[Church of Wifi WPA-PSK Rainbow Tables]

sorry but i'm a newbie

Spliff666 made the post with the The Tables,,, what exactly are these i can't figure that out :| are those rainbow tables or dictionary files ? how can i use them ?

ive seen this video from hak5

but if someone changes the SSID the rainbow table will still work ?

please reply soon

Wow, a throw-back from the old Hak House!

What is a Rainbow Table? Google is your friend :) http://en.wikipedia.org/wiki/Rainbow_table

Spliff666's tables are pre-compiled with the a database of the most commonly used SSIDs. If your victim changed their SSID to something unique, that wasn't already in Spliff666's tables, then you would have to pre-compile your own rainbow hash tables with the SSID you wanted to attack.

I'm probably going to be doing some WEP/WPA videos pretty soon. I'll follow up to this post if i get around to it.

Good luck!

[The perfect linux server]

Great work miT!

Thanks! :)

Does anyone know of a replacement for TorrentFlux? It hasn't been updated since 6/2008 and though the webpage is still up, it's for sale. I found one called torquetorrent, but it looks more like a WIP.

My article is quite dated and im in the midst of testing my new "perfect server" with Ubuntu 10.10 before i go forward with a full write up and tutorial video. Torrentflux has basically been replaced by Torrentflux-b4rt. The b4rt version supports torrents, newsgroups and wget for direct downloads.

I currently have it running and have had no issues thus far.

[The perfect linux server]

Sorry about the late replies guys, i've been working on a user requested "Perfect Kubuntu Desktop" which will be similar to my other "Perfect Desktop" video/tutorial.

Yes a Mythbuntu or boxee setup would be cool. Although anything that I can stream media to my TV would be good.

My next "Perfect linux server" video is adding mediatomb + a podcast grabber script that will auto download your favorite rev3 shows (i.e. Hak5) in HD so you can stream it on your network to other PC's or your HD TV via PS3. It would be really hard to put in Mythbuntu or Boxee on a headless linux server since there is no GUI.

i like it

Thanks!

[Perfect Ubuntu 10.10 Desktop]

I got a lot of requests to do a more updated of my "Perfect Desktop" and "Perfect Server" videos, well i finally got around to make it!

http://www.youtube.com/watch?v=xWGX00hVtH4

Text version available on my blog @ http://timashley.me/node/721

Enjoy! ;)

[Video Tutorial: Installing Airpwn On Ubuntu 9.10]

I got some emails about my article not working for Ubuntu 10.04 and 10.10.

I just posted a new article fixing the issues!

http://timashley.me/node/718

Enjoy :)

[Airpwn 1.4]

Some readers recently emailed in and informed me that my article on installing AirPWN 1.4 on Ubuntu 9.10 was out-dated and no longer worked.

It turns out that Ubuntu dropped Python 2.4 for Python 2.6. Since AirPWN 1.4 relies on python 2.4 dev header files, we needed to find a way to replace the newer Python with 2.4.

I put up a new article up on how to accomplish this and get AirPWN 1.4 running on Ubuntu 10.04 and 10.10.

http://timashley.me/node/718

Enjoy! ;)

[Install Xdcc-fetch]

Remember XDCC bottler scripts that would neatly display all the packages available in a channel? Well i use to use a mIRC script for it back in the day. Now that im 100% linux (5 years now!) i wanted to rock it old school and start getting my IRC XDCC fix again.

I dug up an old ruby project called XDCC-Fetch, which didn't work right out of the gate. With a bit of patching, i managed to get it to work!

Full article on with the patched version is available on my blog, http://timashley.me/node/674

Enjoy! ;)

[Minecraft On Linux/mac]

You can run minecraft from the jar...

java -jar minecraft.jar

I don't include the Minecraft.jar file that is placed in the home directory since the Alpha version im hosting is "patched" so you can try the game for free. The reason i launch it with the minecraft_name.jar is because i want users that are connecting to my LAN minecraft server to have personal nicknames other than the default "player".

[Minecraft On Linux/mac]

It took me HOURS and HOURS to find out how to get Minecraft to run on Ubuntu Linux and Mac.

Posted a great article on how i did it on my blog - http://timashley.me/node/596

Enjoy! ;)

[5 Questions Answered]

1. "The MEANING"?

2. How can I solve world hunger

3. Cure for Cancer

4. Cure for AIDS

5. How do I patent all of the above?

If I was feeling evil, I may ask "What's the vaccine for Cancer / AIDS" ;)

Brilliant!

[Droid Tether Man In The Middle Attack?]

well you can cheat and just put debian on the droid .. but nothing out yet for drivers/etc for android I read its possible but just no support yet :)

I been doing some work with android adn cross compiling etc I managed to get nmap to work:

# from android root prompt

wget http://rmccurdy.com/nmap.sh

sh nmap.sh

more info here :

http://rmccurdy.com/stuff/G1/BINS/NMAP/NMA...PILE%20ARM.html

but ruby/depends is an issue ( cluster-fuck ) with metasploit .. the idea is to get it all working with android and roll out a APK. I won't stop till I can autopwn from my android without debian :)

Just got my new Nexus One Google phone yesterday. I'm in love! It's everything the iphone strives to be, and then some.

Would love to see what comes of your work, keep it up!

[The perfect linux server]

Eww, don't use TorrentFlux - Unless you like python based clients that spawn new processes for each torrent. Not very fun when you're seeding 6,000 Linux Distros.

rTorrent <3

I actually moved from rTorrent to Torrentflux. Sure it spawns a python process for each torrent, but i'm not exactly seeding 6k distros. I also use the ability to create user accounts within Torrentflux so users on irc.omgirc.com can download some things. It's nice to jump in and see what people decided to download :)

[The perfect linux server]

Well, other than just apt-get install stuff and leave default configs. Maybe consider briefly show how to secure box (change sshd settings, host allow/deny, iptables, maybe ssh-key generation). Also ... try netinstall of debian for this purpose. You can still use the joy of apt, but it's much smaller than ubuntu server (and IMO faster and better in any way ;) )

So let me break this down:

1) Secure SSH (Change ports, ect)

2) Host filtering (probably focus on squid for that one)

3) iptables (for what exactly?)

4) SSH-Key Generation (for auto SSH login? i did this for a project im working on, its quite easy)

5) Netinstall (You're referring to installation of a Debian server via Minimal CD? I.E. over the internet)

Side note: i understand netinstall via Minimal CD would save space (more space = awesome) but how would it keep it faster? Other than a couple services running that you usually wouldn't install, i don't see a great increase in performance.

Feel free to tag on any other things you guys want to see on the next perfect server build.

Thanks! :)

[Complete Arp Guide For Noobs]

Nice stuff. The screen shots are great. Cant wait for the linux guide

I can do a video tutorial on arp spoofing on linux. Will even use the GUI in Ettercap for some visual flavor ;)

[Droid Tether Man In The Middle Attack?]

I've been playing with the new firmware for droid and I was wondering if anyone had developed something to allow the droid to become an all in one man in the middle device like the pineapple using the 3g tether feature?

When i first saw this i thought you wanted to do some arp spoofing with your droid phone, lol. You can totally capture packets via MITM if you run Jasager + ettercap/tcpdump or even some karmetasploit (karma+metasploit).

As long as your box has internet access through your phone and you have ip_forward + correct nat tables (assuming you're running linux), you can pretty much do anything you want.

I may just have to do a video tutorial on this one ;)

[Monitoring & Update Email Notifications]

good job sir. keep it up. great walkthrough

Thanks man :) It's always nice to get some positive feedback. I have been keeping it up, check out my other posts:

Video Tutorial: Installing Airpwn On Ubuntu 9.10: http://forums.hak5.org/index.php?showtopic=15880

Video Tutorial: Installing Aircrack + Wicrawl On Ubuntu Linux: http://forums.hak5.org/index.php?showtopic=15929

Nice job, I think I set my server up without having to use a CA. I cannot recall how I did it, but I think it was easier to do.

Why the CA anyhow, just to make sure that no one snoops yer email?

Yes. I wanted to communicate with the google mail servers over a TLS SSL connection. Since my server will be sending me reports (Such as security patches to my linux server), i don't want someone to see that email and realize that my server is unpatched and vulnerable to attack.

Yeah i know this is probably over-board and involves a couple extra steps, but i try to keep security in mind at all times. ;)

[Video Tutorial: Installing Aircrack + Wicrawl On Ubuntu Linux]

Aircrack-ng

Aircrack-ng is a set of tools for auditing wireless networks. These tools can recover 802.11 WEP and WPA-PSK keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools.

Last year i walked you through installing the Aircrack-ng suite on Ubuntu Linux.

We will be installing and using just part of the Aircrack-ng suite, airmon-ng. This will allow us to put our wireless card into "Monitor" mode.

Wicrawl

Wicrawl is a simple wi-fi (802.11x) Access Point auditor with a simple and flexible plugin architecture. The plugins allow us to find out useful information about an AP so we don’t have to manually check each access point. Plugins are implemented for existing common tools, and new plugins can be written in any language. Wicrawl is able to use multiple cards, and eventually will be able to use multiple computers.

The goal is to automate the tedious task of scanning wi-fi access points for interesting information. This can be a useful tool for penetration testers looking to “crawl” through massive numbers of APs looking for interesting data. Plugins will be everything from DHCP and nmap to aircrack or hooks to move a motorized directional antenna around.

The guys over at Midnight Research Labs stopped development back in 2007. Being a bit out-dated, it wouldn't compile on the latest Ubuntu without a couple tweeks. I replaced the entire source code in the Aircrack-ng plugin folder with the latest SVN (as of this post). I also had to add a header file to the discovery folder to help it compile.

I went ahead and tared up my folder with all of these edits so you can easily compile it on the latest Ubuntu Linux (9.10 as of this post).

In this video tuorial, i walk you through installing Aircrack-ng as well as Wicrawl.

http://www.youtube.com/watch?v=cpcurS2VoU0

As always, there is a text version available on my blog:

http://timashley.me/node/383

P.S. I cant believe i was on hak5 last week! It still blows my mind!

[The perfect linux server]

I was thinking of doing a new "Perfect linux server" setup for 9.10 or 10.4.

Anything you guys want to add to it? What would you consider a perfect server?

[Strip Ssl Via Ettercap Man In The Middle Attack]

for those prefer the command line (looks more badass);

ettercap -T -q -i <interface> -P auto -M arp // //

I find it's also nice to save my iptables for future use, cuts down on typing;

sudo iptables-save <filename>
sudo iptables-restore <filename>

I almost always prefer the terminal over anything (see my videos) but Ettercap has a really useful GUI. Not only is it easier and faster to manage my hosts/targets with, it's also has a pretty sweet interface. Why pass that up? :)

---

echo 1 > /proc/sys/net/ipv4/ip_forward

Covered that in step 6 ...

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

... annnd step 8

[Video Tutorial: Installing Airpwn On Ubuntu 9.10]

Now you need to do one for Ubuntu 10.4. ;)

Haven't been hearing good things over on freenode lately about 10.4. If they go with the new themes i've been seeing floating around, i'll be happy. Hope it doesn't have to many issues, and they ditch pulseaudio (its awesome when it works, but when it doesnt... omg) and stick to the tried and true ALSA. Do you know if 10.4 is LTS?

[Video Tutorial: Installing Airpwn On Ubuntu 9.10]

Based off my previous post on Installing AirPWN on Ubuntu Linux is a nice quick 2min video tutorial walking you through the process visually. As usual, there is a text version available on my blog

http://www.youtube.com/watch?v=bd7dCLno64E

http://timashley.me/node/375

Enjoy! :)

[Monitoring & Update Email Notifications]

Continuing in part off of my last Ubuntu Server post, "The Perfect Linux Server" - http://forums.hak5.org/index.php?showtopic=15160, I decided that i wanted the server to send me emails updating its status with me. If the HD space gets low, the RAM is all used up, services go down, or even i lose internet at my house while im out and about, i get a nice email from my server notifying me of the problem (at least when my inet comes back online).

What better way to top this off than with use of a gmail account that i already owned and used?

In this post, i will walk you through installing the following along side your postfix installation:

Self signed SSL certfication (don't want anyone being nosey!)

Apticron - A nice set of scripts that will execute 'apt-get udpate' and email you the results

Webmin - One of the best web based management consoles for head-less servers. Has a great system notification setup, along with many many many other goodies.

Note: This how-to assumes you've already installed Postfix mail server on an Ubuntu Linux Server (sudo apt-get postfix)

http://timashley.me/node/370

Enjoy! :)

[Strip Ssl Via Ettercap Man In The Middle Attack]

Back at Black Hat 2009, sslstrip was demonstrated and Darren even used the tool in this past season of Hak5.

If anyone is interested in stripping ssl in Ubuntu Linux, i posted a nice how-to article on my blog.

http://timashley.me/node/368

Enjoy!

[Dd-wrt On The Senao Engenius Wireless Access Point / Client Bridge]

I finally broke down and bought myself my very own all-in-one outdoor wireless access point. I decided to pick up the Senao EnGenius EOC-5610 because it obviously supports the ever so powerful DD-WRT firmware. This thing is really tricked out. Not only does it utilize the Atheros AR2313 wireless chipset (yay for aircrack-ng), it also has a built in 8db internal omni-directional antenna and 8mb of storage if you ever wanted to capture some yummy wireless packets.

In this post, i walk you through installing DD-WRT Professional on a Senao EnGenius EOC-5610 wireless access point / client bridge.

http://timashley.me/node/365

Enjoy! :)

[Hey Twhirl, wheres linux?]

It's a little annoying... But a lot of them don't really think of linux as mainstream enough. Stupid? Of course, but us linux users know how to hack stuff into working most of the time anyways. So ain't hurting too badly.

My point is, there really is no reason to put icons of platforms your client runs on when your platform is Adobe AIR. Not Windows, not Mac, not Linux. If i were twhirl, i would embrace the fact that my platform (Adobe AIR) can be ran on any system available. Instead, they go out of there way to show their client running on everything but the Linux OS.

It's just retarded.