Maintenance …

… I’ll be back soon …

Backtrack4-PreFinal : Network Mapping with Kismet-Newcore + Giskismet + Google Earth

Network mapping is another cool additional tools inside BT4. By using certain supported GPS hardware, this can provide us better positioning coordinates and smooth running with the Kismet mostly. My working environment is BT4-PF under Vmware Workstation with NAT connection. The setup includes Alfa AWUS036H and GPS BU-353. Credit to vvpalin.

First step, install & update your BT4PF ?
Open shell console,
root@bt:~# apt-get update
root@bt:~# apt-get upgrade

After getting everything updated, lets make sure our hardware are well connected,
root@bt:~# lsusb

Update BT4PF

Of course everything (Kismet-Newcore + Giskismet) will be automatically installed except Google Earth. Open up your browser, download the Google Earth. We install our Google Earth and make sure the binary path assign to /usr/bin
root@bt:~# sh GoogleEarthLinux.bin

Download Google Earth

Installing Google Earth

Second step, get your GPS and Kismet running ?
So let get started by firing up our GPS BU-353,
root@bt:~# gpsd -N -n -D 3 /dev/ttyUSB0

Running GPS

If you have problem to understand the command, try this,
root@bt:~# gpsd –help

GPSD help

Run our kismet,
root@bt:~# kismet

You may adjust some configuration,

Click OK

Select YES

Uncheck Logging and Show Console

Select YES and choose your card, ei ; wlan0

Third step, the output ?
You may drive around to do some scanning in your area or anywhere you like. Once you done and satisfy with it, it is time to look over on our Google Earth, but before that, we need to parse the xml file.
root@bt:~# giskismet -x Kismet-*******.netxml

Then make a kml output.
root@bt:~# giskismet -q “select * from wireless” -o output.kml

Open your output.kml through Google Earth. There you go.

Indonesian hackers attack Malaysian websites ???

They claim to hit 120 sites, due to stealing of cultural item and the abuse of Indonesian workers ?? Reported by Jakarta Globe.

1.

A statement on a Blogspot blog titled “Terselubung” says that a number of Malaysian websites have been hacked and defaced to “celebrate” Malaysia’s Merdeka Day, two days ago.

“Today, August 31, 2009, an uncreative country, a country who likes to steal Indonesian culture, a country whose citizen is the mastermind of bombings in Indonesia, a country who harassed Indonesia on the Internet… a country which received their independence from Britain, is celebrating its anniversary,” the website stated.

The site then listed in excess of 120 Internet addresses, including domains for Malaysian educational and tourism pages, reported the Jakarta Globe.

Each link, when clicked, opened to a page with flashing graphics of the Indonesian flag and a statement that the site has been “hacked by Indonesia”.

Source : http://www.themalaysianinsider.com/index.php/malaysia/36621-indonesian-hackers-attack-malaysian-websites

2.

JAKARTA: Sekumpulan penggodam komputer Indonesia kelmarin mendakwa menyerang beberapa laman web Malaysia, insiden terbaru yang membayangkan kehampaan berterusan selepas Kuala Lumpur didakwa menggunakan tarian tradisi republik itu untuk mempromosi pelancongannya.

Satu kenyataan dihantar ke sebuah blog bertajuk “Terselubung” berkata beberapa laman web Malaysia digodam dan dicacatkan.

Source : http://www.bharian.com.my/Current_News/BH/Wednesday/Dunia/20090902100201/Article/index_html

Flash Linksys WRT54GL 1.1 to DDWRT under Vista

What is DDWRT?
DD-WRT is a Linux based alternative OpenSource firmware suitable for a great variety of WLAN routers and embedded systems.

Why do you need to change firmware from original Linksys to DDWRT?
Allow us to repeat wifi or boost your wireless signal.

What is/are the risk to changing your router firmware?
You may brick you router and your warranty will go off by changing the firmware other than Linksys firmware.

How do I flash my WRT54GL 1.0/1.1 under Vista OS?
You may refer How-To Flash Your WRT54GL Under Vista. Register to forum to view content

Fake AP video is Up !!!

Another method to gain Wifi keys, credit to hm2075

Working environment?
My working environment is under VMware between BT4-Beta and WindowsXP SP3.

Where can I get the video?
Its HERE

**Update** (Aug 2009)
Automated Non-Transparent Fake AP can be found HERE. (Register to forum to view content)

Backtrack4-Beta : USB Installation With Persistent Changes

A lot people have trouble with their Backtrack that save changes their settings after reboot the system from a thumb drive. I do have the same problem and here is a ‘how-to’ to make a persistent changes inside my USB thumb drive instead of putting *.lzm file/s into modules folder.

What is your working environment and setup?
My working environment is under Vmware Workstation 6.5.2 with Backtrack4 installed. This is the best choice for me since my laptop have trouble to boot from a Backtrack Live-CD, somehow, it does not make any difference of command between Live-CD or from the VMware with Backtrack3/4. The setup includes 2 USB drives. My first USB thumb drive is 8GB and the content are boot and BT4 folder which I extract and copied from the original bt4.iso. The other thumb drive is my 2GB USB which where the Backtrack4 will be installed to.

First step, make partition?
Load your Backtrack, open the shell console and look over the connected device with fdisk.

Our motive is to install the Backtrack4 into 2GB USB thumb drive, which is identified as sdc. We need to make 2 partition on this 2GB thumb drive with FAT32 and EXT2 format respectively. Our FAT32 will keep the boot and BT4 folder and EXT2 is the one that will keep our changes soon.

Now, we have to delete the /dev/sdc1 partition and create a new partition for it.

root@bt:~# fdisk /dev/sdc
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1936, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1936, default 1936): +1024M
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
Command (m for help): a
Partition number (1-4): 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (1042-1936), default 1042):
Using default value 1042
Last cylinder, +cylinders or +size{K,M,G} (1042-1936, default 1936):
Using default value 1936
Command (m for help): w
The partition table has been altered

You may recheck again, with fdisk -l,

After the partition is created, we are going to change the linux partition to ext2.

root@bt:/# mkfs.ext2 /dev/sdc2
root@bt:/# mkdir -p /mnt/sdc2
root@bt:/# mount -t ext2 /dev/sdc2 /mnt/sdc2
root@bt:/# mkdir /mnt/sdc2/changes

Second step, copy the files?
The first partition, FAT32, will keep the boot and BT4 folder. So we have to copy those files from 8GB drive to /dev/sdc1

root@bt:/# mkdosfs -F 32 /dev/sdc1
root@bt:/# mkdir -p /mnt/sdc1
root@bt:/# mount -t vfat /dev/sdc1 /mnt/sdc1
root@bt:/# cp -Rf /mnt/sdb1/boot/ /mnt/sdc1/
root@bt:/# cp -Rf /mnt/sdb1/BT4/ /mnt/sdc1/

The copy process will take some time, so be patient.

Final step, making our 2GB bootable and keep the changes?
root@bt:/# chmod +Xx /mnt/sdc1/boot/syslinux/lilo
root@bt:/# chmod +Xx /mnt/sdc1/boot/syslinux/syslinux
root@bt:/# nano /mnt/sdc1/boot/syslinux/syslinux.cfg

Now, append our changes for the EXT2 partition we created before. For example ;

LABEL BT4 Beta – Modified Version By Vpoint7@DeathOwl
KERNEL /boot/vmlinuz
APPEND vga=0×317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet changes=/dev/sdb2

Attention to the changes=/dev/sdb2, I have chosen sdb2 because on the next boot, the 8GB thumb drive will be removed leaving our 2GB stick on and boot up. Continue on to complete the setup.

root@bt:/# ln -sf /bin/bash /bin/sh
root@bt:/# sh /mnt/sdc1/boot/bootinst.sh
root@bt:/# reboot

Lets boot from our 2GB stick, make a file on your desktop. Reboot and check it out. Its still there !!

PCFair April’09

PC-Fair ‘09 is the largest PC exhibition in Malaysia, every year. Nothing much has change, but this year, the different seen is the broadband service. Instead of cellphone broadband (Digi, Maxis & Celcom), there are Wimax, Izzinet, & Streamyx on the air. What’s new is only Wiggy.

My previous post was Laptop Tracking, this time I saw another commercial program, known as Inspice-Trace. Lets hear it ;

Promoter : Laptop tracking … laptop tracking program … laptop tracking program …

Me : May I have a look on your product ?

Promoter : Yes, please. We are giving away a free one month subscription with our product. It is only Rm2 for one month use.

Me : What kind of packages do you offered ?

Promoter : We have 1 year subscription and 3 years subscription & the price is Rm90 and Rm150 respectively. This offer only available during PCfair.

Me : May I get the same activation price for next time ?

Promoter : I’m not sure about that, maybe you have to wait another PCfair exhibition. Your second time subscription will return to its original prices, Rm119 and Rm229 (Standard & Enterprise).

Me : How is this program working ?

Promoter : You have to install the program in your laptop once, enter the subscription serial number inside the cd. Once the program is install, there is no way it can be trace down. If someone/theft try to format the OS, the program will prevent it and the serial key will be asked. It can’t be removed unless the correct key is entered.

Me : How did it trace the stolen laptop ?

Promoter : By using ip address.

Me : Where the program will be installed into, I mean the track/spy file ?

Promoter : It’s inside the hard disk.

Me : So this program works by preventing the operating system from being formatted & the Inspice-Trace program will be protected too. Am I right ?

Promoter : Yes, that is how it works.

Me : What if the theft remove the hard disk ? Are the laptop is still traceable ?

Promoter : Ok, if you are the theif, would you remove the hard disk ?

Me : Of course if its me.

Promoter : Usually, the theft will not removed the hard disk, they possibly kept it for them self or sell it to someone else.

Me : So it too dependent for internet connectivity and how smart the theft is. Am I right ?

Promoter : Yes, you are right.

Brochure.

Sample CD that has one month subscription which is Rm2.

Authorized distributor ?
MyWare Mart Sdn Bhd
B103, PJ Industrial Park, Jalan Kemajuan, Seksyen 13, 46200, Petaling Jaya, Selangor.
Tel : +603-7960 6001

Further info ?
http://inspice.com

By the way, here some of PC Fair Babes … ^_^

You may download the pics on that day, enjoy :
http://rapidshare.com/files/225552555/PCFair09-I.rar

Ubuntu8.10 : Aircrack-ng with RTL8187 (Alfa AWUS036H)

I got some friends asking for help on Ubuntu8.10 for the USB wifi RTL8187 setup. I give it a try, and it works well for both monitoring & injection. So lets start from a scratch of clean install of Ubuntu8.10 distro & remind that this issue have been covered in various sites including the Ubuntu forum and the Aircrack community. My working environment is under VMware Workstation 6.5.2beta with NAT connection. There is no difference with command between HDD installation or Vmware.

First step, update your Ubuntu8.10?
After we complete install Ubuntu8.10 under VMware, we need to update all important requirement for the aircrack-ng program to work well under Ubuntu8.10. Naturally, there will be an auto notification tells that some update is required at the top right of Ubuntu8.10 desktop or you may just navigate to System > Administration > Update Manager for the updates. There were about at least 301 updates for the first time installation of Ubuntu8.10, but the most important updates are gcc, the kernel-headers, module-assistant package and the associates. These processes may take some time depending on your speed of internet connection.

Second step, installing aircrack-ng?
All updates above should be properly installed as it is considered to be automatic process. I prefer to install the firmware/driver before attaching the USB wifi device physically. Again, for the smoothness of our installation process, lets change user to root. It can be done by command sudo -i. Now, we are ready to install aircrack-ng suites into Ubuntu8.10. Navigate to System > Administration > Synaptic Package Manager. Click on Search icon, key in aircrack and start searching. Click the apply icon when ready to install.

Third step, removing the old drivers?
With the root access, root@ubuntu:~#, lets remove the old firmware/driver that comes along with the kernel installed previously.

root@ubuntu:~# cd /lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/# rm rtl8187.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/# cd
root@ubuntu:~#

Another place to remove the old driver,

root@ubuntu:~# cd /lib/modules/2.6.27-7-generic/kernel/net/ieee80211/
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_wep.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_ccmp.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_tkip.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211.ko

Fourth step, installing the new driver for RTL8187?
Up until here, I haven’t attach the wireless card. Continue on our modification,

root@ubuntu:~# rmmod r8187 rtl8187 2>/dev/null
root@ubuntu:~# mkdir /usr/src/drivers
root@ubuntu:~# cd /usr/src/drivers
root@ubuntu:/usr/src/drivers# wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
root@ubuntu:/usr/src/drivers# wget http://patches.aircrack-ng.org/rtl8187_2.6.27.patch
root@ubuntu:/usr/src/drivers# unzip rtl8187_linux_26.1010.zip
root@ubuntu:/usr/src/drivers# cp -v rtl8187_2.6.27.patch -t rtl8187_linux_26.1010.0622.2006
root@ubuntu:/usr/src/drivers# cd rtl8187_linux_26.1010.0622.2006/
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# tar xzf drv.tar.gz
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# tar xzf stack.tar.gz

After all adjustment above, we need to make some changes on r8187.h file. Lets hunt this file,

root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# cd beta-8187/
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006/beta-8187# gedit r8187.h

So that, some changes need to be done in lines 46 & 47,
Ogirinal lines on 46 & 47 are :
#include <asm/io.h>
#include <asm/semaphore.h>

We overwrite lines 46,47 to this :
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
#include <asm/io.h>
#include <asm/semaphore.h>
#else
#include <linux/io.h>
#include <linux/semaphore.h>
#endif

Original settings

Modified settings

Save it & we are ready to execute the compilation. Return to rtl8187_linux_26.1010.0622.2006 folder,

root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# apt-get install patch
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# patch -Np1 -i rtl8187_2.6.27.patch
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# make
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# make install

Everything should works well without error. Restart your distro and connect your card (eg : Alfa AWUS036H) or any card with RTL8187 based chipset.

Diagram above show an example of cracked wireless under 2minutes with Alfa AWUS036H. All the command to use aircrack-ng program is exactly the same except the device had to be changed to wlan0 or wlan1 depending on what you saw on terminal with ifconfig -a. You may refer HERE.

Do you have tutorial for RTL8187 in Ubuntu9.04 ?
Yes, you may refer inside my forum, HERE. Register to forum to view content.

Track Your Stolen Laptop : Adeona & LocatePC

Its been a while, even sometimes we need to accept the real world that there is no total safe places to stay especially student. I have been thinking that it is still important to install such program even though the chances of retrieval would be less than 10% since that my laptop is only 8 month years old. Its not new, but free. No latest version is found since August 2008 and it is open source base software for Adeona.

Software 1 : Adeona

Supported OS ?
Windows XP/Vista, Mac OS X, and Linux only.

Where to download and how to install ?
http://adeona.cs.washington.edu/downloads.html

Picture 1 – The program is running during the tracking system.

Picture 2 – Complete file is put into *.txt file, can be open with Notepad.

Picture 3 – Copy & paste the IP and wait for result such image below.

Picture 4 – One of the result seen.

Software 2 : LocatePC

Supported OS ?
Windows Vista/XP/Me/98 only.

Where to download and how to install ?
http://www.iconico.com/locatePC/

Picture 1 – The main menu of the program. You have to set the login password. Version that I used is 1.5.

Picture 2 – The received mail from the program.

How effective Adeona/LocatePC is ?
In my opinion, psychologically, the thief will not format the file system because they expect to get something for entertainment (media files) or credential such accounts or personal matters. So they wont expect that something has been planted in the system for that stolen laptop. Somehow, it is too dependent that the stolen laptop must be available online and the free online map services such Google Mapping is not accurate to locate/specify the exact location especially for Malaysia. There are few commercial program out there, and the chances would be much better due to implementation of Trusted Platform Modules (TPM) and hardware based Digital Rights Management (DRM) into the hardware. You may join up their forum for further information.

+ Further details on Adeona can be downloaded on my GreenBox on the top right of the page.

Tools modification video is UP !!!

Here is one of methods available to modified a program to avoid AV detection, its only for demonstration. Tools needed include ;

1. Hex Workshop
2. Ollydbg
3. LordPE

Where can I get the video?
Its HERE