Every now and then, I pull something nerdy on my readers. You all know that I love math. I am not that good at math, but damn, I think it’s a beautiful thing. Some of my idols/role models are mathematicians, like John Allen Paulos, John Nash, Max Planck (of which I loved his work so much I have a tattoo on my arm showing Planck’s constant).

I think last time I dropped math on you was the little Fibonacci sequence I made in PHP. That code was awesome. This time the math was inspired by an image posted on Gizmodo and Credit Card validation. Below is a digit-color-coded image of the cool zebra card I made. (I like doing graphic design <3)

The first digit in yellow is the Major Industry Identifier. Meaning, this is a financial institution for being either a 4 or 5. The yellow and the whole green section is actually the Issuer Identifier Number, or IIN. In our case VISA owns The orange section is the account number of the card holder, and the last digit is a check-sum. This reminds me of ISBN. There was an awesome mathematics book I read ages ago, called In Code, written by a really cute Irish girl who showed you cool things like ISBN and how to determine if it was valid or not.

So, if their method is true about validating the numbers, we can easily write code to produce them all, right? From left to right, double every other number (starting with the first, in our case above would be 1). If the doubled number is two digits in length, you need to add those together. So say we have two of the highest numbers we can have (in base ten) 9 Then our sum is 18. We then add the 1 and the 8 together and get 9 again. :) Easy as pie. Once we have all of our regular and doubled digits, we simply sum them all up, yielding a two digit number. If this two digit number happens to be divisible by ten, then our full credit card number is, indeed, valid!

I did this by starting off with the VISA MII number of my card 443057. Next I generated numbers from 000000000 to 999999999 and each time I generated a number – starting with 000000001 - I would double every other digit starting at the left side. Then I would try each check-sum 0 through 9. By try I mean I actually sum up all of the digits and perform a modulus (number % 10 == 0) of 10 on the full number.

If the modulus returns true, it says “[!] CC# 4430570000000001 is valid.\n”;

Here’s the code, kinda sloppy cos I wrote it right before bed, late last night. It is a proof of concept only. This does nothing, but generate ALL valid card numbers for that particular VISA MII. My card number was generated in under 5 minutes using a 2GHz dual core intel XEON 4MB cache. This algorithm for base 10 validation is called the Luhn Algorithm, and is actually used for IMEI, or International Mobile Equipment Identifier numbers as well! (had to through a little wireless technology in there..)

Anyways, the Wikipedia page from the Luhn Algorithm link I posted above actually has a few implementations of code for 3 various languages. If interested I would recommend peeking into the link!

Have fun, happy hacking!

~Douglas.

WEAKERTHAN 3.1

I am releasing this at 3.1 (not 3) because of a lot of issues I have had with 3. Just to clarify things a bit about the new name that some really have trouble understanding. WEAKERTHAN was the name of the kernel I custom compiled for WeakNet Linux 4. I decided that we (WeakNet Labs) have a linux and that calling it “WeakNet Linux” was just boring. So then I decided that I would use the name of the kernel (in which is the most important part anyways) as the name of the release.

Well, The Beta testers say that the release is good so far! I have added so many patched drivers to the ISO for wireless, that I am sure anyone can now use the OS for Wireless Penetration testing. Below
are the Radios that I have tested and these all work fine:

Starting from the left: the Ubiquity SR71e – ath9k, works perfectly. Next we have a generic Blue Tooth Radio which works great for connections and scanning from the BT stack provided by the 2.6.37 kernel. Above that, I have an Intel 6200N wireless N half mini PCI adapter – which works great, but does not create VAPs. If you have this (quite popular) adapter and you want to put it into monitor mode you will be presented with an ALERT which you run Airmon-ng. You need to actually use “iwconfig wlanX mode monitor” and put the actualy device into monitor mode, which works fine with my driver. Next we have the ever-so-popular B43 device. I have the Legacy B43 and new B43 firmwares available in /var/firmware and you can inject VERY well with these cards! Next is an old Centrino device ipw2200 device, which also works fine. The next device is a giat USB dongle which is a Linksys WUSB54GC, which will inject and monitor mode just fine with the pre-built rt73usb drivers I added to the ISO. Now the PCMCIA (flat long device) is an SMC Atheros based card which works perfectly with either the patched madwifi or ath5k drivers for injection and monitor mode! The next two devices are essentially the same using the RTL8187 drivers (patched) which inject perfectly at good rates. The only thing that kinda sucks about these devices is the sensitivity, which is insanely high on the Ubiquity device and the Intel N device!! Above all is a BU-353 Prolific driver device for GPS. This works great with Airodump-ng, xgps, and more!!

The kernel is somewhat of a mutt. As you can see above, i had to mix things up and give you both the IEEE80211 and MAC8011 wireless networking stacks. I also had to disguise it [the kernel version number] to make it okay by AUFS standards as there wasn’t a kernel patch for 2.6.37 yet.

This release is so packed with software that I even included Java JRE and things that you all asked for, like vim, xmms2, gxmms2, peach fuzzer, gnome-terminal, Armitage, Android Hacks, I completely setup PostGRESQL to play nicely with Metasploit and FastTrack for you, SET, NVIDIA 260.x.x drivers and libs, CUDA libs, out-of-the-box Pyrit Ship setup and more! Pretty much any large framework I felt was too bloated for the “Lite” distros was packed into this ISO!

I plan on releasing it in the near future, for now though, I will continue to try to perfect the ISO with custom scripts applications and more. If your radio is not listed above, it will still probably work since I added every driver available that was streamlined into the kernel. I even built the drivers for MadWiFi, RTL8191SE PCI-E (thanks Vire!), latest spec-tools for spectrum analyzer’s from MetaGeek, custom compiled GPSd, compat-wireless, and much, much more.

Send me your comments!! post them here!! what else can I cram into this ISO? (which is 1.3GB now, BTW)

~Douglas

I think I will make this a ritual – to add freebies and books I find online. Most of which pertain to the Twitter INFOSEC post by the way ;)

Radio Frequency Mathematics Paper

The first I’d like to mention is the Math Physics for the RF Engineer paper distributed by WirelessProfessionals.com

http://wirelesslanprofessionals.com/wp-content/uploads/2010/01/Math-Physics-for-the-RF-Engineer-Joe-Bardwell.pdf

This is amazing! It’s written by the Connect802′s Joseph Bardwell, is the president and Chief Scientist of the Connect802 corporation. This guy is a walking breathing dictionary of 802.11 standards and practices. He knows the protocol and science used inside and out. Not to mention, the math and such in this paper is easy enough to follow and you really get a grip on how the RF signals interact with the environment as they traverse through space. Awesome and FREE!

Free WiFi Hacking Course

This is a bit dated, but it’s FREE none-the-less! This is a HUGE set of PDF files that covers (mainly Windows) different methods of hacking wireless and wireless network penetration.

http://wirelesslanprofessionals.com/wireless-lan-penetration-testing-course/?utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed%3A+wirelesslanprofessionals+%28Wireless+LAN+Professionals+%C2%BB+All+Incl.%29&utm_content=Twitter

Geez, what an unsightly URL? Anyways, I read through it, it’s not bad, but I wouldn’t really find myself using Windows to do this, because I feel it’s a bit clunky.

CWAP Full Book in PDF Format

This is deep. Can’t afford Offensive Securities OSWP? Get your hands on this free book (requires you make a free account).

https://www.cwnp.com/index/training/freeresources

Read it, and go through all the questions, then spend as much time as possible doing these simple wireless hacking techniques and studying packet capture outputs at the Aircrack-NG website.

http://www.aircrack-ng.org/documentation.html

And those resources put together come pretty darn close to the study material for OSWP. OSWP is a bit better as you get access to a lab for hacking, and Mati and Thomas put a lot of effort in explaining very deeply the wireless packet capture analysis methodology used by professionals.

Connect802 – Free Literature

Need more for free? Can’t seem to get enough study material to hold you over and learn from? Well, try this link.

http://www.connect802.com/literature.htm

More free literature from the Chief Scientist at Connect802!

Books – Amazon

I just ordered “Hacking Exposed – Wireless” from Amazon and am looking forward to reading, testing and reviewing it. It was actually just revised back in July to be up to date. If you go to the link I pasted, you can actually read some of the book right on Amazon, and it seems pretty cool.

I just finished up the CWSP (Certified Wireless Security Professional) and feel comfortable reading the rest of the amazing books released by CWNP! Including CWNA, and CWTS. Not that I am really interested in the certifications, I just love the in depth material that goes into these study guides. They are easy to follow and great for just expanding on the WiFu you would already know.

This Wardriving book called “Wardriving and Wireless Penetration Testing” looks pretty nice and probably will be my next splurge on Amazon.

I hope this feeds the flames! if you haven’t read my post on Twitter being a central hub on INFOSEC news and multimedia, read it now!

~Douglas.

I started learning Ruby a while ago, but never got into Rails. When I finally decided to install and use Rails, man, I ran into a ton of errors! The error message you see below, confused me for about 10 minutes this morning – lack of coffee?

Could not find gem 'sqlite3-ruby (>= 0, runtime)' in any of the sources. and would not run my rails server on port 3000.

Then I tried to use gem and bundle to install sqlite3-ruby but got these errors stating that my sqlite3 libraries (you know, all that stuff that gets thrown into either /usr/lib or /usr/local/lib ?) were old :(

sqlite3-ruby only supports sqlite3 versions 3.6.16+, please upgrade!

Well, the only version in aptitude is 3.6.1 er something. So we will have to compile via source code! Here is my quick fix, remove the aptitude precompiled version of sqlite3-ruby and sqlite.

apt-get remove sqlite3-ruby sqlite3

Then, install Rails env:

apt-get install ruby rails rubygems
gem1.8 update


Next we are going to install the latest sqlite3 via source!


wget http://www.sqlite.org/sqlite-autoconf-3070400.tar.gz
apt-get build-dep sqlite3
tar vvvvvxzf sqli*
cd sqli* && ./configure
make && make install
cp /usr/local/lib/libsqlite3.* /usr/lib/
ldconfig


Now, install the Ruby gem to interact with your shiny new SQLite3:


bundle install sqlite3-ruby

To test this, go into a directory accessible via the web, like the Apache2 default “/var/www/” and do:

rails new testapp
./testapp/scripts/rails server

and point yer browser to your website (or localhost) at port 3000. You should then see this, if all went well:

~Douglas

The article “Bash Bash Bash!” has made it’s way into the new release of 2600 (Winter 2011).

It’s main purpose is supposed to be more motivational than technical. I didn’t have many passionate teachers when I was going up and those I did have really seem to stick out in my memory. Teachers who have passion for the subjects they are teaching can really impact a person’s life in many ways by inspiration. In fact, all of the subjects taught, by the few inspirational teachers I did have, I regarded with respect and gave them more time and consideration as they played an important role throughout my life.

I’d like to personally thank all of the teachers that really inspired me. I wouldn’t be who I am if it weren’t for your inspiration as my mind was still developing.

Along the way, I talk a little about Bash 4.x and how some of the simplest things around you can be amazing. Bash and the terminal reserve a great power that few have the will to master, even computer science majors!

Teach with passion, be inspiring, and most importantly, be yourself while you teach. Students really look up to you and you have the power to push someone into success, personal success, and even doing extreme good for the rest of us. Obviously, you are a teacher for a reason besides the pay and summer vacations?

~Douglas.