And access it from anywhere in the world!

I’m struck by the fantastical marketing claims from so many hardware vendors that everything you buy today is accessible from the internet. Do you even know what that means? Your average household can barely change their router password, yet they need to punch a hole in their firewall and open up a product which cannot be updated to the world. The World. So they probably use UPNP or something, which, honestly, I never understood. I just disable it for everything because I read early on how fucked it is and useless if you know what port-forwarding ss.

I still haven’t had the courage to open up anything I have, to the dismay of my partner who would really like to access her music. I tried that one time and the thing got hacked in a week.

Don’t open ports. Use a VPN if you have to, but not even then. Just disconnect everything.

Advertisements

Fuck Logitech’s SetPoint and their piss poor approach to security

I said this 5 years ago, and it holds true today. One of the best infection vectors I can think of is to compromise SetPoint, the buggy shitware that Logitech forces you to use in order to make use of your additional mouse buttons. It crashes repeatedly, when all it needs to do is listen to mouse buttons. It has an extremely large file size for what it is. It’s not checksummed on their site and billions of consumers install it.

I was checking my logs and saw my download for their Unifying tool, which you are REQUIRED to have to pair your fucking mouse was redirected to some 3rd party site called navisite.com. By querying virustotal I saw that many different packages for Logitech are downloaded from that site that flag AV, in some cases with a 50% detection rate.

What does that mean? Either that is a malware site I was redirected to from malware on my system, or Logitech was compromised and their executables infected. It’s a smart move really, what other executables can you think of that are downloaded by so many people with little concern for security?

Don’t even get me started on D-Link and their shit-tastic approach to locking down their webcams. No passwords over 8 characters? Completely fucked SSL authentication? Buy a D_Link camera and you might as well stick a camera up your ass and broadcast it to the world. And that’s not even making it accessible over the internet.

unique USB power cable let’s you power your Alfa without draining your cells battery.

image

cheap @ monoprice.com! works great with an external battery and papa capture app by dragorn. happy sniffing!

fix your bricked Samsung galaxy S3 with Jtag services on ebay

I flashed an incompatible ROM on my S3 and it no longer booted. thankfully there are dudes on eBay who can fix them for about 30$US. you send them your phone and they hook it up to a specialized program called Riff box and connect wires to the Jtag terminals on the S3 main board. it works! so don’t give up, OK? I can vouch for one guy. I’ll dig up his info later. only sketchy part is maybe they clone all your info but you don’t have any other options except buying riff box yourself and it isn’t cheap.

Samsung Galaxy S3 “SIM Card Not Found” error is most likely your fault.

I just spent 3 hours or so trying to figure out why my S3 suddenly stopped reading it’s SIM card. I must have jostled it when I was pulling the battery during a freeze up. The reason I was getting that error: I hadn’t seated it properly. The SIM cards are spring-loaded, designed to pop out after you push down on them. You gotta jam the card way down in the slot, farther than you can reach with your fingers until you hear it click or you feel it reach the end. No man’s land. It’s an act of faith. Do it, it’ll work better than fucking with your cell settings which weren’t wrong to begin with.

For all you Verizon users, a SIM card is this fucking tiny slab of metal and paper that is totally not necessary for CDMA devices since they can’t be unlocked to become GSM devices anyway. The rest of the world uses them to store settings and shit so you can swap phones and save your info, or something. I donno I’ve used Verizon for 15+ years. But I’m headed to Metro soon, fuck $80+/month

Google Nexus 7 (2012 wifi aka “grouper”), MultiRom Manager, and CyanogenMod 11 install notes

MultiRom Manager is one of the coolest hacks to come out of the android rom development scene. It allows you to choose a rom to use at boot. It only works with this one model of tablet! It’s weird.

So anyhoo, I couldn’t figure out if it was safe to install Cyanogen, knowing it uses a different recovery than most other roms. People were doing it, but my first try led to a boot loop.

The secret is when you add the rom (not easy to find! You have to boot into the TWRP recovery, choose advanced, then MultiRom, to add roms. Don’t waste your time in the GUI) you need to say “NOT SHARED”. This means you arent using the same kernel that your primary rom uses and filling in what Cyanogen is expecting.

Hope this helps someone out who found this via specific keywords or something. Haha.

Oh and here’s a link to a PwnPad fork for Nexus as well.: http://w11.zetaboards.com/Pwnie_Express/topic/8951376/1/

 

Installing Ettercap on Mac OS X Mountain Lion

Ettercap is one of the most famous MITM applications ever. Installing it on Mac OS X was not entirely straight forward so here are some additional tricks I had to do to get it installed on Mountain Lion.

First off, I am using Homebrew, a package manger for OS X. Frankly, I sort of wish I had used MacPorts at this point, because it is more popular and there’s more documentation about using it. I’m not sure what the ramifications would be if I tried to switch at this point so I’m just going to plow forward using it.

I already had some of the needed dependencies required by Ettercap, so I’m going to focus on the problems I personally ran into. You may need to install additional libraries if you don’t already have them.

To enable PDF documentation generation
– ghostscript (ps2pdf13)
– groff

$ brew install ghostscript

To enable plugins:
– libltdl (part of libtool)

I didn’t run into a problem here

To have perl regexp in the filters:
– libpcre

$ brew install pcre

To support SSH and SSL decryption:
– openssl 0.9.7

$ brew install openssl

For the cursed GUI:
– ncurses >= 5.3

I already had this because I installed kismet but you might need it

For the GTK+ GUI:
– Glib >= 2.2.2
– Gtk+ >= 2.2.2
– Atk >= 1.2.4
– Pango >= 1.2.3

$ brew install gtk+ 

For the SSLStrip plugin
– Curl >= 7.26.0

This was a bugaboo. First do

$ brew install curl

This will install the recent version of curl that you need for ettercap. Unfortunately it will not symlink it to /usr/local because OS X already has a version of curl installed and brew doesn’t want to interfere with that. This sucks for us. We’ll need to modify the make file to point to our brew-installed version of curl.

Go into the build directory you made while setting up ettercap and edit the CMakeCache.txt file to look like this:

CURL_INCLUDE_DIR:PATH=/usr/local/opt/curl/include
CURL_LIBRARY:FILEPATH=/usr/local/opt/curl/lib/libcurl.dylib

That will get the installer to look in the right place for the updated curl files.

Finally, after you successfully build ettercap (using sudo make install), you need to modify a mac system plist file to allow for IP forwarding. You would know this if you read the README.OSXLION file included with ettercap.

$ sudo nano /Library/Preferences/SystemConfiguration/com.apple.Boot.plist

replace

with

net.inet.ip.scopedroute=0

and reboot!

New Kismet 2013! First install guide

If you’ve never installed kismet, there are a few packages it can benefit from that you should get for a more full-featured installation. How did I figure this out? Well, I knew from the output of ./configure that PCRE support was missing. So I used the hand apt-cache search pcre to search for all packages with that in the name. I thought it might be libpcre3 and tried it, but it didn’t work. So naturally I tried the -dev version instead (since we are building from source here)

sudo apt-get install libpcre3-dev

^^ this allows you to use regular expressions on the SSID names for filtering. Honestly, I’ve never done it but it could be useful.

sudo apt-get install libnl-dev

this is the solution to this problem after ./configure

*** WARNING *** LibNL/nl80211 support was not found. Kismet uses libnl to control mac80211 based wireless interfaces, which comprise the vast majority of interfaces on modern Linux systems. Unless you plan to use only older drivers, you need libnl. You need both the libnl libraries and development headers (called libnl-dev or libnl-devel by most distributions).

Well, the first package wasn’t enough to satisfy configure so, let’s examine the output more closely to see what exactly it is looking for: checking for libnl30… yes checking for libnlgenl30… no checking for libnl20… no checking for libnl1… no I tried the libnl-genl-3-200 package, but what do you know, it’s the -dev version that it wants, just like before.

sudo apt-get install libnl-genl-3-dev

A few others that you might need for general source compilation are:

sudo apt-get install build-essential libncurses-dev libpcap-dev

Now we don’t have configure bitching at us, it’s time to make dep.

sudo make dep This checks that all the dependencies are in place before it attempts the costly build. sudo make This turns hard written code into a binary file that can be executed, but it just leaves that binary in the directory. To fully install it we want to make, then either make install or, preferably make suidinstall. Be sure to run make first or these won’t work. I know some software will let you just do make install but not here.

sudo make

sudo make suidinstall

Why the suidinstall? Short answer: It’s safer. In theory, there could be a bug in kismet (and this is a new version, so there’s sure to be some) where someone could broadcast a particular packet with malformed data and ride a buffer overflow right up your fun-hole into ROOT. Yes, someone could generate a wifi packet that would crash kismet and give root access (which is what you are running with if you don;t use suidinstall) to whoever wrote the packet. suidinstall is a tad more complicated, but it only takes about 3 more seconds and a reboot and then you’ll never notice it again. Basically, you need to add yourself to the “kismet” user group in order to be able to run kismet. Unfortunately, this requires you to log out and log back in again to work.

To add yourself to the group, I’m sure there is a very simple command line command using chgrp or something, but I puss out and wind up using the GUI tool to do it. This can be sorta confusing the first time. Go to your control panel and find a “users and groups” option. Open that up and you’ll see users settings and “manage groups”. click manage groups and then find the “kismet” group. DO NOT “ADD”, click “properties”. Then find yourself in the list of members and check the box next to your name. Boom. You are now added. However, you won’t be able to run kismet until you log back in because apparently these groups are only assigned at login. So sadly, reboot that Ubuntu machine that should never need to be rebooted (in theory) and come back here so we can get on with building the plugins. Or just continue on and reboot at the end.

PLUGINS!

Update: dragorn, the author of kismet saw this page and corrected me on how to properly install the plugins, so I’m removing what I had before. Here is the correct procedure for installing the plugins, either as a user install or system wide (the best way, but you can’t do it that way if you aren’t root)

< dragorn> ‘make install’ installs plugins to the system dirs
< dragorn> so it needs to run as root
< dragorn> userinstall installs them to the home dir of whatever user you run it as

sudo make plugins-install

or (as non-root)
make plugins-userinstall
18:40 < dragorn> make install plugins would…  well, if you run it as root, would install kismet non-suid, then compile plugins as root
18:41 < dragorn> but plugins are only installed by plugins-install, restricted-plugins-install
18:41 < dragorn> or plugins-userinstall, restricted-plugins-userinstall
18:41 < dragorn> restricted being the ‘offensive’ ones like autowep and ptw

The bluetooth plugin needs a package first. I googled around and it turns out to be:

sudo apt-get install libbluetooth-dev

Without that you’ll get an error like this when you try to make install it:

packetsource_linuxbt.h:42:33: fatal error: bluetooth/bluetooth.h: No such file or directory

So now you should be set up to run kismet 2013! It’s great as usual, but is not the much anticipated phy-neutral version dragorn has been working on forever. That version will sniff anything you throw at it, as long as you have a capable adapter. Zigbee, Bluetooth, DECT, WiSpy frequency analyzer, Wifi, etc. You can download and try it out. The interface is different than the kismet you are used to and takes some getting used to.