Archive for May, 2009
Podcast: Play in new window | Download
Thinking about what to do for higher education? We talk about our experiences in higher education and why going to college is a good idea.
In this installment we will cover:
1. Installing RAM and wireless cards.
2. Replacing the operating system without an external cd drive
3. Using Backtrack
Back when I first entered college many years ago at the grand old age of 14, some people called me the littlest freshman. Many years later I am finally through with school, and my most illustrious partner in crime gave me a netbook for graduation. (That’s right. I have a master’s degree!) So naturally I decided to turn my new Asus eee 901 into the littlest hack station.
Everything you need to do everything we do here (notice there is no cd drive included): little screwdrivers, pc, 2gig laptop RAM module, Atheros based mini pci express wireless card, grounding strip, SD card.
The first thing we want to do is upgrade the RAM to 2gigs.
Turn the netbook upside down and remove the two screws indicated. The back slides off easily.
Note the placement of the RAM module and wireless cards.
To upgrade the RAM to a 2gig module pull back the black cover and gently pull back the clamps to release the current RAM module.
The module will pop up and can then be removed. Put in the new module, push it down gently, and secure the clamps.
While we still have the netbook open we want to change the wireless card to one that supports injection and is natively supported by Backtrack.
There are 2 small screws that need to be removed.
Also gently remove the white and black wires from the card.
Remove the current card, and replace it with our new card.
Now when we boot up Backtrack the card is natively supported. Yay!
Now we want to replace the Xandros operating system. For now I replaced Xandros with Easy Peasy and boot Backtrack off a SD card.
To make a bootable USB drive or SD card install UNetbootin.
Choose the ISO and the location of the card.
To boot from a bootable media, press ESC at the ASUS screen.
Choose the bootable media from the list and press ENTER.
To use backtrack select BT3 Graphics mode (VESA KDE).
Backtrack will complain about an undefined mode number. Press ENTER.
Choose number 6.
And we’ve got Backtrack.
Georgia
Coming up in Part 2: Persistent changes and drivers in Backtrack.
So I’m sure you’ll notice that this has absolutely nothing to do with security, but I thought it was amusing enough to share with everyone anyways. I’ve decided to take up learning poi and the other day I got a friend of mine to show me how to do a certain move (the 3 beat weave for those of you who know poi). Well, Georgia very confidently declared that she could do it on her very first attempt and, well, I’ll just let you see the results for yourself…..
Our friend and cyber defense teammate started a blog and posted about WEP cracking: Hack Here. So I decided to answer some common questions that come up in WEP cracking.
Problem #1: I can’t use wireless on a virtual machine. I really want to be able to crack WEP from my Backtrack virtual machine.
Solution: Alfa USB dongle. It’s not the wireless that’s the problem; it’s the interface. Wireless will work fine if VMWare recognizes the card.
Start up your virtual machine and navigate to Removable Devices. This demo is done in VMWare Workstation (thank you JMU). Exact location may vary depending on what virtualization software you use.
Now your card should be recognized, and it should be business as usual from here on out.
I know this works on an AWUS036H. What other USB dongles work? Remember you need a card that can monitor and inject.
Problem #2: There’s no data when I inject.
Solution: Tutorials that I have read generally tell you to ping a nonexistent system on the network to generate an ARP. Since we are only using this on ourselves, this shouldn’t be a problem. However, a scenario where there was no traffic on the target network arose in the cyber defense class I TA.
For this you need 2 wireless cards, the one you are injecting with and the one you are using to try to connect.
Once we have our WEP cracking set up and are just waiting for data to use for the cracking, we try to connect to the wireless network with our second card. Just give it whatever for the WEP key. The failed authentication will generate the ARP you need. In time doing this continually we get the data we need.
Problem #3: Mac Filtering
When trying to fake authentication with an access point, we might see this:
So we need to find a MAC that the base station will accept before we continue.
Use this command:
airodump-ng -c 6 -w mac wlan1 (where 6 is the channel we want to listen on and wlan1 is the wireless card we want to use)
The output will look something like this:
We need to find the mac of the base station at the bottom with the mac address of a client right after it.
Later we can use macchanger to spoof our MAC.
macchanger -m xx:xx:xx:xx:xx:xx wlan1 (where xx:xx:xx:xx:xx:xx is the mac we are spoofing).
Now we should be able to fake authentication.
Have fun, and of course the usual disclaimer applies.
Georgia
Welcome to the advent of the first ever GRM N00bs video. Here Micheal explores adventures in the foreign land of no tech hacking aided by the exploits of the illustrious pirate Johnny Long.
Note: The JMU visitor parking pass is a proof of concept only. I still park in the doldrums with the rest of the student body.
Georgia