The act of cracking encryption is not illegal just like picking a lock is not illegal. It is the unauthorized access of that network which is illegal, just like breaking and entering is illegal.

So. To sum it up, there are two types of encryption. There is the weak kind (wep) and the strong kind (wpa). WEP can be broken in about 5-10 minutes. WPA can be broken in about 24 hours (as long as their password is in your password try-out list).

The actual process or hacking into a network like this requires a suite of tools called the aircrack-ng suite. You can read their tutorials and such, and I highly recommend you do if you want to get into this sort of thing. It’s a lot of FUN! Be prepared to learn linux while you are at it….

But, once you understand what you are doing, you will appreciate the tool I have written. It automates the process of getting the keys. I wrote it as a type of “set-it-and-forget-it” tool that I could just leave running. It isn’t too clean, but if you can read bash scripting you can figure it out.

Here is a screen shot of my tool cracking wep

Remember! Don’t try to just run this tool without understanding what it does and how to read it. If you haven’t breaking a wep key manually you don’t want to run this. It does WEP and WPA cracking (saving the handshake for later). Good luck! I will provide minimal support via comments on this post. Don’t forget to have your radio in monitor mode first, and if you are  going to do wpa you need the mdk3 tool.

Here is the download link to Kyle’s Wireless Cracking Tool.

Here is a link to a more updated versio of my Cracking Tool.

A couple of years ago, a large list of phished Myspace accounts was leaked on the internet.
I stumpled upon them and ran a very simple analysis. Check it out:

root@a:/# cat myspace.hackedlist | cut -f 2 -d : | sort | uniq -c | sort -n | tail -n 20
14 qwerty1
15 123456a
15 babygirl1
15 blink182
16 123456
16 123abc
16 iloveyou2
17 football1
17 nicole1
18 number1
19 password
23 myspace1
24 fuckyou1
28 iloveyou1
28 monkey1
29 fuckyou
54 abc123
74 password1

The file was in the form of “Username:password”, so the first part of that command “cuts” the second column, with the colon as the delimiter. Then it is piped through sort, which sorts the list alphabetcially, then the uniq -c command, which counts the number of times that a word shows up, then I sort it again to get the most freqent passwords, and tail the last 20 lines.

It is interesting to see that a lot of these passwords just tack “1″ on to them. And of course blink182 was all the rage back then aparently…

The NetworkManager program in linux has a create feature called a dispatcher, which can run arbitrary programs when certian things about the network change. For instance it can turn on a firewall or notify a user when the network comes up, or start up an arp alert program!

I wanted a program that would alert me of my laptop’s where-a-bouts, as well as use the webcam to take a picture, in order to aid me in tracking it down if it got stolen. I wanted something simple and didn’t way to pay for anything… I know I’m cheap

The code is pretty simple:

fswebcam -F 2 -S 1 -r 640×480 –jpeg 60 –save /tmp/capture.jpg
ifconfig > /tmp/ifconfig.txt
wget -q -O – checkip.dyndns.org >> /tmp/ifconfig.txt
FILENAME=`date +%F-%H-%M-%S`
mv /tmp/ifconfig.txt /tmp/$FILENAME.txt
mv /tmp/capture.jpg /tmp/$FILENAME.jpg
scp /tmp/$FILENAME.jpg /tmp/$FILENAME.txt root@X.0.0.0:OBSCURED FOR SECURITY REASONS
rm /tmp/$FILENAME.jpg /tmp/$FILENAME.txt

You can see that it takes a picture, grabs my ifconfig and public ip, then ships it all to my server.  I just saved it in my /usr/local/bin/ and added the program to my /etc/network/if-up.d/openvpn program. This program is called whenever the interface comes up, so it will also run this program too when it’s ready.

It’s not amazing, but its good. Feel free to take my script and adjust for your needs. You may have a different command-line tool to take a picture with your webcam or whatever. You could even go crazy and setup something to email you or whatver, its YOUR program!

That is what n2n is. The supernodes are NOT servers. They merely function as a way to punch holes in firewalls. Once the firewalls are open, the edge servers (think of them as clients) can talk directly with other edge clients. Cool!

I’ve tried this, and so far the only draw back is the speed, it just doesn’t seem to be as fast as you would think it would be. I can’t find any other people complaining about it, but I’ll look into it. But so far this is the simplest vpn I’ve ever setup. Its a single command!

You can see that because it is his birthday, he asks that you email him. I happily obliged.

Ettercap is an amazing tool. Not only does it have a console, curses, and graphical versions, it can be scripted, hacked, used with plugins, and the list goes on. Here is a screen shot of it in progress:

Here is the everyday use senario:

1. Find a network
2. Scan for all hosts on that network
3. Start a man-in-the-middle attack and pose as the gateway
4. all your traffic belongs to us!
5. …….
6. Load wireshark and profit!

But seriously, Ettercap has many tools and features to help you explore networks, for malicious or research purposes.

action on detect = “/etc/scripts/arp-alert”

Its so simple, it just runs that script sending the information about the alert as certain arguments. With this I have more control over the formatting of arpalert messages:

In order to do this, I had to write that script, and make it executable of course. Also I had to change the running user of arpalert to root, because the “arpalert” user didn’t have permission to notify my user “kyle”. This is a much more clean solution, allowing me to make different types of alerts look different, having different timeouts and such. If you want my /etc/scripts/arp-alert you can download what I have so far here.

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert – Monitor ARP changes in ethernet networks

You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/

So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the ”

So I was looking around, and I wanted some sort of tool to allow me to be more aware about what was happening in the lower “bowels” of the network that I’m on with my laptop. So what is it that I want…

What I really want is some sort of mac-address based buddy list. One that would show my a list of the mac addresses talking on my network, and allow me to alias them. That would be cool.

I couldn’t find such program, but I found something kinda close, its called arpalert. If you are using ubuntu you can simply run “apt-get install arpalert” (I love ubuntu!)

kyle@kyle-laptop:~$ apt-cache search arpalert
arpalert – Monitor ARP changes in ethernet networks

You should edit the config file to your liking, but the main thing is the log file in /var/log/arpalert.log. I have it logging every interesting arp thing, because I find them interesting! You need to read up on it if you want to fully understand arpalert: http://www.arpalert.org/

So that is the first part. The second part is the piece that notifies you of something suspicious. Who wants to tail a log file all the time? For this I use something called “notify-send”. Try running it. If you don’t have it and you are running Ubuntu it will tell you that its part of the “libnotify-bin” package. So you will need to run:

$ sudo apt-get install libnotify-bin

Try it! run “notify test”. A popup should show up! Simple! Now, we need a small program to put the pieces together and glue it. I want my popup when odd things happen. Here is the glue I wrote, modify at will:

tail -n 0  -F /var/log/arpalert.log | awk -W interactive ‘{print $8, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12}’ |
while read heading message
do  notify-send -t 3000 — “Arp Alert” “${heading} ${message}”
done

I don’t think I’m done with it yet. (I want to make it give different time outs for different types of messages, and I want it to change the heading to something dynamic instead of the Arp Alert, but yea) So put that in a .sh and run it! Nothing may pop up! Try putting something new on the network and seeing if something shows up in the log. Its pretty easy to troubleshoot and modify to your liking.

Well… a DNS flaw is no fun without a tool to use it. So this guy “HD Moore” wrote a program (script) that takes advantage of this and makes it relatively easy for someone to use something called Metasploit to tinker with it. Cool!

Turns out that it works, and people are fixing their DNS servers so that this can’t happen. (I fixed mine as soon as the fix was out.) But not everyone can fix their own, often they are at the mercy of their ISP’s. (Have you ever called up your ISP’s help desk and told them they need to upgrade their DNS servers to protect them against cache poisoning? Heheheh.. right)

So one day, Mr. Moore goes to google.com on his computer at work, and guess what, its not the real google.com…

The news article

Well played sir. Well played.