Showing posts with label wireless. Show all posts
Showing posts with label wireless. Show all posts

Friday, October 23, 2015

cracking wireless wep router encryption

Recently I noticed one of my neighbor router encryption is using WEP and I thought maybe to spend sometime to aircrack it. Googling shown many articles that teach you on how to gain access to wireless router that using WEP as the encryption standard. In this article, I mainly reference this article and running this on my linux workstation.

With that said, let's begin. Install aircrack-ng package that contain essentials applications that sniff the air traffic and crack it.

 root@localhost:~# apt-get install aircrack-ng  
 Reading package lists... Done  
 Building dependency tree      
 Reading state information... Done  
 The following packages were automatically installed and are no longer required:  
  libgee2 libmono-2.0-1 libmono-2.0-dev libmono-accessibility4.0-cil libmono-c5-1.1-cil libmono-cecil-private-cil libmono-codecontracts4.0-cil  
  libmono-compilerservices-symbolwriter4.0-cil libmono-cscompmgd8.0-cil libmono-custommarshalers4.0-cil libmono-db2-1.0-cil libmono-debugger-soft2.0a-cil  
  libmono-debugger-soft4.0a-cil libmono-entityframework-sqlserver6.0-cil libmono-entityframework6.0-cil libmono-http4.0-cil libmono-ldap2.0-cil  
  libmono-ldap4.0-cil libmono-management2.0-cil libmono-management4.0-cil libmono-messaging-rabbitmq2.0-cil libmono-messaging-rabbitmq4.0-cil  
  libmono-messaging4.0-cil libmono-microsoft-build-engine4.0-cil libmono-microsoft-build-framework4.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil  
  libmono-microsoft-build-utilities-v4.0-4.0-cil libmono-microsoft-build2.0-cil libmono-microsoft-build4.0-cil libmono-microsoft-visualc10.0-cil  
  libmono-microsoft-web-infrastructure1.0-cil libmono-microsoft8.0-cil libmono-npgsql2.0-cil libmono-npgsql4.0-cil libmono-opensystem-c4.0-cil  
  libmono-oracle2.0-cil libmono-oracle4.0-cil libmono-parallel4.0-cil libmono-peapi2.0a-cil libmono-peapi4.0a-cil libmono-profiler libmono-rabbitmq2.0-cil  
  libmono-rabbitmq4.0-cil libmono-relaxng2.0-cil libmono-relaxng4.0-cil libmono-sharpzip2.6-cil libmono-simd2.0-cil libmono-simd4.0-cil  
  libmono-system-componentmodel-composition4.0-cil libmono-system-componentmodel-dataannotations4.0-cil libmono-system-configuration-install4.0-cil  
  libmono-system-data-datasetextensions4.0-cil libmono-system-data-linq4.0-cil libmono-system-data-services-client4.0-cil  
  libmono-system-data-services2.0-cil libmono-system-data-services4.0-cil libmono-system-design4.0-cil libmono-system-drawing-design4.0-cil  
  libmono-system-dynamic4.0-cil libmono-system-identitymodel-selectors4.0-cil libmono-system-identitymodel4.0-cil  
  libmono-system-io-compression-filesystem4.0-cil libmono-system-io-compression4.0-cil libmono-system-json-microsoft4.0-cil libmono-system-json2.0-cil  
  libmono-system-json4.0-cil libmono-system-ldap-protocols4.0-cil libmono-system-ldap2.0-cil libmono-system-ldap4.0-cil libmono-system-management4.0-cil  
  libmono-system-messaging4.0-cil libmono-system-net-http-formatting4.0-cil libmono-system-net-http-webrequest4.0-cil libmono-system-net-http4.0-cil  
  libmono-system-net2.0-cil libmono-system-net4.0-cil libmono-system-numerics4.0-cil libmono-system-reactive-core2.2-cil  
  libmono-system-reactive-debugger2.2-cil libmono-system-reactive-experimental2.2-cil libmono-system-reactive-interfaces2.2-cil  
  libmono-system-reactive-linq2.2-cil libmono-system-reactive-observable-aliases0.0-cil libmono-system-reactive-platformservices2.2-cil  
  libmono-system-reactive-providers2.2-cil libmono-system-reactive-runtime-remoting2.2-cil libmono-system-reactive-windows-forms2.2-cil  
  libmono-system-reactive-windows-threading2.2-cil libmono-system-runtime-caching4.0-cil libmono-system-runtime-durableinstancing4.0-cil  
  libmono-system-servicemodel-activation4.0-cil libmono-system-servicemodel-discovery4.0-cil libmono-system-servicemodel-routing4.0-cil  
  libmono-system-servicemodel-web4.0-cil libmono-system-servicemodel4.0a-cil libmono-system-serviceprocess4.0-cil  
  libmono-system-threading-tasks-dataflow4.0-cil libmono-system-web-abstractions4.0-cil libmono-system-web-dynamicdata4.0-cil  
  libmono-system-web-extensions-design4.0-cil libmono-system-web-extensions4.0-cil libmono-system-web-http-selfhost4.0-cil  
  libmono-system-web-http-webhost4.0-cil libmono-system-web-http4.0-cil libmono-system-web-mvc1.0-cil libmono-system-web-mvc2.0-cil  
  libmono-system-web-mvc3.0-cil libmono-system-web-razor2.0-cil libmono-system-web-routing4.0-cil libmono-system-web-webpages-deployment2.0-cil  
  libmono-system-web-webpages-razor2.0-cil libmono-system-web-webpages2.0-cil libmono-system-windows-forms-datavisualization4.0a-cil  
  libmono-system-windows-forms4.0-cil libmono-system-windows4.0-cil libmono-system-xaml4.0-cil libmono-system-xml-serialization4.0-cil  
  libmono-tasklets2.0-cil libmono-tasklets4.0-cil libmono-webbrowser4.0-cil libmono-webmatrix-data4.0-cil libmono-windowsbase3.0-cil  
  libmono-windowsbase4.0-cil libmono-xbuild-tasks2.0-cil libmono-xbuild-tasks4.0-cil libmonoboehm-2.0-1 libmonoboehm-2.0-dev libmonosgen-2.0-1  
  libnunit-cil-dev libts-0.0-0 libts-0.0-0:i386 libupower-glib1 linux-image-amd64 mono-2.0-service mono-4.0-service mono-csharp-shell mono-jay mono-utils  
  mono-xbuild monodoc-base monodoc-browser monodoc-manual python-gtksourceview2 python3-packagekit tsconf  
 Use 'apt-get autoremove' to remove them.  
 The following extra packages will be installed:  
  ieee-data  
 The following NEW packages will be installed:  
  aircrack-ng ieee-data  
 0 upgraded, 2 newly installed, 0 to remove and 523 not upgraded.  
 Need to get 1,244 kB of archives.  
 After this operation, 5,914 kB of additional disk space will be used.  
 Do you want to continue? [Y/n] Y  
 Get:1 http://cdn.debian.net/debian/ unstable/main aircrack-ng amd64 1:1.2-0~beta3-4 [435 kB]  
 Get:2 http://cdn.debian.net/debian/ unstable/main ieee-data all 20141019.1 [809 kB]  
 Fetched 1,244 kB in 5s (228 kB/s)   
 Selecting previously unselected package aircrack-ng.  
 (Reading database ... 325525 files and directories currently installed.)  
 Preparing to unpack .../aircrack-ng_1%3a1.2-0~beta3-4_amd64.deb ...  
 Unpacking aircrack-ng (1:1.2-0~beta3-4) ...  
 Selecting previously unselected package ieee-data.  
 Preparing to unpack .../ieee-data_20141019.1_all.deb ...  
 Unpacking ieee-data (20141019.1) ...  
 Processing triggers for man-db (2.7.0.2-5) ...  
 Setting up aircrack-ng (1:1.2-0~beta3-4) ...  
 Setting up ieee-data (20141019.1) ...  

okay, the package installed successfully. Next you need to turn the wireless interface to monitor mode and so the interface can intercept any wireless traffic nearby.


As you can read above, I have stop network-manager and so my interface will not automatically connect to my wireless router. In this example, I use one of my wireless interface for this learning adventure. Once the wireless interface is turned into monitor mode, you can start to dump the air traffic using the command airodump-ng .




Identify any wireless router that use WEP encryption protocol, and then start another terminal to write all these traffics into a tcpdump file. You can do that using the command airodump-ng -c 6 -w data-capture wlan0 .


Next, you can inject (send traffic) more packets to the identified router using aireplay . As you can see below, I experiment with a few aireplay parameter and you should too.




If your neighbour WEP wireless router is an active users, airodump-ng should be able to capture sufficient of initialization vectors(IVs) for your next aircrack command. I suggest you leave over few hours to collect maybe 10k of IVs and run this tcpdump capture with a powerful cpu.



That's it. Good luck, have fun and be good.



Sunday, October 11, 2015

How to install D-Link DWA-123 Wireless N 150 adapter in debian

Today I got myself a new wireless usb device. Pricing for D-Link DWA-123 wireless N 150 is very affordable and only at 17MYR (01 september 2015) in local computer store. So I got myself a unit and try out, and it's working fine after more than ten days. I will share with you how do I install this unit in linux debian.


If you are using kernel 4.0 or above, the module should come together with the kernel. You can identify below and you plug the device into the usb port.

 root@localhost:~# modinfo r8188eu  
 filename:    /lib/modules/4.0.0-2-amd64/kernel/drivers/staging/rtl8188eu/r8188eu.ko  
 version:    v4.1.4_6773.20130222  
 author:     Realtek Semiconductor Corp.  
 description:  Realtek Wireless Lan Driver  
 license:    GPL  
 srcversion:   A3DA328AE8853D31D90212F  
 alias:     usb:v0DF6p0076d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v2001p3311d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v2001p3310d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v2001p330Fd*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v07B8p8179d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v056Ep4008d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v0BDAp0179d*dc*dsc*dp*ic*isc*ip*in*  
 alias:     usb:v0BDAp8179d*dc*dsc*dp*ic*isc*ip*in*  
 depends:    usbcore  
 staging:    Y  
 intree:     Y  
 vermagic:    4.0.0-2-amd64 SMP mod_unload modversions   
 parm:      rtw_ips_mode:The default IPS mode (int)  
 parm:      ifname:The default name to allocate for first interface (charp)  
 parm:      if2name:The default name to allocate for second interface (charp)  
 parm:      rtw_initmac:charp  
 parm:      rtw_channel_plan:int  
 parm:      rtw_chip_version:int  
 parm:      rtw_rfintfs:int  
 parm:      rtw_lbkmode:int  
 parm:      rtw_network_mode:int  
 parm:      rtw_channel:int  
 parm:      rtw_wmm_enable:int  
 parm:      rtw_vrtl_carrier_sense:int  
 parm:      rtw_vcs_type:int  
 parm:      rtw_busy_thresh:int  
 parm:      rtw_ht_enable:int  
 parm:      rtw_cbw40_enable:int  
 parm:      rtw_ampdu_enable:int  
 parm:      rtw_rx_stbc:int  
 parm:      rtw_ampdu_amsdu:int  
 parm:      rtw_lowrate_two_xmit:int  
 parm:      rtw_rf_config:int  
 parm:      rtw_power_mgnt:int  
 parm:      rtw_smart_ps:int  
 parm:      rtw_low_power:int  
 parm:      rtw_wifi_spec:int  
 parm:      rtw_antdiv_cfg:int  
 parm:      rtw_antdiv_type:int  
 parm:      rtw_enusbss:int  
 parm:      rtw_hwpdn_mode:int  
 parm:      rtw_hwpwrp_detect:int  
 parm:      rtw_hw_wps_pbc:int  
 parm:      rtw_max_roaming_times:The max roaming times to try (uint)  
 parm:      rtw_fw_iol:FW IOL (int)  
 parm:      rtw_mc2u_disable:int  
 parm:      rtw_80211d:Enable 802.11d mechanism (int)  
 parm:      rtw_notch_filter:0:Disable, 1:Enable, 2:Enable only for P2P (uint)  
 parm:      debug:Set debug level (1-9) (default 1) (int)  
 root@localhost:~# dpkg -S /lib/modules/4.0.0-2-amd64/kernel/drivers/staging/rtl8188eu/r8188eu.ko  
 linux-image-4.0.0-2-amd64: /lib/modules/4.0.0-2-amd64/kernel/drivers/staging/rtl8188eu/r8188eu.ko  

If you get the following message in your syslog,

 Sep 1 19:12:33 localhost kernel: [ 385.525522] r8188eu 1-1.1.2.3:1.0: firmware: failed to load rtlwifi/rtl8188eufw.bin (-2)  
 Sep 1 19:12:33 localhost kernel: [ 385.525530] r8188eu 1-1.1.2.3:1.0: Direct firmware load for rtlwifi/rtl8188eufw.bin failed with error -2  
 Sep 1 19:12:33 localhost kernel: [ 385.525534] r8188eu 1-1.1.2.3:1.0: Firmware rtlwifi/rtl8188eufw.bin not available  
 Sep 1 19:12:33 localhost kernel: [ 385.525539] MAC Address = 00:00:00:00:00:00  

What you need to do next is to install the firmware. The firmware is in the repository and you can install as easy as apt-get.

 root@localhost:~# apt-get install firmware-realtek  

Now the userspace application should be able to identify the device correctly. I am using gnome so, it is detected as USB Wi-FI. Note that I have an existing pci wifi as shown in the screenshot below.


Try out to device to retrieve the IP address etc. If you get your wireless to a funky name such as wlxc412f52da87d , then you can create a rule in the udev configuration file.

 # cat /etc/udev/rules.d/70-persistent-net.rules  
 # This file was automatically generated by the /lib/udev/write_net_rules  
 # program, run by the persistent-net-generator.rules rules file.  
 #  
 # You can modify it, as long as you keep each rule on a single  
 # line, and change only the value of the NAME= key.  
   
 # PCI device 0x0000:0x0000 (atl1c)  
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:00", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"  
   
 # PCI device 0x0000:0x0000 (brcm80211)  
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:0", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"  
   
 # USB device 0x0000:0x0000 (r8188eu)  
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:00:00:00:00:00", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan1"  

As you can see above, PCI device my existing device and you should add another line similar to the above. You need to replace ATTR{address} value to your device mac address. When the operating system bring up this device, it will be renamed to wlan1 instead of a random interface name next time.