Monday, August 31, 2020

Fluxion - Set Up Fake AP, Fake DNS, And Create Captive Portal To Trick Users Into Giving You Their Password





Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phishing) attack. It's compatible with the latest release of Kali (rolling). Fluxion's attacks' setup is mostly manual, but experimental auto-mode handles some of the attacks' setup parameters. Read the FAQ before requesting issues.
If you need quick help, fluxion is also avaible on gitter. You can talk with us on Gitter or on Discord.

 Installation
Read here before you do the following steps.
Download the latest revision
git clone --recursive git@github.com:FluxionNetwork/fluxion.git
Switch to tool's directory
cd fluxion
Run fluxion (missing dependencies will be auto-installed)
./fluxion.sh
Fluxion is also available in arch
cd bin/arch
makepkg
or using the blackarch repo
pacman -S fluxion

 Changelog
Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog here.

 How it works
  • Scan for a target wireless network.
  • Launch the Handshake Snooper attack.
  • Capture a handshake (necessary for password verification).
  • Launch Captive Portal attack.
  • Spawns a rogue (fake) AP, imitating the original access point.
  • Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal.
  • Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
  • Spawns a jammer, deauthenticating all clients from original AP and lureing them to the rogue AP.
  • All authentication attempts at the captive portal are checked against the handshake file captured earlier.
  • The attack will automatically terminate once a correct key has been submitted.
  • The key will be logged and clients will be allowed to reconnect to the target access point.
  • For a guide to the Captive Portal attack, read the Captive Portal attack guide

 Requirements
A Linux-based operating system. We recommend Kali Linux 2 or Kali rolling. Kali 2 & rolling support the latest aircrack-ng versions. An external wifi card is recommended.

 Related work
For development I use vim and tmux. Here are my dotfiles

 Credits
  1. l3op - contributor
  2. dlinkproto - contributor
  3. vk496 - developer of linset
  4. Derv82 - @Wifite/2
  5. Princeofguilty - @webpages and @buteforce
  6. Photos for wiki @http://www.kalitutorials.net
  7. Ons Ali @wallpaper
  8. PappleTec @sites
  9. MPX4132 - Fluxion V3

 Disclaimer
  • Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research.
  • The usage of Fluxion for attacking infrastructures without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors/developers. It is the end user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

 Note
  • Beware of sites pretending to be related with the Fluxion Project. These may be delivering malware.
  • Fluxion DOES NOT WORK on Linux Subsystem For Windows 10, because the subsystem doesn't allow access to network interfaces. Any Issue regarding the same would be Closed Immediately

 Links
Fluxion website: https://fluxionnetwork.github.io/fluxion/
Discord: https://discordapp.com/invite/G43gptk
Gitter: https://gitter.im/FluxionNetwork/Lobby




Related articles
Posted by at No comments:

Sunday, August 30, 2020

PentestBox - Opensource PreConfigured Portable Penetration Testing Environment For The Windows

Read more


  1. Android Hack Tools Github
  2. Wifi Hacker Tools For Windows
  3. Game Hacking
  4. Tools Used For Hacking
  5. Hacking Tools Hardware
  6. Pentest Tools For Ubuntu
  7. Hack Tools
  8. Hack Apps
  9. Pentest Tools Website Vulnerability
  10. Hack Apps
  11. Hack Tools For Pc
  12. Hacker Tools For Ios
  13. Pentest Tools Subdomain
  14. Hack Tools
  15. Hack Tools For Windows
  16. Hack Tool Apk
  17. Tools For Hacker
  18. Hack Tools Mac
  19. Hacking Tools 2020
  20. Hacker Tools Online
  21. Hack Tools Github
  22. Github Hacking Tools
  23. Hacker Tools Windows
  24. Hacking Tools Name
  25. Hack Tools For Pc
  26. Hacker
  27. What Are Hacking Tools
  28. Hacker Tools Apk
  29. Hack Tools For Mac
  30. Pentest Tools Open Source
  31. Pentest Tools Download
  32. Nsa Hack Tools Download
  33. Hacking Tools For Windows Free Download
  34. Ethical Hacker Tools
  35. Hack Tools For Games
  36. How To Make Hacking Tools
  37. Pentest Tools Find Subdomains
  38. Hacking Tools Free Download
  39. Hacking Tools 2020
  40. Wifi Hacker Tools For Windows
  41. Hacking Tools Windows 10
  42. Hacking Tools For Pc
  43. Hacking Tools Windows
  44. Hacker Tool Kit
  45. Hacker Tool Kit
  46. Hacker Tools List
  47. Wifi Hacker Tools For Windows
  48. Top Pentest Tools
  49. Hacking Apps
  50. Pentest Tools Tcp Port Scanner
  51. Hack Tools Download
  52. Pentest Tools Open Source
  53. Hacking Tools For Pc
  54. What Are Hacking Tools
  55. Free Pentest Tools For Windows
  56. Pentest Box Tools Download
  57. Free Pentest Tools For Windows
  58. Hacker Tools Apk Download
  59. Pentest Automation Tools
  60. Hak5 Tools
  61. Ethical Hacker Tools
  62. Hack Tools Download
  63. Hacking Tools Hardware
  64. Black Hat Hacker Tools
  65. Hacking Tools Windows 10
  66. Hack Tools For Pc
  67. Hacker Tools Apk Download
  68. Pentest Tools Alternative
  69. How To Hack
  70. Pentest Reporting Tools
  71. Hak5 Tools
  72. Hack Tools
  73. Hacker Tools Apk Download
  74. Hacking Tools 2019
  75. Hacker Tools Mac
  76. Hackrf Tools
  77. Pentest Tools For Windows
  78. Pentest Tools Bluekeep
  79. Pentest Tools Website Vulnerability
  80. Ethical Hacker Tools
  81. Pentest Tools Linux
  82. Pentest Reporting Tools
  83. How To Install Pentest Tools In Ubuntu
  84. Pentest Tools For Windows
  85. New Hack Tools
  86. Top Pentest Tools
  87. Hacking Tools Pc
  88. Hack Rom Tools
  89. Black Hat Hacker Tools
  90. Pentest Tools Url Fuzzer
  91. Hacker Tools For Windows
  92. Pentest Tools Linux
  93. Pentest Tools Framework
  94. Beginner Hacker Tools
  95. Nsa Hack Tools Download
  96. World No 1 Hacker Software
  97. Hacking Tools For Windows Free Download
  98. Hacker Tools Github
  99. Usb Pentest Tools
  100. Hacker Tools For Pc
  101. Pentest Tools Apk
  102. Hack And Tools
  103. Tools For Hacker
  104. Hack Tools
  105. Pentest Tools
  106. Hack Tools For Windows
  107. Hacker Tools Free
  108. Hacker Tools Linux
  109. Github Hacking Tools
  110. What Is Hacking Tools
  111. Hacker Tools
  112. Hacker Tools List
  113. What Is Hacking Tools
  114. Hacking Tools Name
  115. Hacker Tools Software
  116. Hacks And Tools
  117. Hack Tools Online
  118. Hacking Tools Online
  119. Ethical Hacker Tools
  120. Hacking Tools Download
  121. Hack Tools
  122. Pentest Tools Website Vulnerability
  123. Nsa Hack Tools Download
  124. Hacker Tools Apk Download
  125. Hacking Tools 2019
  126. Blackhat Hacker Tools
  127. Bluetooth Hacking Tools Kali
  128. Pentest Tools Github
  129. Hacker Tools Free
  130. Hacker Search Tools
  131. Nsa Hack Tools Download
  132. Pentest Tools Review
  133. Hacker Tools For Windows
  134. Hack App
  135. Hack Tools Github
  136. Hack Tools Pc
  137. Best Hacking Tools 2019
  138. Hack Tool Apk No Root
  139. Usb Pentest Tools
  140. Hacking Tools For Windows Free Download
  141. Hacking Tools For Games
  142. Kik Hack Tools
  143. What Are Hacking Tools
  144. Computer Hacker
  145. Pentest Tools Subdomain
  146. Pentest Tools
  147. Pentest Tools Subdomain
  148. Blackhat Hacker Tools
  149. Hack App
  150. Hacker Tools For Pc
  151. Blackhat Hacker Tools
  152. Pentest Recon Tools
  153. Hacker Tools Free
  154. Pentest Tools List
  155. Pentest Tools Github
  156. Hacker Security Tools
  157. Hacking Tools Mac
  158. Pentest Tools Linux
  159. Hacking Tools For Games
  160. Hack Tools 2019
  161. Hacking Tools 2019
  162. Blackhat Hacker Tools
  163. Hack Tools For Windows
  164. Hacking App
Posted by at No comments:

Social Engineering Pentest Professional(SEPP) Training Review

Intro:
I recently returned from the new Social Engineering training provided by Social-Engineer.org in the beautiful city of Seattle,WA, a state known for sparkly vampires, music and coffee shop culture.  As many of you reading this article, i also read the authors definitive book Social Engineering- The art of human hacking and routinely perform SE engagements for my clients. When i heard that the author of the aforementioned book was providing training i immediately signed up to get an in person glance at the content provided in the book. However, i was pleasantly surprised to find the course covered so much more then what was presented in the book.

Instructors:



I wasn't aware that there would be more then one instructor and was extremely happy with the content provided by both instructors. Chris and Robin both have a vast amount of knowledge and experience in the realm of social engineering.  Each instructor brought a different angle and use case scenario to the course content. Robin is an FBI agent in charge of behavioral analysis and uses social engineering in his daily life and work to get the results needed to keep our country safe. Chris uses social engineering in his daily work to help keep his clients secure and provides all sorts of free learning material to the information security community through podcasts and online frameworks.



Course Material and Expectation: 
I originally thought that the material covered in class would be a live reiteration of the material covered in Chris's book. However, I couldn't have been more wrong !!  The whole first day was about reading yourself and other people, much of the material was what Robin uses to train FBI agents in eliciting information from possible terrorist threats. Each learning module was based on live demo's, nightly labs, and constant classroom interaction. Each module was in depth and the level of interaction between students was extremely useful and friendly. I would say the instructors had as much fun as the students learning and sharing social techniques and war stories.
The class was heavily made up of ways to elicit personal and confidential information in a way that left the individuatial "Happier for having met you".  Using language, body posture and social truisms as your weapon to gather information, not intended for your ears, but happily leaving the tongue of your target.
Other class activities and materials included an in depth look at micro expressions with labs and free extended learning material going beyond the allotted classroom days.  Also break out sessions which focused on creating Phone and Phishing scripts to effectively raise your rate of success. These sessions were invaluable at learning to use proper language techniques on the phone and in email to obtain your objectives.

Nightly Missions/Labs: 
If you think that you are going to relax at night with a beer. Think again!! You must ensure that your nights are free, as you will be going on missions to gain information from live targets at venues of your choice.  Each night you will have a partner and a mission to gain certain information while making that persons day better then it started.  The information  you are requested to obtain will change each night and if done properly you will notice all of the material in class starting to unfold.. When you get to body language training you will notice which targets are open and when its best to go in for the kill. You will see interactions change based on a persons change in posture and facial expressions. Each day you will take the new techniques you have learned and put them into practice. Each morning you have to report your findings to the class..
During my nightly labs i obtained information such as door codes to secured research facilities, information regarding secret yet to be released projects.  On the lighter side of things i obtained much personal information from my targets along with phone numbers and invitations for further hangouts and events. I made many new friends inside and outside of class.
There were also labs within the confines of the classroom such as games used to solidify your knowledge and tests to figure out what kind of learner you are. Technical labs on the use of information gathering tools and ways to use phone and phishing techniques to your advantage via linguistically and technologically. Essentially the class was about 60% interaction and labs.


Proof it works:
After class i immediately had a phishing and phone based contract at my current employment. I used the email and phone scripts that we created in class with 100% click rate and 100% success in phone elicitation techniques. Gaining full unfettered access to networks through phone and email elicitation and interaction. Although I do generally have a decent SE success rate, my rates on return are now much higher and an understanding of what works and what doesn't, and why are much more refined.


Conclusion and Certification:
I paid for this class out of pocket, including all expenses, hotels, rentals cars and planes etc etc. I would say that the class was worth every penny in which i paid for it. Many extras were given including black hat passes, extended training from notable sources and continued interaction from instructors after class ended. I would highly recommend this class to anyone looking for a solid foundation in social engineering or a non technical alternative to training.  You will learn a lot, push yourself in new ways and have a blast doing it. However I did not see any sparkly vampires while in seattle.... Twilight lied to me LOL
The certification is a 48 hour test in which you will utilize your knowledge gained technologically and socially to breach a company.I am not going to give away to much information about the certification as i haven't taken it yet and I do not want to misspeak on the subject. However I will say that social-engineer.org has done an excellent job at figuring out a way to include Real World Social Engineering into a test with verifiable proof of results. I am going to take my test in a couple weeks and it should be a blast!!!

Thanks and I hope this review is helpful to all those looking for SE training.  I had a blast :) :)Related links
Posted by at No comments:

Workshop And Presentation Slides And Materials

All of our previous workshop and presentation slides and materials are available in one location, from Google Drive.

From now on, we are only going to keep the latest-greatest version of each talk/workshop and announce changes on Twitter.

Related word


Posted by at No comments:
Subscribe to: Posts (Atom)