Informer Blog « Hackers For Charity

Kismet Drone Building Guide

The Kismet Drone is a very useful device for anyone responsible for monitoring a wireless network.  They allow you a remote presence to sniff the air from anywhere on your LAN or over the internet using cheap and easily available embedded routers.

The RenderLab has updated and rewritten the previous Kismet Drone guide for modern builds of OpenWRT and Kismet Newcore.

(Read More…)

Airdrop-ng Release

http://seattleit.net/airdrop-ng.tar.bz2

md5 sum
172468983190bc4d0e4c7f1b31dbe697

Katana Security Distro v1.0

Thanks to Ronin over at http://www.hackfromacave.com for this addition! Katana v1.0 (Kyuzo) is now available for all Informer subscribers. Click here if you’d like to subscribe!

Katana v1.0 (Kyuzo) is a portable multi-boot security suite designed for all your computer security needs. The idea behind this tool is to bring together all of the best security distributions to run from one USB drive. Katana includes distributions which focus on Penetration Testing, Auditing, Password Cracking, Forensics and Honey Pots. Katana comes with over 100 portable Windows applications such as Wireshark, HiJackThis, Unstoppable Copier, and OllyDBG. Also included in this distribution are:

  • – Backtrack 4 pre
  • – the Ultimate Boot CD
  • – Organizational Systems Wireless Auditor (OSWA) Assistiant
  • – the Ultimate Boot CD for Windows
  • – Got Root? Slax
  • – Ophcrack Live
  • – Damn Small Linux
  • – Damn Vulnerable Linux

Here are the mirrors:

http://gextrade.thegoodhacker.com/katana/katana-v1.rar
http://psifertex.cns.ufl.edu/~jsawyer/katana
http://dc585.info/mirror/katana
http://newfe.kracomp.com/katana
http://www.d3vrandom.net/hfc/katana

WeakNet Linux Assistant 3 Lite

WeakNet Linux Assistant 3 Lite (WNLA) is ready! Thanks to Douglas at WeakNet Labs, it’s available exclusively to Informer subscribers this week. A must-have for anyone interested in Security or Forensics, this CD-sized distro contains all the tools you need to test your skills and excel in the field of INFOSEC. Some of the highlights:

* WNLA 3 is ~600MB (last releases were roughly 1~1.5GB)

* WNLA has many new GUI interfaces for things (helps people make the transition from Win32/64 to Linux)

* WNLA has instant servers including (MySQL, FTP, SSHd, FastTrack-GUI, Metasploit-Web Brick, and more)

* WNLA has it’s own PHP/MySQL Social Networking server that i coded (resembles Facebook) to use in the lab to teach people about web hacking PHP/MySQL and SQL injection.

* WNLA has new looks including Grub splash, Usplash, GDm and more.

* WNLA includes WardriveSQL GUI and Webserver that i coded (http://wardriveSQL.info).

* WNLA includes GUI interface to WiFiZoo that i coded (which is to be added into the next build/website, under 3rd party additions)

* WNLA uses fully customized/customizable FluxBox instead of bloated Gnome and less-bloated (but amazing) Enlightenment.

Links available to paid subscribers of Informer only. Click here to subscribe. It’s only $54 a year, and the proceeds go directly to HFC projects such as our food program in Kenya and our Classroom project in East Africa.

Check out the video here!
Here’s the links….

ISO: http://weaknetlabs.com/linux/eb49e6f3bd72e6c6da517774391e0441/WNLA3LITE.ISO
MD5: http://weaknetlabs.com/linux/eb49e6f3bd72e6c6da517774391e0441/WNLA3LITE.ISO.MD5

Douglas also makes a forum available for questions about the release. Be sure to check it out!

Prison Break (Breaking, Entering & Decoding) Challenge Answers

The Ethical Hacker Network (EH-Net) teams with The Informer. The EH-Net contribution will be the answers to the Skillz H@ck1ng Challenges a few days before they are revealed on EH-Net. We start this month with the answers for the last hacking challenge published on August 2009, “Prison Break – Breaking, Entering & Decoding“.

It is an honor for me to drive this initiative, with the support of Don Donzal (EH-Net) and Ed Skoudis (Challenge Master), and start posting the official answers of this challenge on The Informer. Then, in a few days, both the answers and winners will be announced on EH-Net as usual.

The “Prison Break – Breaking, Entering & Decoding” challenge answers are contained in a single PDF file (27 pages) plus three associated screencasts (“BTv4 802.1q (VLAN) setup”, “Metasploit meterpreter Windump/Winpcap sniffer”, and “Metasploit meterpreter built-in sniffer module”).

I hope you enjoy it, and we look forward to the participation of The Informer subscribers in future EH-Net challenges! Next up is the October Challenge by James Shewmaker based on the TV show Sliders, and then Ed Skoudis’ annual Christmas Challenge coming in December.

Raul Siles
www.raulsiles.com

Airdrop-ng Beta Release

Airdrop-ng A python based wireless deauth tool supporting a full rule base and kicks based on OUI.

After enjoying MDK3 but finding it way to blunt for many uses I decided to write my own python deauth tool using lorcon.

The advantage to airdrop-ng is the rule parser. It is smart enough to know that if you wish to allow a client on an AP but want to kick the others not to send a broadcast packet. This allows airdrop to act as a wifi nuke but also as a scalpel for very targeted work.

Another fun feature is the kick based on OUI. Using OUI lookups its possible to kick on device type. So say if you wanted to ensure that no Macs in the area have access to wifi while all other devices work fine. It really is quite fun.

Sadly this tool has not gotten as much testing as I would have liked so if you do manage to blow it up please double check your rules and make sure they are to the format of the example config file. Also ensure that you have read the readme. If those two items fail to clear up your issue email me the airodump csv file and the rule config file you are using and I will do my best to clear up the issue for you. I can be reached at thex1le a t  gmail DOT com.

This tool will most likely be working its way into the aircrack-ng suite at a later date.

The code can be downloaded here

!!!!! UPDATE

I found two serious bugs and have sinced fixed them. One was that if you tired to just kick a single client off an ap all clients would be kicked. The second was that if you had a rule for a client airodump couldnt see or just did not exist the program would die. Both have been fixed. Please use this new link

http://seattleit.net/airdrop-ng-9-22-1730.tar.bz2

Special thanks to SWC666 and http://seattleit.net/ for hosting the code base.

Raw Patch Management Survey Data (Project Quant)

Over at Securosis we’ve been working on a big project (called Project Quant) with Microsoft to develop a rigorous patch management metrics model. We ended up with a 40+ page report including over a hundred metrics in a 10 phase, 40 step patch management process framework. You can read about it here. This was a community project, with participation from a bunch of different people and groups.

But, for this community, the more interesting part was the survey we conducted. We performed an open survey on patch management processes that included some of the biggest, and smallest, organizations around (and are keeping the survey open). While we released a summary analysis with the initial project report, we are now releasing the raw survey data.

This data has been anonymized, but otherwise unaltered. We had about 116 responses when I did this data dump, and keep in mind the results likely skewed towards more mature organizations (since they’d be more incented to participate). This data will be exclusive here at the Informer for one week before we release it to the broader community. The file includes the data in cvs and xls format, with an xls of summary results (the pretty charts).

[download id=”30″]

Maltego FireFox Plugin – The Mesh!

This new plugin from Paterva allows you to easily pull data from visited web pages, and integrates seamlessly with Maltego. A video demo is here: http://www.paterva.com/mesh.mp4 but the plugin is only available to Informer subscribers during this pre-release period! Thanks Paterva for your great support!

Here’s the link:

http://www.paterva.com/maltego/about/maltego-mesh

The password is “yoshimi”, without the quotes.

GRaTS vulnerability scanning tool prototype

Greetings, Informees!

Since I have a working prototype of a new tool available, I thought you all might like to play with it! (Warning: This is a prototype, it is still buggy, does not have a GUI, and may or may not explode your computrons.)

For my senior project, I’m writing a tool to extend the functionality of the RATS (Rough Auditing Tool for Security) vulnerability scanner. What GRaTS (Graphical RATS and Taint Scanner) does is to attempt to combine several approaches to finding vulnerabilities to help both experienced auditors and greenhorns to get quicker, more accurate results. By identifying points in code where users can affect the data flow (namely through input or things like signals, filesystem tomfoolery, etc) we can distill the code into a condensed version which shows only code dealing with tainted data. Once the code has been condensed, we scan it using RATS and format the output nicely into a GUI, including relevant line numbers, variable names, and any vulnerability information that RATS may have returned. This allows for novices to immediately identify dangerous code operating on tainted data, and allows more weathered folk to perform manual code analysis on tainted data timelines, making manual code analysis faster and more cost-efficient.

Hope you all get a kick out of it! Any new prototypes released will be on the same page, so check back periodically if you’re interested in seeing GRaTS progress.

Cheers!

Dan Crowley

BackTrack 4 Pre Final

Thanks to the amazing generosity and heart of the group at Offensive Security, I’m proud to announce that all Informer subscribers have exclusive access to the BackTrack 4 pre-final, at least a week before the rest of the Internet Suhweeet!!!
Check out the official announcement here.
http://www.offensive-security.com/blog/category/videos/

Check out the videos, and you can see that this is a HUGE improvement over BT3 and BT4 beta. We’re talking one-click installs, oh man oh man…

“Up and running with backtrack”
http://www.offensive-security.com/movies/upandrunning/offsec-backtrack-01.html

“BackTrack 4 Persistent USB install”
http://www.offensive-security.com/movies/persistent/offsec-backtrack-02.html

“BackTrack Dual Boot with Vista”
http://www.offensive-security.com/movies/dualbootbt4/offsec-backtrack-03.html

More videos coming soon! But here’s what you’re waiting for…Ready… set… here’s the links:

The BackTrack release is public now. You should have subscribed so you could have had it early!