Journey into Ethical Hacking with Linux

Linux is an operating system like Windows or Mac that runs on a computer, except it is open source. This mean the source code is made freely available and is open to redistribution and modification. Ubuntu is a redistributed version of Linux. Being free to use and alter, Ubuntu and other Linux versions have numerous applications made by a community of thousands of coders and innovators. Some of those softwares can be used for ethical hacking, or hacking with the purpose of learning or testing the security of a system. This software is easy to install and can be used along with Windows or Mac on the same computer.

What is Linux/Ubuntu

WiFi Hacking

When a device attempts to connect to a WiFi network, a handshake occurs between it and the router. The device sends the encrypted password of the network and the router verifies it. The most common way to hack into a WiFi network is using a WPA handshake capture attack in which you capture the handshake with the encrypted password. This seems relatively simple, but a handshake only occurs when a device connects to the network, so you would need to wait all day until someone connects to the network. This would be the case if it weren't for the deauthentification part of the process. Here, the hacker sends commands to the router to kick everyone off the WiFi so that they are all forced to reconnect. Once they do, the hacker captures the handshake and secures the encrypted password. A penetration past the password of a WiFi network can lead to serious breaches in privacy and disruptions in the network.

ONLY ATTACK OWNED OR PERMITTED NETWORKS

In Ubuntu I like using a software called Wifite. To use this, or any wifi hacking software, your computer's WiFi card must have the ability to go into monitor mode so make sure to research and check. If it does not you can use an external adapter.

To install Wifite, simply open the terminal and type:

sudo apt install wifite

Then type your password. Once it installs, to open it, type:

sudo wifite

Wifite will then open and will list all of the networks in your area. When your desired network appears, press CTRL+C, and it will stop scanning. Then, type the number corresponding to the network. Wifite will begin using a series of attacks on the network that will not work, so you must press CTRL+C, canceling each attack until you see WPA Handshake capture. This attack may appear first, it depends on the network type. The software will then find clients connected to the wifi and send deauthentification packets every 14 seconds, then listen for the handshake. This may take a while so wait through a few cycles. If it does not work there may not be any clients connected through WiFi. If it works you will see Wifite attempt to crack the password because remember, it is still encrypted. You will now see a new folder names hs containing the captured handshake. The next step is decrypting the password using HashCat.

**To reconnect to the internet, you have to disable monitor mode.**

This can be done by typing:

sudo airmon-ng

Then, copy the name of the interface that appears into:

sudo airmon-ng stop <your interface>

no <>

"If brute force doesn't work, you aren't using enough" - Sherrilyn Kenyon

Password Cracking

So you have an encrypted password, what now? It has undergone a process of security that is impossible to revert. One way is guessing, or brute force. HashCat, an Ubuntu application, makes it so that you don't have to type 50,000 passwords per second. There are two ways of brute forcing: Wordlist: where you have a predetermined list of 10 million or so common passwords and the computer checks through all of them. Straight: where the computer just guesses random characters until it gets it. Straight attacks, in some cases, can take up to 30 years to crack, so it is important to set the right parameters. To run through passwords quicker and more efficiently, it is a good idea to have a decent graphics card. If you have a different computer with a good GPU, but dont feel like going through the process of installing Ubuntu, there is a way to get HashCat on windows.

To install HashCat, once again go to the terminal and type:

sudo apt install hashcat

Next, you have to convert the capture file into a file hashcat can use. navigate to hashcat.net/cap2hashcat/, select your cap file and hit convert. Now you are almost ready to crack your password. You can choose between wordlist or straight attack, but I recommend starting with a wordlist, then using a straight attack. First, though, you need a wordlist.

There are many password wordlists available online to download; the largest being rockyou.txt, but you can also make personal ones by providing some info about the target. This can be done with the program cupp. To install, type:

sudo apt install cupp

Then to use, type:

cupp -i

it will ask you for name, DoB, pet's name, anything. Then, you can add other key words you want to include. Once you finish, it should save the file in home. This is your wordlist and it should contain around 50,000 passwords made of combinations of the inputs.

To begin cracking there is a simple format to use to set up the decryption:

hashcat -a <attack type> -m <encryption type> <hashcat file> <wordlist file> (no <>)

The different codes for attack and encryption types can be found in the help menu (hashcat --help). The wordlist attack is represented by a 0 and the encryption type is 22000, so:

hashcat -a 0 -m 22000 <hashcat file> <wordlist file> (no <>)

When downloaded, the HashCat file will have a long name so it is easier to rename it something simple so that you can type it in the command. Then, press enter and after a few seconds of setting up, it should begin cracking. It will finish when it either goes through the entire wordlist with no match, or if it cracks it. If it worked, you will see "cracked" in the session summary. Above this it will show the encrypted password with the cracked password.

This method may take multiple different wordlists to be successful, but there is another way. Brute-Forcing can be done by using -a 3 rather than 0, but first, we need to set parameters. This can be done by expressing what type and how many characters HashCat will try guessing. simply type "?" then the letter signaling what character set to use (ex. [0-9], [a-z]). One example:

?d?d?d?d?d?d?d?d?d?d

The "d" indicates digits [0-9] and since there are 10 of them this resembles a phone number. For more character sets, attack types and other modifications/parameters check the help page by typing:

hashcat --help

Phone numbers are extremely common WiFi passwords and equally as easy to crack. For this example, and if you want to test out cracking a password, you can go to an MD5 encryption generator and type in your phone number, copy the hash, and paste it in the command. For this to work, you will need to change the encryption type to MD5 or 0.

hashcat -a 3 -m 0 <paste your hash> ?d?d?d?d?d?d?d?d?d?d

It should eventually crack and give you your phone number.

If you are using a phone number as your WiFi password, I recommend you change it as soon as possible, or put in characters and spaces. My computer was able to crack this in a few milliseconds.

Interesting article on researcher that cracked over 3500 WiFi passwords.

Summary

This was a very fun activity and opened many doors to other ways of hacking with Linux. I believe everyone should know how crucial it is to have good security online and this project should show how easy it is to exploit online systems. It's not as complex to hack as in the movies; all you need is a computer and some YouTube videos.