Nov 012017
 

There are some issues with the steps listed on the hashcat FAQ found here. This quick tutorial is specifically geared for Ubuntu when you have installed the nvidia packages from the repository. This is what I did to get it to work so hopefully it will be helpful to others.
Continue reading »

Sep 202017
 

Cisco MAC Address Port Security

We are going to configure basic, no frills, port security on the Cisco Catalyst 2960. From Understanding Port Security – Chapter 62 – Configuring Port Security

You can use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Continue reading »

Sep 172017
 

First step is connecting the Cisco console to our workstation. I chose to use the Console cable plugged into a Prolific Serial-to-USB adapter. While you can plug your adapter into your Windows workstation and connect via Putty I do not recommend it. Even at Windows 7 I have issues with the adapter and I’m not using one of those cheap Chinese knockoffs. Without fail my workstation will eventually BSoD. Lenovo work laptop or Acer personal laptop it doesn’t matter. I prefer to connect to my Ubuntu workstation and use minicom.
Continue reading »

Sep 172017
 

The following articles that I post will assist in getting your lab setup so you can test techniques to bypass port security. We will start simple and work our way up from “not really secure” to “a little bit more secure”. These tutorials will do the bare minimum to get the device configured. I will not detail any other steps or commands that don’t directly get the job done. My lab starts with a Cisco Catalyst 2960 Switch.
Continue reading »

Feb 112015
 

In 2013 I presented at the Rhode Island Bsides about the work I did with the TP-Link wr703n creating a “Super” Minipwner (real ingenious name). Below is the abstract for my talk.

The TP-Link WR703N is a low cost wireless access point that has replaced the venerable Linksys WRT54G as the most popular device to crack open and tinker with. Many project tutorials have sprung up on how to hack this device from a hardware and software perspective. One such project is the “minipwner” coined by Kevin Bong with his site www.minipwner.com. This talk builds off of that concept by trying to upgrade and implement as many features as possible while still keeping the original case. Why the original case? Because I said so. We double the RAM and flash storage, add a usb hub, usb sdcard reader storage, usb to Ethernet port, serial port over usb, and finally we have integration with the Teensy so you can run keyboard commands remotely over WiFi. I call this device the very original name of super-minipwner.

Super Minipwner

The TP-Link wr703n is a fun device to tinker with but I want to step it up a notch and use a device that already had two network ports. I always pined after the wr720n (the Chinese model) and even got my hands on one to play with. However, the RAM and Flash were the same as the wr703n and I didn’t want to ruin the device upgrading it. 4mb of flash storage and 32mb of RAM just isn’t going to cut it. Also the devices are harder to find and more expensive…and nobody is selling services on Ebay to upgrade the wr720n like the wr703n. Though if you asked him I bet he would. The router is also larger in size due to AC outlet plug.

Then the Openwrt forums started discussing the GL-iNet. I was hooked the moment I saw it. They took the wr703n and added everything a hacker could want. Two network ports, easy access to GPIO and Serial pins, 64mb of RAM, 16mb of flash, internal power header, and a connector for an external antenna. This all in the same dimensions of the wr703n. The new penetration testing device created using the GL-iNet will be documented in several parts.

Part 1 – Building Openwrt for the GL-iNet

Part 2 – Using Openwrt to Bypass 802.1x Port Security

Part 3 – Remote HID Attacks with a Teensy 2.0 – The Build
Part 3.1 – Remote HID Attacks with a Teensy 3.1 – The Build

Part 4 – Remote HID Attacks with a Teensy – Testing Your Build / Getting Started

Part 5 – Remote HID Attacks with a Teensy – Peensy Code

Feb 052014
 

Install the latest John the Ripper 1.7.9 with the Jumbo 7 patch. Before downloading John you will need to install the CUDA development files. See this blog article for instructions on how to install the latest Nvida drivers for Ubuntu 13.10 and latest CUDA development files.
Continue reading »

Jan 212014
 

You can probably get by with leaving off that last part of the title and still succeed with this attack.  Today we will be making a Password Pwn Stew.  Add a little Ettercap (link), with a dash of Metasploit (link), a smidgen of password cracking with Rcrack (link) and Rainbowtables (link), and if required a pinch of Hashcat (link) to taste.  You will have yourself some tasty pwnage.

Note, your mileage may vary with this stew.  I’m not Martha Stewart.  Also the stew analogy ends here 🙂
Continue reading »

Jul 052012
 

JtR 1.7.9 with Jumbo 6 now offers GPU support for computationally intensive (slow-hash) password encryptions like WPA-PSK.  This POST will detail compiling JtR with OpenCL support.  I have an really old ATI Radeon HD card but it works with OpenCL so here goes.  This compile works for Ubuntu LTS 12.04 and 10.04.  You should read the doc file README.opencl for notes for more info on how to compile JtR with OpenCL support.

Continue reading »

Apr 222012
 

This tutorial will help you configure the Scratchbox environment to compile the latest svn of aircrack-ng, latest stable kismet, and reaver 1.4 for the Nokia n810. A lot of love is getting sent to the N900 but the n8x0 series of devices are still great for wireless testing. With this tutorial you will be not only to compile the software but create Debian packages for easy installation on your Nokia device. Of important note were the errors I encountered while compiling aircrack-ng. The error had not been documented on the Internet. Trust me I Googled my heart out. Everyones solution was update the linux kernel headers. Well in this case that wasn’t possible. I’m not a Linux programmer but I figured out how to edit the header file to make the changed needed to get Aircrack-ng to compile.
Continue reading »