About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Hack
Introduction to Hacking
Hack Attack
Hacker Zines
Hacking LANs, WANs, Networks, & Outdials
Magnetic Stripes and Other Data Formats
Software Cracking
Understanding the Internet
Legalities of Hacking
Word Lists
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

System Cracking 2k

by protonigger

NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.

Seems like it's been a while since my last article (though I am still receiving e-mails in response to my article on breaking into school networks), so I've decided to submit yet another article, this time on newer forms of network infiltration. Because, let's face it, times have changed. It takes more than a wardialer and a list of default passwords to break into a network. So enough of the introduction, let's begin...

Section I: Wireless Networking ------------------------------

Recently the implementation of wireless networking has become the new convenient and efficient way for businesses to communicate between nodes. With wireless networking users are able to stay connected to their networks approximately 1 3/4 more hours, which increases productivity by 22%. This also makes it easier to set up new connections to the network (without having to deal with wires and such). However, as technology develops, so does methods of exploitation. But before we get into exploiting wireless networks we must first understand the different types of wireless networks. There are four different types of wireless networks...Bluetooth, IrDA, SWAP (HomeRF), and Wi-Fi.

Bluetooth is a radio-frequency standard that is rather inexpensive. Bluetooth communicates on a frequency of 2.45 gHz, which is the same radio frequency band that is used on such devices as baby monitors and garage door openers. When communication is established, Bluetooth creates a PAN (personal area network, also known as a piconet). These piconets encompass an area not much larger than a single room, but can communicate with other piconets that are nereby. This type of wireless networking of course is not very efficient when dealing with a large business. IrDA (Infrared Data Association) is a standard for devices to communicate using infrared light pulses. An example of a device using IrDA is a remote control. Though an IrDA can transfer data up to speeds of 4Mbps, it requires that it each device be in direct sight of each other. This of course very much limits it's use in your average work place. SWAP and Wi-Fi are both based on spread-spectrum radio waves that are in the 2.4 GHz range. Spread spectrum simply means that data is sent in small pieces over a number of frequencies that are available for use in the specified range. They also allow two ways for communication between nodes and allow for speeds up to 2 Mbps.

These two methods are called DSSS (direct-sequence spread spectrum) and FHSS (frequency-hopping spread spectrum). Communication using DSSS is done by splitting each byte of data into separate parts and sending them concurrently on different frequencies (using approximately 22 MHz of the available bandwidth). Communication using FHSS is done by sending a short burst of data, switching frequencies, and then sending another short burst (which uses only 1 MHz or less of the available bandwidth). Wi-Fi is probably the type of wireless network you will encounter most often in business networks due to the fact that it is very efficient and can integrate into existing wired-Ethernet networks (unless they can't afford it). Anyways, that should give you a good idea of how wireless networks operate. I'm sorry for the long lecture, but as I like to tell a lot of people, you can not expect to be able to exploit something you don't even understand. So now that we are done with that we will get into methods of targeting and exploiting wireless networks.

We will start off with a method that is becoming quite popular, very quickly...wardriving. Wardriving is the act of driving around looking for unsecured wireless networks. It's a fairly new concept, but has already grown quite a following. So how do we do it? Well first you need to invest in the supplies needed. First you need to buy a decent laptop with a PCMCIA slot for the wireless card. Then of course a wireless card. An antenna is optional, but is prefered if you are wanting to be able to search targets from a safe distance. Make sure the wireless card you purchase comes with an antenna jack (unless you have enough experience to modify the wireless card).

Finally the software. Netstumbler is the most popular software available for wardriving, and works on a Windows operating system. There is also Airsnort for linux, and Ap Scanner for Macintosh. If you have some money left over then it is also a good idea to invest in a GPS unit, which will allow you to log the exact coordinates of a targeted wireless network. www.wardriving.info is a good place to start to learn more about wardriving.

Now lets get into warchalking. Warchalking is simply the process of making a sort of physical mark to indicate wireless networks in the premises. The symbols are usually marked as such (in chalk somewhere outside the premises, thus giving it's name). A symbol such as ")(" (two semi-circles sitting back to back) indicates an open node, which means that anybody who sees this symbol and knows it's meaning can freely access into the network. A symbol as such "O" (a circle) indicates a closed node. And a circle with a 'W' inside it indicates a WEP (Wired Equivalent Privacy), which is a 40-bit encryption and 24-bit IV (Initialization Vector...also known as a 64-bit encryption) implemented in order to prevent eavesdropping (WEP2 offers a 128-bit encryption, and may be implemented if the business has enough concern to implement such measures). The WEP encryption standard is however quite insecure, and I will briefly describe some methods that can be used to crack such measures, but it will be up to you to do a little bit of research (utilize a search engine). The key scheduling algorithm for RC4, which is what WEP utilizes, is not unbreakable. In fact, the implementation of BOTH the RC4 encryption and the IV seems to be what causes the WEP algorithm to be so weak. Click on the link below to read a more indepth article on problems persistant in WEP...

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

The main problem here is the keys are static, meaning that if you utilize a tool like Airsnort you can sniff the traffic and figure out the key, therefore, giving you the chance to pose as a legitimate user.

Also, if you can get your hands on this, there is a tool IBM has recently released called WSA (Wireless Security Auditor) that could greatly automate your task of finding security vulnerabilities present in wireless networks. This tool runs off Linux on an iPAQ PDA (you'll have to do a bit of shopping around, but if you can get a copy of WSA for your iPAQ, then you could greatly reduce the time it takes to infiltrate the wireless network). There are other aspects of wireless network exploitation such as warwalking, and warflying. However, if I got into the these topics I would simply be repeating what has already been said, since the concept is basically the same. Another technique that can be applied to wireless network exploitation is ARP poisoning, as well as other ARP based attacks. For information on various ARP based attacks go to...

http://packetstormsecurity.nl/papers/protocols/intro_to_arp_spoofing.pdf

Section II: Conclusion ----------------------

Hope you enjoyed the article. There was probably more techniques I could have gone over, but they didn't really feel related to the subject quite as much. So until next time...

Note: Also make sure to visit Hacking Palace at www.hackingpalace.net (it's not my site, but I'm helping out a friend). There's a lot of useful tutorials on the site and a new forum that we are trying to start up. So make sure to join us.

Note-2: If you have any questions of comments and feel the need to reach me then you can do so at [email protected] and I will try to get back with you as soon as possible.

 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
Php
Withstanding an EMP
Good computer destroyer?
Wow, I never thought the navy would be so obvious.
Alternatives Internets to HTTP
Anti-Virus
a way to monitor someones AIM conversation
VERY simple question: browser history
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS