JtR 1.7.9 with Jumbo 6 now offers GPU support for computationally intensive (slow-hash) password encryptions like WPA-PSK. This POST will detail compiling JtR with OpenCL support. I have an really old ATI Radeon HD card but it works with OpenCL so here goes. This compile works for Ubuntu LTS 12.04 and 10.04. You should read the doc file README.opencl for notes for more info on how to compile JtR with OpenCL support.
This tutorial will help you configure the Scratchbox environment to compile the latest svn of aircrack-ng, latest stable kismet, and reaver 1.4 for the Nokia n810. A lot of love is getting sent to the N900 but the n8x0 series of devices are still great for wireless testing. With this tutorial you will be not only to compile the software but create Debian packages for easy installation on your Nokia device. Of important note were the errors I encountered while compiling aircrack-ng. The error had not been documented on the Internet. Trust me I Googled my heart out. Everyones solution was update the linux kernel headers. Well in this case that wasn’t possible. I’m not a Linux programmer but I figured out how to edit the header file to make the changed needed to get Aircrack-ng to compile.
Continue reading »
Compile Nmap for Android
This tutorial will show you how to compile the latest version of Nmap for your Android device starting with a standard Ubuntu install. I will offer instructions on how to obtain two versions of compiler that I’ve had success compiling software for Android. I will show the Android NDK and the free Lite ARM compiler from Mentor (formally Code Sorcery). Hopefully you can take this instruction to try and compile other tools for Android.
The build environment and instructions come from an auditor with strong technical skills but somebody who is not a programmer or developer so hopefully my view point can help other individuals who are also not developers. I’ve built cross-compile environments for Openwrt, Nokia Maemo, Familiar Linux (iPaq) in the past but always from piecing together instructions from multiple Google queries and forum searches. I’m creating this document so it will be helpful for somebody’s future Google search.
Continue reading »
I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
I created a tutorial on how to setup and configure the Nokia N810 Internet Tablet to conduct a wireless assessment or audit. The tools included in the tutorial include how to setup kismet (oldcore and newcore), aircrack-ng (airbase and aircrack), and btscanner. I’m still working on developing steps to install Metasploit and Karmetasploit for wireless client attacks. The tutorial also details using the internal GPS as well as adding an external wireless adapter. The latest version of the tutorial can be found here.
I put together another Technical Assessment Plan for assessing the SNMP protocol. You will use open source and freely download-able utilities to assess the SNMP protocol. This is for auditors that do not have access to or cannot afford the Solarwinds toolset. This is version 0.1 of the document and I plan on making updates and add new tools in the future.
I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.
Update: The latest version is now v4 on Ubuntu 11.4 Natty Narhwal.
I put together a Technical Assessment Plan that can be used to conduct external fingerprinting using the tools and utilities that a penetration tester would use. The assessment plans are structured in a way to help with the documentation of evidence for inclusion in a work-paper process. The plan provides helpful information on how to install, configure, and use the tools to obtain the evidence needed for an engagement. The Technical Assessment Plans that I have created can be found here.
I’ve created an updated configuration tutorial for setting up your Linux laptop to conduct system and network audits. This version details how to get everything up and running on the latest Ubuntu currently at version 10.04 LTS (Lucid Lynx). See the Configuration Tutorials to download the latest pdf document (currently at version 3).
New Post – Now with GPU support.
9.19.2011 – Updated for latest openssl and john jumbo patch on Ubuntu Natty Narwhal 11.4
Password cracking Windows hashes on Linux using John the Ripper (JtR). If you prefer the Linux operating system JtR is the password cracking utility to use. By default JtR does not support the hashes that we are interested in cracking. See below for installation and patching instructions for JtR. Applying the patch to JtR adds the functionality to crack NTLM and MS-Cache passwords. NOTE: This install was done on Ubuntu 10.4 LTS but should work on any Linux system since we are compiling from source.
Continue reading »