Compiling aircrack-ng suite on Raspberry Pi Raspbian

Why, because you can.  I’m doing this on the stock upgraded Raspbian distro kernel 3.6.11+.

Prerequisites are a brain, knowledge of Linux and Raspberry Pi.  Casual tech self-abusers should go and do some research first and yes the Pi is helping them come out the woodwork.

Compiling from the source down not work, it has not been upgraded for a while.  Just check out the SVN.

sudo apt-get upgrade
sudo apt-get update

sudo apt-get install libssl-dev subversion iw
svn co aircrack-ng
cd aircrack-ng
sudo make install

airmon-ng is no longer compiled during make by the looks of it, but it is in aircrack-ng/scripts

You can make it executable by doing a chmod +x airmon-ng, then copying it to the same path where aircrack-ng is natively installed.  i.e

To get airodump-ng to work properly, you may need to kill all the services that airmon-ng complains about then it is running.
Go to /etc/init.d and
sudo ./ifplugd stop

then sudo killall all the rest of the processes that airmon-ng complains about

PID    Name
1589    ifplugd
1617    ifplugd
2380    dhclient
16076    ifplugd
16088    wpa_supplicant
16146    wpa_cli
Process with PID 16076 (ifplugd) is running on interface wlan0
Process with PID 16088 (wpa_supplicant) is running on interface wlan0
Process with PID 16146 (wpa_cli) is running on interface wlan0

Seems to work ok

pi@raspberrypi /etc/init.d $ sudo aireplay-ng -9 mon0
00:03:07  Trying broadcast probe requests…
00:03:07  Injection is working!
00:03:09  Found 2 APs

00:03:09  Trying directed probe requests…
00:03:09  ########### – channel: 6 – ‘#########’
00:03:10  Ping (min/avg/max): 1.637ms/22.619ms/103.341ms Power: -51.40
00:03:10  30/30: 100%

00:03:10  ########## – channel: 6 – ‘#####’
00:03:11  Ping (min/avg/max): 2.875ms/32.890ms/87.744ms Power: -54.83
00:03:11  30/30: 100%

WindyCityTech Blogger
WindyWindyCityTech WordPress

Privacy Risk on new website First and Last Name in Cleartext

The new website has been released with much fanfare but the creaters of the website have now decided to embed the users first name and last name on most pages visited.  The test is delivered under plain http and can easily be captured over the air or wire using Wireshark.

Steps to replicate:

  1. Login to with correct credentials
  2. Navigate to he home page
  3. Hover the mouse to the top left hand corner under the “G’Day <First Name>”
  4. Be greeted with a hover over panel with <First Name> <Last Name> in plain sight.

Conducting a Wireshark trace illustrates the issue.  A sting search in packet details for GH_alertData will display the first / last name.

Why is this bad:
Potentially a hacker can gain easy access to your first, last name and ebay id and use this info to produce a phishing email or collect this data for further attacks.

Where can this happen:
The most likely place for this to happen is over an unencrypted wireless network, i.e at the airport or the cafe.  Wired networks are also vulnerable.

What can ebay do:
Secure their website by using the https protocol for the entire website.

What else sucks:
On a internet connection that can stall, i.e 3G/wifi, the hover function can time out and throw up the message, “We’re sorry, there was a problem retrieving this information”.  Now the user can easily log out without refreshing the page.
Sidejack friendly…

WindyCityTech Blogger
WindyWindyCityTech WordPress

LMMC header on DLink router file, decoding the zlib zpipe Plaintext password

LMMC header on router file, decoding.

Inspired from

Tested on a DLink DSL-G604T

Downloading the config file dumps a config.bin file.  The first line of the file has a LMMC which indicates a zlib header

Convert the file to a .Z file
dd if=config.bin of=test.config.bin.z bs=20 skip=1

download the zlib source and extract it.
go to the examples folder
compile zpipe.c using the command
gcc -o zipe zpipe.c -lz
now you will have something called zpipe

copy the zpipe command where the config files are and execute the command
./zpipe -d < test.config.bin.z > config.txt

now open config.txt and view it plaintext!

WindyCityTech Blogger
WindyWindyCityTech WordPress

linux password basics 101 notes

full source:

passwords are encrypted into a hash and are stored in /etc/shadow

To look in the shadow file, type in a terminal sudo cat /etc/shadow


look at ‘man shadow’ for the full definition.

The hashes are delimited by the $ sign in this format
$id $salt $encrypted

Where $id 1 = MD5  5 = SHA-256   6 = SHA-512

Also look here for more info

WindyCityTech Blogger
WindyWindyCityTech WordPress

Changing a linux password, recovering


Boot into a shell as root
type ‘e’ at the grub menu
change the line “ro quiet splash” TO “rw init=/bin/bash”
press CTRL-D to boot

search for home directory to find the username
confirm username by cat /etc/passwd
type ‘passwd USER’
type in new password & confirm
type sync

another option is to boot from a live CD, mount the hard drive (sudo fdisk -l) and edit a character in the /etc/passwd file.
umount and reboot

login without a password.  Put a password in by typing
‘passwd user’
sudo shadowconfig off
sudo shadowconfig on

WindyCityTech Blogger
WindyWindyCityTech WordPress

compiling crunch 3.3 in ubunut and mint, error in Makefile

Found on Ubuntu forums here

Modify the makefile under build: crunch mode the $? to the left as shown.

val:    crunch.c

    @echo "Building valgrind compatible binary..."

    $(CC) $? $(VCFLAGS) $(LFS)  -o crunch

    @echo "valgrind --leak-check=yes crunch ..."

    @echo ""

crunch: crunch.c

    @echo "Building binary..."

    $(CC) $? $(CFLAGS) $(LFS)  -o $@

    @echo ""

Also note that crunch default install is /pentest/passwords/crunch  you may want to change the location in the make file to suit.

WindyCityTech Blogger
WindyWindyCityTech WordPress