Truth, Computing and Fail

Yeah, I know BT3 Beta is doing the rounds but when learning something, I don’t exactly like to walk on the bleeding edge!

The collection of tools is amazing and I don’t even need to go on blabbering about it. Its the distro of choice for security professionals. The multitude of scripts are simply vast each grouped neatly in the appropriate categories for radio analyzing, os fingerprinting, forensics etc etc (heck, I don’t even remember all of them).

I booted into BT2 using the live CD. I prefer the live CD in this case as I don’t exactly wanna mess around with my wireless settings by creating and destroying multiple VAPs. Got down straight to work, fired up airodump-ng. Found a couple of clients connected to the AP near me. Deauth-ed them with aireplay-ng. To make sure it was working, called over a friend to my room, tested the deauth on his laptop and it was working!

Ok, catch up with your breath. This is how I did it:

Created a VAP ath1 in monitor mode
wlanconfig ath1 create wlandev wifi0 wlanmode monitor
I wont even explain how to start up airodump-ng. Its as easy as 1-2-3.

Deauth the clients using the MAC addresses found with aireplay-ng.
aireplay-ng -0 30 -c client MAC address -a access point MAC address ath1
Here -0 means deauth and 30 is the number of deauth requests to be sent.

At this stage, you can easily spoof the MAC address and capture the packets intended to be received by the now disconnected client. Maybe get around MAC based authentication too if that is the first layer of security in a network.
Finally, don’t forget to check out the documentation and tutorials at aircrack-ng.org

Found out this solution at ubuntu forums after googling a bit. I was totally fed up with the connection acting out randomly. The solution lies in locking the network interface to a specific 802.11 a/b/g mode.

Edit your /etc/rc.local file and add the following lines before exit 0

modprobe ath_pci
(sleep 10 && /sbin/iwpriv ath0 mode 3) &


Actually it uses the iwpriv mode X command to lock the card to a specific mode, where
X=0, for a/b/g
1, for a
2, for b
3, for g
You add this to /etc/rc.local to make the change permanent, so that these settings are loaded every time you boot into ubuntu.

Source

Gotta try out wicd as a replacement for network manager too.

With much hype and publicity, the wifi service of our university was launched 10 days ago. The service was christened I-ON (no idea what that has got to do with wireless networking) and large, beautiful posters greeted you on every step inside the campus: inside the hostels, the college, the lecture halls and all other places imaginable and within the reach of the human physique. It promised to Mobify ur world and according to the fkin fully techno illiterate helpdesk personnel, you would be getting speeds around 500 kbps. So, the first few days went fine, we were downloading and surfing merrily at speeds touching 50 KB/s. Anyways we were very well aware that a speed of 500 kbps is not feasible and possible for the size of the network and the backbone our university possesses. But still the speeds were simply great.
And then comes the shocker. Some 3 days back, suddenly everything drops and starts to suck, big time. Downloads drop to 6 KB/s. So what is it? As obvious it can get, its a nasty traffic shaper. The University gets back to its dirty tricks. You decide for yourself. 6 KB/s. Fucking hell. I would be getting the same speed on a dial up connection. For God’s sake, it is an internet service for the whole University. What can be more shameful that a University with 50+ years of history behind can’t offer a basic, decent internet connection to its students. Everything is simply wrong about the whole thing. To download even a small tool like Brutus, I’ve to wait 5 minutes and yes, that is if I stop whatever surfing I might be doing at that time. What purpose would this connection serve?

Agreed that traffic shapers are very much needed for maintaining the QoS of the network, but the University authorities have simply pulled off a cheap trick by misusing the powers of these tools.

In my next post, I’ll be posting some iperf results as evidence to my claims.

I found this page on the madwifi wiki long ago, but then forgot ’bout posting it here. For those with an Atheros chipset card, this is for enabling the LED indicator so that you can be sure that the wireless interface is working.

For my Thinkpad R60, these were the lines I needed to enter in /etc/sysctl.conf

dev.wifi0.ledpin=1
dev.wifi0.softled=1

The wi-fi connection in our hostels is controlled and billed through a login and authentication procedure using RADIUS(Remote Authentication Dial In User Service) on the CISCO IOS. Recently I happened to notice something. Suppose I log out of my account but have a program that keeps me connected to the net like Google Talk or any P2P program. Now someone else on another machine can login with the same ID and there you go, two machines on the network authenticated with the same ID. No, I don’t lose my connection.

If any experts are reading this, is it a flaw in the IOS RADIUS itself or something is wrong with its implementation on our network?

Finally decided to get cracking on the aircrack-ng suite that was lying with me. But just setting it up was a heck of a task but as it is always with linux, a great learning experience too.

Read the rest of this entry »