Tuesday, March 18, 2014
Wednesday, March 5, 2014
Difference between WPA and WEP
We can have 2 standards of security in wireless networks:
- WPA=(Wireless Protected Access) It's the best connection method, it gives an unique key to every user, that means every connection to the router has an handshake with the user device.The password can be from 8 to 63 characters. Now WPA works like this, but it also can work in a less secure way
- WPA-PSK=(Pre-Shared Key) It is the least secure, every user has the same password, it's usual to find in small business and home wireless networks. It can use 2 coding methods
- TKIP=(Temporal Key Integrity Protocol)In short words every package has a key, mixing the package integrity and a mechanism of re-keying
- AES=(Advance Encryption Standard) The best authorized coding for WiFi
- WPA2-PSK=Connect with AES coding method.
- WEP=(Wired Equivalent Privacy) It was the first standard of wireless security networks, now is obsolete, surpassed by WPA, is highly encouraged to not use WEP, nowadays it can be break it within minutes
How to add sudoers users in Linux
First you need to create a user, if you already created (jump to step 2), is ok, otherwise here's how:
1)Open a terminal and type $useradd nameofyournewuser
Replace it with the name you want
1.5) You can add the -m parameter to autocreate the home directory for that user instead type $useradd nameofyournewuser -m
2)Once is created, we need to modify the sudoers list, type
$nano /etc/sudoers
3)Search for this line
# User privilege specification
root ALL=(ALL:ALL) ALL
root ALL=(ALL:ALL) ALL
Below that last line add this
nameofyournewuser ALL=(ALL:ALL) ALL *(the syntaxes of that line can change between linux distros, in my case I am using kali linux)
4)Press Ctrl+X to save the changes and Y to confirm the changes
5)That's it, logout and login with your new user
Thursday, February 13, 2014
How to set up a small portable pentesting environment: DVWA + OWASP + XAMPP + PortableApps
This also can be applied to make a portable web development environment; so our objective is to make a fully functional portable pentesting environment, the only requirement is have a portable device as a external HDD, a pendrive or even a smartphone, so we begin.
1)Download PortableApps, http://portableapps.com, this tool makes possible to run software portable with a friendly user interface. Once you have downloaded the installer, you have to select the destination and you're done.
2)Download XAMPP ("XAMPP is an easy to install Apache distribution containing MySQL, PHP, and Perl". -http://www.apachefriends.org/index.html) has the necessary to setup a small server to host a site, we will use it to mount DVWA, so here http://www.apachefriends.org/download.html select a windows installer, doesn't matter which php version. You have to install it on the portableapp directory, on the root directory\PortableApps, make sure it has its own folder named 'xampp'
Now run the portableapps menu, and click the 'apps' option, and click again in 'refresh apps icon', if everything went well, you have to see 4 icons available on your portableapps menu of xampp, like xampp-control
3)Download DVWA, http://www.dvwa.co.uk 'Damn Vulnerable Web App', it's a test site with configurable vulnerabilities, used by pentesters to practice defense and offense against sites (depends in your interests). Once you have downloaded, decompress the zip file, rename it to 'dvwa' and copy the whole folder and paste it in the 'htdocs' folder on xampp directory, once you done this, this is how your folder should look like...
The next step is set up the dvwa itself, run the xampp-control from the portableapps menu, click the start button of Apache and MySQL, now open a browser and type this
Don't be scare if shows a message 'Unable to connect to MySQL' just click on the link showing. You will be redirected to another page, click the 'create reset database'button, and again don't be scared if this message appear 'Could not connect to the database - please check the config file.'
To solve that message we have to go to the root of dvwa directory,config folder and open the config.inc.php and open it with an editor, search for $_DVWA[ 'db_password' ] replace the whole line with this $_DVWA[ 'db_password' ] = ''; save it and go again to the site of dvwa in the browser and hit the button, now the database is created. Now the final step...
4)Download a OWASP project, you can download any OWASP project, but for this case we will use owasp zap https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project the function about this step, is set up a tool to make pentesting attacks against DVWA, so same as before install it on the portableapps directory besides xampp, and refresh the icons in the menu and that's it.
Now to access as a user in dvwa type this url http://127.0.0.1/dvwa/login.php the default user is admin and password is password
From now on, is up to you to do some research about how to use this tools, I hope it has been helpful this article.
*Sorry my english this was my first article in english
Subscribe to:
Posts (Atom)
