β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Wifi hacking tips :
#Using Kernel Modules to Simulate Wireless Adapters to Practice Pen Testing
You can use mac80211_hwsim is a software simulator of 802.11 radio(s) for mac80211 in Kali Linux and other penetration testing distributions like Parrot.
[mac80211_hwsim](https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim) kernel module has a parameter 'radios' that can be used to select how many radios are simulated (default 2). This allows configuration of both very simply setups (e.g., just a single access point and a station) or large scale tests (multiple access points with hundreds of stations).
The following site provides a description:
- https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim
#Starting the Kernel Module in Kali
In my Kali Linux box, I have only one active interface (eth0).
I am starting the simulator kernel module with the
After starting the module, the wireless interfaces are shown:
You can then install
#Install and Configure hostapd
You can then install
π¦2020 Wifi hacking tips :
#Using Kernel Modules to Simulate Wireless Adapters to Practice Pen Testing
You can use mac80211_hwsim is a software simulator of 802.11 radio(s) for mac80211 in Kali Linux and other penetration testing distributions like Parrot.
[mac80211_hwsim](https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim) kernel module has a parameter 'radios' that can be used to select how many radios are simulated (default 2). This allows configuration of both very simply setups (e.g., just a single access point and a station) or large scale tests (multiple access points with hundreds of stations).
The following site provides a description:
- https://wireless.wiki.kernel.org/en/users/drivers/mac80211_hwsim
#Starting the Kernel Module in Kali
In my Kali Linux box, I have only one active interface (eth0).
root@kali:~# ip -brie a
lo UNKNOWN 127.0.0.1/8 ::1/128
eth0 UP 172.16.217.170/24 fe80::20c:29ff:fe3c:82b0/64
I am starting the simulator kernel module with the
modprobe mac80211_hwsim command:root@kali:~# modprobe mac80211_hwsim
After starting the module, the wireless interfaces are shown:
root@kali:~# ip -brie a
lo UNKNOWN 127.0.0.1/8 ::1/128
eth0 UP 172.16.217.170/24 fe80::20c:29ff:fe3c:82b0/64
wlan0 DOWN
wlan1 DOWN
hwsim0 DOWN
You can then install
hostapd to create a wireless access point and then use aircrack-ng to perform wireless assessments.#Install and Configure hostapd
You can then install
hostapd, as shown below:root@kali:~# sudo apt install hostapd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
hostapd
0 upgraded, 1 newly installed, 0 to remove and 1748 not upgraded.
Need to get 608 kB of archives.
After this operation, 1,549 kB of additional disk space will be used.
Get:1 http://archive.linux.duke.edu/kalilinux/kali kali-rolling/main amd64 hostapd amd64 2:2.6-18 [608 kB]
Fetched 608 kB in 2s (301 kB/s)
Selecting previously unselected package hostapd.
(Reading database ... 353210 files and directories currently installed.)
Preparing to unpack .../hostapd_2%3a2.6-18_amd64.deb ...
Unpacking hostapd (2:2.6-18) ...
Setting up hostapd (2:2.6-18) ...
Created symlink /etc/systemd/system/hostapd.service Γ’β β /dev/null.
update-rc.d: We have no instructions for the hostapd init script.
update-rc.d: It looks like a network service, we disable it.
Processing triggers for systemd (238-4) ...
Processing triggers for man-db (2.8.2-1) ...
Scanning processes...
Scanning candidates...
Scanning processor microcode...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
User sessions running outdated binaries:
root @ session #3: bash[1599]
root@kali:~# hostapd
hostapd v2.6
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2016, Jouni Malinen <j@w1.fi> and contributors
usage: hostapd [-hdBKtv] [-P <PID file>] [-e <entropy file>] \
[-g <global ctrl_iface>] [-G <group>]\
[-i <comma-separated list of interface names>]\
<configuration file(s)>
options:
-h show this usage
-d show more debug messages (-dd for even more)
-B run daemon in the background
-e entropy file
-g global control interface path
-G group for control interfaces
-P PID file
-K include key data in debug messages
-f log output to debug file instead of stdout
-T = record to Linux tracing in addition to logging
(records all messages regardless of debug verbosity)
-i list of interface names to use
-S start all the interfaces synchronously
-t include timestamps in some debug messages
-v show hostapd version
root@kali:~#
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Linux-Termux tip :
What is BBQSQL?
> Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
> BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
βExample :
You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:
${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT we can view n number of row depending on ${row_index} value.
${char_index}: This tells bbqSQL which character from the subselect to query.
${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.
${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is true or not. By default, the > symbol is used.
${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time based SQL injection.
Not all of these place holders are required. For example, if you have discovered semi-blind boolean based SQL injection you can omit the ${sleep} parameter.
6οΈβ£FOR MORE EXAMPLES :
https://github.com/Neohapsis/bbqsql#install
π¦Features :
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Linux-Termux tip :
What is BBQSQL?
> Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
> BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/Neohapsis/bbqsql.git5οΈβ£The query syntax is based around placeholders which tell BBQSQL how to execute the attack ?
2οΈβ£cd bbqsql
3οΈβ£install in one command :
sudo pip install bbqsql (kali-parrot repo)
4οΈβ£for termux
> python setup.py install
βExample :
You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:
${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT we can view n number of row depending on ${row_index} value.
${char_index}: This tells bbqSQL which character from the subselect to query.
${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.
${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is true or not. By default, the > symbol is used.
${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time based SQL injection.
Not all of these place holders are required. For example, if you have discovered semi-blind boolean based SQL injection you can omit the ${sleep} parameter.
6οΈβ£FOR MORE EXAMPLES :
https://github.com/Neohapsis/bbqsql#install
π¦Features :
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - CiscoCXSecurity/bbqsql: SQL Injection Exploitation Tool
SQL Injection Exploitation Tool. Contribute to CiscoCXSecurity/bbqsql development by creating an account on GitHub.