r

2008.12.19 18:12:34

http://itempage3.auction.co.kr/DetailView.aspx?itemNo=a506018831&firstView=&DR030114=&hdcapital=&mobile=&frm3=V2

가나

2008.11.30 03:25:44

Making Ubuntu 8.04 into A Wifi Hacking Platform

Posted by Jim Broome Published in Security, Tooltalk, eeePC

or how to beat your head against a wall….

So to simplify this post - 8.04 comes with Kernel 2.6.24… all kernels at this level and above come with a new set of built in kernel wifi drivers - while this is great to get the average user up and running it can be a PITA to get rid of these drivers to backrev the system to work with more “hacking friendly” drivers for the various tools out there.

I just got finished beating my install into submission to get the following tools running on Ubuntu 8.04 (all at the latest version) - Kismet, Aircrack-ng, driftnet (patched for wifi), wireshark, metasploit3, Freeradius-WPE, Karma, Airpwn, and cowpatty. At this point i’ve taken notes on tweaks that are needed and figured i’d drop them in here.

Packages installed via apt-get:

bin86 sharutils kismet wpasupplicant openssl libssl-dev curl libcurl3 libcurl4-openssl-dev python-pycurl lynx ncftp libnet-ssleay-perl libwhisker-perllibwww-perl libnetaddr-ip-perl libhtml-table-perl sox liblist-moreutils-perl libtext-diff-perl libnet-snmp-perl libnet-ldap-perl libdbi-perl mono libxml-simple-perl libpopt0 sablotron p0f dhcpcd libnet-dns-perl libnet-telnet-perl libnet-ssh-perl libdata-dumper-simple-perl libxml-dumper-perl libcrypt-des-perl libpcap-dev libungif4-dev libjpeg62-dev libpng12-dev libgtk2.0-dev gftp wireshark subversion libnet1-dev libpcre3-dev ruby libruby rdoc libyaml-ruby libzlib-ruby libopenssl-ruby libdl-ruby libreadline-ruby libiconv-ruby rubygems libgtk2-ruby libglade2-ruby libncurses-dev

Yes I cheated and let apt-get install a few things like wireshark and kismet.

— Notes for system configuration and tool usage —-

Wifi Notes - Ubuntu 8.04 - Kernel 2.6.24

add the following to /etc/modprobe.d/blacklist

# replace kernel with hack driver

blacklist rt73usb

blacklist rtl8187

blacklist rt2x00usb

blacklist rt2500usb

Driver install RT73 USB Card:

wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-3.0.0.tar.bz2

tar -xjf rt73-k2wrlz-3.0.0.tar.bz2

cd rt73-k2wrlz-3.0.0/Module

make

then, as root, type

make install

modprobe rt73

Driver install RTL8187 - Alfa Networks USB Card:

ifconfig wlan0 down

rmmod rtl8187

wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip

unzip rtl8187_linux_26.1010.zip

cd rtl8187_linux_26.1010.0622.2006/

wget http://patches.aircrack-ng.org/rtl8187_2.6.24v3.patch

tar xzf drv.tar.gz

tar xzf stack.tar.gz

patch -Np1 -i rtl8187_2.6.24v3.patch

make

make install

Driver install EEEPC Atheros 5007EG - Madwifi:

wget http://www.offensive-security.com/madwifi-r3406-hdm-032608.tar.gz - Patched for injection and Karma

Extract

cd

make

make install

depmod -ae

modprobe ath_pci

Driver install DWL-G122 USB (RT2570):

Broken for now in kernels 2.6.24 and higher - kernel drivers kinda work!

Enable/Disable Monitor Mode - After installing latest 1.XX Aircrack-ng:

airmon-ng (lists cards)

USB Cards - airmon-ng start/stop rausb0 or wlan0/1

Madwifi - airmon-ng stop ath0 & airmon-ng start wifi0

(This will start a new Virtual interface - labled ath0 the next one would be ath1, etc)

Kismet Sources:

source=madwifi_g,wifi0,madwifi

source=rt73,rausb0,rt73

source=rt8180,wlan1,ALFA

Airpwn Compile fix:

edit /usr/include/linux/wireless.h

add the this line to the very top.

should lookk like this.

#include <linux/if.h>

#ifndef _LINUX_WIRELESS_H

#define _LINUX_WIRELESS_H

quit and save - compile works now

Airpwn Instructions:

configure Wifi interface to network you will inject on

airmon-ng

airmon-ng start wifi0

aireplay-ng --test athX

airpwn -c conf/airpwned_img -i athX -d rtl8180 -vvv -F

FreeRadius-WPE:

wget http://www.athomeprd.com/~jimb/eeepc/PEAP/freeradius-server-2.0.2.tar.gz

wget http://www.athomeprd.com/~jimb/eeepc/PEAP/freeradius-wpe-2.0.2.patch

tar -zxvf freeradius-server-2.0.2.tar.gz

cd freeradius-server-2.0.2/

patch -p1 < ../freeradius-wpe-2.0.2.patch

./configure && make && sudo make install && sudo ldconfig

Once FreeRADIUS is built and installed with the WPE patch, you can build your certificates. We assume you use “sudo” for root access:

cd freeradius-server-2.0.2/raddb/certs

./bootstrap

cp -r * /usr/local/etc/raddb/certs

FreeRadius-WPE Usage:

All set, now run “radiusd” (you can optionally run “radiusd -X -f” to get verbose debugging information printed to the screen) and you can monitor your log file using tail:

radiusd

tail -f /usr/local/var/log/radius/freeradius-server-wpe.log

Configure your AP with the SSID you’ll be spoofing, And the radius servers IP and handshak password (test).

Karma Install and Usage - Taken from KarmaUbuntu.pdf - Pauldotcom.com:

wget http://www.theta44.org/software/karma-20060124.tar.gz

tar –zxvf  karma-20060124.tar.gz

Now, we aren’t going to run the full boat of Karma for this test, so lets set up our test:

#cd karma-20060124/etc

# cp karma.xml my.xml

Now we need to edit my.xml to just start up AccessPoint. Everything after that is a matter

of preference, so lets get the basics working.

Edit the my.xml and in the < ! - - Run modules - - > section and remove all of the lines in

the section EXCEPT:

Save my.xml. We are almost there. Now, karma makes some assumptions as to where

some tools are located such as iwconfig, ifconfig, etc. Unfortunately, the assumptions are

wrong in this case, but it is an easy fix:

# cd

# cd karma-20060124/modules/servers/AccessPoint

Now we need to edit the module.xml file. You will notice that on the first page for this

file, there is a section titled < ! - - Command-line tool and file paths - - >. In this section,

there are references to paths for several commands. Under Ubuntu 6.06 LTS ifconfig,

iwconfig, iwpriv and iwevent are allocated under /sbin, and not /usr/sbin. Make the

changes to reflect the appropriate path (/sbin/<filename>), and save the file.

We also need to do some path updates to the script that sets monitor mode as well:

# cd

# cd karma-20060124/bin/

Now, edit the monitor-mode.sh script, and update the path to iwconfig

to be /sbin/iwconfig instead of /usr/sbin/iwconfig. Save the file.

It would be a good thing if Karma worked, so let us give it a try. Insert your Atheros card

and perform the following:

# iwpriv ath0 karma 1 (updated digininja.org driver)

# cd

# cd karma-20060124

# bin/karma etc/my.xml

If everything worked as planned, you should be “Delivering Judicious Karma”, and

AccessPoint should be running, and responding to probe requests. Now go play with all

of the other Servers, Modules and Exploits, oh my!

가나

2008.11.30 02:06:12

It is tricky, but you can set this up by editing /etc/network/interfaces

auto lo
iface lo inet loopback

auto ethernet
iface ethernet inet dhcp

auto wireless
iface wireless inet static
address 192.168.2.1
netmask 255.255.255.0
wireless-essid Something
wireless-mode Master
wireless-channel 10
wireless-rate 11M

(Set the interface names "wireless" and "ethernet" in /etc/iftab.)

Then edit /etc/network/options

ip_forward=yes
spoofprotect=yes
syncookies=no

and reboot. Check these things:

1) does firefox on laptop load google.com?
2) do your other laptops see the "Something" access point?

If yes, then configure them as follows:

Manual IP configuration
Address: 192.168.2.2 (or .3, .4, .5 ... .254)
Gateway: 192.168.2.1
Network/netmask: 255.255.255.0
DNS/Nameserver: [whatever your ISP/router provides, check your laptop's /etc/resolv.conf]

and run "ping 192.168.2.2" on the laptop command line. (Make sure the other laptop is turned on and configured to use the "Something" access point.) You should see ping replies.

Now try loading google.com on the other laptop. Your router may not want to forward traffic from 192.168.2.x (ie, the other laptop), in which case this step will fail. Then we can talk about IP masquerading...

grsing

June 7th, 2006, 11:27 PM

It won't really be an access point, but you can set up what is called an Ad-hoc network (or peer-to-peer, computer-to-computer, terminology varies, but you get the idea, only computers connecting wirelessly without an AP). Then you connect one of them to the wired internet and have it share the connection with everyone else on the network. I did it fairly early on when I found a PCI wireless card for very cheap and didn't have an AP, so it definitely can be done. As for how to do it on Ubuntu, I haven't the faintest idea, but it is possible (it looks like it might be possible with the "create a new network" option in Network Manger (which you'll have to install from the repositories), but I've never tried it).

edit: those other replies weren't there when I started typing , but it's good to know it is actually possible to make it an AP.

Ivan Matveich

June 7th, 2006, 11:34 PM

edit: those other replies weren't there when I started typing , but it's good to know it is actually possible to make it an AP.

I'm actually not sure that his chipset supports master mode. Some drivers have issues with ad-hoc mode too, so it is not clear-cut which to recommend.

So, DiamondX, you can substitute "Ad-Hoc" for "Master" in your /etc/network/interfaces configuration, if that helps, and proceed just the same.

elamericano

June 8th, 2006, 01:32 AM

Ad-Hoc will only support wep encryption, if security is something you care about. Ad-Hoc is also sometimes not supported to 54M rates or on 11a channels.

For IP forwarding, I usually create a bridge, that way connected clients can use DHCP from the ISP if it's available, and address translation is not a problem.

DiamondX

June 8th, 2006, 03:48 AM

Thanks for all the help. Im guessing I should ask in the Dell forums if my card (onboard actually) supports it. I dont really care about security, I live in the grid, but not too close to many people. I dont think my card could reach them, and even if it could, most of them dont care/know about anything like this. It would mainly be for my PSP (so many interesting homebrew that use Wifi), but if it works well, I will put a card in a desktop and be able to use my laptop around the house. Where the router is, it gets uncomfortably warm. Especially in the summer.

I just cant see myself buying a real AP, just for 1 laptop and ocasionally a PSP... Looks like this will work!

grsing

June 8th, 2006, 04:08 AM

I'm actually not sure that his chipset supports master mode. Some drivers have issues with ad-hoc mode too, so it is not clear-cut which to recommend.

So, DiamondX, you can substitute "Ad-Hoc" for "Master" in your /etc/network/interfaces configuration, if that helps, and proceed just the same.

Right, I just meant in general.

가나

2008.11.29 23:27:20

global access to pstn:	NO
global pstn permissions:	< empty >
custom PSTN gateway user:
custom PSTN gateway domain:
custom PSTN gateway password:
asserted identity:	< empty >
connectivity realm - behind the same NAT or possibility to communicate directly:
Attribute for User Agents with public IP - supports passive role:

가나

2008.11.29 22:51:15

접속료 무료? pstn

가나

2008.11.29 22:49:26

voip sip uri -> voip gateway

1. -> voip gateway -> voip sip uri

2. -> pstn -> 일반전화

uri ??????@lgdacom.net

가나

2008.11.29 16:36:23

VOIP 서버

가나

2008.11.21 21:55:01

가나

2008.11.21 21:51:46

가나

2008.11.15 14:32:32

가나

2008.11.15 14:26:39

가나

2008.11.14 19:51:13

220(216) a5 4620-5025)

300dpi 비틀림교정 auto crop fitpage 256 그래이

가나

2008.11.14 19:08:23

380 6'48''

300dpi 비틀림교정 256 그래이

가나

2008.11.14 17:00:34

4:?? 0p
4:43 139p
4:56 668p

종이거림 1번

가나

2008.10.29 14:39:54

振り仮名 reader

ルビ

가나

2008.10.22 15:52:23

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta name="description" content="freemind flash browser"/>
<meta name="keywords" content="freemind,flash"/>
<title>MINDMAPS</title>
<script type="text/javascript" src="http://youmeomeyou.com/sitemap/flashobject.js"></script>
<style type="text/css">

    /* hide from ie on mac \*/
    html {
        height: 680%;
        overflow: hidden;
    }

    #flashcontent {
        height: 680px;
    }
    /* end hide */

    body {
        height: 680px;
        margin: 0;
        padding: 0;
        background-color: #364355;
    }

</style>
<script language="javascript">
function giveFocus()
    {
      document.visorFreeMind.focus();
    }
</script></head>
<body onLoad="giveFocus();">

    <div id="flashcontent" onmouseover="giveFocus();">
        Flash plugin or Javascript are turned off.
        Activate both and reload to view the mindmap
    </div>

    <script type="text/javascript">
        // <![CDATA[
        // for allowing using http://.....?mindmap.mm mode
        function getMap(map){
        var result=map;
        var loc=document.location+'';
        if(loc.indexOf(".mm")>0 && loc.indexOf("?")>0){
            result=loc.substring(loc.indexOf("?")+1);
        }
        return result;
        }
        var fo = new FlashObject("http://youmeomeyou.com/sitemap/visorFreemind.swf", "visorFreeMind", "100%", "100%", 6, "#9999ff");
        fo.addParam("quality", "high");
        fo.addParam("bgcolor", "#a0a0f0");
        fo.addVariable("openUrl", "_blank");
        fo.addVariable("startCollapsedToLevel","3");
        fo.addVariable("maxNodeWidth","200");
        //
        fo.addVariable("mainNodeShape","elipse");
        fo.addVariable("justMap","false");
        fo.addVariable("initLoadFile",getMap("http://youmeomeyou.com/sitemap/freeMindFlashBrowser.mm"));
        fo.addVariable("defaultToolTipWordWrap",200);
        fo.addVariable("offsetX","center");
        fo.addVariable("offsetY","center");
        fo.addVariable("buttonsPos","top");
        fo.addVariable("min_alpha_buttons",20);
        fo.addVariable("max_alpha_buttons",100);
        fo.addVariable("scaleTooltips","false");



        fo.write("flashcontent");
        // ]]>
    </script>
</body>
</html>

가나

2008.10.20 21:46:33

윈도우 7은 오는 10월 27일 열리는 PDC에서 알파 버전이 공개될 예정

가나

2008.10.09 19:26:27

@echo off
cls

FOR /F "tokens=2 delims=: " %%i IN ('time /t') DO SET i=%%i
FOR /F "tokens=3 delims=: " %%j IN ('time /t') DO SET j=%%j
FOR /F "tokens=1 delims=: " %%k IN ('time /t') DO SET k=%%k

set ta=오전
set tp=오후

if %k%==%ta% set ap=AM
if %k%==%tp% set ap=PM

set time1=%i%:%j%:00 %ap%

copy nul sleeptemp.bat

echo.start C:\PROGRA~1\MonitorOff.exe >> sleeptemp.bat
echo.start C:\PROGRA~1\00shuijiao.m3u8 >> sleeptemp.bat
echo.start C:\PROGRA~1\wosb.exe /run /ami standbywait="0:30:0" >> sleeptemp.bat

rem echo.choice /t 5 /c abc /d a >> sleeptemp.bat

set /a i=i+6
echo %i%

if %i% lss 12 goto am

set /a i=i-12
if %i% == 0 set i=00

if %k%==%ta% set ap=PM
if %k%==%tp% set ap=AM

echo %i%

:am

set time2=%i%:%j%:00 %ap%

echo.start C:\PROGRA~1\wosb.exe /run /ami time="%time2%" file="C:\Program Files\00qichuang.m3u8" >> sleeptemp.bat

type sleeptemp.bat

call d:\sleeptemp.bat

del sleeptemp.bat

---------------------------------------------------------------------------------

@echo off
cls

FOR /F "tokens=2 delims=: " %%i IN ('time /t') DO SET i=%%i
FOR /F "tokens=3 delims=: " %%j IN ('time /t') DO SET j=%%j
FOR /F "tokens=1 delims=: " %%k IN ('time /t') DO SET k=%%k

set ta=오전
set tp=오후

if %k%==%ta% set ap=AM
if %k%==%tp% set ap=PM

set time1=%i%:%j%:00 %ap%

start C:\PROGRA~1\MonitorOff.exe
start C:\PROGRA~1\00shuijiao.m3u8
start C:\PROGRA~1\wosb.exe /run /ami standbywait="0:20:0"

set /a i=i+6
echo %i%

if %i% lss 12 goto am

set /a i=i-12
if %i% == 0 set i=00
if %k%==%ta% set ap=PM
if %k%==%tp% set ap=AM

echo %i%

:am

set time2=%i%:%j%:00 %ap%
start C:\PROGRA~1\wosb.exe /run /ami time="%time2%" file="C:\Program Files\00qichuang.m3u8"

가나

2008.10.09 02:28:12

full Unicode support software list

가나

2008.08.26 01:55:21

http://www.bunkus.org/videotools/mkvtoolnix/downloads.html

Making Ubuntu 8.04 into A Wifi Hacking Platform

recent comments

recent trackbacks

Making Ubuntu 8.04 into A Wifi Hacking Platform

tags

recent comments

recent trackbacks