Saturday, January 26, 2013

Wireless "Deauth" Attack using Aireplay-ng, Python, and Scapy


A couple of days ago I received my order of a nifty Alfa AWUS036H and decided it'd be a perfect time to explore a few common wireless attacks. This post will explore how to perform a common "Deauthentication Attack" both the "easy" way using a fantastic tool called aireplay-ng, as well as writing our own tool in Python to perform the attack for us using the extremely powerful Scapy module. In this post I won't be going into detail about basic wireless mechanisms, but if you'd like a very comprehensive guide to understanding the topic, I really recommend the Wireless LAN Security and Penetration Testing Megaprimer on SecurityTube. With that said, let's deauth some clients.

Alfa AWUS036H

Thursday, January 10, 2013

Distributed Port Scanning: Creating an Nmap Cluster Using DNmap


When performing a security engagement, the information gathered from port scanning is crucial. However, these scans can take a substantial amount of time when we set a reasonable timeout in an attempt to be thorough. So what happens when we need to scan a large amount of hosts? Say, an entire continent? We need to find a way to distribute the bandwidth load to multiple hosts in parallel. Fortunately, a tool has been developed which will allow us to create and manage a cluster of hosts which each have its own bandwidth dedicated to port scanning.

Monday, January 7, 2013

SANS Holiday Challenge 2012 Zone 5 Writeup

Zone 5

Heat Miser

The last zone we need to gain access to is Zone 5 for Heat Miser. Connecting to the URL we found in the previous post, we are presented with the following:

SANS Holiday Challenge 2012 Zone 4 Writeup

Zone 4

We can use the URLs obtained in the previous post to access Zone 4 for both Snow and Heat Miser.

SANS Holiday Challenge 2012 Zone 3 Writeup

Zone 3

Using the URLs obtained in the previous post, we can access Zone 3 for both Heat and Snow Miser. Let's see if we can obtain the URLs for Zone 4.

SANS Holiday Challenge 2012 Zone 2 Writeup

Zone 2

Using the URLs obtained in the previous post, we can gain access to Zone 2 for both Snow and Heat Miser.

SANS Holiday Challenge 2012 Zone 1 Writeup

Zone 1

We can use the links found in the previous post to gain access to Zone 1 for both Snow Miser and Heat Miser. Since no more introduction is needed, let's get started.

SANS Holiday Challenge 2012 Zone 0 Writeup


This year, SANS hosted a holiday CTF-like challenge in which participants play the role of Heat Miser and Snow Miser, two characters from the classic movie The Year without a Santa Claus, as they attempt to gain access to each other's weather control systems to alter the weather systems on Earth as we know them.

Sunday, January 6, 2013

Google as an IDS: Using Google Alerts to Help Detect Compromise


Detecting a compromise can be difficult. When it comes to intrusion detection, the more information and sources a sysadmin has at their disposal - the better. Fortunately for us, Google has created a tool called "Google Alerts" that inadvertently gives us the capability to monitor for intrusions in a few ways.

Friday, January 4, 2013

Cracking Unix Password Hashes with John the Ripper (JTR)


This post will serve as an introduction to password cracking, and show how to use the popular tool John-the-Ripper (JTR) to crack standard Unix password hashes. I am also working on a follow-up post that will provide a far more comprehensive look at password cracking techniques as well as the different tools employed (as well as their pros/cons).