What's your Wifi Pentesting Gear?

[dninja at gmail.com (Robin Wood)]

A slightly different topic, someone started a thread in the Hak5
forums about what people carry in their hacker backpacks. From some of
the lists I'm surprised some people can lift theirs off the floor!

http://hak5.org/forums/index.php?showtopic=13749

Robin

2009/7/28 Nils <nils at hemmann.de>:
> The Fon's I'm using are the older models.
> I indeed have a short write up on the SD card mod. Please see below.
> It's been about two years ago when I did this so the instructions depend on
> Kamikaze 7.09 and I assume you have it up and running on your Fon and can
> login via SSH....via serial cable would be better though!
> Regarding the soldering work of the SD card besides others I used this
> tutorial:http://www.larsen-b.com/Article/262.html
>
> Nils
>
>
> This is my SD card installation write up:
> ____________________________
>
>
> ?cd /tmp
> ?ipkg update
>
> Filesystem
> ?ipkg install kmod-fs-ext2
>
> or from Meltyblood
>
> ?wget
> http://fon.testbox.dk/packages/2.6.21.5/kmod-fs-ext2_2.6.21.5-atheros-1_mips
> .ipk
> ?ipkg install kmod-fs-ext2_2.6.21.5-atheros-1_mips.ipk
>
> Drivers
> Install the SD card driver(4 pin solution, see 3 pin solution below)
>
> ?wget
> http://fon.testbox.dk/packages/mmc/phrozendriver/2.6.21.5/26215-4pinfon2100D
> river7143.ipk
> ?ipkg install 26215-4pinfon2100Driver7143.ipk
>
> or install the SD card driver(3 pin solution)
>
> ?wget
> http://fon.testbox.dk/packages/mmc/phrozendriver/2.6.21.5/26215-3pinfon2100D
> river14_143.ipk
> ?ipkg install 26215-3pinfon2100Driver14_143.ipk
> ?mkdir /mnt/mmc
> ?vi /etc/rc.d/S99mmc ? ? --> hint: ?file name might be different. e.g.
> S98mmc
>
> Insert the following at the end of the "start" section:
>
> ?mount /dev/mmc0 /mnt/mmc
>
> Add the mmc to the path.
> ?vi /etc/profile
> add the following lines below the existing PATH entry:
> ?export
> PATH=$PATH:/mnt/mmc/bin:/mnt/mmc/sbin:/mnt/mmc/usr/bin:/mnt/mmc/usr/sbin:/mn
> t/mmc/usr/local/bin:/mnt/mmc/usr/local/sbin
> ?export
> LD_LIBRARY_PATH=/usr/local/lib:/lib:/usr/lib:/mnt/mmc/usr/local/lib:/mnt/mmc
> /lib:/mnt/mmc/usr/lib
>
> Add an ipkg destination: dest mmc /mnt/mmc
> vi /etc/ipkg.conf
>
> ?reboot
>
> If the card hasn't been formatted yet
>
> ?ipkg update
> ?ipkg install fdisk
> ?ipkg install libuuid
> ?ipkg install e2fsprogs
> !!needs a bit of space, and you might need to kill some processes just to
> get it to ?install. I had to use killall httpd, if you kill dropbear you can
> get locked out of ssh until next reboot, ?not a problem with a serial cable.
>
> ?umountmmc
> ?fdisk /dev/mmc
> ?o [ENTER]
> ?n [ENTER] p [ENTER] 1 [ENTER] [ENTER] [ENTER]
> ?t [ENTER] 83 [ENTER]
> ?w [ENTER]
> ?mkfs.ext2 /dev/mmc0
> ?mount /dev/mmc0 /mnt/mmc
>
> Remove the these packages afterwards: fdisk, e2fsprogs, and libuuid
>
> Create Swap
>
> ?ipkg install swap-utils
> ?dd if=/dev/zero of=/mnt/mmc/swapfile count=128000
> ?mkswap /mnt/mmc/swapfile
> ?vi /etc/init.d/swapon
> insert:
> ?#!/bin/sh
> ?swapon /mnt/mmc/swapfile
> ?chmod 755 /etc/init.d/swapon
> ?ln -s /etc/init.d/swapon /etc/rc.d/S99swapon
>
> Execute /etc/rc.d/S99mmc or reboot
> With the 'free' command you can check the swap space usage...
>
>
>
>
> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com
> [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of
> infolookup at gmail.com
> Sent: Tuesday, July 28, 2009 2:35 PM
> To: PaulDotCom Security Weekly Mailing List
> Subject: Re: [Pauldotcom] What's your Wifi Pentesting Gear?
>
> Thank you everyone for your feedback!.
>
> @Larry I am still waiting to see what type of Military grade Satellite you
> are using for your rig <?_?>
>
> @Pauldotcom I am also looking forward to the dissection of the Defcon & NYC
> CTF sample packets.
>
> @Nils -- what type of Fonera do you use the Fon + (with usb and dual nic) or
> the older model? Also do you have a write up on the SDcard mod? That could
> come in handy for an afternoon side project!
>
> Thanks!
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Paul Asadoorian <paul at pauldotcom.com>
>
> Date: Tue, 28 Jul 2009 08:07:13
> To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
> Subject: Re: [Pauldotcom] What's you Wifi Pentesting Gear?
>
>
> Below is the gear that makes up the rig I plan to bring to Defcon to
> collect traffic samples and do "research":
>
> 1) EEEPC 901 http://eeepc.asus.com/global/product901.html
>
> 2) With EEEPC 901 Antenna Mod w/ 9Dbi Antenna -
> http://pauldotcom.com/2009/05/modding-the-asus-eee-4g-surf-f.html
>
> 3) I'm playing with BT4, but also have ubuntu on it. ?I used the BT4 SD
> card hack that Larry posted -
> http://pauldotcom.com/2009/06/backtrack-4-pre-release-with-p.html
>
> 4) I've also attached an Alfa USB Wireless card -
> http://www.data-alliance.net/-strse-73/Alfa-500mW-AWUS036H-USB/Detail.bokd
>
> I will have this rig at the vendor table at Defcon, please don't pwn me ;)
>
> Cheers,
> paul
>
> Nils wrote:
> > I have the SRC 300 version of this card. Without "n".
> > It's a pretty decent card but was somewhat expensive that time.
> > http://www.air-stream.org.au/src
> >
> >
> > Besides of this I'm using the following Wifi gear:
> > - Edimax EW-7305Pg ?PCMCIA 802.11a/b/g ?Pretty cheap Atheros card with
> > no external antenna connections.
> > http://www.edimax.com/en/produce_detail.php?pd_id=195&pl1_id=1&pl2_id=48
> > <http://www.edimax.com/en/produce_detail.php?pd_id=195&pl1_id=1&pl2_id=48>
> >
> > - Logilink WL0025 USB 802.11a/b/g with external anntenna. Very cheap and
> > works with injections
> http://www.logilink.eu/cmsfiles/modules/i-sell2u/showproducts.htm?isu_suchbe
> griff=WL0025.htm
> > - Wifi booster 1Watt 2400-2500MHy, Bi-directional,
> > half-duplex,auto-switching via carrier sensing
> >
> > - An Asus eeePC 901 with an AR5008E-3NX 802.11a/b/g/n wifi card. The
> > card is an exchange for the originally built in AxureWave crap. The
> > Atheros card works nicely with injection and Karma patched drivers from
> > Digininja. I added an external antenna connector simmilar to what Paul
> > did. I used the Kensington lock hole though.
> >
> > - Four Foneras with SD card and fan mod plus second antenna connectors.
> > -- One runnnig with Meltyblood's openWRT version
> > -- One as Wifi Predator simmilar to
> http://hackedgadgets.com/2008/04/25/the-wifi-predator-use-a-far-away-wifi-co
> nnection/
> > I'm planning to give Piranha a try: http://piranha.klashed.net/
> >
> >
> > The stuff is rounded up with some home made cantennas and other omni
> > antennas.
> >
> > Nils
> >
> >
> > ------------------------------------------------------------------------
> > *From:* pauldotcom-bounces at mail.pauldotcom.com
> > [mailto:pauldotcom-bounces at mail.pauldotcom.com] *On Behalf Of *Duncan
> > Alderson
> > *Sent:* Tuesday, July 28, 2009 10:34 AM
> > *To:* PaulDotCom Security Weekly Mailing List
> > *Subject:* Re: [Pauldotcom] What's you Wifi Pentesting Gear?
> >
> > Has any one tried this from Ubiquiti. Have their 300mw A/B/G card just
> > thinking of upgrading?
> >
> > http://www.ubnt.com/products/sr71c.php
> >
> > Looks like it is only a 100mw rating though??
> >
> > Thanks
> >
> > Duncan
> >
> > 2009/7/27 Michael McGrew <mmcgrew1 at mail.csuchico.edu
> > <mailto:mmcgrew1 at mail.csuchico.edu>>
> >
> > ? ? http://www.newegg.com/Product/Product.aspx?Item=N82E16833122264
> > ? ? <http://www.newegg.com/Product/Product.aspx?Item=N82E16833122264>Is
> > ? ? pretty cheap, but recertified.
> > ? ? http://www.newegg.com/Product/Product.aspx?Item=N82E16833124278
> > ? ? <http://www.newegg.com/Product/Product.aspx?Item=N82E16833124278>Is
> > ? ? cheap considering it can do a/b/g/n over USB and it's linksys
> >
> >
> > ? ? On Mon, Jul 27, 2009 at 2:03 PM, Michael Douglas
> > ? ? <mick at pauldotcom.com <mailto:mick at pauldotcom.com>> wrote:
> >
> > ? ? ? ? I'd suggest you go the cheap route with the Hawking. ?It's good
> gear
> > ? ? ? ? to start working on. ?Just remember that you cannot check for the
> N
> > ? ? ? ? WiFi band -- so it should not be used for WiFi site audits.
> >
> > ? ? ? ? That is unless you can find a cheap USB wifi card that can do it
> all
> > ? ? ? ? a,b,g,n,etc. ?-- if you (anyone else on the list?) do know of one,
> > ? ? ? ? please share. ?I'd be willing to switch to something more cutting
> > ? ? ? ? edge.
> >
> > ? ? ? ? - Mick
> >
> >
> >
> >
> > ? ? ? ? On Mon, Jul 27, 2009 at 8:21 AM, <infolookup at gmail.com
> > ? ? ? ? <mailto:infolookup at gmail.com>> wrote:
> > ? ? ? ? > Michael,
> > ? ? ? ? >
> > ? ? ? ? > Thanks for the feedback, ideally its for playing around with
> > ? ? ? ? the tech in my home lab and learning it.
> > ? ? ? ? >
> > ? ? ? ? > Once I get an idea of a few things I want to ?develop a plan
> > ? ? ? ? for my job's network. We recently deployed 2 Cisco wifi
> > ? ? ? ? controllers, and a bunch (can't remember actually number) of AP
> > ? ? ? ? throughout our four locations, I want to see what type of
> > ? ? ? ? attacks we are open too!
> > ? ? ? ? > ------Original Message------
> > ? ? ? ? > From: Michael Douglas
> > ? ? ? ? > To: PaulDotCom Security Weekly Mailing List
> > ? ? ? ? > Cc: infolookup at gmail.com <mailto:infolookup at gmail.com>
> > ? ? ? ? > Sent: Jul 27, 2009 7:21 AM
> > ? ? ? ? > Subject: Re: [Pauldotcom] What's you Wifi Pentesting Gear?
> > ? ? ? ? >
> > ? ? ? ? > If you don't mind sharing (or you're able to do so) could you
> > ? ? ? ? let us
> > ? ? ? ? > know what you're trying to accomplish? ?Different WiFi tools are
> > ? ? ? ? > needed for different things.
> > ? ? ? ? >
> > ? ? ? ? > For instance, at the Pen Test Summit in June, Josh Wright made
> > ? ? ? ? mention
> > ? ? ? ? > of the iPhone using WiFi-Fo-Fum in an area with too many
> signals.
> > ? ? ? ? > Since the iPhone has a weaker detection than most pro gear
> > ? ? ? ? (stuff with
> > ? ? ? ? > Real Antennas) the limited range actually helped him narrow
> > ? ? ? ? down the
> > ? ? ? ? > signals much faster than it might have otherwise taken.
> > ? ? ? ? >
> > ? ? ? ? > ---
> > ? ? ? ? >
> > ? ? ? ? > For the low cost, I'm still loving my Hawking USB WiFis. ?The
> > ? ? ? ? hawking
> > ? ? ? ? > G that I bought on John's suggestion is probably the best thing
> > ? ? ? ? > tech-wise I've bought in a long time. ?It just works. And by
> > ? ? ? ? works I
> > ? ? ? ? > mean it is amaz-wait for it-ing. ?The drivers seem to be
> > ? ? ? ? available for
> > ? ? ? ? > every OS and the fact that the pigtail is just there, makes it
> > ? ? ? ? a great
> > ? ? ? ? > entry level card. ?(NOTE THIS DOESN'T DO N I DO NOT USE FOR REAL
> > ? ? ? ? > AUDITS -- but it's still damn handy)
> > ? ? ? ? >
> > ? ? ? ? >
> http://www.google.com/products/catalog?q=hawking+usb+wireless+g&cid=42278561
> 02301885371&sa=title#p
> >
> <http://www.google.com/products/catalog?q=hawking+usb+wireless+g&cid=4227856
> 102301885371&sa=title#p>
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? > I have played with a 1 watt omni directional antenna and
> > ? ? ? ? wowzers is it
> > ? ? ? ? > fun... but you're gonna have so many SSIDs that you won't know
> > ? ? ? ? what to
> > ? ? ? ? > do with them. ?;-) ?But for war driving, or doing preliminary
> > ? ? ? ? work,
> > ? ? ? ? > it's something to consider.
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? > On Sun, Jul 26, 2009 at 4:54 PM, Carlos
> > ? ? ? ? > Perez<carlos_perez at darkoperator.com
> > ? ? ? ? <mailto:carlos_perez at darkoperator.com>> wrote:
> > ? ? ? ? >> For pentests the basic kit where I work at are a omni 12dbi,
> > ? ? ? ? yagui
> > ? ? ? ? >> 24dbi and a 2dbi ruberdukkie. For cards ubiquiti 300mw and a
> > ? ? ? ? alpha
> > ? ? ? ? >> 500mw, physical laptops running Linux(bactrack or ubuntu).
> > ? ? ? ? For lab we
> > ? ? ? ? >> have a slew of equipment from linksys, cisco, 2wire, netguear
> and
> > ? ? ? ? >> enterasys to play with. In addi
> > ? ? ? ? >> Sent from my Mobile addition to this we have a pelican brief
> > ? ? ? ? filed
> > ? ? ? ? >> with more antenas, pigtails, digital camera ...etc that is
> > ? ? ? ? used for
> > ? ? ? ? >> wireless surveys and is narrowed during assesments
> > ? ? ? ? >>
> > ? ? ? ? >> On Jul 26, 2009, at 1:31 PM, infolookup at gmail.com
> > ? ? ? ? <mailto:infolookup at gmail.com> wrote:
> > ? ? ? ? >>
> > ? ? ? ? >>> Hello All,
> > ? ? ? ? >>>
> > ? ? ? ? >>> With so many wifi gears out there (cards, applications,
> > ? ? ? ? antennas)
> > ? ? ? ? >>> which is your favorite for wifi testing.
> > ? ? ? ? >>>
> > ? ? ? ? >>> Are you using a virtual lab/physical?
> > ? ? ? ? >>>
> > ? ? ? ? >>>
> > ? ? ? ? >>> I recently got the alpha clone with a rtl8187 chipset(which
> > ? ? ? ? sucks
> > ? ? ? ? >>> couldn't get it to handle injection under aircrack suite).
> > ? ? ? ? >>>
> > ? ? ? ? >>> My setup
> > ? ? ? ? >>>
> > ? ? ? ? >>> WinXP (desktop pci wifi setup)
> > ? ? ? ? >>> 1 windows 7 usb wifi
> > ? ? ? ? >>> 1 Laptop Ububtu 9 (Atheros chipset)
> > ? ? ? ? >>> --Virtual box (Pentoo alpha & BT4pre)
> > ? ? ? ? >>> 2 wifi AP (Linksys & verizon fios)
> > ? ? ? ? >>> 1 La Fonera (with Jasager)
> > ? ? ? ? >>>
> > ? ? ? ? >>> Thank You!
> > ? ? ? ? >>> Sent from my Verizon Wireless BlackBerry
> > ? ? ? ? >>> _______________________________________________
> > ? ? ? ? >>> Pauldotcom mailing list
> > ? ? ? ? >>> Pauldotcom at mail.pauldotcom.com
> > ? ? ? ? <mailto:Pauldotcom at mail.pauldotcom.com>
> > ? ? ? ? >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > ? ? ? ? >>> Main Web Site: http://pauldotcom.com
> > ? ? ? ? >> _______________________________________________
> > ? ? ? ? >> Pauldotcom mailing list
> > ? ? ? ? >> Pauldotcom at mail.pauldotcom.com
> > ? ? ? ? <mailto:Pauldotcom at mail.pauldotcom.com>
> > ? ? ? ? >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > ? ? ? ? >> Main Web Site: http://pauldotcom.com
> > ? ? ? ? >>
> > ? ? ? ? >
> > ? ? ? ? >
> > ? ? ? ? > Sent from my Verizon Wireless BlackBerry
> > ? ? ? ? _______________________________________________
> > ? ? ? ? Pauldotcom mailing list
> > ? ? ? ? Pauldotcom at mail.pauldotcom.com
> > ? ? ? ? <mailto:Pauldotcom at mail.pauldotcom.com>
> > ? ? ? ? http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > ? ? ? ? Main Web Site: http://pauldotcom.com
> >
> >
> >
> > ? ? _______________________________________________
> > ? ? Pauldotcom mailing list
> > ? ? Pauldotcom at mail.pauldotcom.com <mailto:Pauldotcom at mail.pauldotcom.com>
> > ? ? http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > ? ? Main Web Site: http://pauldotcom.com
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
> --
> Paul Asadoorian
> PaulDotCom Enterprises
> Web: http://pauldotcom.com
> Phone: 401.829.9552
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com