Are you ready?
- Details
- Category: blog
- Published on Tuesday, 10 January 2012 18:09
- Hits: 56
A thought that flowed through my mind recently, is how do you know when you are ready to start developing? How do you know if you're ready to start hacking?
Some might be tempted to start spouting requirements:
- you need to know 'n' programming language(s)
- you need to know programs 'x' 'y' and 'z'
- you need to understand principle 'abc'
While those dependencies certainly have their place, the best answer I have found (and I admit that it isn't original):
you will know that you are ready when you stop asking "am I ready", and start doing it.
Just do it.
How to crack WPA wireless passwords
- Details
- Category: grey hat
- Published on Monday, 09 January 2012 16:52
- Hits: 82
Quick and dirty guide to cracking WPA wireless networks. Find more details, instructions and information at:
http://www.aircrack-ng.org/doku.php?id=cracking_wpa
Get live-cd or live-usb of Backtrack 5 here. You have a choice of Gnome or Kde, 32 or 64 bit.
Boot from the live-cd, which will automatically login as root. Type "startx" to load the gui. Open a terminal, from the applications menu.
The simplest method, but not necessarily the fastest, uses the aircrack-ng program suite.
Identify your wireless card. Type in "ifconfig" in the terminal, and read the output. Your wireless card will probably be either wlan0 or ath0. For the rest of this guide, we will assume wlan0.
Put your wireless card into monitor mode.
# ifconfig wlan0 down
# iwconfig wlan0 mode monitor
# airodump-ng wlan0
If all goes well, you should see airodump start listing visible wireless networks, and displaying information about them. If you get an error, check google for assistance.
Press "ctrl+c" to close airodump once you see the name of the wireless network you are trying to crack. Run it again, with these changes to the command.
# airodump-ng wlan0 -c <wireless channel> -b <mac address of wireless AP> -w capture.cap
At this point, you will only be capturing packets related to the network in question. Wait until a station connects to the wireless network, and you capture the 4-way handshake. When this happens, airodump will display a message on the top line.
You can force any active stations to disconnect, at which point they will probably automatically reconnect. When they do, you can catch the handshake. To do this, you will use option #0 of aireplay. In another tab, run:
# aireplay-ng -0 60 wlan0 -b <mac address of wireless AP>
If your laptop's signal is strong enough, this will disconnect the station, forcing it to reconnect, and allowing you to capture the handshake. Go back to the first tab, and check on airodump's progress, where you should see the note that a handshake has been captured. If not, try the aireplay command again a few times. If you still don't see a handshake, try getting closer to the access point, a bigger wireless antenne, and double check that there is an active station connected to the wireless network.
Okay, so you've capture a 4way handshake. Now you can pass this to aircrack, which will perform a dictionary attack on the handshake. Depending on the size of the dictionary, this can take a few hours to run through the dictionary.
# aircrack-ng -w <password list> capture.cap
Backtrack has a decent password list at: /pentest/passwords/wordlists/darkc0de.lst
How to crack WEP wireless passwords
- Details
- Category: grey hat
- Published on Tuesday, 03 January 2012 17:35
- Hits: 119
Wireless is ubiquitous. That means it's almost everywhere in the developed nations. Thankfully, most people have been educated about the dangers of using WEP encryption on their wireless networks. WEP encryption has a number of weaknesses, which are well known. The result, is that a mildly interested person can look up steps and guides on how to crack a WEP password, and be able to understand and perform them.
This article demonstrates somebody can break a WEP password in under 30 minutes.
how to keep Linux systems up to date
- Details
- Category: technical
- Published on Saturday, 17 December 2011 15:30
- Hits: 100
If you've spent much time with your Linux box, hopefully you already know how to keep it up to date. Thankfully, its really easy to do from the command line. This post will show how to do this on Debian based systems, which use "aptitude", and the cli gui "apt-get". It will also show the command for ArchOS based systems, which use "pacman". Red Hat and like systems such as CentOS use "yum". I don't remember the syntax, but you can easily look it up with "man".
Note the common convention, commands preceded by $ are run by the user, while commands preceded by # must be run as root. I beleive that system update and upgrades must be run as root.
Arch:
# pacman -Syu
This command both updates the package list,and installs all updates, in one clean and simple command.
Debian based (Such as Ubuntu, or any of its derivatives):
# apt-get update
This will update the package lists.
# apt-get upgrade
This will upgrade all packages to the newest version.
# apt-get dist-upgrade
This will upgrade the Os to the latest major release.
Backtrack is based on Ubuntu. Therefore, the commands to update are the same. However, there are usually some other things you want to keep updated as well on Backtrack, and so I generally write the following script on each clean backtrack install I make:
#!/bin/bash
apt-get update
apt-get upgrade
apt-get dist-upgrade
msfupdate
cd /pentest/exploits/set && svn update . && cd ~
echo "done"
This will update the system, as well as keep the SET and Metasploit frameworks up to date. You can call the script whatever you want, as long as it has the ".sh" extension. Then you can call it via "sh script.sh", and it will run all the commands for you.
