Dec 30, 2011

Most Wi-Fi routers susceptible to hacking through security feature


Stefan Viehböck, an independent security researcher, published a paper on Boxing Day titled "Brute forcing Wi-Fi Protected Setup" to his WordPress blog disclosing a weakness in the configuration of most consumer/SoHo Wi-Fi routers.
As we all know the state of security for most home Wi-Fi networks was nearly non-existent only a few years ago.
This prompted the Wi-Fi Alliance to establish a new simple method for consumers to enable and configure WPA2 on their routers without knowledge of encryption, keys or how it all works.
The standard is called Wi-Fi Protected Setup (WPS) and is enabled by default on nearly all consumer Wi-Fi access points, including those sold by Cisco/Linksys, Netgear, Belkin, Buffalo, D-Link and Netgear.
It has three methods of simplifying the connection of wireless devices to WPA2 protected access points:
  1. Push Button Connect (PBC) requires the user to push a button on the router which allows it to communicate with a client needing configuration. The client attempts to connect and the router simply sends it the security configuration required to communicate.
  2. Client PIN mode is where the client device supports WPS and has a PIN assigned by the manufacturer. You then login to the router's management interface and enter the PIN to authorize that client to obtain the encryption configuration.
  3. Router PIN mode allows a client to connect by entering a secret PIN from a label on the router, or from its management interface which authorizes the client to obtain the security configuration details.
The first method requires physical access, while the second requires administrative access, both of these pass muster. The third however, can be accomplished only through the use of the Wi-Fi radio.
The PIN used for authentication is only eight digits which would give the appearance of 108 (100,000,000) possibilities. It turns out the last digit is just a checksum, which takes us down to 107 (10,000,000) combinations.
Worse yet the protocol is designed where the first half and second half are sent separately and the protocol will confirm if only one half is correct.
So you have now reduced the difficulty of brute forcing the PIN down to 104 (10,000) plus 103 (1,000) or 11,000 possibilities.
Some of the routers Viehböck tested did seem to implement a mechanism to slow down the brute forcing, but the worst case scenario allowed him to acquire the keys within 44 hours.
Compared with attempting to attack WPA2-PSK directly, this is a cheap and effective attack.
As the sub-title of Viehböck's paper states "When poor design meets poor implementation" security is the loser.
If you own a reasonably modern Wi-Fi router you are at risk (unless you have installed some sort of alternative firmware like OpenWRT or Tomato Router).
If possible disable the WPS support on your router and contact your manufacturer for updated firmware which may provide a fix or mitigation against this attack.
Another researcher independently discovered the same issue and has published a tool called Reaver that implements this attack.
Similar to the Firesheep tool, this will likely light a fire under the butts of the Wi-Fi Alliance and manufacturers to quickly resolve these issues.



If you like my blog, Please Donate Me

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh

Ultimate Encoder" - Another Online tool by lionaneesh, an Indian developer and Hacker. Its a PHP Encoder with multiple compression. A Piece of code can be encoded multiple times making it impossible for any Anti Virus to detect it



Source: http://thehackernews.com/2011/12/ultimate-encoder-php-encoder-with.html





 
If you like my blog, Please Donate Me

Dec 28, 2011

SpecialForces.com was hacked!!!

If you want the detail, please go to the Source

http://ibhg35kgdvnb7jvw.onion//lulzxmas/specialforces_full.txt.gz  <- orders/addresses/ccs
http://ibhg35kgdvnb7jvw.onion//lulzxmas/specialforces_passwords.txt  <- just the passwords
http://wikisend.com/download/287544/specialforces.tar.gz    <- both combined
 
# grep -R -H -i '.mil' specialforces_passwords.txt | wc
    1274    8072  127545
# grep -R -H -i '.gov' specialforces_passwords.txt | wc
     159    1064   15720
 
# ls -al /home/
total 64
drwxr-xr-x 15 root              root              4096 Nov 19  2009 .
drwxr-xr-x 24 root              root              4096 Mar 30 04:15 ..
drwxr-xr-x 10 ambientgraphic    ambientgraphic    4096 Aug 11 10:37 ambientgraphic
drwxr-xr-x  4 ambientscan       ambientscan       4096 Feb 27  2009 ambientscan
drwxrwxrwx 30 client            client            8192 Aug 12 03:46 client
drwxr-xr-x 11 cliffdigital      cliffdigital      4096 Aug 11 14:11 cliffdigital
drwxr-xr-x  8 mywallbuddy       mywallbuddy       4096 Jul 28 14:49 mywallbuddy
drwx------  2 nathan            nathan            4096 Sep 12  2008 nathan
drwxrwxrwx  3 nobody            nobody            4096 Oct  3  2008 nobody
drwxr-xr-x  7 nosurrender       nosurrender       4096 Feb 23  2010 nosurrender
drwxr-xr-x  4 ridgewoodapts     ridgewoodapts     4096 Apr  9  2008 ridgewoodapts
drwxr-xr-x  4 scan              scan              4096 Oct 13  2008 scan
dr-xr-xr-x 23 specialforces     specialforces     4096 Aug 11 18:40 specialforces
drwxr-xr-x  4 specialforcesgear specialforcesgear 4096 Feb 26  2008 specialforcesgear
lrwxrwxrwx  1 root              root                13 Nov 19  2009 upload -> /home/client/
drwx------  3 upload            upload            4096 Nov 19  2009 upload-bak
 
# cat /etc/shadow
root:$1$lr0e4BnN$q2GEqgZqekcfmlQ/BDdEz0:15196:0:99999:7:::
bin:*:13795:0:99999:7:::
daemon:*:13795:0:99999:7:::
adm:*:13795:0:99999:7:::
lp:*:13795:0:99999:7:::
sync:*:13795:0:99999:7:::
shutdown:*:13795:0:99999:7:::
halt:*:13795:0:99999:7:::
mail:*:13795:0:99999:7:::
news:*:13795:0:99999:7:::
uucp:*:13795:0:99999:7:::
operator:*:13795:0:99999:7:::
games:*:13795:0:99999:7:::
gopher:*:13795:0:99999:7:::
ftp:*:13795:0:99999:7:::
nobody:*:13795:0:99999:7:::
rpm:!!:13795:0:99999:7:::
dbus:!!:13795:0:99999:7:::
mailnull:!!:13795:0:99999:7:::
smmsp:!!:13795:0:99999:7:::
nscd:!!:13795:0:99999:7:::
vcsa:!!:13795:0:99999:7:::
haldaemon:!!:13795:0:99999:7:::
rpc:!!:13795:0:99999:7:::
sshd:!!:13795:0:99999:7:::
rpcuser:!!:13795:0:99999:7:::
nfsnobody:!!:13795:0:99999:7:::
pcap:!!:13795:0:99999:7:::
named:!!:13934::::::
xfs:!!:13934::::::
apache:!!:13934::::::
distcache:!!:13934::::::
mysql:!!:13934::::::
ntp:!!:13934::::::
avahi:!!:13934::::::
postfix:!!:13934::::::
cyrus:!!:13934::::::
tomcat:!!:13934::::::
postgres:!!:13934::::::
mailman:!!:13934::::::
webalizer:!!:13934::::::
specialforces:$1$0YQ2PeIV$daR4duNT9tbGveA.VYw5m0:15196:0:99999:7:::
specialforcesgear:Muo8rV/8uFca2:13935:0:99999:7:::
ridgewoodapts:DjeqcreKU9936:13979:0:99999:7:::
nosurrender:NGSf7ub12KOB6:13979:0:99999:7:::
ambientscan:$1$duark8Ga$0PCJPEs/kloHC6P1H1mf./:13979:0:99999:7:::
client:$1$uD8tW5tn$Q1O/NltCmklzJ2DA/6YMc.:13979:0:99999:7:::
ambientgraphic:$1$F8SkFSGx$EXGhDZD/NGSq/FVtbdidF/:14016:0:99999:7:::
nathan:/kTD9C.fGp7rY:14134:0:99999:7:::
scan:UhR6mxTsk12us:14165:0:99999:7:::
mywallbuddy:9RSOz494FbTUE:14470:0:99999:7:::
cliffdigital:$1$P0JwnyRO$Lp8rBE8e1vQ.RShGpdmYu0:15196:0:99999:7:::
upload:$1$Sp.4fB8B$8RbkjNeKXR8p4CzjeUY1q/:14568:0:99999:7:::
sphinx:!!:14914::::::
 


If you like my blog, Please Donate Me

Howto: Jailbreak 5.0.1 Untethered - iPhone 4, 3GS, iPod Touch 4G, 3G, iPad with Redsn0w 0.9.10 b1

If you want to download any program for this tutorial, please go to the Source.

Step by Step guide :

Step 1: Connect your iDevice with your PC via USB, and open iTunes then Restore to iOS 5.0.1 (If you are already running iOS 5.0.1, bypass this step)

Step 2: Start Redsn0w 0.9.10 b1, and press on "Jailbreak" button


Step 3: Now select “Install Cydia” and click “Next”.
Step 4: Now make sure your device is both OFF and PLUGGED IN to the computer before you click “Next”.

At this stage you will be presented with a screen where you will be guided on how to enter DFU mode. Quickly hold “Power” button and then while holding the “Power” button, you will now have to hold “Home” button too. Now after few seconds release “Power” button but keep holding “Home” button until installation begins.

Strep 5:
Wait until you get iOS 5.0.1  untethered jailbroken in few minutes. Congratulations.

Source: http://www.limera1n.cc/2011/12/jailbreak-501-untethered-iphone-4-3gs.html


If you like my blog, Please Donate Me

Dec 27, 2011

Bluelog: Bluetooth Scanner Tool

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice

Download: http://packetstormsecurity.org/files/download/108028/bluelog-1.0.0.tar.gz



Source: http://packetstormsecurity.org/files/108028/Bluelog-Bluetooth-Scanner-Logger-1.0.0.html

If you like my blog, Please Donate Me

 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |