dimitar
-
Posts
27 -
Joined
-
Last visited
Posts posted by dimitar
-
-
I have been using dd-wrt on my Linksys router for a few years now. I have never had any problems and I recommend it to anyone. If you use the default Linksys firmware you are only using a small fraction of your router's capabilities.
And YES, you can always flash back the original Linksys firmware if you needed to (it is available on the Linksys website). But, I don't think that you would ever want to do that.
My current dd-wrt version is: Firmware: DD-WRT v24 (05/20/08) vpn
I have also used WOL for a long time.
In order to WOL any of my machines at home all I have to do is ssh to my router (from anywhere) and then run:
/usr/sbin/wol -i Broadcast_IP_Address MAC_Address
For example:
/usr/sbin/wol -i 192.168.1.255 00:10:B5:74:A2:B3
You can also use the WOL tab of the dd-wrt control panel. But there are security issues if you enable the control panel to be accessed from the Internet. Plus the I find using the Linux wol command a lot easier and quicker.
-
Yes... what you described is called the "passive" method. You can do only this, but then it might take you days even weeks to crack it, depending on how many clients are connected to the AP and how active they are.
But if you want to speed up the process quite a bit... then you are missing a step. This step has to do with injecting packets to the targeted AP. In this way you can crack a WEP key of an AP that has no clients and no activity.
Depending on the length of the WEP key, it takes me anywhere between 2 to 30 min. to crack it.
So here is the command you need to execute after you run the airodump to capture the packets:
aireplay-ng -3 -e SSID wlan0
I probably don't have to tell you that here SSID is substituted with the SSID (name) of the AP.
Once you run it.... what you are looking for is for those IV packets to start climbing up fast. This might take a couple of minutes though... so you have to be patient.
If the AP has no clients, then you have to run (while the above command is still running, so use different terminals):
aireplay-ng -1 5 -q 10 -e SSID wlan0
which will try to create an association packet that will be picked up by the previous command and replayed over and over again until you have enough IV packets.
-
Your airodump command is wrong.
To start airodump to find all the available APs do (you got Kismet working, so you don't need this, because you can get all that info from there):
airodump-ng --band bg wlan0
To start capturing the IVs of the targeted AP in a file do:
airodump-ng -i -c 6 --bssid 00:0F:66:47:1D:1F -w tocrack wlan0
* -i collect only IVs, which are used for the cracking
* -c 6 is the channel for the wireless network
* --bssid 00:0F:66:47:1D:1F is the access point MAC address. This eliminate extraneous traffic.
* -w capture is file name prefix for the file which will contain the IVs.
* wlan0 is the interface name
-
ARP is a Level 2 protocol. It knows NOTHING about IP addresses. It has the source and the destination MAC address in its header. In an ARP packet the destination MAC is FF:FF:FF:FF:FF:FF, so that all the machines on the segment can process it. Only the machine with the IP address specified in the "body" of the ARP packet will respond with its own MAC as a source address and the MAC of the machine that asked as a destination address.
If nobody responds to the computer that sent the ARP request, then the target computer cannot be reached with Level 2 protocols. Now the machine has to send a Level 3 packet to its default gateway (the router).
Also keep in mind that before the source computer even sends an ARP packet, it checks the target's IP address, then it compares it to its own IP address and Subnet mask to find out if the target computer is on its LAN.:
1. If it is, then it checks its cached ARP table and if it finds the destination computer's MAC address there, then it does not need to broadcast an ARP request. If it does not find the target computer in the ARP table, ONLY then it sends the ARP request.
2. If the target computer is not on its LAN/Subnet, then it does not send an ARP packet, because there is no need for it. It knows that nobody will respond! So, it sends a Level 3 packet to the default gateway with its own IP address as the source address and the desired computer's IP address as a destination address. And the routing process takes over.
These are the basics of networking.
Routers do not pass broadcast, multicast or frames with unknown destination MAC address.
This makes it impossible for someone to do an ARP poisoning/spoofing on the internet!
I would recommend you look at the network basics first by reading about the OSI model:
-
You have to edit your kismet.conf file.
The easiest way for you to do that is with gedit. Just run:
sudo gedit /etc/kismet/kismet.conf
Then you have to edit the following lines:
suiduser=username
Put your user name above in place of "username".
#source=none,none,addme
Uncomment this line and add the needed info.
In my file this line looks like this:
source=madwifing_g,wifi0,atheros
The last value "atheros" is just the name I have given to that source interface, so it is a free text value. If you are sure that your card works with madwifi drivers, then the source line for you should look like this:
source=madwifing_g,wifi0,awus036h
Here is some more info... just keep in mind that your wirless card has a Realtek chipset rtl8187 (look at "12. Capture Sources") :
-
I am not sure why you have to capture the ARP packets on the router?
ARP requests (as mentioned by the previous posts) are broadcasted to all the computers on the LAN.
So if you run Wireshark on your computer you will capture the ARP packets and they will look exactly the same if you were to run Wireshark on the router itself.
You would only have a difference if you have set up VLANs. Then you will not be able to see the ARP requests of/to the computers on the other VLANs (but you would be able to see all of them if you were to run Wireshark on the router). But since you did not mention anything about VLANs, I assume that is not the case in your home setup.
-
Sorry but you are wrong. I do need a lan ip address. Jut not from my router. Our antenna has an ip address and its static. When I plug into it my device has to know where the antenna is in a way. (its ip address.) Im going to try spardas solution. Im going to add another nic card to our desktop and run the router through one and have the other line from the antenna going into the other nic. Hopefully it works.
Sorry... may be I misunderstood something. What do you mean by "antenna". Are you referring to a coax cable? Or a satellite antenna?
On a second read... it seams that you are talking about a satellite antenna that is connected to your router with a CAT 5 cable, in which case the antenna actually plays the role of a modem (you need a device that does modulation and demodulation and since you don't have a modem, the antenna must be doing this).
If the antenna has its own IP address, then if you do a traceroute from your computer on the network to anything outside your network, the second hop should be the IP you are looking for (the first hop would be your router).
So I would do:
traceroute yahoo.com (on a linux box)
or
tracert yahoo.com (on a windows box)
take the IP address on the second line, that should be the IP address of your antenna.
I just seriously doubt it that your "antenna" would have an IP address (it probably just plays the role of a modem).
-
To add a user in Linux command line, you just have to type the following command:
adduser username
Where "username" is the name you want to give to the user. For example: adduser mike. It will prompt you to enter a password.
Once it is done, it will create the user "mike", create a group called "mike" for that user and created a home directory.
Now you can log in as that user. Just do:
su - mike
It prompts you for the password and now you have become "mike".
As far as your Kismet issue... I am not surprised that it does not work in Ubuntu. In order for it to work with Ubuntu, you need to install the madwifi drivers and then load them every time the kernel starts by editing the /etc/modules file (that is what I did with my Ubuntu and it works like a charm) or you have to run this command after each reboot (I am assuming your wireless has an Atheros chipset):
sudo modprobe ath_pci
What happens when you boot your desktop into the BT3 live CD? Does it work then?
-
He needs the router's WAN IP address. Not the LAN address. If he wants to replace it with his own, he needs to know the IP address that the ISP gave him.
Just go to http://www.whatismyip.com/
Make sure that you are doing this from your home computer that is behind the router in question.
It will show your router's WAN IP address right on top. Like this:
Your IP Address Is xxx.xxx.xxx.xxx
You do not have to do any traceroutes etc.
He does not need the LAN IP address. This is irrelevant.
-
This is really simple (unless I do not understand your question). Your router is your gateway. So when you go out of your network all your packets have your router's IP address as a return address.
So, to find out your routers IP address, just click here:
That's it :)
-
First, in BT3, when you start Kismet it puts your interface in monitor mode automatically and it uses the madwifi drivers anyway, so you do not have to specify that.
Second, you do not need to run commands with sudo. You are root in BT3 by default. So, all you have to do is type"
kismet
This will start Kismet, which will use the right drivers for you card, and it will put it in monitor mode.
Third, from your output it looks like your wireless card might not support monitor mode and might not be supported by madwifi. Check here for compatibility: http://madwifi-project.org/wiki/Compatibility
-
Normally packets are fragmented (into the so called frames) when they go through a network. When your computer receives the frames it reassembles them and then processes them. What you see in Wireshark are fragmented packets.
First, filter by IP address, so that you only get fragments that are part of your chat.
Then, if you want to see a whole packet, so you can make sense of it, right click on one fragment (that is part of your chat) then select "Follow TCP Stream".
-
I used the USB drive to install Ubuntu. I partitioned the harddrive leaving about 10 gb of the 160gb for XP. When I restart the PC I don't get an option to boot Ubuntu. I have gone into the bios and switched which drive to boot from and it only loads XP.
Just to give you a few pointers.
In order to boot from a device, you need the master boot record to have a boot loader installed and correctly configured to point to a kernel image that would be loaded. Each drive (hard disk, floppy, usb drive, etc.) has only one master boot record and that usually is the first 1024 cylinders of the drive.
So, you correctly partitioned the drive into 2 partitions- 1 for Ubuntu and 1 for Windows. But you left the Windows boot loader untouched. That means that every time you reboot, the boot loader will always load Windows.
What you have to do is install another boot loader (as Bakb0ne has pointed a couple of good ones: GRUB or LILO) and configure it to point to the 2 partitions you have created. I think in GRUB you have to specify that in the menu.lst file.
There are a lot of tutorials on that subject on line. Just google for "GRUB dual boot" or "LILO dual boot".
I hope that helps you to get on the right track.
-
Thanks for the reply. My intension for the time being is to understand the nature of networks and Internet security, hence, hacking in general. I'm interested in using apps like nmap and otherwise, which in my meager experience with Linux I've been able to get running.. I've puchased, on the advice of another, the books: Hacking for Dummies and Gray Hat Hacking, and ice heared the latter has a number of scripts and apps mentioned in It that are made for Linux. Will these work just as well on Terminal, or would you install Linux? I'd also like to experiment with C and C++ scripting as it applies to a hack ( don't know how that is yet ), again, is OSX suitable in that respect?
If not, I have fedora installed on another old laptop.. Would that be your best choice of Linux for what I'm looking to learn? Or would somthing like Slackware be a better choice?
Thanks! Really appreciate your taking the time to help me out.
Any flavor of Linux will be good enough to do whatever any of the above mentioned books describe. This is not something you have to worry about. But what you should be concerned with is how easy it is to maintain and configure the linux distribution in question. In this respect Fedora is not a bad choice. I personally like the "Debian like" distos. A good choice here would be Ubuntu.
Also, C and C++ are not scripting languages, they are programming languages. I would recommend the book "Beginning C++" by Ivor Horton if you are serious abut learning it.
-
My first questions is in regard to keeping OpenWrt functional.
If I follow the instructions http://wiki.hak5.org/wiki/Fon_Jasager_Install will i have the option to run OpenWrt just as a normal hacked router AND be able to type in the IP for Jasager and enable karma? Is that what step 19 does in the wiki:?
? or is this step even necessary?
Yes, this step is necessary. You will be able to run the router as a normal router if you wanted to. It has a full OpenWRT installed and you can just use it as a simple router (that defeats the purpose though).
Also, within step 19 what does mean?
It means that after you do this step you will be able to access the Jasager front end just by typing the IP address of the fon router in your browser (for example: http://192.168.1.1). If you want to access the OpenWRT interface you will go to the webif.html page, like this: http://192.168.1.1/webif.html.
Next, is there any reason besides darren wanting his pineapple completely wire free why he just didn't power it by usb, rather then dealing with the batteries? http://www.fonerahacks.com/index.php/Tutor.../USB-Power.html
USB power is possible, but then you will have 2 cables going to your laptop instead of one (1 Ethernet and 1 USB).
Next, on steps like Step 8:
What would that command look like?
Here is the command:
scp out.hex openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma root@192.168.10.1:/tmp/
Lastly, just a question about something that happened in on of the season 4 shows;
If i remember correctly darren had shannon walk by some people with laptops with a wifi jammer to drop their connection, so that, when their wifi reset they would connect to his pineapple.... or maybe i'm delusional and that never happened! :D
If it did happen could you guys point me to that episode or provide alittle info about the jammer or point me in the direction to make one.
I do not remember that show. But if you are using a linux laptop and you want to find out how to route the wireless "clients" to the internet so you can see their network traffic you can follow this tutorial:
-
I think that macs are a way too expensive for what they offer.
I bought a 14" Acer laptop a couple of months ago. It has Intel Dual Core 1.7GHz, 2 GB of RAM, 120GB HDD and an Atheros wireless chipset. It is the perfect laptop for Linux.
I run Ubuntu 8.10 on it and it is fast. The Atheros chipset allows me to run the native madwifi drivers and you know what that means: WEP cracking, KARMA, etc...
It was just under $500 at tigerdirect.com. If you want to read further about why I chose this laptop, read this:
Good luck !
-
Worked fine the first time.
If you are primarily a Linux person you can check out my blog about how to set up the rerouting of the traffic from the fon router to Internet, so you can sniff everything in the middle:
The only problem I have is that after the wireless clients connect to the fon router it works fine for 5-10 minutes, but then suddenly drops the wireless clients without any apparent reasons. I have to investigate further why this is...
If anyone else has experienced this, please let me know.
-
In episode # 412, Darren showed sniffing the packets of all the wireless clients connected to the Jasager from a Windows machine.
Here is a step-by-step instructions how to do this with Ubuntu (doing it from any other Linux distribution will be almost the same):
If you have any questions or suggestions, please let me know.
-
Thank you for the correction!
As you can tell I am not the best speller out there :)
Plus, my German is a little rusty :D
I changed the spelling in the blog posting.
Thank you again for catching this!
-
In episode 412, Darren shows how to reroute the network traffic from the wireless clients to the Internet and sniff all their packets. He did this with his Windows laptop.
Being a die-hard Linux user, I decided to do the same with my Ubuntu laptop.
Here is a step-by-step tutorial how to do this:
If you have any questions or suggestions, let me know.
-
The code for creating the key looks good and it should work, but you have to double check the results.
Run your executable, then check your registry key:
1. Go to Run and type regedit.
2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. You should see a key named keylogger2.exe
4. The value of the key should be the absolute path to the executable, including the executable file name. For example, if you put the executable on the root of the C drive and the program is called keylogger2.exe, then the value of the key should look like: C:\keylogger2.exe
5. If all this is there, then when you restart your computer it should run automatically.
By the way... you might not wanna call your program "keylogger2.exe"... it is a dead give away...
-
Make sure that you have @echo on at the top of the script. Then you need to put an extra % in front of each % and a ^ (caret) in front of each >. These are called "escape characters".
So... your script will look like this:
@echo on
echo set name=c:/%%num%%.bat ^>^> %%name%%
pause
-
Are you using Backtrack3? Just boot into it from a USB stick or a CD... it will mount all the Windows partitions in read/write mode. It would not care how Windows had shut down.
Earlier versions of BT had issues with that.
-
As long as you are happy with it... that is all that matters.
Wake on Lan (WoL)
in Questions
Posted
Sorry... I did not see the "EDIT" portion <_<
If dd-wrt is not available for your router... you can try Tomato, OpenWRT, FreeWRT and there are a few others. You will be able to accomplish the same.