Skip to main content

Posts

Showing posts from August 5, 2008

JoikuSpot Light v2.1 Beta S60v3 SymbianOS [Updated - 31st July '08]

JoikuSpot is FREE and SECURE Mobile HotSpot solution that turns Nokia phones to a WLAN HotSpot. JoikuSpot software is installed directly to the phone. When switched on, laptops and iPods can establish instant, secure and fast WLAN connection via smartphone's JoikuSpot HotSpot using phone's own 3G internet connection. Multiple devices can connect to JoikuSpot in parallel and seamlessly share the same 3G internet connection. You can use JoikuSpot to access internet e.g. on the train, car, sailing boat, summer cottage, hotel, while walking, or when at remote office...where ever you are! Release notes for JoikuSpot Light: -Landing page works with all operators -Encryption support with WEP including 128bit key generator -Battery threshold shutting down the client when battery level is too low -Default Access point setting -Support for secure SSH tunnels with Putty -MapSpot 1.0 support for GPS HotSpot location identification with external mapping services such as Google Maps All sett...

FTD FieldTest NetMonitor S60v3 SymbianOS9.1/9.2

Description: FTD is netmonitoring mobile network application mobile devices. Full GSM signaling which can be visible to network operator: Information on the serving cell: - Hoping, Channel carrier number, RX level, TX power levels, Rx quality, Time Slot, Timing advance, Radio Link Timeout, C1, C2, Currently used band, Type of current channel... Information on the 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th neighbours. Network selection display. System information bits for the service cell. Paging repeat period, TMSI, periodic location update. Network parameters. Ciphering, hoping DTX status and IMSI. Uplink DTX switching display. BTS-TEST carrier: lock / unlock on one BTS frequency. Toggle cell barred status. Select which band to use: GSM 900 - GSM 1800 - GSM 1900 Full GPRS signaling displays: Information on the current GPRS state and previous TBF configuration: - Hoping, Channel carrier number, RX level, Timing advance, Downlink time slot, Uplink time slot, Channel coding scheme downlink/u...

Nokia Energy Profiler 1.1

Nokia Energy Profiler is a stand-alone test and measurement application for S60 3rd Edition, Feature Pack 1 devices (and onwards). The application allows developers to test and monitor their application’s energy usage in real time in the target device. The application is available as a SIS package for S60 3rd Edition devices, but measurement works only in S60 3rd Edition, Feature Pack 1 (or newer). Older devices can still view files. This view shows the cellular signal levels as RX and TX levels. RX level corresponds to the power of the received cellular signal. TX level refers to the transmission power from the cellular radio. Both measures are in dBm. TX levels show up only during active transmission periods (voice or data). RX levels are available whenever connected to a cellular network. This means there is no RX level in the Offline phone profile. Average/instant bar values are for the selected signal that is shown in the corner indicator. You can toggle the chosen signal with the...

Tutorial on using downloaded WPA_PSK rainbow tables with airolib

First I obtained the 33gig rainbow table from renderlab.net/projects/WPA-tables A 7 gig table is also available but i opted for larger table took me 4 days. Please keep in mind while doing all this decompression this is a 33 gig file so you need alot of space so I hope you are working with a 250gig hard drive like i am. When file is downloaded you get wpa_psk-h1kari_renderman.tar.lzma first you have to extract the .lzma portion first i used 7zip sdk version on windows. After downloading 7zip lzma version i put in C:/ root directory then pull up a dos prompt cd point it to your 7zip lzma folder. llzma.exe d "folder of the wpa_psk-h1kari_renderman.tar.lzma file"] after file has been decompressed you will be let with wpa_psk-h1kari_renderman.tar] Now you have to decompress the .tar you can do this on you linux box but i did mine on my windows box with peazip. I opened peazip and extracted the .tar and the end of the extraction you will have 9 folders these folders contain the pr...

ssldump

ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic. ssldump 0.9b3 The current version is 0.9b3 ssldump 0.9b3 contains a number of fixes and enhancements over 0.9b2, including. Security fix: some potential over and underflows Added support for VLANs. Added -P flag to disable promiscuous mode. Fixed bugs in the TCP reassembly code. A lot of bug fixes.

Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.

Before reading on this guide is for educational purposes only. I take no responsibility from what people do with this info. First thing is to get fragrouter. I don't know if you can use other tools provided with the backtrack, there are 100 ways to skin a cat and this is just my way. http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html There are lots of things that you can do with fragrouter but we are going to use fragrouter to setup IP forwarding. We do this with this command : Code: fragrouter -B1Squash that window and put it to one side. Now open another shell and we will start dnsspoof with this command Code: dnsspoof -i ath0 (or whatever network interface you are using)Again put that window to one side and lets load up webmitm. Webmitm will issue our ssl cert to the victim so we can decrypt the traffic we capture. Start webmitm by typing Code: webmitm -dNow we can start the arp spoof. To start ettercap type Code: ettercap -T -M arp:remote /router addy/ /victim a...

Mdk3 Secret Destruction Mode

It's a combination of different attacks. Cisco still has a bunch of support tickets running. Their Intrusion Detection System crashed because of this special attack. And with the IDS the routing tables at the whole university got mixed up for about half an hour. So, TRY THIS AT HOME, but not anywhere else. The combination is: - Running beacon flood mode to generate fake APs with the same name as your victim - Auth-DoS the original AP with intelligent mode - Use the amok mode to kick the clients And for the next version of mdk3 - Use the upcoming WIDS confusion mode to cross-connect kicked clients to real and fake APs making all security systems go FUBAR. In this 802.11-hell, there should be nobody able to access the network. Because: -> They get kicked when they connect (Amok mode) -> They will see thousands of APs, unable to know which is the one to connect, thus they are just trying around blindly (beacon flood) -> The original AP may be too busy to handle the real clien...
Fake Shared Key Authentication This is world's first fully functional code to enable fake authentication on networks using Shared Key Authentication. You do NOT need to know the key to authenticate, all you need is a keystream that has been chopped with aireplay-ng's chopchop attack. Hirte, another developer from the aircrack-ng community successfully included this code into the aircrack suite. Fixed in Version 0.2: - Show error when network does not use Shared Key Authentication - Get Capability Field from Beacon Frame. (Using the standard capabilities failed for some APs) ska-0.2.tar.bz2 ska-0.1.tar.bz2 Fragmentation Attack And another world premiere from me. First implementation of the Fragmentation Attack on Linux. This attack needs a special driver and card, that is able to handle the IEEE802.11 fragmentation correctly, your driver may not work or may need to be updated/modified. The output of this tool is a file in the aircrack-ng keystream format (.xor). The output can b...

Enhanced Injection driver for Intel ipw3945

This is based on a driver made for testing purposes called ipwraw. It allows raw packet Tx/Rx with the Intel PRO/Wireless 3945ABG adapter, it's raw mode only and can't be used for normal connections to the internet. ipwraw doesn't have wireless extensions, so this modification adds some to make it easier to work with programs like aircrack-ng, kismet, mdk, ... New in ipwraw-ng 2.3.4: * Added compatibility fixes for recent kernels (2.6.23 and newer) * Fixed bug when setting 5.5 Mb/s rate with iwconfig * Fixed bugs (I hope) in Makefile - it would report that old firmware versions were adequate and also had some cosmetic glitches * Added set TxPower Wireless Extension. Now TxPower can be set using iwconfig INTERFACE txpower TXPOWER (INTERFACE is normally wifi0, or eth0; TXPOWER is a the value you want to set, min=-12 and max=16) This version includes some fixes ported from ipw3945 driver. It should be more stable now... D...

RaLink RT73 USB Enhanced Driver

* Support for Fragmentation Attack * Interface is called rausb0 instead of wlan0 to prevent some tools incorrectly detecting it as wlanng or hostap driver * Injection speed can be selected with iwconfig rate command. The default speed yet is 54 MBit. You may want to lower it to 1 MBit before injection with iwconfig rausb0 rate 1M * NEW: ToDS packets aren't dropped by the driver anymore. WPA handshake captures are finally possible! IMPORTANT! Version 3.0.0 is a new fork from the current serialmonkey CVS. It has fixes for 2.6.24 and 2.6.25 and does not need setting a MAC Address before bringing the interface up. This version includes all the enhancement of the 2.0 series of this driver. If you unplug the card while its still in use, it may crash your system. So close all applications accessing it, bring the interface down and then remove the device. IMPROVEMENT! There is a tiny extra in the 3.0.0 driver. Maybe you can find it with iwpriv ;) YOU MAY HAVE WAITED FOR THIS: Version 3.0....

RaLink RT2570USB Enhanced Driver

* Prism header can be toggled via iwpriv, no automatic changes which screwed up packet captures! * MAC changing supported * Support for Fragmentation Attack Fragmentation support is now considered as stable. 1.5.0 version has some important fixes for kernel version 2.6.19 and above. For further details on the fragmentation attack see the paper from Andrea Bitteau: http://toorcon.org/2005/slides/abittau/ The serialmonkey CVS repository updated its driver from a new RaLink legacy one. Version 1.6.0 is the modification of this driver with fragmentation support, MAC changing and prism headers enabled by default. This driver seems to fix some threading, some SMP and some endianness issues. So it should be more stable than previous releases. Go get it! Version 1.6.1 works for 2.6.22 kernels and comes with some more stability improvements. AND NOW FINALLY: Version 1.6.2 with a new base version from serialmonkey CVS, all the patches from the previous version and support for 2.6.26 kernel:

MDK3

The new MDK3 uses the osdep injection library from the www.aircrack-ng.org project. The Linux-dependant includes have been removed, mdk3 compiles and runs on FreeBSD and even Windows (Cygwin). For Windows you need special drivers, a possibly illegal DLL file and the cygwin environment. Please see the aircrack-ng website for details. MDK3 has successfully been tested on the new mac80211 stack in kernel version 2.6.23 with the rt2x00 driver and a rt73usb card. If you are a Linux user, just make, make install and have fun. If you are a FreeBSD user, do the same, and report back to me, if it works correctly there. And very important, don't forget to type mdk3 instead of mdk2 now ;) MDK3 is licenced under GPLv2. Features: - Bruteforce MAC Filters - Bruteforce hidden SSIDs (some small SSID wordlists included) - Probe networks for checking if they can hear you - intelligent Authentication-DoS to freeze APs (with checking for success) - Beacon Flooding with channel hopping (can crash NetSt...

Catchme-ng and default-ng

Version 0.9 available! Download version 0.9 to test it out!! To install do: (run airodump-ng first) 1. unzip catchme-ng0-9.zip 2. cd catchme-ng/ 3. perl catchme-ng Dependencies 1. Aircrack-ng 2. cat, grep, UNIX commands. 3. sox (the audio player) 4. root access. It's a pretty simple concept it sequentially cats and greps the piped output for a user defined MAC address. So like If you were in a big city searching for a WiFu hacker while cruising around wardriving, or simply searching for a certain AP In a massive sea of AP's, you can certainly use this tool! Once the MAC string is found, Catchme-ng will notify you immediately with the blast of a siren. So turn up the volume or use headphones and catchme-ng!

Spoon WEP for Noobs(those who Wish to be Lazy in Wifi)

SpoonWEP this tool is in BackTrack 3 and It Cracks WEP key in Few Clicks ,then i thaught this will help for Noobs ,who are unable to Crack WEP, SpoonWEP for Noobs This Video tutorial shows How to Decrypt WEP using SpoonWEP tool in BT3 Thanks to Shamanvirtuel who created This Tool . Note: we will be doing client less Attack using Fragmentation Attack Technique 1) Make sure that ur Wifi card is in Monitor Mode if u dont how to do this see below wlanconfig ath0 create wlandev wifi0 wlanmode monitor 2) airodump-ng ath0 3) Choose the AccessPoint(AP) u want to Decrypt WEP and Remember the Channel 4) Then copy the AP MAC address 5) Then Run SpoonWEP tool 6)In Victim MAC Paste the AP MAC Address. 7)Choose ur Network Card & my Interface is ATH0 8)Set the AP Channel Number 9) Set the Injection rate to maxium 10)Use Fragmentation and Forge Attack 11)Use 128 Bits key Length 12)Click launch wait for few Minutes u have Decrypted 128 Bit WEP key