… I’ll be back soon …
September 30, 2009
September 18, 2009
Backtrack4-PreFinal : Network Mapping with Kismet-Newcore + Giskismet + Google Earth
Network mapping is another cool additional tools inside BT4. By using certain supported GPS hardware, this can provide us better positioning coordinates and smooth running with the Kismet mostly. My working environment is BT4-PF under Vmware Workstation with NAT connection. The setup includes Alfa AWUS036H and GPS BU-353. Credit to vvpalin.
First step, install & update your BT4PF ?
Open shell console,
root@bt:~# apt-get update
root@bt:~# apt-get upgrade
After getting everything updated, lets make sure our hardware are well connected,
root@bt:~# lsusb
Update BT4PF
Of course everything (Kismet-Newcore + Giskismet) will be automatically installed except Google Earth. Open up your browser, download the Google Earth. We install our Google Earth and make sure the binary path assign to /usr/bin
root@bt:~# sh GoogleEarthLinux.bin
Download Google Earth
Installing Google Earth
Second step, get your GPS and Kismet running ?
So let get started by firing up our GPS BU-353,
root@bt:~# gpsd -N -n -D 3 /dev/ttyUSB0
Running GPS
If you have problem to understand the command, try this,
root@bt:~# gpsd –help
GPSD help
Run our kismet,
root@bt:~# kismet
You may adjust some configuration,
Click OK
Select YES
Uncheck Logging and Show Console
Select YES and choose your card, ei ; wlan0
Third step, the output ?
You may drive around to do some scanning in your area or anywhere you like. Once you done and satisfy with it, it is time to look over on our Google Earth, but before that, we need to parse the xml file.
root@bt:~# giskismet -x Kismet-*******.netxml
Then make a kml output.
root@bt:~# giskismet -q “select * from wireless” -o output.kml
Open your output.kml through Google Earth. There you go.
May 30, 2009
Backtrack4-Beta : USB Installation With Persistent Changes
A lot people have trouble with their Backtrack that save changes their settings after reboot the system from a thumb drive. I do have the same problem and here is a ‘how-to’ to make a persistent changes inside my USB thumb drive instead of putting *.lzm file/s into modules folder.
What is your working environment and setup?
My working environment is under Vmware Workstation 6.5.2 with Backtrack4 installed. This is the best choice for me since my laptop have trouble to boot from a Backtrack Live-CD, somehow, it does not make any difference of command between Live-CD or from the VMware with Backtrack3/4. The setup includes 2 USB drives. My first USB thumb drive is 8GB and the content are boot and BT4 folder which I extract and copied from the original bt4.iso. The other thumb drive is my 2GB USB which where the Backtrack4 will be installed to.
First step, make partition?
Load your Backtrack, open the shell console and look over the connected device with fdisk.
Our motive is to install the Backtrack4 into 2GB USB thumb drive, which is identified as sdc. We need to make 2 partition on this 2GB thumb drive with FAT32 and EXT2 format respectively. Our FAT32 will keep the boot and BT4 folder and EXT2 is the one that will keep our changes soon.
Now, we have to delete the /dev/sdc1 partition and create a new partition for it.
root@bt:~# fdisk /dev/sdc
Command (m for help): d
Selected partition 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1936, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1936, default 1936): +1024M
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
Command (m for help): a
Partition number (1-4): 1
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (1042-1936), default 1042):
Using default value 1042
Last cylinder, +cylinders or +size{K,M,G} (1042-1936, default 1936):
Using default value 1936
Command (m for help): w
The partition table has been altered
You may recheck again, with fdisk -l,
After the partition is created, we are going to change the linux partition to ext2.
root@bt:/# mkfs.ext2 /dev/sdc2
root@bt:/# mkdir -p /mnt/sdc2
root@bt:/# mount -t ext2 /dev/sdc2 /mnt/sdc2
root@bt:/# mkdir /mnt/sdc2/changes
Second step, copy the files?
The first partition, FAT32, will keep the boot and BT4 folder. So we have to copy those files from 8GB drive to /dev/sdc1
root@bt:/# mkdosfs -F 32 /dev/sdc1
root@bt:/# mkdir -p /mnt/sdc1
root@bt:/# mount -t vfat /dev/sdc1 /mnt/sdc1
root@bt:/# cp -Rf /mnt/sdb1/boot/ /mnt/sdc1/
root@bt:/# cp -Rf /mnt/sdb1/BT4/ /mnt/sdc1/
The copy process will take some time, so be patient.
Final step, making our 2GB bootable and keep the changes?
root@bt:/# chmod +Xx /mnt/sdc1/boot/syslinux/lilo
root@bt:/# chmod +Xx /mnt/sdc1/boot/syslinux/syslinux
root@bt:/# nano /mnt/sdc1/boot/syslinux/syslinux.cfg
Now, append our changes for the EXT2 partition we created before. For example ;
LABEL BT4 Beta – Modified Version By Vpoint7@DeathOwl
KERNEL /boot/vmlinuz
APPEND vga=0×317 initrd=/boot/initrd.gz ramdisk_size=6666 root=/dev/ram0 rw quiet changes=/dev/sdb2
Attention to the changes=/dev/sdb2, I have chosen sdb2 because on the next boot, the 8GB thumb drive will be removed leaving our 2GB stick on and boot up. Continue on to complete the setup.
root@bt:/# ln -sf /bin/bash /bin/sh
root@bt:/# sh /mnt/sdc1/boot/bootinst.sh
root@bt:/# reboot
Lets boot from our 2GB stick, make a file on your desktop. Reboot and check it out. Its still there !!
April 4, 2009
Ubuntu8.10 : Aircrack-ng with RTL8187 (Alfa AWUS036H)
I got some friends asking for help on Ubuntu8.10 for the USB wifi RTL8187 setup. I give it a try, and it works well for both monitoring & injection. So lets start from a scratch of clean install of Ubuntu8.10 distro & remind that this issue have been covered in various sites including the Ubuntu forum and the Aircrack community. My working environment is under VMware Workstation 6.5.2beta with NAT connection. There is no difference with command between HDD installation or Vmware.
First step, update your Ubuntu8.10?
After we complete install Ubuntu8.10 under VMware, we need to update all important requirement for the aircrack-ng program to work well under Ubuntu8.10. Naturally, there will be an auto notification tells that some update is required at the top right of Ubuntu8.10 desktop or you may just navigate to System > Administration > Update Manager for the updates. There were about at least 301 updates for the first time installation of Ubuntu8.10, but the most important updates are gcc, the kernel-headers, module-assistant package and the associates. These processes may take some time depending on your speed of internet connection.
Second step, installing aircrack-ng?
All updates above should be properly installed as it is considered to be automatic process. I prefer to install the firmware/driver before attaching the USB wifi device physically. Again, for the smoothness of our installation process, lets change user to root. It can be done by command sudo -i. Now, we are ready to install aircrack-ng suites into Ubuntu8.10. Navigate to System > Administration > Synaptic Package Manager. Click on Search icon, key in aircrack and start searching. Click the apply icon when ready to install.
Third step, removing the old drivers?
With the root access, root@ubuntu:~#, lets remove the old firmware/driver that comes along with the kernel installed previously.
root@ubuntu:~# cd /lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/# rm rtl8187.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/drivers/net/wireless/# cd
root@ubuntu:~#
Another place to remove the old driver,
root@ubuntu:~# cd /lib/modules/2.6.27-7-generic/kernel/net/ieee80211/
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_wep.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_ccmp.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211_crypt_tkip.ko
root@ubuntu:/lib/modules/2.6.27-7-generic/kernel/net/ieee80211# rm ieee80211.ko
Fourth step, installing the new driver for RTL8187?
Up until here, I haven’t attach the wireless card. Continue on our modification,
root@ubuntu:~# rmmod r8187 rtl8187 2>/dev/null
root@ubuntu:~# mkdir /usr/src/drivers
root@ubuntu:~# cd /usr/src/drivers
root@ubuntu:/usr/src/drivers# wget http://dl.aircrack-ng.org/drivers/rtl8187_linux_26.1010.zip
root@ubuntu:/usr/src/drivers# wget http://patches.aircrack-ng.org/rtl8187_2.6.27.patch
root@ubuntu:/usr/src/drivers# unzip rtl8187_linux_26.1010.zip
root@ubuntu:/usr/src/drivers# cp -v rtl8187_2.6.27.patch -t rtl8187_linux_26.1010.0622.2006
root@ubuntu:/usr/src/drivers# cd rtl8187_linux_26.1010.0622.2006/
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# tar xzf drv.tar.gz
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# tar xzf stack.tar.gz
After all adjustment above, we need to make some changes on r8187.h file. Lets hunt this file,
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# cd beta-8187/
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006/beta-8187# gedit r8187.h
So that, some changes need to be done in lines 46 & 47,
Ogirinal lines on 46 & 47 are :
#include <asm/io.h>
#include <asm/semaphore.h>
We overwrite lines 46,47 to this :
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19))
#include <asm/io.h>
#include <asm/semaphore.h>
#else
#include <linux/io.h>
#include <linux/semaphore.h>
#endif
Original settings
Modified settings
Save it & we are ready to execute the compilation. Return to rtl8187_linux_26.1010.0622.2006 folder,
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# apt-get install patch
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# patch -Np1 -i rtl8187_2.6.27.patch
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# make
root@ubuntu:/usr/src/drivers/rtl8187_linux_26.1010.0622.2006# make install
Everything should works well without error. Restart your distro and connect your card (eg : Alfa AWUS036H) or any card with RTL8187 based chipset.
Diagram above show an example of cracked wireless under 2minutes with Alfa AWUS036H. All the command to use aircrack-ng program is exactly the same except the device had to be changed to wlan0 or wlan1 depending on what you saw on terminal with ifconfig -a. You may refer HERE.
Do you have tutorial for RTL8187 in Ubuntu9.04 ?
Yes, you may refer inside my forum, HERE. Register to forum to view content.
January 31, 2009
iZZinet Broadband
Today, I went to Wisma Lowyat, met/blocked by iZZi promoter, so lets hear it ;
Promoter : Hello sir, we got CNY offer for iZZi broadband, do you want to have a look ?
Me : T.T, Sure sure …
Promoter : As for CNY offer, we a giving “ONE MONTH extra” for iZZinet broadband user.
Me : What do you mean ?
Promoter : We are having special package that is only available during CNY, normally any broadband company will offer you a 6 month package, some of them offering one year package like Maxis. But now, iZZi broadband giving you an extra one month, a total of 7 month of internet excess with the same price.
Me : Okay, what makes iZZi broadband so special compared to the other internet provider ?
Promoter : Okay, i’ll explain few advantages of iZZi broandband over the others, let say for Celcom broadband, as you took package of Rm99, you are allowed to have a total download size of 5Gb, more than 5Gb, their service will block your access & you will not able to use a p2p program anymore. They (Celcom Broadband) even offer to provide a 3.6Mbps connectivity, but not everyone knows that Malaysia only have connection with 2.2Mbps maximum unless you at Overseas & its too dependent to certain area, if your area have 3.5G, then will enjoy a good connectivity, if you a living in a bad area, say 2G, I am sure, you will not have a good connection. What about Maxis broadband ? You will have to take a one year contract with Maxis Broadband & if you are having problem with their service because get disconnected more often, I am sure you want to terminate the service. Somehow, terminating contract within a year will cost you Rm200, do you want to pay for their mistake & we do not want this. For Streamyx, they only have one tower for each area, which means, if problem occur, you will have internet connectivity problem only in your area & have to wait for few hours, but usually more than 3 days to be fully recovered. What about Wimax, P1 ? They are very good to provide a 15days trial with the service if I am not mistaken, they offer to have 2.4Mbps connectivity, somehow their registration fee is Rm100, with 12month contract of Rm99 per month, not included with the modem, it cost you Rm300 (Modem) plus its not mobile. Rm100 + Rm300 + Rm99×6 = Rm994 Wimax compared to package iZZiyou6 with Rm699 for 6months. iZZi broadband is cheaper. Furthermore, you know hackers manage to get their connection even with protection is applied.
Me : Erm, not sure. (@.@) . . .
Promoter : Furthermore we are using radio frequency. Just now, I got customer using Maxis Broadband, he/she says, I live at 7th floor, I got disconnected frequently. Do you know why ?
Me : Oh … really … explain …
Promoter : If you are using cellphone broadband such Maxis, above than 5th floor you will have connectivity problem, and Wimax@P1 only able to get connectivity up to 8th floor. iZZi broadband would not have problem with the height, the higher the better.
Me : So what kind of packages do you have ?
Promoter : We have iZZiex, one, you, pro & wi with 6months of internet access. Latest packages are iZZiex & iZZione. Personal use packages are iZZiex, one and you. For sharing or multi-user packages are iZZipro6 (Rm899) and iZZiwi6 (Rm979). iZZipro6 can be use up to 4 person in single line.
Me : How do I know my area in covered with your connection ?
Promoter : Where do you live ?
Me : I live at …
Promoter : Okay, let see (opening google earth & while waiting), btw, our tower have a wide coverage of 13km in radius, that is quite big for you to get connection. Oh great !! Your area only 2.xxkm away from this tower, the second tower is just 2.xxkm too, the third about 3.xxkm. So you should not have any problem if one of our tower get caught in problem, you still can have an access using another tower surrounding. Yet, it still much better than Streamyx with one tower per area.
Note : Any location outside these area may not available with iZZinet broadband.
Me : Anything else do you have with iZZi broadband ?
Promoter : Hm, oh, there is one more thing, with iZZi broadband you will not have any problem like Streamyx service, let say, if you wish to discontinue you may do so because iZZi broadband is manageable, after 7months of service with the package you have taken, you may stop or continue our service by top-up just like your cellphone. We have Rm50 for 17days, Rm100 for … and Rm200 coupon. If you have credit card, then you only have to access our sites and continue get connected. Compared to Streamyx, you will still continue your subscription unless you give them a call or pay them a visit to discontinue.
Me : ….
Promoter : This is my contact no., you may call us if you are interested.
Me : Thx..
Personal Conclusion ?
4G Broadband is something new to Malaysia, but 4G connection with 1Mbps speed is something that must be change. It should be faster than this, iZZinet broadband in my area has connection 1.3MBps or 164KB/sec of download speed. This is still low compared to US with 300KB/sec download speed at least. So where are we ? Its a very good opening for the next generation with faster internet connectivity. The price range actually the same, as for now, there is only few user of iZZi broadband, so they won’t have “crowded” problem like streamyx do.
August 17, 2008
Changing Hostname & Password in BackTrack3
How do I change hostname in BT3?
Navigate to rc.M file, bt ~ # nano /etc/rc.d/rc.M,
Original condition of rc.M,
# Set hostname by using DHCP response
ls -aA1b /etc/dhcpc | egrep “.info\$” | while read INFOFILE; do
# the next line won’t affect rc.M variables, because it’s in >while read< loop
. /etc/dhcpc/$INFOFILE
echo “bt.”$DOMAIN >/etc/HOSTNAME
break
done
Few changes are made such below and save it by pressing CTRL+O.
Example 1.
Example 2.
How do I change password in BT3?
Login normally in BT3, open a shell console and type bt ~ # passwd. Change your password as you desired.
How do I change login notice in BT3?
Simply navigate to issue file, bt ~ # nano /etc/issue and save it with CTRL+O.
August 15, 2008
F80S with BackTrack3
Installation of BT3 in F80S laptop HDD failed, and such error occured ;
On the way to boot the cd…
… starting Linux Live scripts
* mounting /proc and /sys filesystems
* creating /dev entries for block devices
* starting loop device support
* starting cdrom filesystem support
* starting squashfs support
* starting aufs support
* starting vfat support
* starting ntfs support
* setup directory for changes
* setup union directory (using aufs)
* looking for data directory
* starting USB support…
Fatal error occured – LiveData not found. Searching for BT directory.
You are maybe using an unsupported boot device (eg. SCSI or PCMCIA CD-ROM)
Try to copy the directory BT from CD/USB to your IDE/SATA harddisk,
for example to /mnt/sda1/ in Linux or C:\ in Windos. Then boot again
* Something went wrong and we cant continue. This should never happen.
* Please reboot your computer with CTRL+ALT+DEL …
/ #
Note : Both BT2 and BT3 version came up with the same results when i try to boot with the Live-CD.
Due to such limitation, dual boot with Vista is not possible, i came up with solution by virtualize the OS itself. Software that i use to install BT3 is VMware Workstation 6.x. The product key of VMware Workstation seems working with various version of 6.x. The main advantage of this solution is that you now can copy the VMware image to different notebooks or desktop computers running all kinds of operating systems and hardware configurations.
How to install BT3 in VMware Workstation 6.x?
1. Run VMware 6.x, click on New Virtual Machine > Typical > Guest OS (choose Linux) Version (Other Linux 2.6.x kernel) > Virtual Machine Name (Any name that you wish, say BT3) > Use Bridge networking > Disk 8Gb and click Finish.
2. Boot BT3 cd/iso in VMware, choose BT3 Graphic Mode (KDE), wait until completely loaded, if required (Login=root, Password=toor), then type “startx”.
3. Open console, type in “fdisk /dev/sda” > n > p > 1 > Press Enter > +50M or +64M > n > p > 2 > Press Enter > +512M > n > p > 3 > Press Enter twice > a > 1 > t > 2 > 82 > p > w.
4. Continue by typing ;
bt ~ # mkfs.ext3 /dev/sda1
bt ~ # mkfs.ext3 /dev/sda3
bt ~ # mkswap /dev/sda2
bt ~ # swapon /dev/sda2
bt ~ # mkdir /mnt/bt3
bt ~ # mount /dev/sda3 /mnt/bt3/
bt ~ # mkdir /mnt/bt3/boot
bt ~ # mount /dev/sda1 /mnt/bt3/boot/
bt ~ # cp –preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/bt3/
bt ~ # mkdir /mnt/bt3/{mnt,proc,sys,tmp}
bt ~ # mount –bind /dev/ /mnt/bt3/dev/
bt ~ # mount -t proc proc /mnt/bt3/proc/
bt ~ # cp /boot/vmlinuz /mnt/bt3/boot/
bt ~ # chroot /mnt/bt3/ /bin/bash
bt / # splash -s -f /etc/bootsplash/themes/Linux/config/bootsplash-1024×768.cfg >> /boot/splash.initrd
bt / # nano /etc/lilo.conf
5. Then automatically you are brought to lilo.conf, make some changes or just copy paste such below ;
lba32
boot= /dev/sda
#message = /boot/boot_message.txt
prompt
timeout = 10
change-rules
reset
vga = 791
initrd = /boot/splash.initrd
image = /boot/vmlinuz
root = /dev/sda3
label = BackTrack3
Save it by pressing CTRL+O
6. Type ;
bt / # lilo -v
bt / # exit
bt ~ # poweroff
Link below would give you a better view on how to install BT3 into VMware Workstation.
http://g0tmi1k.blip.tv/file/1159692/
**Update** (Dec 2008)
Another version of Linux seems working properly in F80S laptop.
http://www.linlap.com/wiki/asus+f80s
August 7, 2008
Dual Boot Windows Vista Home Premium and Windows XP
I bought a new laptop on 3rd Aug 2008, Asus F80S (250Gb, AR5007EG build-in, Memory of 2Gb, with processor Duo T5750, Vista Premium OS). It has 2 partition with C: VistaOS | D: Data | E : DVD RW Drive. C: drive has 116Gb & D: drive 106Gb. So total of both space is 222Gb. When I open the Disk Management of Vista Premium, there is one more drive that has no label with the size of 10Gb. This hidden drive is not shown on My Computer for the Recovery purpose. Now the total size of space of F80S is 232GB.
Here are the steps to make dual boot without loosing any data from Vista Premium. As for dual boot installation, using Vista Disk Management, I shrink my C: for 30Gb, means I use the free space available from C: to make new partition on My Computer. This new partition will be E: with 30Gb of space after formatted as NTFS in Vista and here is where the WinXp will be installed to. To make it alphabetical order, I change drive E: to D: and original D: to E:. Drive D: is data from the beginning, ignore that notice that says “Some data that rely on this drive letters might not run correctly. Do you want to continue?”.
To begin,
1. I change BIOS settings to boot from CD. (Done by press F2, F12, DEL or any depending on type of the laptop).
2. Put the CD in, so that you will boot from CD, e.g : “Press Any Key To Boot From CD…”. Press any button will begin the boot CD process.
3. Press F6 if you have SATA drives in the laptop, as for F80S, is it SATA type HDD, somehow, a message appeared no SATA drive found. So I begin the installation with F8 to agree the terms of installation.
4. You will be presented with hard drive list and partition. Select the partition with 30Gb (29999kb) size and press enter on it to make installation into this drive with NTFS system.
5. Once XP setup finish, you have to download and install the Microsoft .NET 2.0 Framework.
6. Download and install the latest version of EasyBCD.
7. Both program above is installed in fresh WinXP, run EasyBCD (in WinXP) program go to the “Manage Bootloader” page, and select “Reinstall the Vista Bootloader” then “Write MBR” to get the Vista bootloader back.
8. Once that’s done, head on to the “Add/Remove Entries” page and select “Windows NT/2k/XP/2003″ from the drop-down list, give it a name (I put Microsoft Windows XP), then press “Add Entry” to finish.
9. Reboot and enjoy your dual windows boot.
What happen if I load straight to Vista without presented to Windows Boot Loader at first?
-Continue boot into your Vista, head to D: where WinXP installed to, go to Program Files > NeoSmart Technology > EasyBCD > EasyBCD.exe to load the program. Now, repeat the step 7 & 8 above and reboot your Vista.
I manage to get Windows Boot Loader, somehow when I choose to boot into WinXP, it says /NTLDR is missing?
-Follow these steps :
1. Insert the Windows CD and start the computer.
2. When the Welcome to Setup screen appears, press R (repair).
3. Type a number corresponding to the Windows installation you wish to repair (usually 1 but it is 2 for me) and press Enter.
4. When prompted, type the administrator password and press Enter.
5. From the command prompt, copy NTLDR and NTDETECT.COM from the i386 folder of the CD to the root folder of the hard drive. In the example commands given below, D: is the hard drive where WinXP installed in and F: is the CD-ROM drive. You will need to change the drive letters if appropriate:
COPY F:\I386\NTLDR D:\
COPY F:\I386\NTDETECT.COM D:\
6.Remove the Windows XP CD from the drive and restart the computer.
