From c67c04cd40e96b826fee17dcad728e28555683de Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Mon, 22 Nov 2021 17:05:14 -0500 Subject: [PATCH] Started new article --- public/api/articles.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/public/api/articles.json b/public/api/articles.json index 40c02a2..20921ee 100644 --- a/public/api/articles.json +++ b/public/api/articles.json @@ -11,6 +11,12 @@ "title": "Hiding Data on Linux", "desc": "Showing you how to hide files within a file in linux.", "contents":"*Steganography*Steganography is the art or practice of concealing a message, image or file within another message, image or file. There are many techniques to perform steganography, one of which is to hide messages on physical paper in the physical world. Another technique involves hiding messages in digital images or digital data, also called digital messages. Images are the typical victim used to hide information. Social steganography is when messages are hidden in the title and context of a video or image. Names or words may be misspelled that are popular in a given time to suggest alternative meanings, or pictures can be traced by paint or drawing tools. When information is hidden in telecommunication networks, this is called network steganography. Today steganography is mostly done on computers with tools such as steghide, stegstudio and more. One simple way of doing so is on linux, by combining a zip file and an image in order to hide the in the back part of the image file.*Hiding Files Inside of a JPG File* You can first download an image that you'd like to use. Next, you'll create a file to hide. You can use anything, given that it can be hidden within a zip. I'm using a text file called steg.txt. Next, you'll want to compress the file. You can do this in the terminal by running the following. `zip zipfile.zip steg.txt` Now that you have a zip file you can now hide the file. We'll do this by using the cat command. This command will combine the data within two files, and allow us to create a new file with the data concatenated. Run the following command using image.jpg as our image file and zipfile as the zip we just created. If you have a file with a different file extension (I.E. .jpg, .png) change StegFile.jpg to reflect this change in addition to the original image file. `cat image.jpg zipfile.zip > StegFile.jpg` Now that everything is combined, you can attempt to view the StegFile.jpg image to see if you've correctly combined the two files. If you'd like to get the files out of the zip/steg file, you can then run the following on the image. `unzip StegFile.jpg` As you can see, it just unzipped the steg.txt from the image and placed it in the current directory. *Conclusion* Steganography is an interesting concept, especially revolving computer forensics and can be used to hide files and make interesting puzzles. *Sources* ~ https://www.merriam-webster.com/dictionary/steganography ~ ~ https://en.wikipedia.org/wiki/Steganography#Techniques ~ ~ http://steghide.sourceforge.net/ ~ ~ http://stegstudio.sourceforge.net/ ~" + }, + { + "id": 2, + "title": "(POC) Cracking Wifi using Phone Numbers", + "desc": "Showing you how to crack wifi passwords using phone numbers.", + "contents":"*Introduction*This article is a proof of concept and should show you why it's dangerous to use your phone number as your wifi password. Since the introduction of wifi, people have tried breaking into and exploiting it. WEP an old edition of wifi password security was a very weak method and could be easily broken just by sniffing wifi traffic coming to/from the AP. Since the introduction of WPA security, cracking has become more and more difficult. Although, if you can find the right password, one could potentially crack the login for wireless networks. This is done by sniffing for a specific traffic containing an EAPoL or Extensible Authentication Protocol over Lan. This essentially contains an hashed version of the wifi password. Using this we can then bruteforce the password and crack the password. As found in another article (see references) many people use their phone numbers as their wifi passwords. This can make it specifically easy to crack since your phone number is often related to your location through your area code. For example, if I was living in New York City, my area code would be either 212 or 718. If the wifi's password hash was sniffed somewhere in NYC, every phone number could be stored in a file around 200MB in size. With the technology of today, that password would be cracked in a matter of minutes if you used a phone number as your password. *Prerequisits*~Linux~ ~Wifi Card~ ~git~ ~python3~ *Creating a Phone List* In order to create the list of phone numbers you'll need to use a tool that I created. You can grab the files by cloning the repository `git clone https://github.com/RaspberryProgramming/phone-wordlist-generator` Enter the folder by running `cd phone-wordlsit-generator` Using this you can generate every phone number in your area code and put it into a file. Replacing AREA with your area code run `python3 main.py --staticnum AREA` You will then find the phone numbers in a file called phones.list *Capturing Wifi Hashes* You might be wondering, how would I even get these password hashes? Theres a simple tool called aircrack-ng that gives you a suite of tools that you'll need. If you're running Ubuntu Linux you can run `sudo apt install aircrack-ng` to install all of the necessary tools. On Arch/Manjaro run `sudo pacman -Sy aircrack-ng-git` " } ] } \ No newline at end of file