WiFu Weekend 1 was so much fun! We explored many regions of WiFi hacking; one being softAP’s. None of these videos were released before by WeakNet, meaning, I explored new territories for the first time and am simply sharing that experience with you. These can all be easily set up in a small network lab including 1 AP, 2 laptops, and a DSi. Hope you enjoy!

Episode 1: Airbase-NG In this first episode we do just that. I start off by talking about how i think it works, then give an example as to use it in a network penetration test. (Music by Reso)

Episode 2: Next we perform a straight-away Wireless Penetration and client attack. (Music by Reso)

Episode 3: We sniff WEP encrypted traffic and decrypt it using only Wireshark. Wireshark is such an amazing utility to use during a Penetration Test in the lab. (Music by Eluveitie)

Episode 4: AirPWN on a WEP encrypted network: (music by Limewax)

Episode 5: The sad flaw that prevents us from using the Nintendo DSi XL in the Lab as a “real” network node.

All of these videos were made using an Alpha USB adapter and WeakNet Linux Version 4.1k
~Douglas.

OMG PWNIES!

BlackHat Life got in there! I saw the tweet from HDmoore on Twitter about the nominations and I usually don’t follow the links, but i did – and was surprised <3

http://pwnies.com/nominations/

Click here for my music!

Vote For Me!!

Thank you!

~Douglas

It’s our 5yr Anniversary!

Well, it’s about that time. 5 years ago, I broke my first WEP key with one Million IV’s, a Gateway 3040gz, a Nintendo DS, and a Dlink Router in my home. To celebrate, I am displaying the video that started it all for me. The original, by Christophe Devine himself. Moskau!

Thanks for joining us on our journey, it definitely doesn’t end here!
Download High Quality SWF version HERE. 5,422,00k (Requires Flash player)
This video is re-distributable under the GNU License.
~Douglas.

Well, I just got back from New York City! I attended the HOPE (Hackers On Planet Earth) conference and it was awesome! It was my first time in NYC so I did some touristy things too, like visting Empire State (which was closed), Nintendo World HQ of America, Rockefeller Center, 7th ave (with all the huge TV screens everywhere) and more. The HOPE conference was cool, I stayed at the hotel next door, Affinia (who decided to charge me twice for my stay, by mistake) as Hotel Pennsylvania was full. I got about 6 hours sleep total in 3 days, spent $1000 somehow, and got to meet some online friends.

The Conference registration was on the first floor where they gave you a cool light up badge that was a circuit board solder project itself. Mine didn’t have solid state components on it, so i got them and added them myself, by laying them in the right spots then laying the pcb onto the coffee maker in my Hotel Room.

We had a Mezzanine on the second floor, where I met a lot of vendors and saw a lot of cool stuff for sale. And a cool Lockpicking session was going it seemed almost the whole time I was there! And all talks where given on the 18th floor, where they also sold exclusive HOPE products and DVD’s from Shmoocon and HOPE.

The talks where great, but overcrowded. Hotel PA seems to be too small for a conference this big. but I finally attended my first Social Engineering session with Emanuel, Kevin Mitnick, a guy who had a dog and said the cops let him off of a tick cos he had a dog, a girl who complained about the vulnerabilities of a hugely open social networking site called Facebook, and a guy who said he tricked his college into letting him register late named “Not Kevin.”

When I met Kevin I asked him about his next book, the one that will really explain what he did when he was a fugitive. He said one year! I am dying to read that book. He is a great author with a cool sense of style and humor that you can only find with other computer geeks.

I met up with Murd0c and DrLight, Hektik and his GF, Kurt Cocaine and iBall,

Cessna, RogueClown (who gave a talk on being nice to n00bs), RTF (who was passed out at 2:30pm in iBall’s room, and made all of the awesome artwork for the convention), afreak (who gave a talk on Brilliant exploits). And I also finally met Kevin Mitnick, Emanuel Goldstein, Bernie S, Ed Piskor (creator of the Wizzywig comics (from Pittsburgh too!)) and more. Oh, and I saw one (1) guy from HackPGH (Pittsburgh Hacker Space) who said no one else from HackPGH came, and he was probably only there cos he writes weblogs for Make magazine. I have missed all of you and am glad to have spent my first time in NYC with my hacker friends!

All in all, it was great security conference, but I felt that my small venture to the worlds biggest city, was about meeting friends and having a good time basking in the “river of darkness beneath the neon lights.” A special thanks has to go out to iBall for calling my Friday morning and being inspirational, then dragging me around to cool things, and Murd0c for tagging all the people I didn’t know in my FaceBook album!

I can’t wait to see you all at the next Shmoocon in (Feburary 2011?)! That means YOU Brad Carter.

As technology changes, we should keep a good eye on those technologies we love. At WeakNet Labs, we love WiFi (and especially Atheros!)! WiGig is a group of engineers that produced the first 60GHz wireless PCIe device. More and more talk is going around since the WiGig group joined up with the WiFiAlliance about triband devices that do 2.4GHz, 5GHz, and now 60GHz, and now we read that Atheros and Wilocity have “embraced” the new technology. The new, to us consumers, unlicensed 60GHz band can deliver speeds up to 7Gbps! This is about nine or ten times faster than the fastest wireless N devices of today, and competes with Wireless HD devices. Here is a cool article that includes the press release of WiGig’s device:
Engadget Story on WiGig Here is the Wikipedia page for more learning resources: Wikipedia WiGig article

I have successfully implemented a script to secure a WEP enabled router. This is my very first application written for a router. This is meant for organizations in which they are forced to use WEP due to technology restrictions. A new dedicated page has been put into place:
http://weaknetlabs.com/SSWR

There you will find a full PDF document on the whole process and background, videos, and soon the code itself.

I apologize for the sound quality of my voice, I recorded the sound with a 24″ iMac’s built in iSight microphone.

The PDF:

Enjoy!
~Douglas.

If you can’t get the GUI applications working and your wifi attached to your router that is WPA/WPA2 enabled, then you can do it by hand. WPA_Supplicant is a command line utility that is incredibly easy to understand and use. Check your wifi adapter with the following command:

iwconfig

If your adapter requires some weird, obscure driver to function properly, and you know this, then shame on your for not submitting when i pleaded for people to submit drivers and applications to submit. Anyways, get the driver and install it. I have jam packed a lot of drivers into WNLAv4.1k, and I finally included madwifi-ng. To use it, simply do:

modprobe ath_pci

If you are using that driver and would like to load a different driver, say ath9k, do this:

rmmod ath_pci
modprobe ath9k

Once you have your driver of choice, follow the directions I have written out, with screenshots in the following tutorial:

WPA_Supplicant with WeakNet Linux 4+ PDF

I certainly Hope this finally helps those who are still having trouble.

~Douglas.

BackTrack 4+ and WiFiCake-NG

Instructions have been added to the WiFiCake-NG Page here to install the application on BackTrack 4 and up. BackTrack 4 + WiFiCake-NG It’s rather straight foreword, if you were to not install the dependencies you would get Perl errors that simply told you to. This method will probably work with Ubuntu 10+ too.

My Business Cards Came!

I’m not sure the hell i’ll do with them, but they look damn cool!
~Douglas.

I am proud to say that, this weekend, I passed the OSWP certification exam from Offensive Security! (notice the cool label in our header). I would highly recommend this course to anyone seeking a better understanding about wireless hacking. The coursework and materials were amazing, the videos were clear and in depth, the test was a good challenge – as you actually get to hack – and most importantly, all of it was an insane amount of fun. Having fun is what made the course, or any course, worth while in my opinion. I just wish I had the cash to take the other tests too!

~Douglas Berdeaux OSWP.

Thanks for all the feedback! The new tarball can be found here: WiFiCake-NG Main Page
New additions:

1. Automatic PDF Wireless Penetration Test Report Generation
2. Smart mass de-authentication
3. Signals window
4. OUI check and logos in Signals WIndow
5. OUI Logos in PDF
6. Fixed Clients issue in PDF generation
7. Channel locking and BSSID Locking onto target AP
8. Automatic Channel retrieval, if not specified.
9. Better support for rt73 && rt73USB drivers
10. Cursor logos for de-auth, and refresh
11. general clean up of code.

Thanks again!
~Douglas