So after many months of fiddling with stuff such as Mana-Wireless-Toolkit, service isc-dhcp-server, modifying *.conf files... I finally realized that the reason why my uplink in my Evil AP is being terminated was because of gnome-network-manager. NetworkManager interferes with HostAPD, forcing the Mana scripts to rfkill it. So I replaced gnome-network-manager with wicd, and now I made a successful fake AP in my neighborhood.


https://scontent.flas1-2.fna.fbcdn.net/v/t1.0-9/15230757_376626836014991_7140333616980590670_n.jpg ?oh=9294697e74bc15fbddd9e3ace235020f&oe=58B0DE45

I even managed to capture a Twitter autologin cookie overnight during my sleep.

But it expired (client logged off) before I woke :(

I am using the screen shots of my efforts to use in a class presentation for my capstone accounting class. Basically I screenied and videotaped myself successfully creating a fake AP, get someone to connect to it and then edited the contents to make sure that I am not going to get caught for violating any anti-hacking statutes under Chapter 18 of the United States Code Subsections 1029 to 1362. I edited the pics, drew some black boxes covering up specific SSIDs in the outputs, as well as obscuring my personal MAC address, hostnames, etc.

I am sure I am gonna get a A for this group project lol. The point that I was making, was that someone other than I (AKA a "hacker", correct term is a script kiddie though), can pose as a legitimate-looking router for a casino (MGM Grand Guest Wi-Fi for example), to trick hotel customers and gamblers into connecting to it, in an effort to grab unencrypted personal payment information. I did however leave out a few facts, like defeating the software level encryption provided by phone apps and websites, so I won't confuse my class and my instructor. It's a Gaming Audit Class, not a Information Technology course.

But now, I have a question. What else should I learn?

According to this, there seems to be a big developing market for cybersecurity professionals, thanks to media fear-mongering: http://money.cnn.com/2016/12/02/technology/commission-on-enhancing-national-cybersecurity/

When I initially installed Kali half a year ago, I was playing around with services like Metasploit Framework and the apps that were built around Metasploit, like Armitage, and Social Engineer's Toolkit. I created my own VM out of Metasploitable Linux to use as a punching bag.

First lesson I learned. Thanks to auto-updating/forced-update services, nowhere in real life, would a modern Windows PC be as vulnerable as back in those pre-Windows XP days. "Hackers" nowadays better get crafty. Really crafty.

Due to that fact, I concluded that creating fake APs and then accompanying it with a downgrade attack running in the background is probably the most foolproof method to grift information from passers by. It will circumvent the security placed by IT professionals for legitimate routers as long as the victims are tricked or are foolish enough to connect to the fake AP. Suddenly, all the effort to put together a Wi-Fi network secured with WPA2 encryption, CCMP ciphers, and MGT/ENT type authorization, seems for naught. I don't have to mount direct attacks at all. Just go after the users instead.

Is there any other essentials I need to know to get started? I felt that creating Evil APs was a good starting foundation.

FYI I am on my last college semester for my Accounting Degree, however I am planning to return to the local community college to get started on my CHFI Certification Course (Computer Hacking Forensics Investigator).

I realized that I can recover old deleted files, even files that were permanently deleted out of the Windows recycling bin. I even found... old images of my deleted porn, and even a thumbnail directory for that porn *blush*, with a find command.

Hey Lister,

I saw this post last night and considered dropping a quick reply so sorry I didn't in the end. First off, just want to get the following out the way as I'm sure you'll agree...

Disclaimer
Most of what we do in most developed countries often falls into grey area's of the law. With that in mind, it's OK to have some fun and do a little research but everything changes should you use 'real people' in your 'learning exercises'; you can quickly find yourself in hot water and no clear answer on whether you've actually done something wrong - remember the fear mongering. Thumbs up for obtaining the Twitter cookie but all respect is lost the moment it is used (unless it's yours or you have their permission). To summarise, I'd like to be part of the solution and not the problem :) :) Also, bear in mind that there are many people out there and on the forum that have so much more knowledge and experience than I do who may disagree with one or two things - take and appreciate their opinion over mine where justified :)


Anyway, fair play on what you've achieved and I applaud your use / correction of script kiddie. To move on from this, there is so much to cover that I can't really include here so I'll focus on what I think are the basic steps to the next stage. Bearing the disclaimer above in mind, I would personally argue that some moderate research into the laws covering the systems you'll be interacting with is a great first step (don't forget that networks are international so in same rare cases, look at the relevant laws in that country). I'm actually working on a small project with a few friends on developing an area / community to specifically address the legal aspects of this career as I've found finding the information isn't straightforward and sometimes misleading entirely. For the moment though, this will be focused on UK law and is in very early stages.

In order to properly progress in this field, you won't get far unless you familiarise yourself with a number of underlying concepts in computer engineering. Start by developing a solid understanding of the OSI model and follow this up with exactly how this relates to the TCP/IP stack (there is a ton of info about it). Once you've done this, cement your learning by analyzing a packet capture with something like Wireshark (translate your knowledge of how a TCP handshake happens to the actual packets you see in front of you) and try to do this for each concept you learn about. You'll also need to make sure you have a good understanding of how the major operating systems differ and work - you'll be working primarily in Linux but likely to 'attack' Windows, Android and iOS systems so understanding how the common protocols are handled by them is a must at the very least.

Once you've got a better understanding of how the various technologies and system work, you will inevitably be in a better position to understand and use many of Kali's tools and abilities. I've found myself when I started getting into Kali (and BackTrack years ago) that a great way of doing this is taking one of the tools you're comfortable using and learning how it does what it does - this will almost force you to understand the actual theory behind the 'attacks' and allows you to transition from script kiddie to a competent pentester. If you're ever looking for a new area to research and learn about, try watching some of the DefCon talks on something like YouTube as these can give a little inspiration to do a lot of further reading.

Essentially, ask as many people in the field as you can how and why they got into it and what sort of steps they took to get where they are as this will give you a rough plan to follow and an idea into the sort of material you enjoy and will need to research.

I do hope my insight above helps with you progressing, if there is anything that's not clear or you have any questions, let me know :)

Tommo

I'll second tbdev, and ask a question. How are your programming skills? You don't have to be an expert, but learning your way around Perl, Python, and Bash shell scripting will be very helpful. Info security is a vast field, so in studying, you may find a specialty that suits you (i.e. wireless, web app testing, mobile app testing, audit, etc).