Backtrack is one of the most popular Linux distributions used for Penetration testing and Security Auditing. The Backtrack development team is sponsored by Offensive Security. On 13th August 2012, Backtrack 5 R3 was released. This included the addition of about 60 new tools, most of which were released during the Defcon and Blackhat conference held in Las Vegas in July 2012. In this series of articles, we will look at most of the new tools that were introduced with Backtrack 5 R3 and look at their usage. Some of the notable changes included tools for mobile penetration testing, GUI tools for Wi-fi cracking and a whole new category of tools called Physical Exploitation.
Getting Backtrack 5 R3
There are two ways to get up and running quickly with Backtrack 5 R3. If you are already running Backtrack 5 R2, you can upgrade to Backtrack 5 R3 by following the steps described on this page. Or you can do a fresh install of Backtrack 5 R3 from the downloads section on Backtrack’s official website.
Airodump-ng -c channel -bssid MAC -w /root/Desktop/ mon0 Replace 'channel' with the channel number you found in the last step. Replace 'MAC' with the MAC address you found in the last step. Remember to replace 'mon0' with whatever your interface name was. This page allows you to ping that database and find exactly where any wi-fi router in the world is located. Note that iPhones also send this BSSID and Cell Tower Information up to Apple, as well. You can enter any router BSSID/MAC address to locate the exact physical location below, or try the demonstration router by hitting 'Probe' below. A Wi-Fi hacking software is a software program that will primarily enable you to crack Wi-Fi password of a nearby network. These software programs are designed to work for WPA, WPA2 and WEP. Some of them are open-source applications and work as good network analyzer as well as packet sniffer. Then, a need was felt to add a feature to the Fern toolbox dialog that included an area to track the geographical coordinates and display maps, country, state country code, and other geographical details, using only the Mac address of the Wi-Fi access points in a novice-friendly manner. After all, that was what Fern was made for. Fern WIFI cracker. Disclaimer: I carried out this attack using my own WIFI network, all MAC Addresses and names have been faked. This tutorial is for learning purposes only and should not be used for any illegal activities. Introduction: This is a step by step on how to use the Fern WIFI Cracker that comes installed with Kali-Linux.
A list of the new tools released with Backtrack 5 R3 according to Backtrack’s official website are libcrafter, blueranger, dbd, inundator, intersect, mercury, cutycapt, trixd00r, artemisa, rifiuti2, netgear-telnetenable, jboss-autopwn, deblaze, sakis3g, voiphoney, apache-users, phrasendrescher, kautilya, manglefizz, rainbowcrack, rainbowcrack-mt, lynis-audit, spooftooph, wifihoney, twofi, truecrack, uberharvest, acccheck, statsprocessor, iphoneanalyzer, jad, javasnoop, mitmproxy, ewizard, multimac, netsniff-ng, smbexec, websploit, dnmap, johnny, unix-privesc-check, sslcaudit, dhcpig, intercepter-ng, u3-pwn, binwalk, laudanum, wifite, tnscmd10g bluepot, dotdotpwn, subterfuge, jigsaw, urlcrazy, creddump, android-sdk, apktool, ded, dex2jar, droidbox, smali, termineter, bbqsql, htexploit, smartphone-pentest-framework, fern-wifi-cracker, powersploit, and webhandler. We will be discussing most of these tools in this series.
Fern-Wifi-Cracker
Fern Wi-fi cracker is a program written in python that provides a GUI for cracking wireless networks. Normally, you need to run aireplay-ng, airodump-ng and aircrack-ng separately in order to crack wireless networks, but Fern-Wifi-cracker makes this job very simple for us by acting as a facade over these tools and hiding all the intricate details from us. It also comes with a bunch of tools that helps you perform attacks like Session Hijacking, locate a particular system’s geolocation based on its Mac address etc.
Fern Wi-fi cracker can be found under the category Wireless Exploitation tools as shown in the figure below.
Before starting with Fern Wi-fi cracker, it is important to note that you have a Wi-fi card that supports packet injection. In my case, i am running Backtrack 5 R3 as a VM and i have connected an external Alfa Wi-fi card to it. You can verify if your card can be put into monitor mode by just typing airmon-ng and it will show you the list of interfaces that can be put in monitor mode. Once this is done, open up Fern Wi-fi cracker.
Select the appropriate interface on which you want to sniff on.
Once you have selected it, it will automatically create a virtual interface (mon0) on top of the selected interface (wlan0) as is clear from the image below.
Now, click on “Scan for access points”. As you can see from the results, it found 4 networks with WEP and 1 network with WPA.
In this case, we will be cracking a WEP network named “Infosec test” which i set up for testing purposes. Click on the network “Infosec test” and it will show you its specific information like the BSSID of the access point, the channel on which the Access point is transmitting on etc. On the bottom right, you can select from a variety of attacks like the Arp request replay attack, caffe latte attack etc. In my case, i will be going for an Arp request replay attack. Once this is done, click on “Wi-fi attack” and this will start the whole process of cracking WEP.
You will now see that some IV’s are being captured as shown in the image below. The tool will also tell you if your card is injecting arp packets properly or not as shown in the bottom right section of the image below.
Once enough IV’s have been collected, it will start cracking the WEP key automatically.
Similarly, Fern Wi-fi cracker can be used to crack WPA. It just makes the whole process so simple for us. It also provides some extra functionality for hijacking sessions and locating a computer’s geolocation via its Mac address. I recommend you check it out.
Dnmap
Imagine you have to scan a huge network containing thousands of computers. Scanning via nmap from a single computer will take quite a long time. In order to solve this problem, Dnmap was created. Dnmap is a framework which follows a client/server architecture. The server issues nmap commands to the clients and the clients execute it. In this way, the load of performing such a large scan is distributed among the clients.
The commands that the server gives to its clients are put in a command file. The results are stored in a log file which are saved on both the server and the client. The whole process of running Dnmap follows these steps.
- Create a list of commands that you want to run and store it in a file, say commands.txt. Note the IP address of the server.
- Run the dnmap server and give the commands file as an argument.
- Connect the clients to the server. Note that the server should be reachable from the client.
Let’s do the demo now. I have 2 virtual machines both running Backtrack 5 R3. I am going to run the Dnmap server on one of the virtual machines and a client on the second one.
Open dnmap under the category Information Gathering –> Network Analysis –> Identify Live hosts. The next step is to create a commands.txt file. As you can see from the image below, i have 3 commands in the commands.txt file.
Now type the command as shown in the image below to start the dnmap server. I have started the dnmap server to listen on port 800. As you can see, it currently detects no clients. Hence the next step is to get some clients to connect to this dnmap server. Also, it is better to specify the location of the log file that will be holding all the results.
On my other BT machine, i run the following command to connect the client to the server. Note that the internal IP address of my dnmap server is 10.0.2.15 and since my other virtual machine is also in the same internal network, it is able to reach to the server. You also need to specify the port to which you are connecting to on the server. Also, it is optional to specify an alias for the client.
Once the client establishes connection with the server, you will see that the client starts executing the commands that it is getting from the server.
On the server side, you will notice that it recognizes this client and shows it in the output. It also keeps giving you regular information like the number of commands executed, uptime, online status etc.
Once the scans are completed, dnmap stores the results in a directory named nmap_output. The results are saved in .nmap, .gnmap and xml formats. There are separate output files for each command. It is advisable to clear all the previous files in the nmap_output directory or save them somewhere else before starting a new scan. Here is what a sample response file looks like.
Fern Wifi Cracker With Geographical Location Mac Address Tracker Free
In this article, we looked at a couple of the most popular tools that were introduced with Backtrack 5 R3. In further articles in this series, we will be discussing about many other new tools that were shipped with Backtrack 5 R3. If there is a particular tool that you want me to write about or if you have any questions, comments, suggestions regarding this series, please write them down in the comments below.
References:
- Upgrade from Backtrack 5 R2 to R3http://www.backtrack-linux.org/backtrack/upgrade-from-backtrack-5-r2-to-backtrack-5-r3/
- Fern-Wifi-Cracker http://code.google.com/p/fern-wifi-cracker/
- Dnmap framework official pagehttp://sourceforge.net/projects/dnmap/
Wifi Hacking is the most trending activity nowadays. You have a good and active internet connection at your home, still, you want to connect with your neighbor’s wireless system for getting free internet.
If you are one of them and want to hack neighbor’s wifi or willing to access free internet through wifi access point listed in your device.
You should not forget that your neighbor is searching for the same activity. If you have wifi access point at your home or office, then a bad man sitting behind you will try to hack your wifi.
Your first task Secure your wifi network before trying to hack nearby wireless access points. Here you can go 5 Tips, How to secure wifi from hacking If you will follow these tips no one can hack into your wifi easily.
Fern Wifi Cracker With Geographical Location Mac Address Tracker Download
What are the wifi hacking tools used by a hacker to hack into wifi? I think this question is revolving your head. This article will help you to find out this software.
Are you looking for wifi Hacking Software?
If yes, this post is useful for you. I will provide description and download links of tools used for wifi hacking. Here you will go to get information about the software.
Aircrack-ng
Aircrack-ng is a most popular wifi hacking software used to crack WEP, WPA/WPA2, and WPS. Sometimes hackers use to crack the security of wifi radius server too. Aircrack-ng is a bundle of multiple tools such as airmon-ng, airodump-ng, aireplay-ng etc. if you don’t know how to use this tool, then visit official website of aircrack-ng website http://www.aircrack-ng.org/
Home Page
Wifite
This is an awesome tool, you can perform multiple attacks, WEP, WPA/WPA2, WPS in a row. Wifite aims to be the “set it and forget it” wireless auditing tool.Features:
- sorts targets by signal strength (in dB); cracks closest access points first
- automatically de-authenticates clients of hidden networks to reveal SSIDs
- numerous filters to specify exactly what to attack (WEP/WPA/both, above certain signal strengths, channels, etc)
- customizable settings (timeouts, packets/sec, etc)
- “anonymous” feature; changes MAC to a random address before attacking, then changes back when attacks are complete
- all captured WPA handshakes are backed up to wifite.py’s current directory
- smart WPA de-authentication; cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
- displays session summary at exit; shows any cracked keys
- all passwords saved to cracked.txt
Wifite Home Page
Reaver
Reaver wifi hacking software for Linux. Reaver performs brute force against WPS ( Wifi Protected Setup). In this setup, a pin number is required to connect wifi no matter what security is implemented WEP or WPA/WPA2. It can get password both. In normal condition, Reaver will recover password against Wpa/wpa2 within 4-8 hours, depending on AP.
Reaver Home Page
Fern Wifi Cracker
If you love GUI interface, you will love this wifi hacking tool. because it has GUI. It helps to crack WEP, WPA/WPA2 & WPS security. It has lots of other features like MITM, sniffing, Session hijacking etc.Features:
- WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
- WPA/WPA2 Cracking with Dictionary or WPS based attacks
- Automatic saving of key in database on successful crack
- Automatic Access Point Attack System
- Session Hijacking (Passive and Ethernet Modes)
- Access Point MAC Address Geo Location Tracking
- Internal MITM Engine
- Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
- Update Support
Fern Wifi Cracker Home Page
PixieWPS
PixieWPS is very simple and effective tool use to crack WPS security.
Features:- Checksum optimization: it’ll try first for valid PINs (11’000);
- Reduced entropy of the seed from 32 to 25 bits for the C LCG pseudo-random function;
- Small Diffie-Hellman keys: don’t need to specify the Public Registrar Key if the same option is used with Reaver.
Home Page
Fern Wifi Cracker With Geographical Location Mac Address Tracker Real-time
MODULE 14:- WiFi Hacking and Security
If Appreciate My Work, You should consider:
Fern Wifi Cracker With Geographical Location Mac Address Tracker Google
- Join Group for Discussion Facebook Group
- Get your own self-hosted blog with a Free Domain at ($2.96/month)
- Buy a Coffee to Us! Make Small Contribution by Paypal
- Support us by taking our :Online Courses
- Contact me :[email protected]