PaulDotCom mailing list archives
What's your Wifi Pentesting Gear?
From: nils at hemmann.de (Nils)
Date: Tue, 28 Jul 2009 17:05:51 +0200
The Fon's I'm using are the older models. I indeed have a short write up on the SD card mod. Please see below. It's been about two years ago when I did this so the instructions depend on Kamikaze 7.09 and I assume you have it up and running on your Fon and can login via SSH....via serial cable would be better though! Regarding the soldering work of the SD card besides others I used this tutorial:http://www.larsen-b.com/Article/262.html Nils This is my SD card installation write up: ____________________________ cd /tmp ipkg update Filesystem ipkg install kmod-fs-ext2 or from Meltyblood wget http://fon.testbox.dk/packages/2.6.21.5/kmod-fs-ext2_2.6.21.5-atheros-1_mips .ipk ipkg install kmod-fs-ext2_2.6.21.5-atheros-1_mips.ipk Drivers Install the SD card driver(4 pin solution, see 3 pin solution below) wget http://fon.testbox.dk/packages/mmc/phrozendriver/2.6.21.5/26215-4pinfon2100D river7143.ipk ipkg install 26215-4pinfon2100Driver7143.ipk or install the SD card driver(3 pin solution) wget http://fon.testbox.dk/packages/mmc/phrozendriver/2.6.21.5/26215-3pinfon2100D river14_143.ipk ipkg install 26215-3pinfon2100Driver14_143.ipk mkdir /mnt/mmc vi /etc/rc.d/S99mmc --> hint: file name might be different. e.g. S98mmc Insert the following at the end of the "start" section: mount /dev/mmc0 /mnt/mmc Add the mmc to the path. vi /etc/profile add the following lines below the existing PATH entry: export PATH=$PATH:/mnt/mmc/bin:/mnt/mmc/sbin:/mnt/mmc/usr/bin:/mnt/mmc/usr/sbin:/mn t/mmc/usr/local/bin:/mnt/mmc/usr/local/sbin export LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/mnt/mmc/usr/local/lib:/mnt/mmc /lib:/mnt/mmc/usr/lib Add an ipkg destination: dest mmc /mnt/mmc vi /etc/ipkg.conf reboot If the card hasn't been formatted yet ipkg update ipkg install fdisk ipkg install libuuid ipkg install e2fsprogs !!needs a bit of space, and you might need to kill some processes just to get it to install. I had to use killall httpd, if you kill dropbear you can get locked out of ssh until next reboot, not a problem with a serial cable. umountmmc fdisk /dev/mmc o [ENTER] n [ENTER] p [ENTER] 1 [ENTER] [ENTER] [ENTER] t [ENTER] 83 [ENTER] w [ENTER] mkfs.ext2 /dev/mmc0 mount /dev/mmc0 /mnt/mmc Remove the these packages afterwards: fdisk, e2fsprogs, and libuuid Create Swap ipkg install swap-utils dd if=/dev/zero of=/mnt/mmc/swapfile count=128000 mkswap /mnt/mmc/swapfile vi /etc/init.d/swapon insert: #!/bin/sh swapon /mnt/mmc/swapfile chmod 755 /etc/init.d/swapon ln -s /etc/init.d/swapon /etc/rc.d/S99swapon Execute /etc/rc.d/S99mmc or reboot With the 'free' command you can check the swap space usage... -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of infolookup at gmail.com Sent: Tuesday, July 28, 2009 2:35 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] What's your Wifi Pentesting Gear? Thank you everyone for your feedback!. @Larry I am still waiting to see what type of Military grade Satellite you are using for your rig <?_?> @Pauldotcom I am also looking forward to the dissection of the Defcon & NYC CTF sample packets. @Nils -- what type of Fonera do you use the Fon + (with usb and dual nic) or the older model? Also do you have a write up on the SDcard mod? That could come in handy for an afternoon side project! Thanks! Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Paul Asadoorian <paul at pauldotcom.com> Date: Tue, 28 Jul 2009 08:07:13 To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com> Subject: Re: [Pauldotcom] What's you Wifi Pentesting Gear? Below is the gear that makes up the rig I plan to bring to Defcon to collect traffic samples and do "research": 1) EEEPC 901 http://eeepc.asus.com/global/product901.html 2) With EEEPC 901 Antenna Mod w/ 9Dbi Antenna - http://pauldotcom.com/2009/05/modding-the-asus-eee-4g-surf-f.html 3) I'm playing with BT4, but also have ubuntu on it. I used the BT4 SD card hack that Larry posted - http://pauldotcom.com/2009/06/backtrack-4-pre-release-with-p.html 4) I've also attached an Alfa USB Wireless card - http://www.data-alliance.net/-strse-73/Alfa-500mW-AWUS036H-USB/Detail.bokd I will have this rig at the vendor table at Defcon, please don't pwn me ;) Cheers, paul Nils wrote:
I have the SRC 300 version of this card. Without "n". It's a pretty decent card but was somewhat expensive that time. http://www.air-stream.org.au/src Besides of this I'm using the following Wifi gear: - Edimax EW-7305Pg PCMCIA 802.11a/b/g Pretty cheap Atheros card with no external antenna connections. http://www.edimax.com/en/produce_detail.php?pd_id=195&pl1_id=1&pl2_id=48 <http://www.edimax.com/en/produce_detail.php?pd_id=195&pl1_id=1&pl2_id=48> - Logilink WL0025 USB 802.11a/b/g with external anntenna. Very cheap and works with injections
http://www.logilink.eu/cmsfiles/modules/i-sell2u/showproducts.htm?isu_suchbe griff=WL0025.htm
- Wifi booster 1Watt 2400-2500MHy, Bi-directional, half-duplex,auto-switching via carrier sensing - An Asus eeePC 901 with an AR5008E-3NX 802.11a/b/g/n wifi card. The card is an exchange for the originally built in AxureWave crap. The Atheros card works nicely with injection and Karma patched drivers from Digininja. I added an external antenna connector simmilar to what Paul did. I used the Kensington lock hole though. - Four Foneras with SD card and fan mod plus second antenna connectors. -- One runnnig with Meltyblood's openWRT version -- One as Wifi Predator simmilar to
http://hackedgadgets.com/2008/04/25/the-wifi-predator-use-a-far-away-wifi-co nnection/
I'm planning to give Piranha a try: http://piranha.klashed.net/ The stuff is rounded up with some home made cantennas and other omni antennas. Nils ------------------------------------------------------------------------ *From:* pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Duncan Alderson *Sent:* Tuesday, July 28, 2009 10:34 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] What's you Wifi Pentesting Gear? Has any one tried this from Ubiquiti. Have their 300mw A/B/G card just thinking of upgrading? http://www.ubnt.com/products/sr71c.php Looks like it is only a 100mw rating though?? Thanks Duncan 2009/7/27 Michael McGrew <mmcgrew1 at mail.csuchico.edu <mailto:mmcgrew1 at mail.csuchico.edu>> http://www.newegg.com/Product/Product.aspx?Item=N82E16833122264 <http://www.newegg.com/Product/Product.aspx?Item=N82E16833122264>Is pretty cheap, but recertified. http://www.newegg.com/Product/Product.aspx?Item=N82E16833124278 <http://www.newegg.com/Product/Product.aspx?Item=N82E16833124278>Is cheap considering it can do a/b/g/n over USB and it's linksys On Mon, Jul 27, 2009 at 2:03 PM, Michael Douglas <mick at pauldotcom.com <mailto:mick at pauldotcom.com>> wrote: I'd suggest you go the cheap route with the Hawking. It's good
gear
to start working on. Just remember that you cannot check for the
N
WiFi band -- so it should not be used for WiFi site audits.
That is unless you can find a cheap USB wifi card that can do it
all
a,b,g,n,etc. -- if you (anyone else on the list?) do know of one,
please share. I'd be willing to switch to something more cutting
edge.
- Mick
On Mon, Jul 27, 2009 at 8:21 AM, <infolookup at gmail.com
<mailto:infolookup at gmail.com>> wrote:
> Michael,
>
> Thanks for the feedback, ideally its for playing around with
the tech in my home lab and learning it.
>
> Once I get an idea of a few things I want to develop a plan
for my job's network. We recently deployed 2 Cisco wifi
controllers, and a bunch (can't remember actually number) of AP
throughout our four locations, I want to see what type of
attacks we are open too!
> ------Original Message------
> From: Michael Douglas
> To: PaulDotCom Security Weekly Mailing List
> Cc: infolookup at gmail.com <mailto:infolookup at gmail.com>
> Sent: Jul 27, 2009 7:21 AM
> Subject: Re: [Pauldotcom] What's you Wifi Pentesting Gear?
>
> If you don't mind sharing (or you're able to do so) could you
let us
> know what you're trying to accomplish? Different WiFi tools are
> needed for different things.
>
> For instance, at the Pen Test Summit in June, Josh Wright made
mention
> of the iPhone using WiFi-Fo-Fum in an area with too many
signals.
> Since the iPhone has a weaker detection than most pro gear
(stuff with
> Real Antennas) the limited range actually helped him narrow
down the
> signals much faster than it might have otherwise taken.
>
> ---
>
> For the low cost, I'm still loving my Hawking USB WiFis. The
hawking
> G that I bought on John's suggestion is probably the best thing
> tech-wise I've bought in a long time. It just works. And by
works I
> mean it is amaz-wait for it-ing. The drivers seem to be
available for
> every OS and the fact that the pigtail is just there, makes it
a great
> entry level card. (NOTE THIS DOESN'T DO N I DO NOT USE FOR REAL
> AUDITS -- but it's still damn handy)
>
>
http://www.google.com/products/catalog?q=hawking+usb+wireless+g&cid=42278561 02301885371&sa=title#p
<http://www.google.com/products/catalog?q=hawking+usb+wireless+g&cid=4227856 102301885371&sa=title#p>
>
>
> I have played with a 1 watt omni directional antenna and
wowzers is it
> fun... but you're gonna have so many SSIDs that you won't know
what to
> do with them. ;-) But for war driving, or doing preliminary
work,
> it's something to consider.
>
>
>
>
>
> On Sun, Jul 26, 2009 at 4:54 PM, Carlos
> Perez<carlos_perez at darkoperator.com
<mailto:carlos_perez at darkoperator.com>> wrote:
>> For pentests the basic kit where I work at are a omni 12dbi,
yagui
>> 24dbi and a 2dbi ruberdukkie. For cards ubiquiti 300mw and a
alpha
>> 500mw, physical laptops running Linux(bactrack or ubuntu).
For lab we
>> have a slew of equipment from linksys, cisco, 2wire, netguear
and
>> enterasys to play with. In addi
>> Sent from my Mobile addition to this we have a pelican brief
filed
>> with more antenas, pigtails, digital camera ...etc that is
used for
>> wireless surveys and is narrowed during assesments
>>
>> On Jul 26, 2009, at 1:31 PM, infolookup at gmail.com
<mailto:infolookup at gmail.com> wrote:
>>
>>> Hello All,
>>>
>>> With so many wifi gears out there (cards, applications,
antennas)
>>> which is your favorite for wifi testing.
>>>
>>> Are you using a virtual lab/physical?
>>>
>>>
>>> I recently got the alpha clone with a rtl8187 chipset(which
sucks
>>> couldn't get it to handle injection under aircrack suite).
>>>
>>> My setup
>>>
>>> WinXP (desktop pci wifi setup)
>>> 1 windows 7 usb wifi
>>> 1 Laptop Ububtu 9 (Atheros chipset)
>>> --Virtual box (Pentoo alpha & BT4pre)
>>> 2 wifi AP (Linksys & verizon fios)
>>> 1 La Fonera (with Jasager)
>>>
>>> Thank You!
>>> Sent from my Verizon Wireless BlackBerry
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
>
> Sent from my Verizon Wireless BlackBerry
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
<mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
------------------------------------------------------------------------
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- What's you Wifi Pentesting Gear?, (continued)
- What's you Wifi Pentesting Gear? infolookup at gmail.com (Jul 27)
- What's you Wifi Pentesting Gear? Michael Douglas (Jul 27)
- What's you Wifi Pentesting Gear? Michael McGrew (Jul 27)
- What's you Wifi Pentesting Gear? Duncan Alderson (Jul 28)
- What's you Wifi Pentesting Gear? Nils (Jul 28)
- What's you Wifi Pentesting Gear? Paul Asadoorian (Jul 28)
- What's you Wifi Pentesting Gear? Joshua Wright (Jul 28)
- What's you Wifi Pentesting Gear? Paul Asadoorian (Jul 28)
- What's your Wifi Pentesting Gear? infolookup at gmail.com (Jul 28)
- What's your Wifi Pentesting Gear? Adrian Crenshaw (Jul 28)
- What's your Wifi Pentesting Gear? Nils (Jul 28)
- What's your Wifi Pentesting Gear? Robin Wood (Jul 28)
- What's you Wifi Pentesting Gear? Michael Douglas (Jul 27)
- What's your Wifi Pentesting Gear? Colin Vallance (Jul 28)
- What's your Wifi Pentesting Gear? Colin Vallance (Jul 28)
- What's you Wifi Pentesting Gear? infolookup at gmail.com (Jul 27)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Russell Butturini (Jul 28)
- Blue Team Tactics Tim Mugherini (Jul 28)
- Blue Team Tactics John Strand (Jul 28)
- Blue Team Tactics Dimitrios Kapsalis (Jul 28)