My Experiments for Truth.

Creating a Fake Access Point The imporatance of creating a fake access point is that, we allowing an open AP, the clients will visit in-order to have free internet connection and as this is an open AP, there won't be any encryption and we can easily sniff through the details they have been using in the internet. The tool using for this purpose is mana-toolkit, which will start up with 3 options 1) start-noupstream // Start an AP with no internet conneciton 2) start-nat-simple // Start an AP with regular internet connection in the upstream interface. 3) start-nat-full // Starts an AP with internet connection, but it also starts sslstrip/ sslsplit and firelamp and attempts to bypass HSTS. start-nap-simple configuration file : /etc/mana-toolkit/hostapd-mana.conf Script to start the mana tool # bash /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

The diff command is used for creating a patch file. For this you will have an Original file, Modified file and finally we will create a Patch file with these 2 files. Diff command to create a patch file. # diff -u original.txt updated.txt > patch.txt Here -u represents the unified file. Now applying the patch by the below command. # patch original.txt < patch.txt This will replace the original file with the modifications. For Undo / Reverse the applied patch. # patch -R original.txt < patch.txt This will undo all the patches first applied.

 Deauthentication Attack This attack is very useful, it allows us to disconnect any device ( whether it is a windows machine, OR android phone OR an ios phone anything connected to the wifi network ) from any network that is within our range, even if the network have encryption , even if it uses a key and we don't have that key. For this we need to spoof our MAC address with the target client's MAC Address.,that we need to disconnect. So that we can pretent to be him and send a deauthentication packet to the router/Access point. At the same time we need to Spoof the MAC address to the Access point/Router MAC Address, and tell the target client to re-authenticate yourself. The program that is using for this purpose if aireplay-ng which is from the aircrack-ng package. # aireplay-ng - - deauth [No of packets] -a [AP] [INTERFACE] # aireplay-ng - - deauth 1000 -a 11:22:33:44:55:66 mon0 // Disconnet all clients # aireplay-ng - - deauth [No

For this purpose we need to install the macchanger package. # apt-get install macchanger Steps to change the mac address. 1) First disable the wireless card >> # ifconfig wlan0 down 2) Assign new address >> # macchanger - -random wlan0 // This will assing a random address 3) Enable the wireless card. >> # ifconfig wlan0 up 4) Show the new MAC address >> # macchanger -s wlan0 For more option just check the macchanger - - help Cheers!!

Command to view the wifi card name # iwconfig wlan0 IEEE 802.11bgn ESSID:"xxxx" Mode:Managed Frequency:2.412 GHz Access Point: xx:xx:xx:xx:xx:xx Bit Rate=65 Mb/s Tx-Power=16 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=51/70 Signal level=-59 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:62 Missed beacon:0 >> wlan0 is the wifi card name >> Mode "Managed" means that this machine will only receive packet traffic coming to this corresponding MAC address. So it will only capture only packets coming to this specific machine. So if you want to capture any packet even-if your MAC addresses is not the destination MAC address, you have to change this mode to "Monitor" mode. How to enable the Monitor Mode in your machine? Method 1: airmon-ng (For getting this program need to install the packa

Cross site scripting What is cross site scripting (XSS)? Cross site scripting attack is an attack done by an attacker by exploiting the vulnerability of a website by injecting Javascript codes into the website. This code will then act as the content of the website itself and used to steal confidential information from the users visiting the website.Java script is a client side language , so when the code is executed on the client, on the person, who is browsing the infected website. Different types of XSS Vulnerabilities. Stored/Persistent xss : This attack occurs, when the code that is injected by the attacker is stored on the target server,such as in the database, in a message forum , comment field etc, so each time the site or the corresponding page is loaded the injected code will also be executed. Reflected/Non Persistent xss : This attack occurs, when the code that is given by the attacker is returned immediately by the web application, in an

1. Get the structure of test_table from the source database.  > use database1;  > show create table test_table; 2. Copy the Complete CREATE TABLE `test_table` query 3. Remove the "AUTO_INCREMENT=xxxxxxx" Portion from the query. 4. Insert this query to the new database;  > use database2;  > Paste the CREATE TABLE query and press enter. 5. Now the tricky part, the below command will select the last 5 records from the test_table  of database1 and insert into the test_table of database2.  > insert into database1.test_table select * from database2.test_table order by cur_date desc limit 5; Thats all Folks, Cheers.

Why it is called Dirty Cow?   " A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. " Who found the Dirty COW vulnerability? Phil Oester How to mitigate this vulnerability? You need to update the kernel and make sure the kernel is patched for this vulnerability. # yum update kernel # uname -r // for getting the installed kernel. # rpm -qa | grep kernel-name // for getting the package of the installed kernel. # rpm -q --changlog | grep -i 'CVE-2016-5195'   - [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385116 1385117] {CVE-2016-5195} If this have a result like above , that means the cow is clean now :p How to Build and use the systemtap workaround First you have to insta