OpenCL is ATI's gpu accelleration software kit. Programs that utilise it's features are able to offload workloads from the cpu to the gpu. Since the gpu is generally orders of magnitude faster than the cpu, this results in the workloads being completed faster.
This is most noticeable for programs which perform repetitive number crunching. This technology can turn an aging pc into a very capable password cracking box, with some very cool, very free software.
To start with, your requirements are a pc with an ATI graphics card. (If your graphics card is NVidia, you can use CUDA instead: here). You will also need a copy of Backtrack 5, installed on a hard drive, able to boot natively. You might be able to get away with installing Backtrack to a removable USB drive if you're a Windows user, just make sure you unplug your internal Windows drive first, so that you don't destroy your bootloader by accident.
From there, these simple steps are outlined, in order to install the neccessary drivers and software which unlock the full computing potential of the graphics card.
http://www.backtrack-linux.org/wiki/index.php/Install_OpenCL (thanks g0tmi1k)
At this point, you are free to use the OCL enabled software built into Backtrack, such as OCLHashcat. The guide also shows you how to download pyrit, which is a gpu enabled, distributed computing capable, very slick WPA hash bruteforcer.
Quick and dirty guide to cracking WPA wireless networks. Find more details, instructions and information at:
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Get live-cd or live-usb of Backtrack 5 here. You have a choice of Gnome or Kde, 32 or 64 bit.
Boot from the live-cd, which will automatically login as root. Type "startx" to load the gui. Open a terminal, from the applications menu.
The simplest method, but not necessarily the fastest, uses the aircrack-ng program suite.
Identify your wireless card. Type in "ifconfig" in the terminal, and read the output. Your wireless card will probably be either wlan0 or ath0. For the rest of this guide, we will assume wlan0.
Put your wireless card into monitor mode.
# ifconfig wlan0 down
# iwconfig wlan0 mode monitor
# airodump-ng wlan0
If all goes well, you should see airodump start listing visible wireless networks, and displaying information about them. If you get an error, check google for assistance.
Press "ctrl+c" to close airodump once you see the name of the wireless network you are trying to crack. Run it again, with these changes to the command.
# airodump-ng wlan0 -c <wireless channel> -b <mac address of wireless AP> -w capture.cap
At this point, you will only be capturing packets related to the network in question. Wait until a station connects to the wireless network, and you capture the 4-way handshake. When this happens, airodump will display a message on the top line.
You can force any active stations to disconnect, at which point they will probably automatically reconnect. When they do, you can catch the handshake. To do this, you will use option #0 of aireplay. In another tab, run:
# aireplay-ng -0 60 wlan0 -b <mac address of wireless AP>
If your laptop's signal is strong enough, this will disconnect the station, forcing it to reconnect, and allowing you to capture the handshake. Go back to the first tab, and check on airodump's progress, where you should see the note that a handshake has been captured. If not, try the aireplay command again a few times. If you still don't see a handshake, try getting closer to the access point, a bigger wireless antenne, and double check that there is an active station connected to the wireless network.
Okay, so you've capture a 4way handshake. Now you can pass this to aircrack, which will perform a dictionary attack on the handshake. Depending on the size of the dictionary, this can take a few hours to run through the dictionary.
# aircrack-ng -w <password list> capture.cap
Backtrack has a decent password list at: /pentest/passwords/wordlists/darkc0de.lst
Hello world.
Sometimes I get sad when I realize/remember that we in Bermuda are a little behind the times technologically. A colleague mentioned today that he wondered if we (the western hemisphere culture) had not become complacent in our hunger for success. We agreed that this means we are probably losing our competitiveness as a culture.
My interests are in computers, and technology in general. Here are a few ways I have observed our culture being lazy and falling behind in the Information Technology field.
- Our major telecoms datacenter is an easy target for social engineering. This means that a bad person can easily bluff their way into our datacenter. Once inside, the escort generally leaves a visitor alone until they are finished. A bad person could probably disable Bermuda's telecoms by abusing this lack of security awareness. This would not be possible if we were not asleep with our heads up.......
- There are a large number of wireless networks around, and thankfully, most of them seem to be WPA or WPA2. This is encouraging. I will not speculate on the length of password used, but hopefully most people have the sense to choose a long password. Unfortunately, this means that those people with WEP or unsecured networks stand out as bigger targets, and there are still a number of them out there. Especially if your neighborhood is on WiGLE. There are about 2,300 wifi points on Bermuda's map now. Check it out and tell your friends. Bermuda needs more security awareness.
- At least one of our major ISPs operates an open email relay. You spammers out there will now get busy looking for it. For the rest of you, what this means is that sending a fake email, with a forged "from" field, is very easy. All you have to do is change your name and email address in your accounts setting of your email client. This is possible, because the outgoing mail server does not require authentication. This means you can tell the email server that you are somebody else, and it will beleive you, without checking. I have not named the major ISP, and I have not given detailed step by step technical information. But anybody who has a basic understanding of email client configuration should be able to verify this without much effort. A person of poor computer literacy should still be able to accomplish this if shown the steps once or twice. The problem is, this should not be possible. Our local ISPs have been negligent, allowing themselves to be used to spread spam, by anybody in the world. I guess it would be possible to discover and identify such a local spammer by IP address, but only if they were dumb enough to use a network they could be associated with (work or own home network).
- Our own government's home page also has problems in it. It's powered by some portal software written by a company that doesn't even exist anymore, BEA Systems, which was bought by Oracle ages ago. There were a number of directory traversal vulnerabilities in the version that powers http://gov.bm, which were again fixed ages ago. However, our government's web master hasn't applied these security updates yet. Unfortunately, they are running an even older version of Apache, which is not just a few updates old, but several major revisions out of date. Apparently, there was even a tip to the webmaster that has apparently gone ignored.
If you recall the issue with one of TCD's databases being readable and editable from the internet, published a few months ago, the same vulnerabilities still exist. This was announced in the Royal Gazette this past June, and the breach still exists (at least the last time I checked), albeit the risk has been mitigated. By this, I mean that the database was replaced with a blank database, but it was still accessible. I have been unable to locate this link again. However, a simple Google search for "site:gov.bm feedback" will reveal similar comment forms, in which user comments and questions are publicly available, and they are probably not intended to be.
For example: http://www.gov.bm/portal/server..pt/com_joomlalib/standalone/components/com_joomlalib/standalone/stubjambo.php/gateway/PTARGS_6_2_10533_216_226727_43/
You will notice that the URL specifies an invalid file path, "/server..pt/". However, there is a bug in the portal software. This bug, which is documented and has been fixed ages ago, is still present in the Bermuda Government portal. The fact that the webmasters have not patched the portal software is an act of ignorance and or willful negligence. It has allowed Google spiders to crawl and index all sorts of things which probably shouldn't be available to it. A bad person could probably do the same thing, and much worse.
Wireless is ubiquitous. That means it's almost everywhere in the developed nations. Thankfully, most people have been educated about the dangers of using WEP encryption on their wireless networks. WEP encryption has a number of weaknesses, which are well known. The result, is that a mildly interested person can look up steps and guides on how to crack a WEP password, and be able to understand and perform them.
This article demonstrates somebody can break a WEP password in under 30 minutes.
