JtR 1.7.9 with Jumbo 6 now offers GPU support for computationally intensive (slow-hash) password encryptions like WPA-PSK. This POST will detail compiling JtR with OpenCL support. I have an really old ATI Radeon HD card but it works with OpenCL so here goes. This compile works for Ubuntu LTS 12.04 and 10.04. You should read the doc file README.opencl for notes for more info on how to compile JtR with OpenCL support.
WRT54GL is Not Dead
Well the WRT54GL is not dead for me. Due to it’s popularity this venerable wireless router has been documented across the Internet on how to software and hardware hack it. Tinkering with this devices is a great way to learn about embedded Linux, cross-compilation, soldering, and serial communication. I continue to search for new ways to play with this router (I plan on adding some USB ports once my 12v/5v power supply arrives!). The reason I’m documenting my experiences is because I haven’t seen many tutorials where the device has a GPS module. I’ve seen some documentation on connecting a GPS device (Garmin) to a serial port. Mine goes the extra step and includes a module in the router for a nice compact wardriving box. I’m even able to set the date and time on the device after a GPS lock is obtained. So I’m going to put together a tutorial on the GPS module and the version of Openwrt, Kismet, and GPSd I used to allow this device to be a self contained wardriving box.
Compiling Wireless Tools for Nokia N810
This tutorial will help you configure the Scratchbox environment to compile the latest svn of aircrack-ng, latest stable kismet, and reaver 1.4 for the Nokia n810. A lot of love is getting sent to the N900 but the n8x0 series of devices are still great for wireless testing. With this tutorial you will be not only to compile the software but create Debian packages for easy installation on your Nokia device. Of important note were the errors I encountered while compiling aircrack-ng. The error had not been documented on the Internet. Trust me I Googled my heart out. Everyones solution was update the linux kernel headers. Well in this case that wasn’t possible. I’m not a Linux programmer but I figured out how to edit the header file to make the changed needed to get Aircrack-ng to compile.
Read More
Parse Kismet NETXML for Aireplay-ng
This post deals with gathering the information you need to use aircrack-ng to capture a WPA/WPA2 handshake for offline bruteforce attacks. When running aireplay-ng to send out de-authentication packets you need the MAC address of the Access Point and a Client that is associated with it. The way I would collect the information is run Kismet. With the older version of Kismet I would monitor the client (panel view) and select (copy/paste) the access point and client MAC. With the new version of Kismet you cannot select a MAC address. So I wrote myself a quick Perl script to parse the Kismet NETXML file to create output with the MAC addresses of AP and associated client pairs.
Read More
Compiling Nmap for Android
Compile Nmap for Android
This tutorial will show you how to compile the latest version of Nmap for your Android device starting with a standard Ubuntu install. I will offer instructions on how to obtain two versions of compiler that I’ve had success compiling software for Android. I will show the Android NDK and the free Lite ARM compiler from Mentor (formally Code Sorcery). Hopefully you can take this instruction to try and compile other tools for Android.
The build environment and instructions come from an auditor with strong technical skills but somebody who is not a programmer or developer so hopefully my view point can help other individuals who are also not developers. I’ve built cross-compile environments for Openwrt, Nokia Maemo, Familiar Linux (iPaq) in the past but always from piecing together instructions from multiple Google queries and forum searches. I’m creating this document so it will be helpful for somebody’s future Google search.
Read More
Linux Penetration Testing Laptop Setup v4 (Ubuntu 11.4 Natty Narwhal)
I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
Nokia N810 – Wireless Auditing
I created a tutorial on how to setup and configure the Nokia N810 Internet Tablet to conduct a wireless assessment or audit. The tools included in the tutorial include how to setup kismet (oldcore and newcore), aircrack-ng (airbase and aircrack), and btscanner. I’m still working on developing steps to install Metasploit and Karmetasploit for wireless client attacks. The tutorial also details using the internal GPS as well as adding an external wireless adapter. The latest version of the tutorial can be found here.
ISACA Atlanta Chapter – GEEK WEEK 2011
The 4th annual Atlanta Chapter of ISACA GEEK WEEK conference was held the week of August 22nd – 26th. GEEK WEEK is a track-oriented, full week Conference focusing on providing training, networking, and roundtable sessions on IT governance, audit & security.
I conducted the presentation Wireless Auditing on a Budget: Using Low Cost Hardware and Open Source Software. You can find the presentation slides here. For links and information on the other presentations you can go here.
1.21.2014 – Since the Atlanta Chapter of ISACA website has changed the presentations can only be found on the Internet Archive where I updated the link above. I also went and downloaded all the presentations available and provided them here.
SNMP Assessment Worksheet
I put together another Technical Assessment Plan for assessing the SNMP protocol. You will use open source and freely download-able utilities to assess the SNMP protocol. This is for auditors that do not have access to or cannot afford the Solarwinds toolset. This is version 0.1 of the document and I plan on making updates and add new tools in the future.
LAMP setup for .nessus v2 custom report generation.
I created Project RF to have a reporting framework that provides consistent reports for various vulnerability scanning tools. The project started with support for Nessus back when I would parse nbe files. I’ve since included reporting for eEye Retina, Nmap, HP WebInpect, AppScan AppDetective, Kismet, and GFI Languard. This project is still in its alpha stages as I’m not a top notch web program developer. Scan results are exported to XML which is then uploaded, parsed, and imported into a backend MySQL database. I have found this framework very useful in generating reports for my workpapers. I still continue to work on this project even though I’m no longer an auditor. Recently I stripped it down to just Nessus and I rewrote the Nessus portion to support the .nesses v2 xml output. Installation and setup instructions can be found here.
This framework supports many options for report generation and executive reporting.