how to install aircrack-ng in ubuntu

Namaste Friends,



Today, Here I Am Going To Show You How To Install Aircrack-ng In Ubuntu In One Line

So, Let's Start

Q 1. What Is Aircrack-ng?

Ans. As Wikipedia Says "Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux, FreeBSD, OS X, OpenBSD, and Windows; the Linux version is packaged for OpenWrt and has also been ported to the Android, Zaurus PDA and Maemo platforms; and a proof of concept port has been made to the iPhone.
In April 2007 a team at the Darmstadt University of Technology in Germany developed a new attack method based on a paper released on the RC4 cipher by Adi Shamir. This new attack, named 'PTW', decreases the number of initialization vectors or IVs needed to decrypt a WEP key and has been included in the aircrack-ng suite since the 0.9 release.
Aircrack-ng is a fork of the original Aircrack project." more info

Q 2. How To Install it?

Ans. To Install Aircrack-ng In Ubuntu.

Just Open Your Terminal And Type:

sudo apt install aircrack-ng
Done!


Written By:

            SSB

How to Install Macchanger in Ubuntu

Namaste Friends,



Today I am going to show you how to install and use macchanger utility in Ubuntu.

What is MAC Changer?

Ans.  Mac Changer is Very Useful Utility That Allow Us To Spoof Our Wireless Card MAC Address. In Simple Way, MAC Changer Help Us To Change Our Original MAC Address With Any Other Temporarily MAC Address That Can Help Us To Bypass MAC filter Security.


To Install MAC Changer, Open Your Terminal And Type:



sudo apt-get install macchanger





Usages:


Setup 1. 
             Check Network Interface Status And Original Address


:~$ ifconfig enp1s0
enp1s0    Link encap:Ethernet  HWaddr 20:89:84:a0:0a:ca  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 



Setup 2.
            Turn Off Network Interface


:~$ sudo ifconfig enp1s0 down



Setup 3.

           Now, Use macchaner to change MAC Address. Here, In below Statement -r argument is for Generating New Random MAC Addree


:~$ sudo macchanger -r enp1s0
Current MAC:   20:89:84:a0:0a:ca (COMPAL INFORMATION (KUNSHAN) CO., LTD)
Permanent MAC: 20:89:84:a0:0a:ca (COMPAL INFORMATION (KUNSHAN) CO., LTD)
New MAC:       5a:c1:55:50:1e:1c (unknown)


OR

Setup 3.

          Generate Specific Mac Address Using -m argument.


:~$ sudo macchanger -m 5a:c1:55:50:1e:1c enp1s0



Setup 4.

           Turn On Network Interface


:~$ sudo ifconfig enp1s0 up



Setup 5.

           Check Again Network Interface Status


:~$ ifconfig enp1s0
enp1s0    Link encap:Ethernet  HWaddr 5a:c1:55:50:1e:1c  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:16 

Done!

Written By:
                   SSB





Find Hidden SSID Using Python and Kali Linux

Namaste Friends,



Today, I am Going To Show You How To Find Hidden Wireless SSID Using Python in Kali Linux?
But First, If You are a New Visitor in my blog then, i will suggest you to take a look our blog index.


So, Let's Start Our Tutorial With Some Basic Knowledge Of Hidden SSID.


Normally, all access points send out their SSIDs and Other Information in the Beacon
frames. This Beacon Frames allows clients in the network range to discover them easily. Hidden SSID is a special configuration where the access point does not broadcast its SSID in the Beacon frames. Why? because with the help of these settings. only previous clients which know the SSID of the access point can connect to it. In simple way this special configuration hides access point network from new clients who don't know about real SSID.
But the interesting fact is this, this configuration does not provide good security. So,
Basically, to bypass this security here, in this tutorial, we will try to capture MAC address of Hidden access points and after that with the help of access point MAC Address, we will use a very simple trick to get real SSID from previous connected client.

Now Let's start our tutorial but first make sure your wireless card supports monitor mode. if yes, then enable your wireless card monitor mode.

and yes! you can also use Wireshark for this process. click here for tutorial with wireshark

Setup 1.

              Enable Wireless Card Interface Monitor Mode. more info


From This Terminal You Just need to remind monitor mode interface name.

for example:
                            mon0


Setup 2. 

Now, We Need To Capture Beacon Frames and for this you can Download My Custom Python Script that is created For Capturing Beacon Frames. Click here

and run this Script using Terminal:

Type:
           sudo python getwifiinfo.py mon0

 



As you can see in above screen shot, Captured Packet Output Without SSID is a hidden access point beacon frame. So, You Just need to note Packet BSSID for future Procedure.

Note: For Future Procedure You Need To Run Separate Terminal For Each Separate Command/Script. 


Setup 3.


Now, We need another script, that can capture other various management frames for retrieving real SSID of Access point By tricking its current authenticated clients and for this process, you can again download my another custom script from here

Now, Open New Terminal and Type:

sudo python captureclients.py mon0



Setup 4.


To Send De-authentication, We will Use Aireplay-ng Tool.

Type:
         aireplay-ng -0 5 -a mac_address interface_name

The -0 option is for choosing a Deauthentication attack, and 5 is the number of Deauthentication packets to send. Finally, -a specifies the MAC address of the access point you want to target.



Setup 5. 


Keep Your Eyes On captureclients.py Script Terminal


Boom! as you can see in above screen shot. we got it.  Our Script has successfully captured Prob-Request And Prob-Answer Packet that contains real SSID and here, our real SSID is Thisisme.


Done! 



Written By:
                SSB


Find Hidden Wireless SSID Using Wireshark and Kali Linux

Namaste Friends,



Today, I am Going To Show You How To Find Hidden Wireless SSID Using Wireshark in Kali Linux?
But First, If You are a New Visitor in my blog then, i will suggest you to take a look our blog index.


So, Let's Start Our Tutorial With Some Basic Knowledge Of Hidden SSID.


Normally, all access points send out their SSIDs and Other Information in the Beacon
frames. This Beacon Frames allows clients in the network range to discover them easily. Hidden SSID is a special configuration where the access point does not broadcast its SSID in the Beacon frames. Why? because with the help of these settings. only previous clients which know the SSID of the access point can connect to it. In simple way this special configuration hides access point network from new clients who don't know about real SSID.
But the interesting fact is this, this configuration does not provide good security. So,
Basically, to bypass this security here, in this tutorial, we will try to capture MAC address of Hidden access points and after that with the help of access point MAC Address, we will use a very simple trick to get real SSID from previous connected client.

Now Let's start our tutorial but first make sure your wireless card supports monitor mode. if yes, then enable your wireless card monitor mode.

And Yes, Here Another Way Is also Available You Can Also Find Hidden SSID Using Python Custom Scripts. Click here

Setup 1.


              Enable Wireless Card Interface Monitor Mode. more info


From This Terminal You Just need to remind monitor mode interface name.

for example:
                            mon0


Setup 2. 


Start Wireshark With Monitor Mode Interface to start capturing wireless packets.



As You can see in above screen shot, Wireshark is capturing all packets Continuously.

Setup 3. 


Now, Type Below statement in Wireshark Filter Box:

wlan.fc.type_subtype == 0x0008

This Statement Will Filter Beacon frames from All Captured Packets.


As You Can See in left side of Wireshark Screenshot, You Have Noticed SSID=Broadcast Statement in (Info) Tab. Here SSID=Broadcast means access point sending its beacon frames without any SSID ( Hidden SSID ).

So what we are going to do? We will Take Transmitter MAC address/Source MAC Address From These Beacon Frames And Then, We Will Send De-authentication Packets To These Access Points To Break Established Connections Between Stations And Clients. After Dis-connection, normally all client will try again to identity their identities against stations by send prob-requests which contains original SSID of Access Point.



Setup 4.


To Send De-authentication, We will Use Aireplay-ng Tool.

Type:
         aireplay-ng -0 5 -a mac_address interface_name

The -0 option is for choosing a Deauthentication attack, and 5 is the number of Deauthentication packets to send. Finally, -a specifies the MAC address of the access point you want to target.




Setup 5. 


Now, Type Below statement in Wireshark Filter Box To Filter Prob-Request:

wlan.fc.type_subtype == 0x0004



As You Can See In Above Image, SSID=Thisisme is real hidden ssid. hence, you can use this method to almost all hidden SSID Access Points.

Done!

For Find Hidden SSID Using Python Custom Scripts tutorial. Click here

Written By:
                  SSB

Create WLAN SSID Sniffer Using Python Socket Module

Namaste Friends,



Today, In This Post I Am Going To Show You How To Create WLAN SSID Sniffing Script Using Python And Socket Module.
And If You Are A New Visitor On My Blog Then I Will Suggest You To Take A Look On My Blog Index For My Previous Interesting And Knowledgeable Posts.
So, Let's Focus To Our Main Topic.

To Create A WLAN SSID Sniffer Script Using Socket Module First We Need To Understand Basic Structure Of Wireless Devices And Their Procedure. So, To Make Your All Queries Clear Here, I am Writing Some Important Information In Question And Answer Way.

Q 1. What Is Beacon Frames?

Ans. Check This Previous Post Beacon Frame, IEEE 802.11

Q 2. What Is Monitor Mode?

Ans. Check This Previous Post 2-Easiest Way To Enable Wireless Lan Monitor Mode.

Q 3. What we are going to do?

Ans. First, We Will Start Our Wireless LAN Monitor Modes To Capture All Packets Available On Air. Then We Will Use Python Socket Module To Capture all Packets From WLAN Interface And After That, We Will Try To Filter Useful Frames From Packets To Find Required Information. Here, Useful Frames Means RadioTab Header Frame And Beacon Frame. As I Already Described In This Previous Post  Beacon Frame, IEEE 802.11 Beacon Frame Provides Various Important Information's About Wireless Access Point. So, In Simple Words, We Will Try To Find And Filter Beacon Frames From All Captured Packets To Extract Required Access Point Information.

So, Let's Move Ahead And Try To Understand These Codes.  Here, This Is My Codes

1. ap_socket.py

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/usr/bin/python
# -*- coding: utf-8 -*-
#
# +++++++++++++++++++++++++++++++++++++++++
#
# WLAN BEACON FRAME EXTRACTOR 
# +++++++++++++++++++++++++++++++++++++++++
#
#
# Author : SSB
#  surajsinghbisht054@gmail.com
#  http://bitforestinfo.blogspot.com
#  github.com/surajsinghbisht054
#
#
# This Script Is Created For Educational And Practise Purpose Only
#
#
# import module
import socket
import struct

# create Socket
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.htons(0x0003))

# bind with monitor mode interface
s.bind(('mon0',0x0003))


# function for formating mac addresses
def addr(s):
 return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())

# Founded Access Point List
ap_list = []


# loop
while True:
 # Sniff Packet and get packet from list
 pkt = s.recvfrom(2048)[0]

 # Check RadioTap Header Frame In Packet
 if pkt[2:4]=='$\x00':

  # Get Total Length Of RadioTap Header Packet Bytes
  len_of_header = struct.unpack('h', pkt[2:4])[0]

  # Extract RadioTap Header
  radio_tap_header_frame = pkt[:len_of_header].encode('hex')

  # Now, assume that next frame from radiotap is Beacon Frame
  beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')

  # Frame Type
  f_type = beacon_frame[:2]

  # Extract Addr1
  addr1  = beacon_frame[8:20]

  # Extract Addr2
  addr2  = beacon_frame[20:32]

  # Extract Addr3
  addr3  = beacon_frame[32:44]

  # Try To Extract SSID if present
  try:
   len_of_ssid = ord(pkt[73])
   ssid   = pkt[74:74+len_of_ssid]
  except:
   ssid = "Unknown"

  # Verify that extract frame is a beacon frame and not printed yet
  if addr2 not in ap_list and f_type=='80':

   # append addr2 in ap_list 
   ap_list.append(addr2)

   # Print Info
   print """
++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : {}
SSID  : {}
Receiver : {}
Transmitter : {}
Source  : {}


   """.format(f_type, # Frame Type
    ssid ,  # SSID
    addr(addr1),  # Addr1
    addr(addr2),  # Addr2
    addr(addr3) # Addr3
    )

To Run These Codes On Your System, First You need to start your wireless monitor mode. for more info about monitor mode check here 2-Easiest Way To Enable Wireless Lan Monitor Mode.
Then, Type On Terminal

 sudo python ap_socket.py 


My Output:



aya@bitforestinfo:~$ sudo python ap_socket.py 

++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : 80
SSID  : E*****e
Receiver : FF:FF:FF:FF:FF:FF
Transmitter : C8:**:**:**:**:5B
Source  : C8:**:**:**:**:5B


  


Now, Let me explain you these python codes in simple way by dividing all codes in small parts with explanation.


Code Part 1.

import socket module and struct module


#
# import module
import socket
import struct



Code Part 2.

Here, In This Codes First Statement Is For Creating RAW Socket Object And Second Statement is for binding RAW Socket With Monitor Mode Enabled Interface.


# create Socket
s = socket.socket(socket.AF_PACKET, socket.SOCK_RAW, socket.ihtons(0x0003))

# bind with monitor mode interface
s.bind(('mon0',0x0003))



Code Part 3.

addr(s) function is only for formatting provided mac address in standard way.
For Example:

Input ------> addr(ffffffffffff)
Output ---------------------> FF:FF:FF:FF:FF:FF



# function for formating mac addresses
def addr(s):
 return "{}{}:{}{}:{}{}:{}{}:{}{}:{}{}".format(*s.upper())

# Founded Access Point List
ap_list = []



Code Part 4.

Here,  pkt = s.recvfrom(2048)[0] statement is for capturing packets from WLAN Interface and Then, if pkt[2:4]=='$\x00': Statement is for Verifying RadioTap  Availability In Captured Packets. After Finding RadioTap,  len_of_header = struct.unpack('h', pkt[2:4])[0] Statement Extract RadioTap Frame Length. radio_tap_header_frame = pkt[:len_of_header].encode('hex') Statement is For Extracting RadioTap From Captured Packets.


# loop
while True:
 # Sniff Packet and get packet from list
 pkt = s.recvfrom(2048)[0]

 # Check RadioTap Header Frame In Packet
 if pkt[2:4]=='$\x00':

  # Get Total Length Of RadioTap Header Packet Bytes
  len_of_header = struct.unpack('h', pkt[2:4])[0]

  # Extract RadioTap Header
  radio_tap_header_frame = pkt[:len_of_header].encode('hex')



Code Part 5.

In This Part All Statements are responsible for extracting various information from beacon frame.

Extract Beacon Frames From Captured Packets.
beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')

Extract Frame Subtype.
f_type = beacon_frame[:2]

Extract Receiver MAC Address.
addr1  = beacon_frame[8:20]

Extract Transmitter MAC Address.
addr2  = beacon_frame[20:32]

Extract Source MAC Address.
addr3  = beacon_frame[32:44]
  
Extract SSID From Frame.
ssid   = pkt[74:74+len_of_ssid]


  # Now, assume that next frame from radiotap is Beacon Frame
  beacon_frame = pkt[len_of_header:len_of_header+24].encode('hex')

  # Frame Type
  f_type = beacon_frame[:2]

  # Extract Addr1
  addr1  = beacon_frame[8:20]

  # Extract Addr2
  addr2  = beacon_frame[20:32]

  # Extract Addr3
  addr3  = beacon_frame[32:44]

  # Try To Extract SSID if present
  try:
   len_of_ssid = ord(pkt[73])
   ssid   = pkt[74:74+len_of_ssid]
  except:
   ssid = "Unknown"



Code Part 6.

And At The End, In this Part, if addr2 not in ap_list and f_type=='80': Statement is for Verifying Beacon Frame And Also For Not Repeating Same Address Again.



  # Verify that extract frame is a beacon frame and not printed yet
  if addr2 not in ap_list and f_type=='80':

   # append addr2 in ap_list 
   ap_list.append(addr2)

   # Print Info
   print """
++++++++++ [ Beacon Frame ] ++++++++++++++++++++

Frame Type : {}
SSID  : {}
Receiver : {}
Transmitter : {}
Source  : {}


   """.format(f_type, # Frame Type
    ssid ,  # SSID
    addr(addr1),  # Addr1
    addr(addr2),  # Addr2
    addr(addr3) # Addr3
    )


Done!

You Can Also Download Raw Code From Here


Written By:
                SSB