Your IP

IP

Whos that ?

visit my website

Wireless Hacking Live-CD (FBI version)

Monday 5 July 2010

Wireless Hacking Live-CD (FBI version)


This version is for all systems except systems with the Intel B/G wireless cards (IPW2200).
- Live CD with all the tools you need to hack a WLAN / wireless Access point - Linux Live-CD - OS runs from CD - 635 mb - .iso
- also used by the FBI.

WEP Hacking - The Next Generation

WEP is an encryption scheme, based on the RC-4 cipher, that is available on all 802.11a, b and g wireless products. WEP uses a set of bits called a key to scramble information in the data frames as it leaves the access point or client adapter and the scrambled message is then decrypted by the receiver.



Both sides must have the same WEP key, which is usually a total of 64 or 128 bits long. A semi-random 24 bit number called an Initialization Vector (IV), is part of the key, so a 64 bit WEP key actually contains only 40 bits of strong encryption while a 128 bit key has 104. The IV is placed in encrypted frames header, and is transmitted in plain text.

Traditionally, #####ing WEP keys has been a slow and boring process. An attacker would have to capture hundreds of thousands or millions of packets?a process that could take hours or even days, depending on the volume of traffic passing over the wireless network. After enough packets were captured, a WEP #####ing program such as Air##### would be used to find the WEP key.



Fast-forward to last summer, when the first of the latest generation of WEP #####ing tools appeared. This current generation uses a combination of statistical techniques focused on unique IVs captured and brute-force dictionary attacks to break 128 bit WEP keys in minutes instead of hours. As Special Agent Bickers noted, It does'nt matter if you use 128 bit WEP keys, you are vulnerable!

WEP is an encryption scheme, based on the RC-4 cipher, that is available on all 802.11a, b and g wireless products.

WEP uses a set of bits called a key to scramble information in the data frames as it leaves the access point or client adapter and the scrambled message is then decrypted by the receiver.

Both sides must have the same WEP key, which is usually a total of 64 or 128 bits long.

A semi-random 24 bit number called an Initialization Vector (IV), is part of the key, so a 64 bit WEP key actually contains only 40 bits of strong encryption while a 128 bit key has 104.

The IV is placed in encrypted frames header, and is transmitted in plain text.

Traditionally, #####ing WEP keys has been a slow and boring process.

An attacker would have to capture hundreds of thousands or millions of packets a process that could take hours or even days, depending on the volume of traffic passing over the wireless network.

After enough packets were captured, a WEP #####ing program such as Air##### would be used to find the WEP key.

Fast-forward to last summer, when the first of the latest generation of WEP #####ing tools appeared.

This current generation uses a combination of statistical techniques focused on unique IVs captured and brute-force dictionary attacks to break 128 bit WEP keys in minutes instead of hours.
Basic Directions:
Quote:
1) Boot from cd
2) Get the wep key
3) Write it down
4) Reboot into windows
5) Connect using wep key.
Download:

Read more...

Bare Bones IRC Bot In Perl.


                  by b0iler :
                        b0iler@hotmail.com : last update July 26th 2002
                  Written for :
                        http://b0iler.eyeonsecurity.net - my site full of other cool tutorials
                        http://blacksun.box.sk - a legendary site full of original tutorials


This is a short guide to creating your own perl bot which will work on irc. I will not cover all the different modules and ways to connect to irc and issue commands. This will only cover connecting with IO::Socket and using raw irc commands. I feel you learn the most this way and have alot of control over what is happening.

IRC experience is helpful, but I'll take things slow enough so that an absolute beginner can understand what is taking place. This will also help those with alittle knowledge fully understand the irc protocol. Although I am no irc expert, after creating this bot I did learn a few tricks.

We start off by getting a connection underway:

#!/usr/bin/perl
use IO::Socket;

$sock = IO::Socket::INET->new(
    PeerAddr => 'irc.undernet.org',
    PeerPort => 6667,
    Proto => 'tcp' ) or die "could not make the connection";


You can use any irc server and any port (commonly used ports are 6667-7000), so long as they are valid. If you have problems try to find a different server on that network. To make things easier you can make the PeerAddr a variable which is specified by an argument from the command line. Or purhaps map out all the servers on the network and make an arry from them, connecting to random ones and using the best connection. There are many possibilities, each work best for certain situations. We'll stick to the simple hard coded address and port.

Now we have a connection to the server. We still need to get connected/logged in to the ircd. Anything we send to or recieve from the server will go through $sock. So lets see what the server is sending us after we make a connection.

while($line = <$sock>){
    print "$line\n";
}


We will see that the server prints out some lines. Each line will have a number representation to it. This will really help to tell the bot when to start and end routines. The key here is the line with 'NOTICE AUTH' in it. This is when we need to login to the irc server. To do this we send

NICK bots_nick
USER bots_ident 0 0 :bots name

With a line break after the bots_nick and a line break at the end. So in the while loop we will add something like this:

while($line = <$sock>){
    print $line;
    if($line =~ /(NOTICE AUTH).*(checking ident)/i){
        print $sock "NICK b0ilersbot\nUSER bot 0 0 :just a bot\n";
        last;
    }
}


Now we are done with the login process. If you are having any problems try to read up on the irc protocol and how to login to it with telnet. Raven from www.securitywriters.org has wrote a decent tutorial on the subject, look for it.

Some servers will ask for a ping to make sure the client is active. This is only done on some servers and is a common pitfall to many bots which don't support this kind of login proceedure. To handle this we will check if the server wants us to ping it. The server will ask for a ping before it asks about nickserv registration/identification, so we will stop this loop after it mentions nickserv. This is what those numbers in the last if statment are for, the 376|422. The way to identify to nickserv is like this

NICKSERV :identify nick_password

this is just a simple irc command. The command is 'NICKSERV' and the arguments are 'identify nick_password' where nick_password is the actual password for this nick. The line ends in a line break and all irc commands are in upper case. When there is a : before something it means it is a multiple word argument (has spaces in it). This is how we will handle the possible ping and the nickserv identification.

while($line = <$sock>){
    print $line;   
    #use next line if the server asks for a ping
    if($line =~ /^PING/){
        print $sock "PONG :" . (split(/ :/, $line))[1];
    }
    if($line =~ /(376|422)/i){
        print $sock "NICKSERV :identify nick_password\n";
        last;
    }
}


If you want to have a registration code you can find this out on your own.. or do what I do and register the nick with a normal irc client. This way we only need the bot to identify.

When you create your bot you can customize it however you want. Most of my bots have alittle bit more AI then this tutorial shows. This bot will be pretty strait forword and doesn't make many decisions. It just connects and does something.

I like to make the bot sleep for a few seconds just to get the connection cought up. I am on a 56k and things can go slow sometimes. A few times without the sleep the bot has joined channels before the nickserv identification is complete, this can be a pain in the neck if the bot needs a usermode or other circumstances which require the nick to be identified (such as other bots, +R channel mode, or trust issues with users).

After it sleeps it will join the channel. You will see that the server prints out alot of information about the channel when you join. You can save this information in variables to allow the bot to make many decisions. Again, this is a simple bot and won't be aware of it's environment or be dynamic in anyway. But you could for example turn on/off colors by what channel modes are set or who is in the channel (some people really hate colors). This is the last bit of the login proccess, after this the bot can actually do something.

sleep 3;
print $sock "JOIN #channel\n";


Notice there is no : before #channel. This is because it does not have any spaces in it. And the JOIN command is in all caps. For a full list of commands try reading a tutorial on the IRC protocol. I don't even cover the basics here, there are tons of useful to know commands.

Now we are joining the channel. There is nothing else to do besides read the messages users send to the channel and respond to them. But inorder to read the messages we need to parse them so they make sense. The format of a priv_msg is as follows:

:nick!ident@hostname.com PRIVMSG #channel :the line of text

I like to seperate them into the following variables to make things easier to keep track of.

:$nick!$hostname $type $channel :$text

in this example here is the values of the variables:

$nick = nick
$hostname = ident
$type = priv_msg
$channel = #channel
$text = the line of text

So we are going to need to parse what is send from the server into useable data. This is how we'll do it. There is only one twist here, and that is incase the server sends a ping. They do this quite often to check and see if you are still connected. If we don't reply the the pings then we will get disconnected. When the server sends a ping you must reply with a PONG and the same characters the ping had. So this is how we will send it

while ($line = <$sock>) {
    ($command, $text) = split(/ :/, $line);   #$text is the stuff from the ping or the text from the server
   
    if ($command eq 'PING'){
        #while there is a line break - many different ways to do this
        while ( (index($text,"\r") >= 0) || (index($text,"\n") >= 0) ){ chop($text); }
        print $sock "PONG $text\n";
        next;
    }
    #done with ping handling
   
    ($nick,$type,$channel) = split(/ /, $line); #split by spaces
   
    ($nick,$hostname) = split(/!/, $nick); #split by ! to get nick and hostname seperate
   
    $nick =~ s/://; #remove :'s
    $text =~ s/://;
   
    #get rid of all line breaks.  Again, many different way of doing this.
    $/ = "\r\n";
    while($text =~ m#$/$#){ chomp($text); }
       
   
Read more...

}}-pr4bu-{{ wants you to join the party @ MyBlogLog

Saturday 12 June 2010

}}-pr4bu-{{ has invited you to join MyBlogLog

A little MyBlogLog background...

Discover something new or cool each day. Find a sites are unique to your interests, be that "you'll never guess what I found on the internet" person.

Learn more about the people who publish your favorite sites? What do they read? Who else reads them?

Connect with people who read the same sites as you, make the world wide web a little smaller, more connected.

}}-pr4bu-{{ thinks MyBlogLog is so great that they've taken the time to let you know about it. Come check it out. If you've got a Yahoo! account, you're already half-way there. Join }}-pr4bu-{{! Check out www.mybloglog.com to learn more.

Join MyBlogLog

for you jump-right-in types

MyBlogLog - not just for bloggers anymore.
www.mybloglog.com

Read more...