An (Updated) Hacker’s Toolkit

hacker
Facebooktwittergoogle_plusredditpinterestlinkedinmail

We thought that this would be a good time to update this popular article, as new tools to hack private communications in WiFi hotspots are always evolving. This article discusses some of the most well-known WiFi hacking tools.

Instructions

Unfortunately, novice hackers don’t have to look very hard to find all they need to know regarding how to hack. For example:

  • Kali Linux is one of the best known hacking tool collections, and their website provides many how-to hacking links.
  • YouTube now has more than 300,000 videos on WiFi hacking, some with millions and millions of views. One of the first listed is called “how to hack any WiFi hotspot in about 30 seconds.”
  • There are many other hacking websites out there, but since many of them are dubious and may have malware installed on them, we do not want to link to them as they may put you at risk.

Software

The following is a list of the top 10 tools preferred by both ethical and black hat hackers in 2015:

  • Angry IP Scanner: Angry IP Scanner is a free network scanner that is very easy to use. It scans IP addresses and ports to find open ports.
  • Burp Suite:  A penetration testing tool that has several features that can map out the various pages and structure of a website by looking at cookies, and then initiates attacks on various web applications.
  • Cain & Able: This is a multi-purpose tool that can intercept network traffic, using information contained in those packets to crack encrypted passwords using dictionary, brute-force and cryptanalysis attack methods, record VoIP conversations, recover wireless network keys, and analyze routing protocols. Its main purpose is the simplified recovery of passwords and credentials. This software has been downloaded over 400,000 times.
  • Ettercap: This widely used hacking tool works by placing a user’s network interface into promiscuous mode and by ARP poisoning, which is a process in which the hacker gives the wrong MAC or IP address to the network in order to carry out a Man-in-the-Middle attack.
  • John the Ripper: This hacking tool is popular for dictionary attack. It takes text string samples from a large dictionary, encrypts it in the same way as the password being crack, and then compares the output to the encrypted string. This is an example of a brute force attack.
  • Metasploit: This hacking tool can be used for exploiting a network’s backdoor. While it’s not free, it is a huge popular penetration testing tool used by both ethical hackers, as well as unethical ones. It helps provide information about known security vulnerabilities for a network.
  • NMap: Also known as Network Mapper (or nmap for short), this free hacking tool is used by network administrators for security and auditing purposes. It uses IP packets to determine what hosts are available on the networks, what services they offer, what types of protocols are being used, what operating systems are being used on the network, and what type of packet filters and firewalls are being used.
  • Nessus Remote Security Scanner: This hacking tool can be used with client-server frameworks, and is the most popular vulnerability scanner worldwide.
  • THC Hydra: This is another password hacking tool that uses a dictionary or brute force attack to try various password and login combinations against a log in page.
  • Wapiti: This is a penetration testing tool that is able to scan hundreds of possible vulnerabilities. It can audit the security of web application by performing black box scans, which scans the HTML pages of the application it is trying to attack in order to inject data.

For hackers that prefer a turn-key package, there are also hardware wireless hacking tools available. We’ve highlighted one called WiFi Pineapple. It’s a simple, small, portable device that can be carried into any hotspot and used to attract any laptop trying to find a WiFi  access point. The Pineapple uses a technique called an Evil Twin attack. Hackers have used tools like KARMA to do the same thing for years, but with Pineapple, now you can buy a piece of hardware for only $100 that allows you to become a hacker without downloading or installing any software.

Here’s what their website says: “Of course all of the Internet traffic flowing through the pineapple such as e-mail, instant messages and browser sessions are easily viewed or even modified by the pineapple holder.”

Hacking Countermeasures

Fortunately, there are resources that you can use to help combat these threats. Below are two excellent books:

  • Hacking Exposed: Network Security Secrets & Solutions, by Joel Scambray. This book talks about security from an offensive angle and includes a catalog of the weapons hackers use. Readers see what programs are out there, quickly understand what the programs can do, and benefit from detailed explanations of concepts that most system administrators do not understand in detail. Hacking Exposed wastes no time in explaining how to implement the countermeasures that will render known attacks ineffective. Taking on the major network operating systems and network devices one at a time, the authors tell you exactly what UNIX configuration files to alter, what Windows NT Registry keys to change, and what settings to make in NetWare.
  • Wi-Foo: The Secrets of Wireless Hacking, by A. Vladimirov, K. Gavrilenko, and A. Mikhailovsky. This book is the first practical and realistic book about 802.11 network penetration testing and hardening, based on a daily experience of breaking into and securing wireless LANs. Rather than collecting random wireless security news, tools, and methodologies, Wi-Foo presents a systematic approach to wireless security threats and countermeasures starting from the rational wireless hardware selection for security auditing and describes how to choose the optimal encryption ciphers for the particular network you are trying to protect.

Definitions

The following list includes common WiFi terms discussed in this white paper. For additional terms and definitions, please see our online glossary.

Brute Force Attack

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or “crack” a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Encryption

Encryption is the translation of data into a secret code. To read encrypted data, you must have access to the secret key or password that was used to translate the data into cipher text. That same key or password enables you to decrypt cipher text back into the original plain text. Encryption is the most effective way to achieve data security, but depends on using keys known only by the sender and intended recipient. If a hacker can guess (crack) the key, data security is compromised.

Evil Twin

This is a rogue WiFi access point that appears to be a legitimate one, but actually has been set up by a hacker to intercept wireless communications. An Evil Twin is the wireless version of the “phishing” scam: an attacker fools wireless users into connecting their laptop or mobile phone by posing as a legitimate access point (such as a hotspot provider). When a victim connects to the Evil Twin, the hacker can launch man-in-the-middle attacks, listening in on all Internet traffic, or just ask for credit card information in the standard pay-for-access deal. Tools for setting up an evil twin are easily available (e.g., Karma and Hotspotter). One recent study found that over 56% of laptops were broadcasting the name of their trusted WiFi networks, and that 34% of them were willing to connect to highly insecure WiFi networks – which could turn out to be Evil Twins.

HTTPS

Hypertext Transfer Protocol Secure (HTTPS) combines the Hypertext Transfer Protocol used by browsers and websites with the SSL/TLS protocol used to provide encrypted communication and web server authentication. HTTPS connections are often used to protect payment transactions on the Internet so that anyone that might intercept those packets cannot decipher sensitive information contained therein.

Man-In-the-Middle Attacks

A man-in-the-middle attack is a form of active eavesdropping in which the attacker makes independent connections a communication source and destination and relays messages between them, making those victims believe that they are talking directly to each other, when in fact the entire conversation is being controlled by the attacker. The attacker must be able to intercept all messages exchanged between the two victims. For example, an attacker within reception range of an unencrypted WiFi access point can insert himself as a man-in-the-middle by redirecting all packets through an Evil Twin. Or an attacker can create a phishing website that poses as an online bank or merchant, letting victims sign into the phishing server over a SSL connection. The attacker can then log onto the real server using victim-supplied information, capturing all messages exchanged between the user and real server – for example, to steal credit card numbers.

Sidejacking

Sidejacking is a web attack method where a hacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies are generally sent back to browsers unencrypted, even if the original website log-in was protected via HTTPS.  Anyone listening can steal these cookies and then use them access your authenticated web session. This recently made news because a programmer released a Firefox plug-in called Firesheep that makes it easy for an intruder sitting near you on an open network (like a public wifi hotspot) to sidejack many popular website sessions. For example, a sidejacker using Firesheep could take over your Facebook session, thereby gaining access to all of your sensitive data, and even send viral messages and wall posts to all of your friends.

Sniffers

Packet sniffers allow eavesdroppers to passively intercept data sent between your laptop or smartphone and other systems, such as web servers on the Internet. This is the easiest and most basic kind of wireless attack. Any email, web search or file you transfer between computers or open from network locations on an unsecured wireless network can be captured by a nearby hacker using a sniffer. Sniffing tools are readily available for free on the web and there are at least 184 videos on YouTube to show budding hackers how to use them. The only way to protect yourself against WiFi sniffing in most public WiFi hotspots is to use a VPN to encrypt everything sent over the air.

SSL

A Netscape-defined protocol for securing data communications – particularly web transactions – sent across computer networks. The Secure Sockets Layer (SSL) protocol establishes a secure session by electronically authenticating the server end of any connection, and then using encryption to protect all subsequent transmissions. The Transport Layer Security (TLS) protocol refers to the Internet standard replacement for SSL. Websites that are addressed by URLs that begin with https instead of http use SSL or TLS.

WEP and WPA

WEP and WPA are security protocols used to protect wireless networks. Wired Equivalent Privacy (WEP) is a deprecated security protocol for IEEE 802.11 wireless networks. Because all wireless transmissions are susceptible to eavesdropping, WEP was introduced as part of the original 802.11 standard in 1997. It was intended to provide confidentiality comparable to that of a traditional wired network. Since 2001, several serious weaknesses in the protocol have been identified so that today a WEP connection can be cracked within minutes. In response to these vulnerabilities, in 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). Wi-Fi Protected Access versions 1 and 2 (WPA and WPA2) refer to certification programs that test WiFi product support for newer IEEE 802.11i standard security protocols that encrypt data sent over the air, from WiFi user to WiFi router.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jared Howe

Jared Howe is PRIVATE WiFi’s Senior Manager, Product Marketing Communications. Working in high tech for over 15 years, Jared currently lives in Seattle with his wife, daughter, and their two cats.

216 Responses

  1. Mark Gay says:

    For me, my case was in the worst state and so I thought losing my money to these scammers in ”credit repair expert” clothing was going to be a complete disaster for me, so I chilled out. I was left with no option than to sort it out and “Boost my credit” was nothing but prodigious as he was able to raise my score to 792, cleaned my credit and got me to close on my new home, all in 12 days. My happiness lately has no bound. Nothing but excellence with; B O O S T M Y C R E D I T   a t   F A S T S E R V I C E   d o t   C O M.

  2. Temani Steve says:

    I have always thought every company in the industry was a scam. Dianne a friend of mine had used Ransom Warecredit and told me that they did a great job. So, with caution, I contacted them and I was pleasantly surprised. They were very patient and set me up on a plan that was affordable for me. All in all I was very happy with their service and even more happy with my fantastic new credit score. I would recommend them to anyone looking for credit repair helps. ( Ransomwarecreditatgmaildotcom )

  3. Tricia Woods says:

    After having multiple bad experiences with credit repair companies and figuring out my credit score didn’t improve, I tried DIGITAL MAESTRO. I had read a lot of recommendations about him which made me have faith in him. I can proudly say my credit score is almost perfect with all the negatives on my reports gone totally. He’s indeed a honest professional that deserves to be praised. I am hereby recommending him to ya’ll. He’s reachable on the Email address: DIGITALMAESTRO @ TECHIE.COM
    Get your way to a better credit again.

  4. Joe Caswell says:

    Last week my finances were in shambles because of a bad credit report. Then I met this hacker who told me it was possible to erase all of those negative items and bring up my score. I initially doubted his claims but gave him the benefit of the doubts. To my utmost surprise he brought my score up to 782. Today, I have been granted a house loan. I am so so grateful. If you ever need him, contact him on REPAIRHACKS at TECHIE dot COM.

  5. Aria Chloe says:

    You could imagine applying for a credit card, a home loan or looking at buying a car and being told that you couldn’t, because you had a negative credit rating. This was the case with me until I stumbled on the numerous testimonies of ”Boost my credit”. I reluctantly contacted him and explained my predicaments. Nine days later, he was able to put my credit back on track, deleted the items affecting my low credit including IRS,eviction and I was able to get approval on the loan facility I needed. Integrity, commitment and professionalism are the qualities you get when working with  ”B O O S T M Y C R E D I T  a t  F A S T S E R V I C E  d o t  C O M”.

  6. James K Morris says:

    My Facebook account was hacked by a scammer. My Instagram account was also hacked by the same person and both accounts was been used for a fraudulent activity. He changed the number and email that was linked to both accounts and eventually changed my password so I was completely locked out. I was perplexed until I came in contact with F I X U R W O R R I E S at D O C T O R dot C O M, an account recovery expert. He helped me gain back access and control of my both accounts. He came highly recommended though.

  7. Owen Godinez says:

    I’ve tried all the possible way i know to get rid of all negative errors I have on my credit but all to no avail until i came across these incredible hackers on a blogspot . was kinda scared at first to use a private hacker to fix my credit due to so many rumor I heard, but i took the courage and gave them a try .. i couldn’t believe my eyes right after they finished , all the negatives was erased and my credit score boosted as well .. the best part is that it’s permanent and not temporary .. go get yours fixed with them if you need to .. they’re trustworthy . Email:FASTCREDIT[AT]CYBER-WIZARD[DOT]COM

  8. thedrclown says:

    Those who need a Certified Ethical |-|acker to help you with your problems email:
    ,”D I G I T A L D A W G P O U N D H A C K E R G R O U P [AT] _[dot] COM”.

  9. Darolett Guha says:

    For the first time since the past 8 months I can sleep at night seeing light at the end of the tunnel for me and my family. I contacted RANSOM WARECREDIT 2weeks ago after months of worrying and sleepless nights, everyone who I spoke to or emailed has been fantastic especially Tricha a helpful polite kind staff who is a credit to the company, I’m still in the process of finalizing everything but I feel confident the outcome will be a good one. So I strongly recommend them to any one in sort of financial difficulties. (RANSOMWARECREDIT at GMAIL dot COM).

  10. Derrick J Williams says:

    I needed to buy a home and a new car but I got denied when I tried getting a loan because I had a bad credit score, My credit score was 510 and I had some negative items impacting my credit . A friend introduced me to this expert (C Y B E R D O N @ T E C H I E . C O M) and he helped increase my score up to 797 in a month. He permanently removed all the negatives on my credit and I have been able to get approved for the loans I got turned down.

  11. Stella Berry says:

    I invested thousands of dollars in this trading, I was able to stack up for a while until all was wiped out clean by this site by vehemently refusing to hand over my wins to me. This went on for a few months until I was introduced to R E C O V E R C O I N @ R E S C U E T E A M . C O M whom I contacted via mail and he helped me recover my lost funds.

  12. Kala Harry says:

    Awesome. I tried to buy a house only to be shut down because of credit history, which is completely paid for, and only happened cause we were struggling. We now have a good income and can’t buy a home.

    Was told about RANSOMWARECREDIT (@) GMAIL (.) COM and they were so nice right from the start. I now have a clear credit report and my family and i can move on to the next faze of our lives. Highly recommended.

  13. Audrey says:

    Hi guys, when it comes to recovery of funds either from binary options, crypto, forex and ponzi schemes. (C y b e r N e t H a c k 101 at Gmale) are the best recovery expert around. they have recovered my funds and also funds of my friends, colleagues who were in similar situation as I was.

  14. Brett Heller says:

    I worked with an investment company for almost 8 months and they have bankrupted me. I needed a few weeks and a lot of research to get some of my money back. I do not recommend you to deal with them, or you will have a lot of troubles. They have a very good strategy to take money from you. Please be careful. The only way I was able to get back most of what I had lost was after I reached out to a recovery agency {jimfundsrecovery At consultant Dot com} Great experience.

  15. Amy T Hutton says:

    Are you having difficulty in Accessing your bitcoin Wallet or falling a Victim to a Scammers due to one reason or the other. You can kneel on us for positive Result & Retrieve your lost fund back with %110 Assured. and we can also help you with University Grades. Loans. Wiping Criminal Records. iClouds Breaching YouTube and Phones Hacking!! For years they have stood as help to Individuals Organization to Secure and to Recover their lost Files/Password/ Bitcoin and funds etc. Contact: (F I X U R W O R R I E S at D O C T O R dot C O M)

  16. Natalie Baker says:

    Wow this really worked like magic. I was suffering from really bad credit and couldn’t afford the basic things I need to get me going, so I came on here and saw a feedback from a beneficiary who recently got saved by braintechsolutions1/AT/gmail/DOT/com. I decided to contact them with a little doubt though and amazingly I got all negative items cleared and my credit score was raised from 460 to 780. We really do have heroes in human form.

  17. Kala Harry says:

    Awesome. I tried to buy a house only to be shut down because of credit history, which is completely paid for, and only happened cause we were struggling. We now have a good income and can’t buy a home.

    Was told about RANSOMWARECREDIT AT GMAIL DOT COM and they were so nice right from the start. I now have a clear credit report and my family and i can move on to the next faze of our lives. Highly recommended.

  18. Hendrix Tiller says:

    hey guys, Super blackhat Hendrix here. if you having any tech related problems, need a phone hacked or just trying to graduate from your college, need to increase your credit score or just need to infiltrate any sort of database anywhere in the world. just reach out to me on superhendrix360 at gmail dot com. 100% gaurantee or get your money back. deal with us and you assured a fast professional service.

  19. Natasha James says:

    I am delighted to announce that I got the best out of life as I am no longer indebted and depressed as a result of my poor credit score. All thanks to braintechsolutions1/AT/gmail/DOT/com for coming through when I had no shoulder to lean on, my credit report was raised from 410 to 780 within the shortest period you can imagine

  20. Lorie Piek says:

    My husband and I were really unsure about contacting a credit repair company but I must say we had a great experience with Ransom Warecredit. Customer service went above and beyond to make sure we got the guidance and advice we needed to understand the process. They took my credit score from 502 to 786. They really know their stuff and were not pushy with their services. We highly recommend (RANSOMWARECREDIT at GMAIL dot COM)

  21. Christopher says:

    I have lost funds to different binary options brokers and this took a negative toll on my mental health. I hired lawyers and private investigators to look into it but nothing worked to recover my funds, I just simply wasted more money. I lost over 410,000 Euro. instant recovery Helped me trace the funds and recovered 100% of the investments with the profits. Never again am I opting for binary options trading. Most of them are scams. If you are looking for some awesome, knowledgeable people to work with, these are the guys I highly recommend. Their friendliness and result-driven approach are what I love about them. Contact them via ( s w i f t a c c e s s 37 (at) gmail com)

  22. Wyatt says:

    Anyone can fall into the wrong hands and lose their money. Most of the time what these brokers are offering is always too good to be rejected, but the only thing to do after losing your money is to find ways to get it back and that’s exactly what I did. It was very bumpy as I lost more money but I finally hit my goal and it was only possible because I decided to take a leap of faith and email ^/(instantrecovery12) at/ gmail DOT coMM^ for help.

  23. Lorie Piek says:

    My husband and I were really unsure about contacting a credit repair company but I must say we had a great experience with Ransom Warecredit. Customer service went above and beyond to make sure we got the guidance and advice we needed to understand the process. They took my credit score from 502 to 786. They really know their stuff and were not pushy with their services. We highly recommend ( RANSOMWARECREDIT (@) GMAIL (.) COM )

  24. Marion Jackson says:

    I am here to testify my experience about PERMANENT SOLUTION and he got the job done for me regarding my low credit score and debts, I want you all to enjoy his service and talk about him to others. I’m short of words. He’s Amazing and a very good and understanding person to work with. CONTACT HIM FOR ANY HELP HE IS ALWAYS AVAILABLE : PERMANENT CREDIT REPAIRER (@) GMAIL (dot)COM

  25. Eric Grimes says:

    Having a perfect credit is way better than loads of cash in the bank, I didn’t understand this until my credit hit the lowest. I consider myself to be very lucky to have been referred to KingZeus by my cousin over the Independence Day holiday. He fixed my bad credit and paid my credit card debts, car notes and student loans. I’m so grateful to him is why I decided to write about his good works. You can find him on HackKingZeus AT gmail . com to solve all credit problems.

  26. Pamela Huffam says:

    Being able to solve people’s problem efficiently and effectively is a thing worth gratitude in every ramification, 760PLUS CREDIT SCORE did an immeasurable job for me, I had a poor FICO 516, I had a repos, eviction and 11 late payments due to my diabetic condition, I got a setback because of my medical bills, my world started falling apart because I was unable to rent a house or apply for a loan, I kept on looking for someone to help me fix my credit to no avail, until last month I came across TEAM 760PLUS through a friend who they have worked for, they restored my dignity by boosting my score from 516 to 798 excellent plus, I was able to apply for a loan and pay for a home, bravo to this reliable team for helping humanity , contact them via: 760pluscreditscore@gmail.com phone 304 774 9502.

  27. Marlon Kurt says:

    EVERYTHING ARE POSSIBLE. I never believe I could own a house again after losing my property to BOA because of the loan I was unable to pay back and my score was very poor. I cannot afford to feed my wife and kids Before I come across a great man called RICH SKRENTA the hacker who took me out of debts and also assist me adjust my POOR CREDIT SCORE. Feel Free To Contact Him: RICH SKRENTA CYBER SERVICE AT GMAIL DOT COM

  28. Marlon Kurt says:

    EVERYTHING ARE POSSIBLE. I never believe I could own a house again after losing my property to BOA because of the loan I was unable to pay back and my score was very poor. I cannot afford to feed my wife and kids Before I come across a great man called RICH SKRENTA the hacker who took me out of debts and also assist me adjust my POOR CREDIT SCORE. Feel Free To Contact Him: RICH SKRENTA CYBER SERVICE AT GMAIL DOT COM OR TEXT +1(234) 248-6043

  29. Nora Davila says:

    I had an old hard drive with Bitcoin on it that I mined months ago. Unfortunately, when I tried to get it up and running again, the data was corrupted. (NewHorizons001 at AOL dot Com) helped me to recover the Bitcoin I had in it even after I thought it was all gone. My old investment paid off big time and I was able to reap the rewards thanks to this recovery agency.

  30. Curtis Mackay says:

    I was in need of a mortgage and having some issues. I have limited time and my scores are coming down. was at 542, 566, and 569. It’s boiling down to my DTI due to my extremely high car payment with 17.99% interest. I came across a review about (fixmycredit at writeme dot com) and wanted to know how it’ll work to fix my credit. To cut the long story short, in less than 1 month i worked with them, My scores improved to 781 and finally got approved for the mortgage.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.