Podcast: Play in new window | Download
Thinking about what to do for higher education? We talk about our experiences in higher education and why going to college is a good idea.
In this installment we will cover:
1. Installing RAM and wireless cards.
2. Replacing the operating system without an external cd drive
3. Using Backtrack
Back when I first entered college many years ago at the grand old age of 14, some people called me the littlest freshman. Many years later I am finally through with school, and my most illustrious partner in crime gave me a netbook for graduation. (That’s right. I have a master’s degree!) So naturally I decided to turn my new Asus eee 901 into the littlest hack station.
Everything you need to do everything we do here (notice there is no cd drive included): little screwdrivers, pc, 2gig laptop RAM module, Atheros based mini pci express wireless card, grounding strip, SD card.
The first thing we want to do is upgrade the RAM to 2gigs.
Turn the netbook upside down and remove the two screws indicated. The back slides off easily.
Note the placement of the RAM module and wireless cards.
To upgrade the RAM to a 2gig module pull back the black cover and gently pull back the clamps to release the current RAM module.
The module will pop up and can then be removed. Put in the new module, push it down gently, and secure the clamps.
While we still have the netbook open we want to change the wireless card to one that supports injection and is natively supported by Backtrack.
There are 2 small screws that need to be removed.
Also gently remove the white and black wires from the card.
Remove the current card, and replace it with our new card.
Now when we boot up Backtrack the card is natively supported. Yay!
Now we want to replace the Xandros operating system. For now I replaced Xandros with Easy Peasy and boot Backtrack off a SD card.
To make a bootable USB drive or SD card install UNetbootin.
Choose the ISO and the location of the card.
To boot from a bootable media, press ESC at the ASUS screen.
Choose the bootable media from the list and press ENTER.
To use backtrack select BT3 Graphics mode (VESA KDE).
Backtrack will complain about an undefined mode number. Press ENTER.
Choose number 6.
And we’ve got Backtrack.
Georgia
Coming up in Part 2: Persistent changes and drivers in Backtrack.
So I’m sure you’ll notice that this has absolutely nothing to do with security, but I thought it was amusing enough to share with everyone anyways. I’ve decided to take up learning poi and the other day I got a friend of mine to show me how to do a certain move (the 3 beat weave for those of you who know poi). Well, Georgia very confidently declared that she could do it on her very first attempt and, well, I’ll just let you see the results for yourself…..
Our friend and cyber defense teammate started a blog and posted about WEP cracking: Hack Here. So I decided to answer some common questions that come up in WEP cracking.
Problem #1: I can’t use wireless on a virtual machine. I really want to be able to crack WEP from my Backtrack virtual machine.
Solution: Alfa USB dongle. It’s not the wireless that’s the problem; it’s the interface. Wireless will work fine if VMWare recognizes the card.
Start up your virtual machine and navigate to Removable Devices. This demo is done in VMWare Workstation (thank you JMU). Exact location may vary depending on what virtualization software you use.
Now your card should be recognized, and it should be business as usual from here on out.
I know this works on an AWUS036H. What other USB dongles work? Remember you need a card that can monitor and inject.
Problem #2: There’s no data when I inject.
Solution: Tutorials that I have read generally tell you to ping a nonexistent system on the network to generate an ARP. Since we are only using this on ourselves, this shouldn’t be a problem. However, a scenario where there was no traffic on the target network arose in the cyber defense class I TA.
For this you need 2 wireless cards, the one you are injecting with and the one you are using to try to connect.
Once we have our WEP cracking set up and are just waiting for data to use for the cracking, we try to connect to the wireless network with our second card. Just give it whatever for the WEP key. The failed authentication will generate the ARP you need. In time doing this continually we get the data we need.
Problem #3: Mac Filtering
When trying to fake authentication with an access point, we might see this:
So we need to find a MAC that the base station will accept before we continue.
Use this command:
airodump-ng -c 6 -w mac wlan1 (where 6 is the channel we want to listen on and wlan1 is the wireless card we want to use)
The output will look something like this:
We need to find the mac of the base station at the bottom with the mac address of a client right after it.
Later we can use macchanger to spoof our MAC.
macchanger -m xx:xx:xx:xx:xx:xx wlan1 (where xx:xx:xx:xx:xx:xx is the mac we are spoofing).
Now we should be able to fake authentication.
Have fun, and of course the usual disclaimer applies.
Georgia
Welcome to the advent of the first ever GRM N00bs video. Here Micheal explores adventures in the foreign land of no tech hacking aided by the exploits of the illustrious pirate Johnny Long.
Note: The JMU visitor parking pass is a proof of concept only. I still park in the doldrums with the rest of the student body.
Georgia
Podcast: Play in new window | Download
Show notes:
- We aren’t actually pauldotcom.com
- We talk about Collegiate Cyber Defense Competition
- There’s technical difficulty in this episode which we are hoping to have worked out for the next episode.
- Enjoy. That’s an order. 
(Click on the pictures to see them bigger)
So here we have the first demo in the GRM N00bs blog of awesomeness.
I don’t mean the sort of rats that magically appear when one doesn’t do the dishes for an extended period of time.
RAT = Remote Administration Tool = Like Remote Desktop but way more funner.
Today we will be tooling with Nuclear Rat developed by Nuclear Winter Crew.
First we need to download Nuclear Rat. For this demo we will be using a fresh install of Windows 2003 Server as the attacker and a fresh install of Windows XP as the victim.
Once we’ve got Nuclear Rat, we unzip it with the password NWC. There’s a few things in there such as a Readme that might be useful. However, let’s get right into it and run client.exe
It will tell us some things about needing to port forward if we are behind a NAT etc, but since we are doing this to ourselves for fun and educational purposes, we should be able to ignore this for now.
A thing to note about RATs. They consist of a client and a server (sound familiar to any software engineering students out there?) The client goes on our machine, and we hand the server to the victim machine.
When we open up the client we see on the Log that Nuclear RAT has initialized and is listening on port 12345 for a connection from a server. We can change that and some other stuff in Connection Manager, but for now lets just stick with default settings.
Now we need to create a server to connect back to us. It took me about 10 minutes to figure out how to do this. Click “Create Server.” Are you laughing at me yet?
There are plenty of options to play around with here, but to get a basic Nuclear Rat running we just need to fill in our IP address (the one we need the servers to connect back to) in the “IP or DNS to connect” field in the connections tab.
Then scroll on over to the build tab and save the server. We might want to name it something a little less obvious than nuclearrat.exe and make it a nice icon. We will cover that in a later demo.
Now we need to get the server over to the client. I plan on writing another post soon with a lot of interesting ways to do this. For now let’s use hfs.exe which is like going through all the nonsense of using IIS but not. All we need to do is download it, click on it, and add our file.
Then we get our victim to download our file. I will do a demo on that later as well.
Back on our server we know we’ve got them. HFS tells us the file was successfully downloaded, and the Nuclear Rat icon informs us a server has connected.
Time to play!
Now we can control some things:
For instance, we can move the victim’s mouse to wherever we want, over and over again.
We can also get a remote shell. Check the log tab occasionally to see what’s up.
If control isn’t really your thing, how about management?
There’s the good old registry manager.
How about a clipboard manager? We type our text in the box. Then right click and choose set.
When our victim pastes our text magically appears. How embarrassing!
If that’s still not awesome enough to seal the deal, then there are some extras.
The message box made a guest appearance on day 3 of the Mid Atlantic Collegiate Cyber Defense Competition.
Alot.
We can even find out our victim’s opinions on issues that are very important to the future of this realm.
It’s also enjoyable to chat with our victim.
So that’s a few of the things Nuclear Rat can do. Try it out on your own systems to learn more.
Georgia
Next time on GRM N00bs: Famous people sightings, Georgia falls in a dumpster multiple times, and Micheal fights with a printer.
As the purpose of this blog or blob as I inadvertently dubbed it one evening/morning is to help others get their feet wet in hacking, penetration testing, foolery with the computer, technical deviance, insert your semantics of choice here, it is inevitable that some the things my comrades and I post delve into the realm of techniques that could be used for more nefarious purposes than getting Micheal a date. I’ve seen some pretty eloquent blog posts and such on the ethics of putting hacking demonstrations right there on the internet as opposed to making a poor unfortunate want to be go to school for far too long like I did to learn a modicum of mediocre Linux jargon. Hence I’ll just link you there if you are interested, or doing some research paper for school, or whatnot. Anyway, the bottom line is what we do here is for educational purposes only. These proofs of concept are here so our readers can gain some basic insight into penetration testing techniques as they embark on the great journey towards becoming the next generation of famous people. If you use these techniques to attack systems without permission, you may very well land yourself in trouble. Nothing you will see here is sophisticated enough that a moderately decent security officer hasn’t seen it all before. That being said, set up some virtual machines, try all this out locally, impress your friends, pick up girls, and have fun.
Georgia
(And please always comment loudly that my grammar sucks. Like most aspiring novelists I am prone to excessively employ the phrase “I’ll leave that for the editors to figure out.”)