HACKING INFO..

HACKERS :COMPUTER SYSTEM SECURITY

Contents  

1 History
2 Classifications
2.1 White hat
2.2 Black hat
2.3 Grey hat
2.4 Elite hacker
2.5 Script kiddie
2.6 Neophyte
2.7 Blue hat
2.8 Hacktivist
2.9 Nation state
2.10 Organized crime
3 Attacks
3.1 Security exploits
3.2 Techniques
4 Notable intruders and criminal hackers
5 Notable security hackers
6 Customs
6.1 Hacker groups and conventions
7 Consequences for malicious hacking
7.1 India
7.2 Netherlands
7.3 United States
8 Hacking and the media
8.1 Hacker magazines
8.2 Hackers in fiction
8.2.1 Books
8.2.2 Films
8.3 Non-fiction books

Further information: Timeline of computer security hacker history
Bruce Sterling traces part of the roots of the computer underground to the Yippies, a 1960s counterculture movement that published the Technological Assistance
 Program (TAP) newsletter.[citation needed] TAP was a phone phreaking newsletter that taught techniques for unauthorized exploration
 of the telephone network. Many people from the phreaking community are also active in the hacking community even today, and vice versa.[citation needed]

Classifications

Several subgroups of the computer underground with different attitudes use different terms to demarcate themselves from each other, or try to exclude some
 specific group with whom they do not agree.

Eric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the computer underground should be called crackers. Yet, those people see
 themselves as hackers and even try to include the views of Raymond in what they see as a wider hacker culture, a view that Raymond has harshly rejected.
 Instead of a hacker/cracker dichotomy, they emphasize a spectrum of different categories, such as white hat, grey hat, black hat and script kiddie.
 In contrast to Raymond, they usually reserve the term cracker for more malicious activity.

According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information
contained in that system".These subgroups may also be defined by the legal status of their activities.

White hat

A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security
 software. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and
vulnerability assessments within a contractual agreement. The EC-Council,also known as the International Council of Electronic Commerce Consultants, is one of those
organizations that have developed certifications, courseware, classes, and online training covering the diverse arena of ethical hacking.

Black hat

A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain" (Moore, 2005).Black hat hackers form the
stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal".Black hat hackers
 break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. Black hat hackers are
 also referred to as the "crackers" within the security industry and by modern programmers. Crackers keep the awareness of the vulnerabilities to themselves and do
not notify the general public or the manufacturer for patches to be applied. Individual freedom and accessibility is promoted over privacy and security. Once they
have gained control over a system, they may apply patches or fixes to the system only to keep their reigning control. Richard Stallman invented the definition to
express the maliciousness of a criminal hacker versus a white hat hacker who performs hacking duties to identify places to repair.

Grey hat

A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the Internet and hack into a computer system for the sole purpose of
notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee.Grey hat hackers sometimes find
 the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking for their
personal gain, unauthorized access to a system can be considered illegal and unethical.

Elite hacker

A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as Masters of
Deception conferred a kind of credibility on their members.

Script kiddie

A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks into computer systems by using automated tools written by others (usually by other
 black hat hackers), hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience,
 immature),usually with little understanding of the underlying concept.

Neophyte

A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking and has almost no knowledge or experience of the workings of technology and hacking.

Blue hat

A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be
closed. Microsoft also uses the term BlueHat to represent a series of security briefing events.

Hacktivist

A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.

Hacktivism can be divided into two main groups:

Cyberterrorism — Activities involving website defacement or denial-of-service attacks; and,

Freedom of information — Making information that is not public, or is public in non-machine-readable formats, accessible to the public.
Nation state
Intelligence agencies and cyberwarfare operatives of nation states.

Organized crime
Groups of hackers that carry out organized criminal activities for profit.


A typical approach in an attack on Internet-connected system is:

Network enumeration: Discovering information about the intended target.

Vulnerability analysis: Identifying potential ways of attack.
Exploitation: Attempting to compromise the system by employing the vulnerabilities found through the vulnerability analysis.
In order to do so, there are several recurring tools of the trade and techniques used by computer criminals and security experts.

Security exploits

Main article: Exploit (computer security)
A security exploit is a prepared application that takes advantage of a known weakness.Common examples of security exploits are SQL injection, cross-site scripting
and cross-site request forgery which abuse security holes that may result from substandard programming practice. Other exploits would be able to be used through File
Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), PHP, SSH, Telnet and some Web pages. These are very common in Web site and Web domain hacking.

Techniques

This section does not cite any references or sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged
 and removed. (August 2011)
Vulnerability scanner
A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which
 ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its
version number. (Firewalls defend computers from intruders by limiting access to ports and machines, but they can still be circumvented.)

Finding vulnerabilities

Hackers may also attempt to find vulnerabilities manually. A common approach is to search for possible vulnerabilities in the code of the computer system then test
 them, sometimes reverse engineering the software if the code is not provided.
Brute-force attack
Password guessing. This method is very fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used,
 because of the time a brute-force search takes.
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Common approaches include repeatedly
trying guesses for the password, trying the most common passwords by hand, and repeatedly trying passwords from a "dictionary", or a text file with many passwords.
Packet analyzer
A packet analyzer ("packet sniffer") is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.
Spoofing attack (phishing)
A spoofing attack involves one program, system or website that successfully masquerades as another by falsifying data and is thereby treated as a trusted system by a
 user or another program — usually to fool programs, systems or users into revealing confidential information, such as user names and passwords.

Rootkit

A rootkit is a program that uses low-level, hard-to-detect methods to subvert control of an operating system from its legitimate operators. Rootkits usually obscure
their installation and attempt to prevent their removal through a subversion of standard system security. They may include replacements for system binaries, making
it virtually impossible for them to be detected by checking process tables.
Social engineering
In the second stage of the targeting process, hackers often use Social engineering tactics to get enough information to access the network. They may contact the
 system administrator and pose as a user who cannot get access to his or her system. This technique is portrayed in the 1995 film Hackers, when protagonist
Dade "Zero Cool" Murphy calls a somewhat clueless employee in charge of security at a television network. Posing as an accountant working for the same company,
Dade tricks the employee into giving him the phone number of a modem so he can gain access to the company's computer system.
Hackers who use this technique must have cool personalities, and be familiar with their target's security practices, in order to trick the system administrator into
 giving them information. In some cases, a help-desk employee with limited security experience will answer the phone and be relatively easy to trick. Another
approach is for the hacker to pose as an angry supervisor, and when his/her authority is questioned, threaten to fire the help-desk worker. Social engineering is
very effective, because users are the most vulnerable part of an organization. No security devices or programs can keep an organization safe if an employee reveals a
 password to an unauthorized person.
Social engineering can be broken down into four sub-groups:
Intimidation As in the "angry supervisor" technique above, the hacker convinces the person who answers the phone that their job is in danger unless they help them.
At this point, many people accept that the hacker is a supervisor and give them the information they seek.
Helpfulness The opposite of intimidation, helpfulness exploits many people's natural instinct to help others solve problems. Rather than acting angry, the hacker
acts distressed and concerned. The help desk is the most vulnerable to this type of social engineering, as (a.) its general purpose is to help people; and (b.)
it usually has the authority to change or reset passwords, which is exactly what the hacker wants.
Name-dropping The hacker uses names of authorized users to convince the person who answers the phone that the hacker is a legitimate user him or herself. Some of
these names, such as those of webpage owners or company officers, can easily be obtained online. Hackers have also been known to obtain names by examining discarded
 documents (so-called "dumpster diving").
Technical Using technology is also a way to get information. A hacker can send a fax or email to a legitimate user, seeking a response that contains vital information.
 The hacker may claim that he or she is involved in law enforcement and needs certain data for an investigation, or for record-keeping purposes.

Trojan horses

A Trojan horse is a program that seems to be doing one thing but is actually doing another. It can be used to set up a back door in a computer system, enabling the
 intruder to gain access later. (The name refers to the horse from the Trojan War, with the conceptually similar function of deceiving defenders into bringing an
intruder into a protected area.)
Computer virus
A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. By doing this, it behaves similarly to a
biological virus, which spreads by inserting itself into living cells. While some viruses are harmless or mere hoaxes, most are considered malicious.
Computer worm
Like a virus, a worm is also a self-replicating program. It differs from a virus in that (a.) it propagates through computer networks without user intervention; and
 (b.) does not need to attach itself to an existing program. Nonetheless, many people use the terms "virus" and "worm" interchangeably to describe any
self-propagating program.
Keystroke logging
A keylogger is a tool designed to record ("log") every keystroke on an affected machine for later retrieval, usually to allow the user of this tool to gain access
to confidential information typed on the affected machine. Some keyloggers use virus-, trojan-, and rootkit-like methods to conceal themselves. However, some of
them are used for legitimate purposes, even to enhance computer security. For example, a business may maintain a keylogger on a computer used at a point of sale
to detect evidence of employee fraud.
Tools and Procedures

A thorough examination of hacker tools and procedures may be found in Cengage Learning's E|CSA certification workbook.

Notable security hackers

Jacob Appelbaum is an advocate, security researcher, and developer for the Tor project. He speaks internationally for usage of Tor by human rights groups and others concerned about Internet anonymity and censorship.
Rakshit Tandon is an prominent cyber security researcher from India with primary focus on combating online abuse of women and children.
Eric Corley (also known as Emmanuel Goldstein) is the longstanding publisher of 2600: The Hacker Quarterly. He is also the founder of the Hackers on Planet Earth(HOPE) conferences. He has been part of the hacker community since the late 1970s.

Ed Cummings (also known as Bernie S) is a longstanding writer for 2600: The Hacker Quarterly. In 1995, he was arrested and charged with possession of technology that could be used for fraudulent purposes, and set legal precedents after being denied both a bail hearing and a speedy trial.

Dan Kaminsky is a DNS expert who exposed multiple flaws in the protocol and investigated Sony's rootkit security issues in 2005. He has spoken in front of the 

United States Senate on technology issues.

Andrew Auernheimer, sentenced to 3 years in prison, is a grey hat hacker whose security group Goatse Security exposed a flaw in AT&T's iPad security.
Gordon Lyon, known by the handle Fyodor, authored the Nmap Security Scanner as well as many network security books and web sites. He is a founding member of the
 Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
Gary McKinnon is a Scottish hacker facing extradition to the United States to face criminal charges. Many people in the UK have called on the authorities to be
 lenient with McKinnon, who suffers from Asperger syndrome.
Kevin Mitnick is a computer security consultant and author, formerly the most wanted computer criminal in United States history.
Rafael Núñez, a.k.a. RaFa, was a notorious hacker who was sought by the Federal Bureau of Investigation in 2001. He has since become a respected computer security
consultant and an advocate of children's online safety.
Meredith L. Patterson is a well-known technologist and biohacker who has presented research with Dan Kaminsky and Len Sassaman at many international security and
hacker conferences.
Len Sassaman was a Belgian computer programmer and technologist who was also a privacy advocate.
Solar Designer is the pseudonym of the founder of the Openwall Project.
Michal Zalewski (lcamtuf) is a prominent security researcher.

Customs

The computer underground has produced its own specialized slang, such as 1337speak. Its members often advocate freedom of information, strongly opposing the
 principles of copyright, as well as the rights of free speech and privacy.[citation needed] Writing software and performing other activities to support these
views is referred to as hacktivism. Some consider illegal cracking ethically justified for these goals; a common form is website defacement. The computer underground
 is frequently compared to the Wild West.It is common for hackers to use aliases to conceal their identities.

Hacker groups and conventions

The computer underground is supported by regular real-world gatherings called hacker conventions or "hacker cons". These events include SummerCon (Summer), DEF CON,
 HoHoCon (Christmas), ShmooCon (February), BlackHat, Chaos Communication Congress, AthCon, Hacker Halted, and HOPE.[citation needed] Local Hackfest groups organize
and compete to develop their skills to send a team to a prominent convention to compete in group pentesting, exploit and forensics on a larger scale. Hacker groups
became popular in the early 1980s, providing access to hacking information and resources and a place to learn from other members. Computer bulletin board systems
(BBSs), such as the Utopias, provided platforms for information-sharing via dial-up modem. Hackers could also gain credibility by being affiliated with elite groups.

Consequences for malicious hacking

India

Section Offence Punishment
65 Tampering with computer source documents – Intentional concealment, destruction     :    
        or alteration of source code when the computer source code is required to be kept or
        maintained by law for the time being in force:- Imprisonment up to three years, or/and with                                                                                     fine up to 2 lakh rupees
                                                                                                               
66 Hacking :-                                                                                  Imprisonment up to three                                                                                                   years, or/and with fine up to 5 lakh rupees

Netherlands

_____________________________________________
Article 138ab of Wetboek van Strafrecht prohibits computervredebreuk, which is defined as intruding an automated work or a part thereof with intention and against
 the law. Intrusion is defined as access by means of:
Defeating security measures
By technical means
By false signals or a false cryptographic key
By the use of stolen usernames and passwords.
Maximum imprisonment is one year or a fine of the fourth category.

United States

18 U.S.C. § 1030, more commonly known as the Computer Fraud and Abuse Act, prohibits unauthorized access or damage of "protected computers". "Protected computers"
are defined in 18 U.S.C. § 1030(e)(2) as:

A computer exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by
or
 for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the
Government.
A computer which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a
 manner that affects interstate or foreign commerce or communication of the United States;
The maximum imprisonment or fine for violations of the Computer Fraud and Abuse Act depends on the severity of the violation and the offender's history of violations
under the Act.

Hacking and the media

The most notable hacker-oriented print publications are Phrack, Hakin9 and 2600: The Hacker Quarterly. While the information contained in hacker magazines and ezines
 was often outdated by the time they were published, they enhanced their contributors' reputations by documenting their successes.

Hackers in fiction

Hackers often show an interest in fictional cyberpunk and cyberculture literature
and movies. The adoption of fictional pseudonyms,symbols, values and metaphors from
these works is very common.

Books

The cyberpunk novels of William Gibson—especially the Sprawl trilogy—are very popular with hackers.
Helba from the .hack manga and anime series
Merlin of Amber, the protagonist of the second series in The Chronicles of Amber by Roger Zelazny, is a young immortal hacker-mage prince who has the ability to
traverse shadow dimensions.
Lisbeth Salander in The Girl with the Dragon Tattoo by Stieg Larsson
Alice from Heaven's Memo Pad
Ender's Game by Orson Scott Card
Evil Genius by Catherine Jinks
Hackers (anthology) by Jack Dann and Gardner Dozois
Little Brother by Cory Doctorow
Neuromancer by William Gibson
Snow Crash by Neal Stephenson

Films

Antitrust
Cypher
Eagle Eye
Enemy of the State
Firewall
Girl With The Dragon Tattoo
Hackers
Live Free or Die Hard
The Matrix series
The Net
The Net 2.0
Pirates of Silicon Valley
Skyfall
Sneakers
Swordfish
Take Down
Tron
Tron: Legacy
Untraceable
WarGames
Weird Science
The Fifth Estate
Who Am I – No System Is Safe (film)
Non-fiction books
The Art of Deception by Kevin Mitnick
The Art of Intrusion by Kevin Mitnick
The Cuckoo's Egg by Clifford Stoll
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick
The Hacker Crackdown by Bruce Sterling
The Hacker's Handbook by Hugo Cornwall (Peter Sommer)
Hacking: The Art of Exploitation Second Edition by Jon Erickson
Out of the Inner Circle by Bill Landreth and Howard Rheingold

Underground by Suelette Dreyfus

======================================================================

HACKING: MOBILE

This article is about the use of telephone technology to steal information. For the manipulation of telephone call routing, see Phreaking.
Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent
of the phone's owner. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court)
that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family,
 other public figures, and the murdered schoolgirl Milly Dowler.

Contents

1 Risks
2 Techniques
2.1 Voicemail
2.2 Handsets
2.3 Other
3 Legality

Risks

Although any mobile phone user may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason)
 to devote time and resources to make a concerted attack, there are real risks to face."

Techniques

Voicemail

Phone hacking often involves unauthorized access to the voicemail of a mobile phone.
Contrary to what to their name suggests, scandals such as the News International phone hacking scandal have little to do with hacking phones,
 but rather involve unauthorised remote access to voicemail systems. This is largely possible through weaknesses in the implementations of these systems by telcos.

Since the early days of mobile phone technology, service providers have allowed access to the associated voicemail messages via a landline telephone, requiring the
 entry of a Personal Identification Number (PIN) to listen to the messages. Many mobile phone companies used a system that set a well-known four digit default PIN
 that was rarely changed by the phone's owner, making it easy for an adversary who knew both the phone number and the service provider to access the voicemail
 messages associated with that service. Even where the default PIN was not known, social engineering could be used to reset the voicemail PIN code to the default,
 by impersonating the owner of the phone during a call to a call centre. Many people also use weak PINs that are easily guessable; to prevent subscribers from
 choosing PINs with weak password strength, some mobile phone companies now disallow the use of consecutive or repeat digits in voicemail PIN codes.

During the mid-2000s, it was discovered that calls emanating from the handset registered against a voicemail account were put straight through to voicemail without
 the caller being challenged to enter a PIN. An attacker could therefore use caller ID spoofing to impersonate a victim's handset phone number and thereby gain
 unauthorized access to the associated voicemail without a PIN.
Following controversies over phone hacking and criticism that was levelled at mobile service providers who allowed access to voicemail without a PIN, many mobile
 phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved
 via a default PIN. For example, AT&T announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail,
 even when checking it from their own phones, while T-Mobile stated that it "recommends that you turn on your voice mail password for added security, but as always,
 the choice is yours."

Handsets

An analysis of user-selected PIN codes suggested that ten numbers represent 15% of all iPhone passcodes, with "1234" and "0000" being the most common, with years of
 birth and graduation also being common choices.Even if a four-digit PIN is randomly selected, the key space is very small (10^{4} or 10,000 possibilities),
 making PINs significantly easier to brute force than most passwords; someone with physical access to a handset secured with a PIN can therefore feasibly determine
 the PIN in a short time.Enterprises may therefore implement policies enforcing strong passwords through mobile phone management systems.

Mobile phone microphones can be activated remotely by security agencies or telcos, without any need for physical access. This "roving bug"
feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations.

Other techniques for phone hacking include tricking a mobile phone user into downloading malware which monitors activity on the phone, or bluesnarfing, which is
unauthorized access to a phone via Bluetooth.

Other

There are also flaws in the implementation of the GSM encryption algorithm that allow passive interception. The equipment needed is available to government
 agencies or can be built from freely available parts.

In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free
 decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system, and said that
 the problem could be fixed very easily.

Legality

Phone hacking is a form of surveillance, and is illegal in many countries unless it is carried out as lawful interception by a government agency. In the News
 International phone hacking scandal, private investigator Glenn Mulcaire was found to have violated the Regulation of Investigatory Powers Act 2000. He was sentenced
 to six months in prison in January 2007.Renewed controversy over the phone hacking claims led to the closure of the News of the World in July 2011.

In December 2010, the Truth in Caller ID Act was signed into United States law, making it illegal "to cause any caller identification service to knowingly transmit
 misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.

----------------------------------------------------------------------------------------------------------------

HACK WIFI: KALI LINUX 

The Differences Between Kali & BackTrack
Those of you who are using BackTrack, don't worry, things are very similar. Some tools are in different places, but in general, Kali is very similar to BackTrack. One of the first things you may notice different about Kali is that it is built on Debian Linux instead of Ubuntu Linux. This won't create dramatic differences, but some subtle ones.

One of the reasons that the folks at Offensive Security gave for converting from Ubuntu to Debian is that they are not comfortable with the direction that Ubuntu is going. BackTrack was built on Ubuntu 10.04 and that Ubuntu release was scheduled for non-support. That would have left BackTrack without an Ubuntu release they were both comfortable with and had support.

The transition from Ubuntu to Debian should not be difficult as Ubuntu began as a fork of Debian and share many of the same features and conventions.

The Advantages of Using Kali Over BackTrack
Some of the advantages of using Kali include the following.

The GNOME interface, if you are familiar with it.
Some new tools.
Updates on some old tools such as Metasploit, p0f, etc.
Continuity into the future as Ubuntu pursues its own agenda that is inconsistent with hacking and security.
You can now invoke any tool from any directory as all tool directories are in the PATH variable.
We now have a build specifically designed for the ARM architecture.
Now that you know the basic information, let's get started using it.

Step 1: Download & Burn Kali
First navigate to kali.org; you should see a page like this:

Now, let's click on the tab at the top that says "Downloads" and you should be greeted with a screen similar to this.

As you can see, you have a choice of 64-bit, 32-bit, ARMEL, or ARMEH.

For most of you with a 64-bit OS and 64-bit processor, you will want to download the 64-bit ISO. If you are not sure, download the 32-bit, it will run on either a 32-bit or 64-bit system.

The other two options are for the ARM processors that are in such devices as smartphones and tablets. We will be working with those in a later tutorial (think of the possibilities...hacking from a smartphone, tablet, and even a Raspberry Pi).

Make certain that you have about 3 GB of available hard drive space as these downloads are about 2.9 GB each.

Once you have downloaded Kali (it takes an hour or two depending upon your connection speed), burn it to a DVD. If you need help burning an ISO to a DVD, check out Step 2 in my past guide on installing BackTrack. It's the same process.

Step 2: Install Kali
Installing Kali is similar to installing BackTrack. For our purposes here, I would recommend installing into a virtual machine (VM). In that way, you can practice hacking between systems all on your box and evade breaking any laws and being separated from your computer for a few years.

Probably the two best virtualization systems are VMWare's Workstation and Oracle's Virtual Box. I use both and I have to give the nod to Workstation as easier to use and more glitch-free, but since Oracle bought Sun Microsystems a few years ago (and its Virtual Box), Virtual Box has been getting better and better.

A big difference between the two is price. VMWare's Workstaion is about $180 and Oracle's Virtual Box is free. Can't beat that price!

Remember, like BackTrack, you can log in as "root" with a password of "toor". Then, type "startx" to start the X-Windows system.

The Disadvantages of Using a VM
There are three primary disadvantages of using a VM. First, resource usage. Running a VM requires additional RAM to run well. It will run in 4 GB, but slowly. I recommend 8 GB as a minimum.

Second, to do wireless hacking from a VM, you will need an external wireless card. In reality, to do effective wireless hacking, you will need an aircrack-ng-compatible wireless card, so if you choose the VM route, make certain to buy an aircrack-ng compatible wireless card.

Third, the virtualization system adds an additional level of complexity that can prove daunting to the beginner.

If Not Using a VM, Dual Boot Instead
The other option is to install it as a dual boot system. To do so, first, change the boot sequence on your system to boot first from your DVD/CD drive. Then, you can simply boot Kali from the DVD you burned from the ISO image you downloaded.

Once it boots, you then click on the install Kali icon in the upper left-hand corner. The install wizard will walk you through the steps to partition your hard drive so that you can have two or more operating systems on the hard drive and simply boot into which ever one you please.

The advantages of a dual boot system are multi-fold. First, Kali will run faster with less resources. Two, you will NOT need an additional wireless card (but it is still recommended). Third, you will not have the additional complexities of working in a VM.

Step 3: Navigate in Kali
Once we have Kali installed, you can see that it looks similar to BackTrack with the same background and logo. Also, unlike BackTrack, you don't have the choice of interfaces.

The only interface Kali offers is the ever popular GNOME interface (I prefer KDE, but I will now be working in GNOME in Kali). Of course, you can download the KDE interface if you prefer and install and run it.

Step 4: The GNOME/Kali Interface
If you have used another Linux distribution with the GNOME interface, the pull-down menus at the top of the desktop will be familiar to you.

The applications menu to the very far left is the one we are most interested in. When we pull it down, you can see the "Kali Linux" menu about midway down. That is where we will start most of our hacks (remember, though, that one of the advantages of Kali is that we can invoke any tool from any directory from the terminal, so that menu system will be less necessary).

Just like BackTrack, it then subdivides our hacking tools into various categories.

Step 5: The Top Ten Security Tools
One of the many things that the folks at Offensive Security added to Kali was a "Top Ten Security Tools" menu. As you can see below, this includes some of my favorite tools such as nmap, Metasploit, sqlmap, Wireshark, and aircrack-ng among others.

STEPS FOR HACKING WIFI PASSWORDS USING KALI LINUX

Step One:

Start Kali Linux and login, preferably as root.


Step Two:

Plugin your injection-capable wireless adapter, (Unless your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the imageicon in the device menu.

Step Three:

Disconnect from all wireless networks, open a Terminal, and type airmon-ng

This will list all of the wireless cards that support monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.
You can see here that my card supports monitor mode and that it’s listed as wlan0.

Step Four:

Type airmon-ng start followed by the interface of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0

The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mine is mon0.

Step Five:

Type airodump-ng followed by the name of the new monitor interface, which is probably mon0.

Step Six:

Airodump will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.

Step Seven:

Copy the BSSID of the target network

Now type this command:
airodump-ng –c [channel] –bssid [bssid] –w /root/Desktop/ [monitor interface]
Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).

A complete command should look like this:
airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0

Now press enter.

Step Eight:

Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!

But we’re not really going to wait for a device to connect, no, that would take too long. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, we’re going to use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router.

Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

You can see in this picture, that a client has appeared on our network, allowing us to start the next step.

Step Nine:

leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0
The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.

My complete command looks like this:
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0

Step Ten:

Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!

This means that the handshake has been captured!Open-mouthed smile You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.

Step 11:

This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.

My complete command looks like this:
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt  /root/Desktop/*.cap

Now press Enter.

Step 12:

Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist on the internet!

Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.

If the phrase is in the wordlist, then aircrack-ng will show it too you like this:

The passphrase to our test-network was notsecure, and you can see here that aircrack found it!

If you see a message similar to this, then your tests have penetrated the network. Tell the owner that he needs a stronger password!