Documente Academic
Documente Profesional
Documente Cultură
HH O
OWW TT O
O
Free Trading
Signals
18 signals pre day
toolstrade.com
HH O
OWW TT O
O
Besside-ng is, in my opinion, one of the most powerful Wi-Fi hacking tools
4 Ways to Crack a Facebook Password &
currently available. First written in 2010 in C, Besside-ng is an incredibly
How to Protect Yourself from Them
aggressive and persistent WPA handshake mass-harvester and WEP cracker. It
features customizable options to upload handshakes to distributed WPA password
crackers which, on average, crack over 18% of networks submitted automatically.
While WEP can be broken easily, WPA and WPA2 networks require us to record a How to Get Your Mac Ready for Hacking
"handshake" when a device connects to the target network, and then try to guess
the password by having a program try many possible passwords against that
recorded handshake. If we guess the correct password, we'll know, so having a
good password list and a fast processor used to be essential to cracking WPA
networks.
time, we can submit these handshakes to An Intro to Vim, the Unix Text Editor Every
a distributed cracking service or a more Creating a Custom Wordlist Hacker Should Be Familiar With
powerful machine, which will with Crunch (To Crack
automatically try all of the world's most Passwords)
common and shitty passwords for us.
Since many people choose bad passwords, we will get back around 10–20% of
our recorded handshakes networks with cracked passwords.
device like the target's smartphone or laptop must connect to the network. Fully Anonymize Kali with Tor, Whonix, &
PIA VPN
Besside-ng scans the airwaves for any devices connected to a Wi-Fi network, and
then injects a packet that disconnects the device from that network for a very
short period of time.
HH O
OWW TT O
O
HH O
OWW TT O
O HH AA CC KK W
W II -- FF II
HH O
OWW TT O
O
HH O
OWW TT O
O HH AA CC KK W
W II -- FF II
FORUM METASPLOIT BASICS FACEBOOK HACKS PASSWORD CRACKING WI-FI HACKING LINUX BASICS
HH AA CC KK LL II KK EE AA PP RR O
O
The targeted device will reconnect automatically, and we will record the
handshake when it does. It's terrifyingly easy, and during peak activity hours in a
high-density area, Besside-ng can harvest every Wi-Fi network in use within the
range of your antenna. Keep in mind, if your target has an always-connected
smart device, you can pretty much always grab a handshake for their network.
HH O
OWW TT O
O
Why a 2010 Tool Is Still Powerful in 2017 VPN Your IoT & Media Devices with a
Raspberry Pi PIA Routertraffic
Since 2010, some major changes have made Besside-ng relevant again. Small,
cheap computers like the Raspberry Pi Zero W and the Raspberry Pi 3 feature the
ability to add powerful network adapters in addition to its internal Wi-Fi card, all
while keeping the cost below $70 to run a remote headless attack suite.
HH AA CC KK LL II KK EE AA PP RR O
O
HH O
OWW TT O
O
HH AA CC KK LL II KK EE AA PP RR O
O
An attacker would only need a directional antenna aimed at the rogue device to
communicate with and control it. The rapid way in which Besside-ng builds a list
of available Wi-Fi connections to switch between allows a rogue device to develop
a "beachhead" into the neighboring wireless environment. This doubles as a list of
exploitable routers to pivot through once the WPA password is cracked. Once a
rogue device is in place and cracks a few reliable networks, the hacker is free to
HH O
OWW TT O
O
go home and control the device via a reverse shell.
Get Unlimited Free Trials Using a "Real"
Fake Credit Card Number
&
A long-range, directional WPA harvester designed for scanning the upper stories of high-rise ALL FEATURES
buildings.
Image by SADMIN/Null Byte
Free Trading
Signals
18 signals pre day
toolstrade.com
Anonymous Internet Setup Through Piggybacking Nearby
Networks
Emergency setup of workstations when rapidly shifting locations can be aided by
using Besside-ng to acquire several connection options in under an hour. A small
team needing to rapidly set up an internet-connected forward operating position
in an opportunistic workspace (like working out of a garage or public space) can
piggyback off existing nearby infrastructure to reduce their footprint.
While it's easy to get access, it is critical to properly use Tor or VPNs, and spin
the MAC address of any devices used each time they connect to such a network.
If you need a network — any network — to get working, this is your program.
This technique can also be used to quickly set up an environment for rogue
devices to operate in, allow for a LAN dead drop between two users over a
privately owned network, or impersonate users of nearby networks to mask
activity.
Two Besside-ng sessions running in parallel to gain internet access for this workstation. This
Kali box will set itself up, after initially being tethered while it cracks its first networks.
Image by SADMIN/Null Byte
Placing a device like this allows us to do useful things like conduct visual and
electronic surveillance of an area, extend VoIP coverage to areas where cellular
coverage may be blocked, pivot deeper into targeted systems, and perform other
helpful functions.
Since our Buck-Eye runs Kali Linux, Besside-ng can ensure tactical network
availability by scanning for and helping to build a list of backdoor Wi-Fi
connections to spider through to ensure survivability in the event a primary Wi-Fi
connection goes down.
Our Kali Linux build is the easiest way to get started. For hardware, the only real
requirement is a wireless network adapter capable of packet injection.
It should be noted that our testing has found bugs when using the
Atheros AR9271 chipset.
Once we confirm we have the suite and it's updated, we can proceed with the
attack.
Starting Besside-ng on the wrong antenna will instantly sever your remote
connection and lock you out of the device until you restart if you are connected
via SSH. Here we see my attack antenna is idle while my command and control
antenna is attached to a network.
If you are not on Kali, you can run ifconfig to see attached antennas and look for
"wlan" to spot the wireless antennas. In this case, wlan1 is my attack antenna.
Shit will proceed to hit the fan, with the script automatically throwing the
wireless card into monitor mode and scanning all channels for targets. On the first
run or two, you may get a "no child process" error. Just run the besside-ng wlan1
command again and it will start. To see everything the script is doing, add the -vv
argument at the end. You'll see the blistering speed at which Besside-ng finds,
prioritizes, pings, and attacks networks.
This script will, by default, scan all channels. This makes it too slow for
wardriving or warwalking to capture handshakes, since by the time the master list
of APs to attack is built and prioritized, you're a block away.
If you wish to attack a particular network, you can add the -b argument
followed by the BSSID of the target to specify which access point you want to
attack. This is useful for networks with many APs under the same name (extended
service sets), which may have many identically named APs which all appear as
the same Wi-Fi network. Adding this argument allows you to focus your attack on
a particular AP under the umbrella of the network and make faster progress on
cracking a WEP key.
We can run these in Aircrack-ng against our own password list, but electricity is
expensive and brute-force attacks are very boring. Instead, we can use the -s
argument to specify a WPA server to upload the handshakes to. This will let a
distributed service like wpa.darkircop.org crack the passwords for us.
Aircrack-ng will re-try the attack automatically every 5,000 IVs as more packets
are captured by Besside-ng.
This repeats until we defeat the encryption and gain the key.
This will kill any troublesome processes for monitor mode, but also kill any other
Wi-Fi interfaces, so be careful if you are SSHed into your device that way.
Besside-ng Vs Wifite
Besside-ng is not the only tool to target this niche. Suites like Wifite can also be
used to attack WPA and WEP networks in automated ways. Wifite includes the
added function of attacking WPS setup PINs.
Thanks for reading, and make sure to keep an eye on Null Byte for more hacking
tutorials. You can ask me questions here or @sadmin2001 on Twitter or Instagram.
Related
H O W TT O H A C KK W II -- FF II
10 Comments
THEUNBORN
2 MONTHS AGO 2 ) (
* REPLY
SADMIN
2 MONTHS AGO 1 )
)
(
(
I feel the same about this one! This is definitely one of my favorite tools.
* REPLY
THEUNBORN
2 MONTHS AGO 1 ) (
Can you help me, I found a post 2 months ago here in Null-Byte but I wanted to recheck it
) (
one day and the one who posted it change its description to "Removed".
* REPLY
) (
&
&
SADMIN
2 MONTHS AGO 1 ) (
I saw that too, a user deleted a bunch of his own posts. He poofed himself, unfortunately,
nothing can be done about that.
* REPLY
KLAVIATUR
2 MONTHS AGO - EDITED 2 MONTHS AGO 1 ) (
) (
I met a problem:
WPA handshake upload failed
Pwned network XXXXX in 48:28 mins:sec
TO-OWN OWNED XXXXX UNREACH
All neighbors owned
Dying...
* REPLY
KLAVIATUR
2 MONTHS AGO 1 ) (
* REPLY
SADMIN
2 MONTHS AGO 2 )
)
(
(
try http://wpa-sec.stanev.org/?
* REPLY
ULTRASONIC
LAST MONTH 1 ) (
Having problems with a "crappy connection 100% loss" error on everything I scan. Doesn't
) (
matter where the router is (I even put the antenna right next to it at one point out of
frustration)
Raspberry Pi 3 build
Panda pau05 antenna
Tried it with an Alfa antenna as well with the same results. Thoughts? ) (
* REPLY
MOGENS CHRISTENSEN
3 WEEKS AGO 2 ) (
Having the same issue. I reckon it might be down to the panda shipping with another chipset
these days, mine is with the RT-5372 chipset. In another guide on here the panda is said to
have the RT-3070 chipset: https://null-byte.wonderhowto.com/how-to/buy-best-wireless-
network-adapter-for-wi-fi-hacking-2017-0178550/
* REPLY
ULTRASONIC
2 WEEKS AGO 1 )
) (
(
Well, I've got a Kali Live with Persistance USB that I tried out on my laptop, and both
antennas work fine with besside-ng. So I'm wondering if the problem is with the Raspberry
Pi. ??
* REPLY
YOU
LOGIN TO COMMENT
Click to share your thoughts