Monday, April 5, 2010

Dipetik dari http://www.ethicalhacker.net/

Oleh Daniel V Hoffman (CISSP, CWNA dan CEH)

Finding Wireless Networks

Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:

Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.


(NetStumbler Screenshot)

Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.


(Kismet Screenshot)

Attaching to the Found Wireless Network

Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.

Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.


(Screenshot of Airsnort in Action)

CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.


(Cowpatty Options Screenshot)

ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.


(Asleap Options Screenshot)

Sniffing Wireless Data

Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.

Wireshark (formerly Ethereal) – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.


(Screenshot of Ethereal in Action)


(Yahoo IM Session being sniffed in Ethereal)

The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.

Posted by at No comments:

Jalur lebar jadi ungkapan popular selepas NBI

Petikan dari Utusan Malaysia Online
ARKIB : 24/03/2010

HSBB kebangsaan bernilai RM11.3 bilion yang merupakan projek perdana NBI, merupakan perjanjian usaha sama awam-swasta antara Telekom Malaysia dan kerajaan bagi membangunkan perkhidmatan dan infrastruktur jalur lebar berkelajuan tinggi generasi akan datang untuk negara.

NBI membahagikan negara kepada tiga zon. Zon satu melibatkan kawasan ekonomi berimpak tinggi seperti kawasan tengah Lembah Klang dan Wilayah Pembangunan Iskandar di Johor. Zon Dua membabitkan kawasan bandar dan separa bandar yang lain manakala Zon Tiga melibatkan kawasan luar bandar.

Telekom Malaysia akan menawarkan jalur lebar berkelajuan tinggi (HSBB) dengan akses 10 Mbps di zon ini. Penduduk di Zon satu juga akan mendapat akses kepada penyelesaian jalur lebar kompetitif yang lain.

Empat kawasan awal yang akan diliputi perkhidmatan TM HSBB ialah Shah Alam, Subang Jaya, Taman Tun Dr. Ismail dan Bangsar. Pelan NBI membabitkan inisiatif swasta untuk menawarkan jalur lebar ke kawasan Zon Dua. Penawaran jalur lebar di Zon Tiga memerlukan campur tangan MCMC menggunakan dana Peruntukan Perkhidmatan Sejagat (USP).

Peruntukan jalur lebar di kawasan berkenaan termasuk Telefoni Asas (menerusi rangkaian tetap dan mudah alih), Perpustakaan Jalur Lebar Komuniti (CBL) dan Pusat Jalur Lebar Komuniti (CBC).

Liputan selular di kawasan berkenaan akan diperluas dengan membina lebih banyak menara komunikasi yang dibiayai oleh USP bagi membolehkan operator selular meluaskan liputan masing-masing kepada 97 peratus penduduk menjelang 2011.


TM reveals HSBB access rates

Petikan dari http://www.btimes.com.my
Published: 2010/01/30

The pricing comes in two forms: a one-time charge and a monthly recurring charge.

It charges service providers one-time fees of between RM100 and RM200 for activation of each Internet port. On a monthly basis, it charges the service providers between RM50 and RM550 per megabit per second (Mbps) for bandwidth subscription. Different monthly charges are catered for different type of usage.

Posted by at No comments:

Saturday, March 6, 2010

Backtrack4





Assalamualaikum dan Salam1Malaysia,

Akhirnya.. penantian saya sekian lama sudah berakhir. Backtrack 4 final saudah pun release!
Tidak sabar rasanya utk mencuba OS favourite saya ini.

Gambar sebelah kiri inilah skrin favourite saya (screenshot aircrack AP wireless).

So.. watchout...

p/s maklumat lanjut sila ke http://www.backtrack-linux.org/
Posted by at No comments:

Tuesday, March 2, 2010

CEH


Assalamualaikum dan Salam 1Malaysia..

Aduh, malunya diri sendiri sebab inilah post pertama bagi 2010, nampak sgt tiada disiplin diri utk mengemaskini laman blog ini.

Awal kalam, saya ingin berkongsi dengan anda berkenaan CEH atau Certified Ethical Hacker. Terdapat beberapa respondent yg menghantar email bertanyakan berkenaan CEH..



Perkataan di bawah adalah petikan terus dari Wikipedia:
http://en.wikipedia.org/wiki/Certified_Ethical_Hacker

Certified Ethical Hacker

From Wikipedia, the free encyclopedia

Jump to: navigation, search

The Certified Ethical Hacker (C|EH) is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.)

An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not, except in Germany.

A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

The certification is in Version 6 as of August 2008.


Certification coursework

The coursework consists of 67 modules, which range from 30 minutes to five hours or more, depending on the depth of the information provided.

Some training centers and universities in Asia and Europe include EC Council's CEH program in one of their course modules.


Examination

Certification is achieved by taking the C|EH examination after having either attended training at an ATC (Accredited Training Center) or done self-study. If a candidate opts for self-study, an application must be filled out and proof submitted of 2 years of relevant information security work experience. In case you do not have two years of information security related work experience you can send them a request detailing your educational background and request for consideration on a case basis.[2] The current version of the CEH, v6, uses EC-Council's exam 312-50, as did v5. This exam has 150 multiple-choice questions and a 4 hour time limit. The earlier v4 had 125 multiple-choice questions and a three hour time limit. The exam costs US$250 in the United States (prices in other countries may differ)[3], and is administered via computer at an EC-Council Accredited Training Center, Pearson VUE, or Prometric testing center (in the United States).

p/s sebarang maklumat berkenaan CEH dan EC-Council, anda boleh la ke laman web CEH


Posted by at No comments:

Friday, October 30, 2009

P1 W1MAX | WiMAX hacking..

Salam 1 Malaysia,

Pegh.. Lamanya saya tidak posting blog ni..
Maklumlah.. banyak urusan duniawi dan akhrawi kena buat..

Rasanya dalam 3 bulan kebelakangan ini sudah ramai pengguna komputer berjinak-jinak menggunakan OS linux disebalik ledakan Internet jalur lebar..

Selain mainstream seperti Streamxy, Jaring dan syarikat Telco lain yang menyediakan servis Internet.. WiMax jugak semakin mendapat sambutan yang menggalakkan..

Cuma kali ini saya hendak berkongsi pengalaman berkenaan sistem keselamatan WiMax..
Pada minggu lepas (Ahad - 24 Oct) sapa pergi ke rumah my twin yang kebetulan melanggan WiMax..











Sebelum saya bercerita panjang lebar berkenaan pengalaman saya menghack WiMax tersebut, izin kan saya sisipkan apa itu teknologi wimax:

WiMAX, meaning Worldwide Interoperability for Microwave Access, is a telecommunications technology that provides wireless transmission of data using a variety of transmission modes, from point-to-multipoint links to portable and fully mobile internet access. The technology provides up to 10 Mbit/s broadband speed without the need for cables. The technology is based on the IEEE 802.16 standard (also called Broadband Wireless Access). The name "WiMAX" was created by the WiMAX Forum, which was formed in June 2001 to promote conformity and interoperability of the standard. The forum describes WiMAX as "a standards-based technology enabling the delivery of last mile wireless broadband access as an alternative to cable and DSL"

Wireless MAN

Wireless Metropolitan area networks are a type of wireless network that connects several Wireless LANs.

  • WiMAX is the term used to refer to wireless MANs and is covered in IEEE 802.16d/802.16e.

Petikan dari Wikipedia
http://en.wikipedia.org/wiki/WiMAX

Tidak wajar rasanya perlu jelaskan apa yang telah jelas berkenaan pengenalan wimax.. Sebenarnya saya ada mencari maklumat berkenaan sistem keselamatan wimax, dan ini antara info yang saya dapat:

Does WiMAX use wired equivalent protocol (WEP) like Wi-Fi?

by Mike Wolleben last modified 2008-11-28 04:49 PM

No. WiMAX uses much newer security protocols with enhanced encryption capabilities. Wi-Fi itself has enjoyed several security enhancements including the WPA technology and currently WPA-2. Both technologies have significantly improved their security technology.

...............


 IS P1 W1MAX SAFE TO USE?

Absolutely! P1 W1MAX is totally safe to use.

http://www.p1.com.my/support/support_faq.aspx


...............

Berbalik kepada pengalaman saya menghack Wimax, saya sebenarnya pertama kali mencuba hacking wimax.. Dan saya terkejut bila monitoring mode Linux Backtrack 3 Lenovo X61 saya menunjukkan sistem sekuriti nya menggunakan WEP.. dan kesudahannya ialah.. dalam masa 10 minit saya sudah dapat WEP keynya..

Kemungkinan besar sistem sekuriti bergantung pada jenis model modemnya, lain model lain sekuritinya.. tapi yang nyata penggunaan WEP sebaiknya dielakkan..

Bukan tujuan saya mengajak anda supaya melupakan wimax, tetapi niat saya agar terus lah menyokong perkhidmatan jalur lebar dengan hati2 dan dengan luaskan pengetahuan anda tanpa melupakan keadaan keselamatan data anda.

Jumpa lagi..

Posted by at 1 comment:

Wednesday, July 22, 2009

Hacking AP di KK

Kebetulan saya berada di KK selama 5 hari (20hb Jul - 24hb Jul) outstation, saya adalah mencuba untuk memerhatikan kesedaran masyarakat KK berkenaan keselamatan Wireless khususnya AP. Saya menginap di sebuah hotel yang agak baru dan terkemuka menghadap Laut China Selatan, di hadapan barisan bangunan kedai lama yang agak popular satu masa dahulu iaitu Bangunan Sinsuran.

Seperti biasa saya masih menggunakan Backtrack 3 (masih menunggu bila Backtrack 4 final akan publish), dengan menggunakan tools aircrack-ng suite. Terdapat satu AP bernama 'sinsuran' dengan menggunakan WEP sebagai sistem sekuritinya.

Post-post sebelum ini saya sudah acap kali menyatakan kelemahan sistem WEP ini, dan saya berjaya lagi meng'hack' AP sinsuran ini. Percaya atau tidak, saya hanya mengambil masa kurang dari 5 minit untuk mengumpul 'ivs' nya. Dengan tidak sampai 10000 ivs, saya dapat melayari Internet dengan tenang dan cepatnya (Internet hotel ni agak slow, mungkin disebabkan filtering dari firewall agaknya).

Sebelum saya bersedia untuk tidur, saya sekali lagi menasihati anda pemilik2 AP.. Jangan pakai WEP, dan kerapkan mengubah WPA2 anda.. bye-bye..

p/s Sorry 'sinsuran' owner, i'm doing it not for commercial purposes.. just for adding the guts and knowledge
Posted by at No comments:

Thursday, July 16, 2009

Hacking! Run Backtrack from your thumbdrive!!!

Lama jugak rasanya saya tidak update blog ini, dan mungkin anda sudah mendapatkan iso file OS linux yang saya cadangkan dalam post sebelum ini.

Kali ini saya akan teruskan proses seterusnya, kali ini saya memilih Backtrack sebagai attacker OS. Anda sebenarnya bebas memilih untuk run Backtrack melalui Live CD atau pun boot terus ke hard disk (kepada mereka yang dual boot Backtrack).

Saya memilih untuk menggunakan version USB, iaitu Backtrack version yang boleh run/boot melalui USB thumbdrive. Caranya:
a. Anda boleh download nya di sini.
b. Extract bt3final_usb.iso tadi terus ke thumbdrive anda (terdapat dua folder iaitu Boot dan BT3)
c. Bukak folder Boot dan double- click bootinst.bat (Pengguna XP rasanya tiada masalah, click 'Continue' sekiranya pop-up error keluar)
d. Ikuti sahaja arahan onscreen
e. Sesudah selesai, reboot kan komputer anda, set kan BIOS atau Boot Menu kepada 'boot from the USB device'

p/s sekiranya anda tidak dapat boot ke Backtrack, anda perlu ulangi step a. di atas tadi
p/s welcome to World of Hacking!
Posted by at No comments:
Subscribe to: Posts (Atom)