FinIntrusion-Kit-2.2-Product-Training

Report
1
FINFISHER: FinIntrusion Kit 2.2
Product Training
Table of Content
2
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
Portfolio Overview
3
FinUSB Suite
FinIntrusion Kit
FinFireWire
FinSpy
FinSpy Mobile
FinFly
FinTraining
FinAdvisory
FinIntrusion Kit / Operational Usage
The FinIntrusion Kit is a portable IT Intrusion kit which can be used for various
strategic and tactical attacks by red-teams inside or outside the Headquarters.
Typical Operations:
Wireless Networks:
 Break Encryption and record all Traffic
 Record Usernames and Passwords even for SSL-encrypted
sites (e.g. Facebook, MySpace, Online Banking)
Access remote Systems:
 Gain access to remote Infrastructures and Webservers
 Get access to E-Mail Accounts
4
FinIntrusion Kit / Core Features
•
Discover Wireless LANs (802.11) devices
•
Recover WEP (64 and 128 bit) Passphrase within 2-5 minutes
•
Break WPA1 and WPA2 Passphrase using Dictionary Attacks
•
Emulate Rogue Wireless Access-Point (802.11)
•
Actively monitor Local Area Network (Wired and Wireless) and extract
Usernames and Passwords even for SSL/TLS-encrypted Sessions like
GMail, Hotmail, Facebook, etc.
•
Crawl and extract Words from a webpage and generate a Wordlist.
5
FinIntrusion Kit / Covert Tactical Unit
• Notebook (Backtrack 5 pre-installed)
• FinIntrusion Kit Software (pre-installed)
• Wireless Intrusion Hardware
6
FinIntrusion Kit – Main Screen
7
Main Panel
Menu Bar
FinIntrusion Kit – Menu Bar
8
 Change Update settings and check for Updates.
 Install a new License or display License information.
 Choose your Language.
 Display FinIntrusion Kit version and EULA.
 Visit the FinFisher Support Website.
Table of Content
9
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
FinIntrusion Kit – Menu Bar – Updates
10
FinIntrusion Kit – Menu Bar – Updates
 Change Update settings
Disabled
No Update request will be
done automatically.
At Startup
An update request will be
triggered on application start
Daily
An update request will be
triggered every day.
Weekly
An update request will be
triggered every week.
Monthly
An update request will be
triggered every month.
 Check for Updates now
11
 Import an Updates
Package by yourself
• No online request will
be done.
• Update Package could
be stored locally or on
an external Harddisc.
FinIntrusion Kit – Menu Bar – License
12
FinIntrusion Kit – Menu Bar – License
 No License is installed
 Valid License is installed
13
FinIntrusion Kit – Menu Bar – Language
14
FinIntrusion Kit – Menu Bar – Language
15
 Choose your Language. Status Messages, Menu
Entries, Results are displayed in your selected Language.
(Configuration Parameter stored in “FinFisherDate.cfg” file)
Language Code in
„FinFisherDate.cfg“
 Accept changes.
Application must be restarted!
de-DE
German (Germany)
ar-SA
Arabic (Saudi Arabia)
pt_PT
Portuguese (Portugal)
es-ES
Spanish (Spain)
en-US
English (United States /
International)
ru-RU
Russian
fr-FR
French (Standard)
FinIntrusion Kit – Menu Bar – About
16
FinIntrusion Kit – Menu Bar – About
17
 Display content of FinIntrusion Kit EULA (“End-User Licensing Agreement”)
FinIntrusion Kit – Menu Bar – About
18
FinIntrusion Kit – Menu Bar – Online Help
Load an after-sales website that gives the
customers the following capabilities:
 Download product information (latest User
Manuals, Specifications, Training Slides)
 Access change-log and roadmap for products
 Report bugs and submit feature requests
 Inspect frequently asked questions (FAQ)
19
Table of Content
20
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
FinIntrusion Kit – MAIN Panel
21
Table of Content
22
Network Intrusion
Adapter Configuration



Refresh
Renew IP
Change MAC Address
Target List



Network Scan
Network Jammer
Network Password Sniffer
Network Password Sniffer


Password Sniffer Modes
PCAP Recorder
FinIntrusion Kit – Network Intrusion
Network Intrusion Features:
1.
2.
3.
4.
Network Adapter Information & Configuration
Search and Identify Target Systems
Jam Target
Sniffing Credentials
23
Table of Content
24
Network Intrusion
Adapter Configuration



Refresh
Renew IP
Change MAC Address
Target List



Network Scan
Network Jammer
Network Password Sniffer
Network Password Sniffer


Password Sniffer Modes
PCAP Recorder
FinIntrusion Kit – Network – Adapter Configuration
25
Network Adapter Configuration provides:
A.
B
1)
2)
3)
4)
5)
6)
D
C
A
Network Information
IP – Address
Default Gateway IP Address
IP Address(es) of all defined Nameservers
(actual) MAC Address
Connection Speed
Adapter Status
B. Refresh Adapter List
C.
Renew IP Address = Get an IP
Address via DHCP
D. Possibility to Change / Spoof MAC
Address from selected Network
Adapter
Table of Content
26
Network Intrusion
Adapter Configuration
 Refresh
 Renew IP
 Change MAC Address
Target List
 Network Scan
 Network Jammer
 Network Password Sniffer
Network Password Sniffer
 Password Sniffer Modes
 PCAP Recorder
FinIntrusion Kit – Network – Target List
After „Scan Network“ Button was pressed all identified Targets inside the
Network will be listed.
27
FinIntrusion Kit – Network – Target List
28
Target List – Column Overview
IP
Address
MAC
Address
MAC
Vendor
System
Name
IP Address
of Target
System
MAC
Address of
Target
System
Translated
„Organizationall
y Unique
Identifier“ (OUI)
= uniquely
identifies a
vendor /
manufacturer
Identified
System /
Hostname
of Target
System
OS Icon
- unknown
- Windows
- Linux
- Apple / Mac
- Embedded
(e.g. Printer)
Operating
System
Identified
Operating
System and
Probability
Status Icon
Status
- Password
Sniffer /
Recorder is
running
Status
Message if
an attack
runs in the
background
- Network
Jammer is
running
FinIntrusion Kit – Network – Target List – Submenu
Select a column + press „right mouse button“
 Pop up a „Menu“, which lists all possible options.
29
FinIntrusion Kit – Network – Target List – Submenu - Delete
„Delete Selected Target“
 Remove selected entry from „Target List“
„Delete All...“
 Remove any entries from „Target List“
30
FinIntrusion Kit – Network – Target List – Submenu - Delete
Before
After
31
FinIntrusion Kit – Network – Target List – Submenu - Export
32
„Export List...“
 Export a tab seperated Target List into an external
Textfile. This File could be loaded e.g. with Excel.
choose a Filename
press „Export“ Button to
generate the file
FinIntrusion Kit – Network – Target List – Submenu - Export
 Analyse exported file with Microsoft Excel
33
FinIntrusion Kit – Network – Target List – Submenu - Jammer
34
„Jam Target“
 Start a Network Jammer against selected Target IP
Address
Before (e.g. „ping“ / ICMP)
After
FinIntrusion Kit – Network – Target List – Submenu - Jammer
35
Details
 Network Jammer initiates a „ARP Cache Poisoning“
Attack against Target PC and overwrite MAC Address
from Default Gateway with an invalid value.
Before (ARP Cache on Target PC)
After (Start „ARP Cache Poisoning“
Table of Content
36
Network Intrusion
Adapter Configuration
 Refresh
 Renew IP
 Change MAC Address
Target List
 Network Scan
 Network Jammer
 Network Password Sniffer
Network Password Sniffer
 Password Sniffer Modes
 PCAP Recorder
FinIntrusion Kit – Network – Target List – Submenu - Monitor 37
„Monitor Target“
 Initiates a sniffer to capture Hostname / IP-Address /
URL, Protocol and Credentials (Username & Password)
Examples
FinIntrusion Kit – Network – Target List – Submenu - Monitor 38
„Monitor Modes & Protocols“
Mode
Protocols
(Examples)
Mode
Protocols
(Examples)
Mode
Protocols
(Examples)
„Non“ SSL
Mode = Capture
Credentials
which were
transmitted in
CLEARTEXT
 SMTP
 Pop3
 Imap
 Telnet
 SNMP
 HTTP
 FTP
...
„Non“ SSL Mode
= Capture
Credentials which
were transmitted in
CLEARTEXT and
try to redirect
HTTPS  HTTP
 SMTP
 Pop3
 Imap
 Telnet
 SNMP
 HTTP &
HTTPS (Redirect)
 FTP
...
SSL Mode =
Capture
Credentials which
were transmitted
in CLEARTEXT
and „encrypted“
with SSL
 SMTP & SMTPS
 Pop3 & Pop3s
 Imap & Imaps
 Telnet
 SNMP
 HTTP & HTTPS
 FTP
...
FinIntrusion Kit – Network – Target List – Submenu - Monitor 39
„Monitor Modes / Pro & Contra“
Pro
Contra
Pro
Contra
Pro
Contra
- Capture
Cleartext
Passwords
without the risk
to trigger a
Warning on
Target PC.
- No Credentials
which were
transfered
encrypted through
a SSL tunnel could
be connected.
- Capture Cleartext
Passwords without
the risk to trigger a
Warning on Target
PC.
HTTPS Emulation
could be
suspicious and is
not working on
every webserver
(web application
must support
HTTP too)
- „SSL“ and „non
SSL“ could be
captured.
Certificate Warning
inside Web Browser
& Email Clients will
warn User or block
the communication.
- No HTTPS
Certificate Warning
pops up (if HTTPS
 HTTP redirect is
working (otherwise
Certificate Warning!)
- No SSL
Credentials could
be captured!
FinIntrusion Kit – Network – Target List – Submenu - Monitor 40
„PCAP Recorder Modes “
Mode
Desc
Mode
Protocols
(Examples)
Mode
Protocols
(Examples)
Select / Deselect
„Activate SSL“
Will activate a PCAP
Recorder for
selected Target IP (=
selected row).
„tcpdump“
Generate a Network
Capture File (= pcap file)
with „tcpdump“ in the
background. A capture
Filter for selected IP will
be used. No Traffic
Analyzer will be started.
„Wireshark“
Start Wireshark in
the foreground with
a capture filter for
selected Target IP (=
selected row).
AND
Select „Activate
PCAP
Recorder“
If „Activate SSL“ is
activated, SSL
Credentials will also
be recorded.
Otherwise only
Cleartext Credentials
could be recorded.
Generate a File:
„/tmp/fik_pcap_recorder
_IP-ADDRESS.pcap“
Capture File must
be saved at the end
of the session!!!
FinIntrusion Kit – Network – Passwords
„Export List“
 Export a tab seperated Credential List into an external Textfile.
41
FinIntrusion Kit – Network – Passwords – Submenu
42
„Select Row  press Mouse Key  Submenu opens“
Open a FTP / HTTP(S) Urls
into System Browser
FinIntrusion Kit – Network Intrusion Exercise
Hands-On
43
FinIntrusion Kit – Network Intrusion
Start FinIntrusion Kit and Tests:
1.
Try to find & identify all Systems in the LAN.
2.
Export a list of all Target Systems to a file.
3.
Start a Network Jammer against your Target PC.
4.
Monitor your Target and try to capture:
a)
b)
c)
FTP, HTTP, SMTP, POP3, IMAP Passwords
„HTTPS“ Passwords with „HTTPS Emulation“
POP3s & IMAPs Passwords
5.
Export captured Passwords into a file.
6.
Open URL and verify captured HTTP(S) Password.
44
Table of Content
45
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
FinIntrusion Kit – MAIN Panel
46
Table of Content
47
Wireless Intrusion
Adapter Configuration
Access Point





Wireless Network Scan
Identify Hidden SSID
Break WEP / WPA
Jam Access Point
Setup „Fake AP“
Wireless Clients
 Wireless Client Scan
 Jam Wireless Client
 Setup „Fake AP“
Fake AP
 Setup / Config a „Fake AP“
FinIntrusion Kit – Wireless Intrusion
Wireless Intrusion Features:
1.
2.
3.
4.
5.
6.
Wireless Adapter Information & Configuration
Search and Identify Wireless Networks & Clients
Jam Wireless Networks & Clients
Identify Hidden ESSID
Break WEP & WPA Encryption
Setup Fake Accesspoint & Redirect Wireless Clients
48
Table of Content
49
Wireless Intrusion
Adapter Configuration
Access Point





Wireless Network Scan
Identify Hidden SSID
Break WEP / WPA
Jam Access Point
Setup „Fake AP“
Wireless Clients
 Wireless Client Scan
 Jam Wireless Client
 Setup „Fake AP“
Fake AP
 Setup / Config a „Fake AP“
FinIntrusion Kit – Wireless – Adapter Configuration
II
.
Wireless Adapter
Configuration provides:
I.
I. Network Information
1)
2)
3)
4)
5)
6)
7)
Wireless Chipset
IP – Address
Default Gateway IP Address
IP Address(es) of all defined Nameservers
(actual) MAC Address
Connection Speed
Adapter Status
50
II. Refresh Adapter List
(e.g. after a new Adapter was
plugged in or removed)
Table of Content
51
Wireless Intrusion
Adapter Configuration
Access Point





Wireless Network Scan
Identify Hidden SSID
Break WEP / WPA
Jam Access Point
Setup „Fake AP“
Wireless Clients
 Wireless Client Scan
 Jam Wireless Client
 Setup „Fake AP“
Fake AP
 Setup / Config a „Fake AP“
FinIntrusion Kit – Wireless – Access Points
52
II.
III.
I.
After „Search WLAN“ Button (= I.) was pressed
all identified Accesspoints (= II.) and
Connected Wireless Clients (= III.) for the selected Access Point will be listed.
FinIntrusion Kit – Wireless – Access Point
53
ESSID
BSSID
Channel
Encryption
Power
IV
Status
ESSID = SSID =
Wireless Network
Name. The SSID
can be up to 32
characters long and
is case sensitive.
MAC
Address
of
Wireless
Access
Point
Channel
used by
Access
Point
Type of Encryption:
Transmission
Power of
Wireless
Access Point
Initialization
Vector
Counter 
useful for
WEP
Cracking
Status
Message if
an attack
runs in the
background
„OPN“ (= Open =
No Encryption)
WEP
WPA
WPA2
FinIntrusion Kit – Wireless – Access Point – Connected Clients 54
Client MAC
MAC Vendor
Power
MAC Address of
connected Client(s) for
selected Access Point
Translated „Organizationally
Unique Identifier“ (OUI) = uniquely
identifies a vendor / manufacturer
Transmission Power of
Wireless Client
FinIntrusion Kit – Wireless – Access Point – Submenu - Delete 55
„Delete Selected Access Point“
 Remove selected Entry from „Access Point List“
„Delete All...“
 Remove any Entries from „Access Point List“
FinIntrusion Kit – Wireless – Access Point – Submenu - Export 56
„Export List...“
 Export a tab seperated list of Access Points into an
external textfile. This file could be loaded e.g. with
Excel.
choose a filename
„Export“ Button to generate the
file
FinIntrusion Kit – Wireless – Access Point – Submenu - Export 57
 Analyse exported file with Excel
FinIntrusion Kit – Wireless – Access Point – Submenu – Jam AP58
„Jam Access Point“
Start a Wireless Jammer against selected Access
Point. Sends out de-authentication Packages.
Operating Modes:
Mode
Description
Select an Access Point and no connected
Wireless Client
Send out de-authentication packages to any connected
Wireless Client for selected Accesspoint.
Select an Access Point and one connected
Wireless Client
Send out de-authentication packeges to a dedicated
Wireless Client, who is connected to the Access Point.
Other Wireless Clients still can use the Access Point.
FinIntrusion Kit – Wireless – Access Point – Submenu – Setup Fake
AP
59
„Setup Fake Access Point“
 Read out all necessary Configuration Parameter to
setup a Fake Access Point. This Access Point simulates
an „original“ Access Point and tries to re-route Wireless
Clients through this „Fake AP“.
This Option is only available if the ESSID is known. (If
ESSID is unkown, try to „Identify Hidden SSID“.)
FinIntrusion Kit – Wireless – Access Point – Submenu – Identify SSID
60
„Identify Hidden SSID“
Use this function if an ESSID is unknown.
Typically the Access Point is configured in a
mode like:
„Hidden Mode“
„Hidding SSID Broadcasting“
„No SSID Broadcasting“
 etc...
FinIntrusion Kit – Wireless – Access Point – Submenu – Identify SSID
61
Before
After „Identify
Hidden SSID“
finished
successfully.
 To identify a hidden SSID a connected Wireless Client is
necessary!
FinIntrusion Kit – Wireless – Access Point – Break Encryption
„Break Encryption“
 FinIntrusion Kit can be used to break WEP and WPA(2)-PSK Encryption.
Select an Accesspoint with Encryption (WEP, WPA, WPA2WPA)
62
FinIntrusion Kit – Wireless – Access Point – WEP Cracking
 A connected Wireless Client for the selected Access Point is necessary!
 104/128 Bit or 40/64 Bit WEP Keys are supported.
 WEP Key will be shown as HEX Value or as ASCII (if ASCII Characters were used)
63
FinIntrusion Kit – Wireless – Access Point – WEP Cracking
Step by Step:
1.
FinIntrusion Kit sends out IEEE 802.11 de-authentication Management Frame Packages to a previous
connected Wireless Client.
2.
The Wireless Client tries to reconnect  a „Fragmentation Based“ Attack will be initiated...
64
FinIntrusion Kit – Wireless – Access Point – WEP Cracking
Step by Step:
3. If the Fragmentation Based Attack was successfull, encrypted packages will be dumped.
4. A Counter shows how many encrypted packages are captured.
65
FinIntrusion Kit – Wireless – Access Point – WEP Cracking
WEP Cracking Key will be shown as HEX or ASCII Values.
Key Length
Encrypted Data Packages with different IVs
40 / 64 Bit ASCII
~ 30.000 Packages
40 / 64 Bit HEX
~ 40.000 Packages
104 / 128 Bit ASCII
~ 60.000 Packages
104 / 128 Bit HEX
~ 70.000 Packages
66
FinIntrusion Kit – WEP Cracking - Limitations
67
Limitations:

No Package for a Fragmentation Based Attack could be found. Try to increase Scan Time
to find more connected Wireless Client and select a different one.

Only WEP 40/64 and 104/128 Bit WEP Keys are supported (no „dynamic WEP“ or WEP
Keys > 128Bit)

Access Point or Wireless Clients could crash or Wireless Network will be unusable after
this attack! No guarantee that every WEP Key can be broken!
FinIntrusion Kit – Wireless – Access Point – WPA Cracking
 A connected Wireless Client for the selected Access Point is necessary!
 Only WPA/WPA2 Pre-shared Keys are vulnerable for a Dictonary Attack.
 WPA/WPA2 Enterprise mode cannot be attacked.
68
FinIntrusion Kit – Wireless – Access Point – WPA Cracking
69
 For WPA/WPA2-PSK Cracking a „4-Way Handshake“ is necessary.
(http://en.wikipedia.org/wiki/IEEE_802.11i-2004#The_Four-Way_Handshake)
 Handshake could be captured only if a WLAN Client try to connect to an Access Point.
 FinIntrusion Kit disconnect an existing Connection between Wireless Client and Access
Point and force a reconnect.
FinIntrusion Kit – Wireless – Access Point – WPA Cracking
 A valid WPA handshake could be recorded.
Otherwise increase Scan Time!
70
FinIntrusion Kit – Wireless – Access Point – WPA Cracking
 After a valid WPA – Handshake was found,
FinIntrusion Kit starts a Dictionary Attack.
The Wordlist File which was defined in WPA
Cracking Option Dialog will be used.
71
FinIntrusion Kit – Wireless – Access Point – WPA Cracking
 WPA Password was found.
72
FinIntrusion Kit – WPA Cracking - Limitations
Limitations:

No Connected Wireless Client could be found. Try to increase Scan Time.

Wordlist expects one word per line!

Cracking Time depends on the CPU architecture.

WPA – PSK is case sensitive and min. 8 Characters long!

If WPA – PSK Cracking wasn‘t successful, try to re-capture a Handshake again and try a
different Wordlist.

If Wordlist doesn‘t include PSK Password/Key there is no other way to crack the
credential.
73
Table of Content
74
Wireless Intrusion
Adapter Configuration
Access Point





Wireless Network Scan
Identify Hidden SSID
Break WEP / WPA
Jam Access Point
Setup „Fake AP“
Wireless Clients
 Wireless Client Scan
 Jam Wireless Client
 Setup „Fake AP“
Fake AP
 Setup / Config a „Fake AP“
FinIntrusion Kit – Wireless – Wireless Client(s)
II.
I.
After „Search Clients“ Button (= I.) was pressed
all identified Wireless Clients (= II.) are listed. Select a Wireless
Client which probes a previous used ESSID to setup a Fake
Access Point.
75
FinIntrusion Kit – Wireless – Wireless Client – Submenu
76
„Delete Selected Client“
 Remove selected Entry from „WLAN Client List“
„Delete All...“
 Remove any Entries from „Access Point List“
„Export List“
 Store all listed Wireless Clients into a tab seperated
Textfile.
FinIntrusion Kit – Wireless – Client – Submenu – Jam
77
„Jam Client“
Start a Wireless Jammer against dedicated Wireless
Client.
Send out de-authentication Packages.
Only „associated“ Clients can be jammed!
FinIntrusion Kit – Wireless – Client – Submenu – Setup Fake AP
78
„Setup Fake Access Point“
 Read out all necessary Configuration Parameters to
setup a Fake Access Point. This simulates an Access
Point, which a Wireless Client try to reach. It setup a
„Fake Access Point“ and provides an Uplink & an IP
Address via DHCP.
This Option is only available if a probed ESSID was
captured. (If no ESSID probe was captured, increase the
„Scan Time“ or try to „Jam the Wireless Client“.)
FinIntrusion Kit – Wireless – Scan Time
„Scan Time“ Option
79
Table of Content
80
Wireless Intrusion
Adapter Configuration
Access Point





Wireless Network Scan
Identify Hidden SSID
Break WEP / WPA
Jam Access Point
Setup „Fake AP“
Wireless Clients
 Wireless Client Scan
 Jam Wireless Client
 Setup „Fake AP“
Fake AP
 Setup / Config a „Fake AP“
FinIntrusion Kit – Wireless – Setup „Fake AP“
Setup a Fake Access Point to catch a Wireless Client and to reroute him through this Access Point.
81
FinIntrusion Kit – Wireless – Setup „Fake AP“
82
I.
II.
III
.
Option
Description
I. Fake AP – Adapter
Choose your Fake AP – Adapter. Typically this is your Wireless Adapter, which
is used also for Wireless Scanning.
II. Uplink – Adapter
Choose your Uplink – Adapter. Typically this is a Ethernet Adapter, which has an
Internet Uplink. All Traffic from a connected Wireless Client will be re-routed
through this Adapter.
III. Refresh Button
If you plug in an Adapter after you started FinIntrusion Kit or your connected
Adapter is not listed, press the „Refresh“ button to update your Fake AP &
Uplink Adapter List.
FinIntrusion Kit – Wireless – Setup „Fake AP“
83
I.
II.
IV.
V.
Option
Description
IV. Mode
Choose a „Fake AP“ Mode. Supported Modes are:
III
.
 „Emulate a specific ESSID“, which must be defined in the ESSID Input Field.
 „Reply to Any ESSID“
V. ESSID
This Input Textfield is only available, if the Fake AP Mode is „Emulate a specific
ESSID“.
FinIntrusion Kit – Wireless – Setup „Fake AP“
A Fake AP was started / initiated.
A DHCP Server provides IP Addresses for connected Wireless Clients.
84
FinIntrusion Kit – Wireless – Setup „Fake AP“
85
 „Monitor all Targets“ button will start a passive sniffer.
 Credentials of cleartext authentification will be captured.
 HTTPS Emulation is activated by default and capture HTTP passwords, if a HTTPS 
HTTP breakdown is supported by the webserver.
 All sniffed Credentials will be listed in the Network  Password Section.
FinIntrusion Kit – Wireless – Setup „Fake AP“
A Fake AP was stopped.
All started Services will be stopped, Firewall Settings will be
revoked and Monitoring Interface will be removed.
86
FinIntrusion Kit – Wireless Intrusion Exercise
Hands-On
87
FinIntrusion Kit – Wireless Intrusion
Start FinIntrusion Kit and Test:
1.
Try to find & identify all Access Points and Wireless Clients.
2.
Export a list of all Access Points and Wireless Clients into a file.
3.
Start a Wireless Jammer against your Target PC and Access Point.
4.
Identify a Hidden ESSID.
5.
Try to break WEP & WPA/WPA2-PSK Encryption:
6.
Setup a „Fake Access Point“ and re-route a Wireless Client through
this AP.
7.
Configure your Wireless Adapter to connect a WEP / WPA WLAN.
88
Table of Content
89
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
FinIntrusion Kit – MAIN Panel
90
FinIntrusion Kit – Password Generator Utilities

Profiler crawls a Webpage, extracts all Words and generate a Wordlist.

Supported Protocols / URLs are HTTP & HTTPS.

At the Moment max. 500 Pages will be analyzed.
91
FinIntrusion Kit – Password Generator Utilities
I.
92
II
.
III
.
I.
Post a URL / Hostname / Link into the Entry Field.
II.
Press Button „Create Wordlist“
III. Export all extracted Words into a CVS formated Textfile.
FinIntrusion Kit – Password Generator Utilities



List all extracted Words.
No Duplicates will be listed.
A counter in the first column indicates how many words were found in total.
93
FinIntrusion Kit – Password Generator Utilities
94
Limitations:

Only Webpages in HTML are support. Other Sourcecode (e.g. ASP, JS) could generate
some unusable Words (e.g. Methode or Variable Names).

Only Webpages without Pre-authentication, Session-Cookie etc. could be analyzed.

No Proxy Authentication is supported.

Wordlist must be cleaned up by yourself. (Remove Nonsense / Unlike used Words, like
Methode or Variable Name etc.)
FinIntrusion Kit – Password Generator Exercise
Hands-On
95
FinIntrusion Kit – Password Generator Utilities
Start FinIntrusion Kit and Test:
1.
Try to generate a Password List from different Websites (HTTP &
HTTPS).
2.
Export Words into a Password List File.
3.
Use this Password List to crack a WPA – PSK protected Wireless
Network.
96
Table of Content
97
1. Introduction
2. Update & License
3. Network Intrusion
4. Wireless Intrusion
5. Password Utility
6. Activity Log
FinIntrusion Kit – MAIN Panel
98
FinIntrusion Kit – Activity Log
99
II
.
I.
I.
„Activity Log“ includes all important Status and Result Messages.
II.
All Columns are sortable by clicking on the Column Header.
III. „Activity Log“ could be exported into CVS format Textfile.
III
.
FinIntrusion Kit – Activity Log - Network
100
Date
Category
Module
Event Description
Actual Date +
Timestamp at
the moment
when Event
happened
Which Category was the
Event?
Which Module
triggered the Event?
Includes all Debug / Result and Status
Message of an Event.
Status = Statusmessage
Result = of an Attack / Action
e.g.
• Network Scanner
• Network Sniffer
• Network Jammer
FinIntrusion Kit – Activity Log - Wireless
101
Date
Category
Module
Event Description
Actual Date +
Timestamp at
the moment
when Event
happened
Which Category was the
Event?
Which Module triggered the
Event?
Includes all Debug / Result and
Status Message of an Event.
Status = Statusmessage
Result = of an Attack / Action
e.g.
• Wireless Scanner
• WEP Cracker
• WPA Cracker
• Wireless Jammer
• Wireless Fake Accesspoint
FinIntrusion Kit – Activity Log – Password
102
Date
Category
Module
Event Description
Actual Date +
Timestamp at
the moment
when Event
happened
Which Category was the
Event?
Which Module triggered the
Event?
Includes all Debug / Result and
Status Message of an Event.
Status = Statusmessage
Result = of an Attack / Action
e.g.
• Password (Website)
Vielen Dank für die Aufmerksamkeit
Questions?
Thank you for your attention!
103

similar documents