Showing posts with label How to Guide. Show all posts
Showing posts with label How to Guide. Show all posts

Friday, February 13, 2015

How to Hack a WPA Wireless Network (Wifi) using Aircrack-ng and John the Ripper


Here is a video tutorial I created showing how easy it is to hack a wireless network using WPA keys for their security. It's a short 12 minute video and I hope you find it not only instructional, but also liberating. After all, informed people make the best decisions.


John the Ripper (JtR) cracks passwords offline. That is, "incorrect number of passwords entered limit" does not affect  JtR. As you can see in the video, using aireplay-ng, fake deauthentication packets were injected to the wireless access point  to force all users to reauthenticate (without them knowing it). During reauthentication, the WPA keys are exchanged between the client and the wireless access point. This exchange was recorded into a file "wificrack.cap" and the hashed PSK (Pre-Shared Key) was then cracked using JtR.  In the video, you can also see that the output file of airodump-ng can be opened using Wireshark. Opening the cap file with Wireshark reveals a lot of information about the clients connected to the wireless access point. For instance, we know the wireless AP is a Cisco-Li (Cisco-Linksys), and the WPA handshake captured was from an Apple device. The MAC address is even shown!

Wednesday, February 4, 2015

Freeing Disk Space in Kali Linux (Basic steps), Especially the apt-get Cache

Kali is a Debian-based Linux developed with penetration-testers in mind. Think of it as a toolbox. It is basically a Debian Linux, but with all the penetration testing tools installed, for free. This includes Metasploit, OpenVAS vulnerability scanners, exploitDB, Hydra, aircrack-ng, John the Ripper, etc. These come on top Linux's common formidable tools such as OpenSSH (for creating tunnels), netcat, and nmap to name a few. 

Since Kali is Debian, then the method used here do apply to any Debian-based Linux systems (+ Ubuntu). Although, since we are talking about Kali, which is usually ran as 'root', then most of the screenshots will show that the user is running the commands as root. If you are not logged in as root, just add the word 'sudo' in the beginning of every command. For example: instead of issueing command 'apt-get clean', type 'sudo apt-get clean'.

Let us assume, you get an error in your Kali Linux saying that you are running out of space. In the screenshot below, My Kali is running on Oracle VirtualBox with a dynamically allocated 15Gb of space. Technically I don't have to worry about disk space because the Virtual Disk will expand when needed. But I still want to free some space.  


You get an error that you are running on disk space. Kali
Step 1: Check Disk space and where you are consuming space the most. Use df -h. the '-h' option in df is to format the result in 'human-readable' format. 


df -h results show the entire disk is "full"

Friday, June 13, 2014

How to configure TFTP Server in your Linux Machine (Debian), and how to solve Permission Denied Error (Error Code 2)

I personally use a Virtualized Kali Linux in my Windows 7 machine to do a lot of things. Primarily to do IT security analysis and research for the companies I work with. But mostly, I find maintaining a Linux machine in an image comes in handy for a lot of things: I can use the Kali/Linux machine as an tftp/scp server to backup devices;

So suppose you want to copy startup-config files from your Cisco to your laptop running a virtual machine of  Kali Linux, (Debian). Let us suppose further that your Cisco router/switch cannot do SSH otherwise, we'll just use scp which is safer, and does not need any further special configuration for Linux devices.

Here's how to do it:  

  1. Make sure you have the Virtual Machine in Bridged Adapter to your WIndows 7 machine's ethernet adapter. I'm using virtual box so in my case, I have to create a bridged adapter first. In Virtuabox (not in the Guest OS or Virtual Machine's Window) click File >> preferences >> Network. Then under tha tabe Bridged Adapters, create at least one adapter. 
  2.              
               Then , in your Guest / Virtual Machine, click Machine >> Settings >> Network >> choose bridged (not NAT). After which, you need to do an ifdown eth0 and ifup eth0 inside your Kali / Linux OS console.
    ** Bridging will not work when you hav eport-security configured in the switchport where the computer is plugged. This is the case in most enterprise networks. If you are doing this inside your office and you are not getting a DHCP IP address, you better ask your network engineer/corporate IT if port-security is enabled.

Sunday, June 8, 2014

How to Install Windows 7 on a UEFI enabled Computer

We recently bought a Lenovo T-440s amd immediately loved it, except it came with a Windows 8 Professional, 64-bit. It had "downgrade rights" for Windows 7 Pro 64-bit. Unfortuantely, our corporate IT environment does not (yet) encourage Windows 8 especially in laptops nor desktops, so I really was obligated to downgrade it to Windows 7 Pro/Enterprise.

The T-440s is Windows 8 optimized and is UEFI and secure-boot enabled. As an IT professional, I am also interested in how UEFI works (later I'll write a blog after I successfully installed Kali Linux on dual-boot in a UEFI system) and if it indeed delivers to is promise. UEFI is explained in detail here. Microsoft also explains UEFI and how it is here.

Do note that UEFI systems behave differently depending on the model and brand of the computer. This how-to post is specifc to the T-440s. While the concept and the general procedures may be the same as with other laptops (i.e. Acer, Asus, HP, Dell, etc.) the behavior may differ slightly.


The Objective:  Install Windows 7 Professional 64-bit on a UEFI enabled Lenovo T-440s.

Before we begin, let us first discuss what are the differences between installing Windows OS in UEFI and in non-UEFI mode (aka Legacy Boot Mode)
  1. UEFI installation of Windows 7 only works in 64-bit installations. 
  2. UEFI does not work in Win XP. 
  3. By default T-440s ships with Windows 8 and with UEFI and Secure Boot enabled. However Windows 7 normally is not for UEFI systems.  If your Lenovo Thinkpad T-440s ships with Windows 7, the settings may have been changed. 
  4. The Lenovo Thinkpad T-440 does not have a CD/DVD Drive, you have to either attach a removable drive, or create a EFI-bootable Windows 7 USB Stick. 

Here's how:

  1. Go to the BIOS Setup by rebooting your Lenovo Thinkpad T-440s then, repeatedly press F1 until you get to the BIOS Set-up Screen. 

Tuesday, March 4, 2014

Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 1


note: Screenshots and configuration examples are using a Cisco 2500 series WLAN controller (aka WLC). The Cisco 2500 series controller is connected to a cisco 3750 or 3650 L3 switch. This article assumes that inter-VLAN routing is already working and only the WLAN controller needs to be configured. 

Usually, enterprise networks are on multiple VLAN environment. The Wifi access points provide access to each of these different VLANs by broadcasting different SSIDs attached to different WLAN profiles. Let's say we want to configure our WLAN controller to broadcast two SSIDs namely:

1. GUEST on VLAN 5 (10.8.5.0/24);
2. IT-Department on VLAN 13 (10.8.6.0/24);

Also, let's assume VLAN 219 is pre-configured with the following information:

1. VLAN 219 is NETWORK-VLAN @10.8.219.0/24)
2. interface vlan 219 IP address is 10.8.219.1
3. a DHCP server located in VLAN 219 with IP address 10.8.219.50/24.
4. WLAN controller will be configured with IP address 10.8.219.251 in VLAN 219
5. the Access Points (APs) 10.8.219.248-250, also in VLAN 219.

There are two parts to this task. First is the VLAN configuration required in our 3750/3650 layer 3 switch which will be discussed in this article. Part 2 is configuring our WLAN controller with the WLAN profiles, SSID, and interfaces. For brevity, I will skip discussion on inter-VLAN configuration and assume that that the network converges, and inter-VLAN routing is configured properly.

Part 1: Configure the 3750/3650 layer 3

1. Configure the port interface in our L3 switch as a trunk:


  interface GigabitEthernet1/0/23
   description *** LINK TO WIRELESS-CONTROLER ***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 5, 13
   switchport mode trunk
   
!The next commands are optional
   switchport trunk native vlan 219
   udld port aggressive

  • "switchport trunk allowed VLAN <ID>"  command explicitly defines what VLANs are only allowed in the interface. In this case, only VLANs 5 (Guest) and 13 (IT-Department) are allowed.  This can be optional but I would recommend you do this to minimize broadcasts traversing through the trunk. 
  • "switchport trunk native vlan <ID>" command changes the native VLAN. By default, the Native VLAN is 1. But this is already expected so we change it. The native VLAN is where all vlan traffic converges and traverses. This command is optional. 
  • "udld port aggressive" is an optional configuration. It detects if the link is  uni-directional and adjusts accordingly to avoid spanning-tree loops. All ports should support UDLD aggressive mode in order to work.  

Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 2

This is part 2/2 of the series.  Part 1 discussed the assumptions and the required layer 3 switch configurations. Please read part 1 prior to reading part 2 You can view part 1 here.
======================================================================
 note: Screenshots and configuration examples are using a Cisco 2500 series WLAN controller (aka WLC). The Cisco 2500 series controller is connected to a cisco 3750 or 3650 L3 switch. This article assumes that inter-VLAN routing is already working and only the WLAN controller needs to be configured.


======================================================================
IMPORTANT REMINDER: before you do all the configuration, note that the LWAPP image version cannot be higher than that of the WLAN controller. a quick "show version" command on both the WLC and the LWAPP will save you all the time and effort. 


From LWAPP: the default username is "Cisco" and password is "Cisco": 

output of show version: 

cisco AIR-CAP702I-F-K9 (MIPS74k) processor (revision 01) with 73728K/57344K bytes of memory.
Processor board ID KWC184402C5
MIPS74k CPU at 40Mhz, revision number 0x0000
Last reset from power-on
LWAPP image version 7.5.1.33
1 Gigabit Ethernet interface

AIR-CAP means this is a Lightweight Access Point (aka a Controller-based Access Point). If it says AIR-WAP, then this is not a controller-based access point and will therefore not associate to the Controller. 

From the Controller:

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.4.121.0
Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0

In this case, configuring the WLAN controller and the LWAPP will not work. the LWAPP will not associate. We will need to either downgrade the image of the LWAPP, or upgrade the image of the WLAN Controller. 

=======================================================================

Part 2: Configure the WLAN Controller

In the first part, we discussed the Layer 3 switch configuration requirements. In case you missed it, please read the first part of this article here: Configuring Cisco WLAN with multiple SSIDs in different VLANs - Part 1

As usual, the first thing to do is plug the WLAN Controller's port 1 to the trunk-configured port in the L3 switch (discussed in part 1). Port 1 is the green colored portin the figure below.




The other 3 ports will be connected to your APs (Access Points).  For brevity, we will not discuss configuring licenses and upgrading firmware in this article.

Thursday, April 26, 2012

How to Access Skype Chat History of Another Person or PC.

Internet messengers (IM) indeed made the world smaller, and skype is undoubtedly the major contributor to this phenomena. 

Skype is simple to use, and hard to block. With skype, you can do free calls and videoconferencing; share your desktop; and, share files such as documents and photos with any other skype users anywhere. Skype has the ability to use any available open port to communicate to the internet which made it a bane for traditional port-based firewalls to block (a headache for most network engineers).

But is skype safe? 

Saturday, April 14, 2012

Practical SSH Tunneling: Using Putty to Bypass Web Filters and Firewalls

About SSH v.2 and SSH tunneling

SSH (Secure Shell) was an Internet Task Force (IETF) protocol for encrypting traffic to access a remote host. SSH v2 standard came out in 2006 and is incompatible with SSH v.1.  Version 2 uses Diffie-Hellman (DH) key exchanges to create a tunnel between a client and a server. Thus, SSH works very similary like a VPN and was, in fact, called a poor man's VPN. SSH has lower levels of security and encryption than VPN. Apart from that, I don't really know the exact difference between an SSH tunnel and a VPN and if you happen to do, please feel free to post a comment or link to your blog/article that explains SSH versus VPN.

SSH v.2 is both a boon and a bane for network engineers. I've been using SSH v.2 to do a myriad of things, some of which to purposely circumvent network policies that would normally disallow people to access other parts of the network. For this article, we will use SSH tunneling to bypass corporate firewall and webfiltering. This is possible using any Web Socket capable browser such as Mozilla Firefox and Opera (I've heard  Google Chrome will support it soon).

Friday, April 6, 2012

Interconnecting Different Sites Using VPN Hairpinning with Cisco ASA Sample Configuration


This is  my first post in my newly created blog and I thought of sharing a project I did back in 2007. I was then working for a Danish company  who have offices, and clients, in  North America, South America, Europe, Asia, and Africa (North and East Africa to be more specific). 

The problem was how to interconnect all our offices and clients in these 5 continents fast, and inexpensively. We had support centers in Denmark, US and the Philippines and all our support personnel, and subject matter experts need to have access to the company's servers and systems deployed inside client's data centers scattered worldwide. We need to be able to SSH the servers; access the web and databases of the system; and, access server iLO (HP servers' integrated lights out) and KVMs. The inexpensive and fast, yet secure solution, is VPN. 

VPN is fast to deploy, is secure, and -- as most finance directors would like -- inexpensive. Do note that VPN is not the best solution when involving latency-sensitive traffic such as VoIP, and videoconferencing. For brevity, I did not include all other ASA configurations such as hostname, domain, and Firewalls. We will only show the VPN configurations and other relevant configuration lines.  

The Scenario: 

A certain Company ‘A’ has a Regional Office Headquarters (RoHQ) in Singapore that needs to access servers and systems deployed to a client in the US. Company ‘A’ has a  contact and support center in the Philippines who also needs to access the system deployed in our US-based client. As is the usual case, both companies agreed that their respective networks should be NAT-ed to a public IP address.

Related Posts Plugin for WordPress, Blogger...