Saturday, April 23, 2016

Cracking WPA2 Personal (PSK) Wireless Networks

Boot up your Kali Linux box and go to terminal, enter airmon-ng command to verify the wireless interface is up and running.

Looks like my wireless interface name is wlan0. Turn it to monitoring mode by entering airmon-ng start wlan0

Now enter the command airmon-ng again to see the changed name of the interface which will be used hereafter which is "wlan0mon" as you can see in the following capture.

Now lets see what are the available Wi-Fi networks in range by entering the command airodump-ng wlan0mon

Let it run for about a minute to gather information. Here you can see that only 1 wireless network is out there which is on channel 1, using WPA2, PSK (Pre Shared Key). This is the most common type of security implemented in wireless networks today.

Lets now write a file named "HOMECAP" with capturing wireless packets specifically on the BSSID 90:61:0C:27:5D:CB on channel 1. 
The command is airodump-ng -w HOMECAP -c 1 --bssid 90:61:0C:27:5D:CB wlan0mon
"-c 1" is regarding to the channel number 1. If the channel number is 10 use "-c 10" in this command.

Let is run until It captures a Handshake. When it captured a handshake, the output will be like the following.

You must wait for a handshake. It is not that much hard to capture a handshake of an active network because computer often goes to sleep mode, turn off & reboot and asks to reconnect etc. There is also a method of forcing clients to re-authenticate using the command 
aireplay-ng -0 0 -a <BSSID> -c <Client MAC Address> wlan0mon in a separate terminal while capturing packets. But most of the time it will not work in practical environments. 

After a handshake is captured enter ls to see the real name of the written file. 

See, Even though we gave the name as HOMECAP for the file it has changed to HOMECAP-01.cap 

Now lets crack it using a dictionary list. Here I am using the Kali's inbuilt dictionary list of rockyou.txt which is 140 MB. If you are using this dictionary for the 1st time, you will have to 1st extract the tar file in usr/share/wordlists folderThis has almost all the common passwords normally people enter for their wireless networks. There are also very big dictionaries out there which are gigabytes in size which has almost all the possible ASCII combinations.
Enter aircrack-ng HOMECAP-01.cap -w /usr/share/wordlists/rockyou.txt
Let it run until it cracks the password. This may take some time depending on the processing power of your CPU and the strength of the password. For this password it took only about 5 minutes.

Using a very strong password is the only way this can be prevented if your going to use WPA2 PSK..

Commands I entered?

airmon-ng start <physical interface>
airodump-ng <new monitoring interface>
airodump-ng -w <file name> -c <channel number> --bssid <BSSID> <interface>
aircrack-ng <new capture file name> -w /usr/share/wordlists/rockyou.txt

Tuesday, April 19, 2016

Create a Kali Live USB with Persistence in the Same Pendrive You Use for Data

I have only 1 pendrive of 16 GB. So I am going to create 3 types of partitions in it so that I can use my pendrive as a normal data traveler + Linux security toolbox which I can bring anywhere easily.

10 GB of NTFS for normal day to day use as the data traveler
3 GB of FAT32 to install Kali Linx
1.5 GB of ext4 to persistence use

If you don't want your pendrive to use as a data traveler, you need to create 2 types of partitions only. Which are the FAT32 one & the ext4 one. Since it is a 16 GB pendrive it is a waste of doing so.

Download Mini Partition Wizard from here.

Open Mini Partition Wizard. The 1st look will be like the following.
(click on the image to see the full size)

My pendrive is empty and it has a default NTFS partition.

Creating the 10 GB NTFS Partition as a Data Traveler

Right click on your pendrive & select Move/Resize

Give these settings & hit ok

Creating a 3 GB FAT32 Partition for Kali Linux

Right click on unallocated space & select create & click yes

Give these settings as in the screen shot and hit ok

Creating a 1.5 GB ext4 Partition for Persistence

Right click on unallocated space & select create & click yes

Give these settings as in the screen shot and hit ok

Now everything will be like this.

Now all the partitions have been created. Let's apply the changes now.

After applying the changes you may see that the drive letter D: of the FAT32 partition is gone. So without a letter Windows will not identify the partition. So we have to do some changes to make it work form here.

1st delete the NTFS partition & give a letter to the FAT32 partition & hit Apply.

Now It will be like the following.

In My Computer the drive will look like the following.

Installing Kali

Download Kali ISO from their website. I downloaded the 32-bit full version of 2.6 GBs wich is compatible with most computers.

Now download Universal USB Installer from here

Open it, Select the ISO file and other parameters like this capture and hit create.

Wait for few minutes till it completes its job.

Now go to Mini Partition Wizard again & right click on FAT32 partition & select change letter & select none. Right click on the FAT32 partition again and select set active. It is used to identify the partition with the OS boot files when you boot from the pendrive later.

Right click on unallocated space & select create & click yes
Give these settings as in the screen shot and hit ok

Now everything will be like following.

Booting Kali from Pendrive

Now it's the time to reboot the PC and select USB drive in boot options.

Choose the option "Live USB Persistence"

Now don't click on the "persistence" icon on the screen.

Go to terminal and enter the following commands

Make a directory on the filesystem to mount your USB
mkdir -p /mnt/usb

To findout which partition of your drive you'll use (for mine it's sdb3)
fdisk -l

Mount the partition on the directory you made
mount /dev/sdb3 /mnt/usb

Add a configuration file to enable persistence
echo "/ union" > /mnt/usb/persistence.conf

Unmount the partition and reboot
umount /dev/sdb3 && reboot

After the reboot select USB drive in boot options & again choose the option "Live USB Persistence"
From now onward every config you do will be saved and it's more like using a dedicated Linux box.

Also you have your 10 GB pendrive for day to day use as a data traveler. cheers..!! 

Saturday, April 2, 2016

How to Install CUCM 10.5 on VMware for Testing

Get a bootable ISO image file of CUCM 1st and you must have 80 GB of hard disk space + 4 GB of RAM to allocate to VM. If you have those resources you are ready to go. This is just how I did it.

I am installing this on VMware 12 on my Windows 10 core i5 laptop which has a 8 GB RAM.

Open VMware workstation & go to File > New Virtual Machine

Select Typical & click Next

Select Installer disk image file (iso) & give the path to the ISO file & click Next

Guest operating system will be selected by default as Linux & the version as RHEL 3 64-bit, click Next

Give your virtual machine a  name & give the path to the location to be installed & click Next

Give the Maximum disk size to 80 GB & select Split virtual disk into multiple files & click Next

Now click Customize hardware to edit the RAM & the Network adapter

Give the RAM as 4 GB & the Network adapter as Bridged & click Close

Before finish, basic VM configuration will be like this.

Now click Finish & power up the virtual machine

Let it run until the 1st dialog box appears.

(click on the images to see the full size)

Now the 1st dialog box will be like the following.

Hit Space or Enter to select the items & Tab to move between elements. What to do is stated on the bottom line of the screen.

If a Cheksum Error Occurred after you hit space, hit space again to select OK for that message .

Again if a message comes Unsupported Hardware Detected hit space to select OK

Give it some time now to run the system installer & complete the hardware setup

Next it will ask to select the Product Suite, Hit space for OK

Hit Yes to proceed with install in the next dialog box

Hit Proceed in the next dialog box too which is Platform Installation Wizard

Hit No to Apply Patch

Hit Continue to Basic Install

Select your Time Zone & hit OK

Hit Continue to Auto Negotiation Configuration

Hit No to MTU Configuration

Hit No to DHCP Configuration

Now the Static Network Configuration is as following.

IP address of my laptop is and the gateway of the router is
Because the Network adapter of VM is bridged, giving an IP address in the same range to VM ( will work.

Hit No to DNS Client Configuration

Give login details to the Administrator Login Configuration, this login will be use to log into the server platform only

Give the details on the next dialgog box, the Certificate Information, because you are installing this for testing purposes you will give some random info & Hit OK

Hit Yes for the First Node Configuration to make this CUCM the Publisher of the cluster

What I entered as the NTP server IP address was (University of Colarado) in the NTP Client Configuration page, Hit OK

Then enter the Cluster/ System Password in the Security Configuration Page, Hit OK

Hit No to SMTP Host Configuration

Select Disable All Call Home on System Start on the Smart Call Home Enable page & hit OK

Enter the login details on the Application User Configuration page which is used to login to the CUCM via web browser & hit OK

Now hit OK to the last dialog box. After here you will no longer be able to modify the basic server platform settings like IP addresses, NTP etc

Now wait the setup to complete. For me it took about 1.25 Hours to complete the installation.

If the everything went OK, It will ask you to enter the CUCM login and password. Give the username and passwords which you entered in Administrator Login Configuration page. When you logged into the platform it will start up the command line interface and now you are ready to log into the CUCM via web browser.

Now go to the web browser & type the ip address in URL field.
Browser will cutoff the connection saying the connection is not private. Ignore the warning and Proceed

Now give the browser login details which you entered in Application User Configuration page to log into the CUCM. Here is my fianl result. (click on the images to see the full size)