retrieve the tables in the database. In this lab, we are going to determine the tables associated with the database moviescope.{{: | + | - Now, you need to choose a database and use sqlmap to retrieve the tables in the database. In this lab, we are going to determine the tables associated with the database moviescope.{{: |
| - Run '' | - Run '' | ||
| - In this query, -D specifies the DBMS database to enumerate and --tables enumerates DBMS database tables. | - In this query, -D specifies the DBMS database to enumerate and --tables enumerates DBMS database tables. | ||
| - | - sqlmap retrieves the table contents of the moviescope database and displays them, as shown in screenshot.{{: | + | - sqlmap retrieves the table contents of the moviescope database and displays them, as shown in screenshot.{{: |
| - Now, you need to retrieve the table content of the column User_Login. | - Now, you need to retrieve the table content of the column User_Login. | ||
| - Run '' | - Run '' | ||
| - sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | - sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | ||
| - | - You will see that under the password column, the passwords are shown in plain text form.{{: | + | - You will see that under the password column, the passwords are shown in plain text form.{{: |
| - | - Now, switch back to the Parrot Terminal window. Run '' | + | - Now, switch back to the Parrot Terminal window. Run '' |
| - | - If the message do you want sqlmap to try to optimize value(s) for DBMS delay responses appears, type Y and press Enter to continue.{{: | + | - If the message do you want sqlmap to try to optimize value(s) for DBMS delay responses appears, type Y and press Enter to continue.{{: |
| - | - Once sqlmap acquires the permission to optimize the machine, it will provide you with the OS shell. Type hostname and press Enter to find the machine name where the site is running. If the message do you want to retrieve the command standard output? appears, type Y and press Enter.{{: | + | - Once sqlmap acquires the permission to optimize the machine, it will provide you with the OS shell. Type hostname and press Enter to find the machine name where the site is running. If the message do you want to retrieve the command standard output? appears, type Y and press Enter.{{: |
| - | - sqlmap will retrieve the hostname of the machine on which the target web application is running, as shown in the screenshot.{{: | + | - sqlmap will retrieve the hostname of the machine on which the target web application is running, as shown in the screenshot.{{: |
| - Type **TASKLIST** and press Enter to view a list of tasks that are currently running on the target system. | - Type **TASKLIST** and press Enter to view a list of tasks that are currently running on the target system. | ||
| - | - If the message do you want to retrieve the command standard output? appears, type Y and press Enter. The above command retrieves the tasks and displays them under the command standard output section, as shown in the screenshots below.{{: | + | - If the message do you want to retrieve the command standard output? appears, type Y and press Enter. The above command retrieves the tasks and displays them under the command standard output section, as shown in the screenshots below.{{: |
| - To view the available commands under the OS shell, type help and press Enter. | - To view the available commands under the OS shell, type help and press Enter. | ||
| - You can also use other SQL injection tools such as: | - You can also use other SQL injection tools such as: | ||
| Línia 261: | Línia 261: | ||
| === Lab 2 Modulo 15: Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools | === Lab 2 Modulo 15: Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools | ||
| ==== Task 1: Detect SQL Injection Vulnerabilities using OWASP ZAP | ==== Task 1: Detect SQL Injection Vulnerabilities using OWASP ZAP | ||
| - | - OWASP ZAP initialized and a prompt that reads Do you want to persist the ZAP Session? appears; select the No, I do not want to persist this session at this moment in time radio button, and click Start.{{: | + | - OWASP ZAP initialized and a prompt that reads Do you want to persist the ZAP Session? appears; select the No, I do not want to persist this session at this moment in time radio button, and click Start.{{: |
| - | - The OWASP ZAP main window appears; under the Quick Start tab, click the Automated Scan option.{{: | + | - The OWASP ZAP main window appears; under the Quick Start tab, click the Automated Scan option.{{: |
| - | - The Automated Scan wizard appears, enter the target website in the URL to attack field (in this case, http:// | + | - The Automated Scan wizard appears, enter the target website in the URL to attack field (in this case, http:// |
| - | - After the scan completes, Alerts tab appears. You can observe the vulnerabilities found on the website under the Alerts tab.{{: | + | - After the scan completes, Alerts tab appears. You can observe the vulnerabilities found on the website under the Alerts tab.{{: |
| - | - Now, expand the SQL Injection vulnerability node under the Alerts tab.{{: | + | - Now, expand the SQL Injection vulnerability node under the Alerts tab.{{: |
| - Click on the discovered SQL Injection vulnerability and further click on the vulnerable URL. | - Click on the discovered SQL Injection vulnerability and further click on the vulnerable URL. | ||
| - You can observe the information such as Risk, Confidence, Parameter, Attack, etc., regarding the discovered SQL Injection vulnerability in the lower right-bottom, | - You can observe the information such as Risk, Confidence, Parameter, Attack, etc., regarding the discovered SQL Injection vulnerability in the lower right-bottom, | ||
| Línia 271: | Línia 271: | ||
| - Orange Flag: Medium risk | - Orange Flag: Medium risk | ||
| - Yellow Flag: Low risk | - Yellow Flag: Low risk | ||
| - | - Blue Flag: Provides details about information disclosure vulnerabilities{{: | + | - Blue Flag: Provides details about information disclosure vulnerabilities{{: |
| - | - Similarly, expand any other vulnerability (here, SQL Injection-MsSQL) node under the Alerts tab and further click on the vulnerable URLs.{{: | + | - Similarly, expand any other vulnerability (here, SQL Injection-MsSQL) node under the Alerts tab and further click on the vulnerable URLs.{{: |
| - You can also use other SQL injection detection tools such as: | - You can also use other SQL injection detection tools such as: | ||
| - Damn Small SQLi Scanner (DSSS) (https:// | - Damn Small SQLi Scanner (DSSS) (https:// | ||
| Línia 281: | Línia 281: | ||
| === Lab 3: Perform SQL Injection using AI | === Lab 3: Perform SQL Injection using AI | ||
| ==== Task 1: Perform SQL Injection using ShellGPT | ==== Task 1: Perform SQL Injection using ShellGPT | ||
| - | - enumerate the database of the target website to do so, switch to the terminal window and run '' | + | - enumerate the database of the target website to do so, switch to the terminal window and run '' |
| - | - We have successfully enumerated the databases from the target website, we will now enumerate the tables pertaining to the database moviescope. To do so run '' | + | - We have successfully enumerated the databases from the target website, we will now enumerate the tables pertaining to the database moviescope. To do so run '' |
| - After enumerating the database tables we will dump the contents of the User_Login table to view the login information of the target website. | - After enumerating the database tables we will dump the contents of the User_Login table to view the login information of the target website. | ||
| - | - Run '' | + | - Run '' |
| - Sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | - Sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | ||
| Línia 350: | Línia 350: | ||
| ==== Task 1: Wi-Fi Packet Analysis using Wireshark | ==== Task 1: Wi-Fi Packet Analysis using Wireshark | ||
| - The **Wireshark** Network Analyzer window appears. | - The **Wireshark** Network Analyzer window appears. | ||
| - | - In the menu bar, click File and click Open option from the drop-down list.{{: | + | - In the menu bar, click File and click Open option from the drop-down list.{{: |
| - | - Wireshark: Open Capture File window appears, navigate to E: | + | - Wireshark: Open Capture File window appears, navigate to E: |
| - The WPA2crack-01.cap file opens in Wireshark window showing you the details of the packet for analysis. Here you can see the wireless packets captured which were otherwise masked to look like ethernet traffic. | - The WPA2crack-01.cap file opens in Wireshark window showing you the details of the packet for analysis. Here you can see the wireless packets captured which were otherwise masked to look like ethernet traffic. | ||
| - Here 802.11 protocol indicates wireless packets. | - Here 802.11 protocol indicates wireless packets. | ||
| - You can access the saved packet capture file anytime, and by issuing packet filtering commands in the Filter field, you can narrow down the packet search in an attempt to find packets containing sensible information. | - You can access the saved packet capture file anytime, and by issuing packet filtering commands in the Filter field, you can narrow down the packet search in an attempt to find packets containing sensible information. | ||
| - | - In real time, attackers enforce packet capture and packet filtering techniques to capture packets containing passwords (only for websites implemented on HTTP channel), perform attacks such as session hijacking, and so on. {{: | + | - In real time, attackers enforce packet capture and packet filtering techniques to capture packets containing passwords (only for websites implemented on HTTP channel), perform attacks such as session hijacking, and so on. {{: |
| - You can also use other wireless traffic analyzers such as: | - You can also use other wireless traffic analyzers such as: | ||
| - AirMagnet WiFi Analyzer PRO (https:// | - AirMagnet WiFi Analyzer PRO (https:// | ||
| Línia 368: | Línia 368: | ||
| - -b refers to bssid; replace with the BSSID of the target router. | - -b refers to bssid; replace with the BSSID of the target router. | ||
| - -w stands for wordlist; provide the path to a wordlist. | - -w stands for wordlist; provide the path to a wordlist. | ||
| - | - {{: | + | - {{: |
| - The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message KEY FOUND!, as shown in the screenshot. | - The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message KEY FOUND!, as shown in the screenshot. | ||
| - | - If the password is complex, aircrack-ng will take a long time to crack it.{{: | + | - If the password is complex, aircrack-ng will take a long time to crack it. |
| + | - {{: | ||
| - You can also use other tools such as: | - You can also use other tools such as: | ||
| - hashcat (https:// | - hashcat (https:// | ||
| Línia 376: | Línia 377: | ||
| - WepCrackGui (https:// | - WepCrackGui (https:// | ||
| == Module 17: Hacking Mobile Platforms | == Module 17: Hacking Mobile Platforms | ||
| + | === Lab 1 | ||
| + | ==== Task 1: Exploit the Android Platform through ADB using PhoneSploit-Pro | ||
| + | ==== Task 2: Hack an Android Device by Creating APK File using AndroRAT | ||
| + | === Lab 2 | ||
| + | ==== Task 1: Secure Android Devices from Malicious Apps using AVG | ||