Saturday, March 27, 2010

Backtrack 4 WPA

I've been messing around with Backtrack 4 for a few weeks now. The biggest thing that initially caused the most frustration is the ease of wireless in Backtrack...or, more accurately, the lack thereof. It took me a good hour or two to figure out exactly how to connect my machine to my wireless network. I didn't find any thorough tutorials on the subject, so here it is.

My environment consists of a Cisco 1242AG, using WPA-PSK. The SSID for my network is...well, the SSID of the sample I'm using here is SAMPLESSID. ;)

The password is going to be SAMPLEPASS.

So, first off, you need to enable the interface. Run iwconfig to figure out which of your interfaces is the wireless one. This was necessary in my case because the wireless NIC showed up as an eth interface, not a wlan interface.

root@bt:~# iwconfig
lo no wireless extensions.

eth0 no wireless extensions.

eth1 unassociated ESSID:off/any
Mode:Managed Channel=0 Access Point: Not-Associated
Bit Rate:0 kb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

So, knowing now that eth1 is my wireless interface, I bring it up using the following:

root@bt:~# ifconfig eth1 up

Now that the interface is up and running, you need to run wpa_supplicant to make everything work.  Before that, however, you need to create a config file to use. 

Do the following:

root@bt:~# vim wpa_supplicant.conf

network={
ssid="SAMPLESSID"
key_mgmt=WPA-PSK
psk="SAMPLEPASS"
}
 
When this is done, you need to run wpa_supplicant using the following command:
 
root@bt:~# wpa_supplicant -B -i eth1 -c wpa_supplicant.conf
 
The -B switch makes wpa_supplicant run in the background, so if you close your terminal you won't lose the functionality.  -i specifies the interface you found above.  In my case, I have to use eth1.  Finally, -c specifies the configuration file.  If you saved that config file to your home directory and run wpa_supplicant from that same location, it'll just work. 
 
Almost done!

After running wpa_supplicant, your computer should be authenticated to the network.  Your final step is to run the following:
 
root@bt:~# dhclient
 
dhclient is the utility used to configure your interfaces using DHCP.  You could also manually set your IP, Subnet, GW and DNS; if that's what you do, you will not need to run dhclient.
 
The output should look something like this:
 
root@bt:~# dhclient
Internet Systems Consortium DHCP Client V3.1.1

Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

Listening on LPF/eth1/00:54:fd:1d:93:a4
Sending on LPF/eth1/00:32:ae:1d:73:84
Listening on LPF/eth0/00:c4:a9:d9:ba:d1
Sending on LPF/eth0/00:c4:a9:d7:ba:d1
Sending on Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
DHCPOFFER of 192.168.1.40 from 192.168.0.1
DHCPREQUEST of 192.168.1.40 on eth1 to 255.255.255.255 port 67
DHCPACK of 192.168.1.40 from 192.168.0.1
bound to 192.168.1.40 -- renewal in 40829 seconds.
root@bt:~#
 
You're all done.  Verify network connectivity by:
 
root@bt:~# ping 4.2.2.1

PING 4.2.2.1 (4.2.2.1) 56(84) bytes of data.
64 bytes from 4.2.2.1: icmp_seq=1 ttl=59 time=21.2 ms
64 bytes from 4.2.2.1: icmp_seq=2 ttl=59 time=12.1 ms
64 bytes from 4.2.2.1: icmp_seq=3 ttl=59 time=11.5 ms
64 bytes from 4.2.2.1: icmp_seq=4 ttl=59 time=11.7 ms
64 bytes from 4.2.2.1: icmp_seq=5 ttl=59 time=12.3 ms
^C
--- 4.2.2.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 11.561/13.828/21.253/3.723 ms
root@bt:~#

Sunday, March 21, 2010

Python Exercise 2a


"Do x iterations of the Fibonacci sequence, and display the output."

This exercise was much easier than the first. I was able to complete it without really any research, and used just the Python I learned looking over the various tutorials.


Click to see Solution:

Thursday, March 18, 2010

Home Firewalls

With the spread of broadband into the home, the 'always-on' connection is far more prevalent now than ever. This type of connection, while very convenient, increases the exposure of the system to worms, viruses and attacks.


By this time, home routers are widespread. Many of these routers do not, by default, provide DMZ-like connectivity to the connected computers, and therefore go a long way to stopping many automated attacks. Unless the router itself is vulnerable to exploitation, the attack surface of the home PC is greatly reduced. This is due to NAT (Network Address Translation). The router will not be able to forward malicious packets because the router does not know which IP to forward them to (unless the PC forms a connection with the malicious host FIRST).


A good hardware firewall increases security in that it allows the user more port-level control and monitoring capability than a standalone router. Most routers do not alert you if your computer is sending out malicious packets (which is a sign that you're either screwing around with Metasploit or that your computer has been compromised). A good firewall, however, is not only able to block these outgoing attacks (as well as incoming ones), but it can also alert you to this situation. Firewalls generally function as a very basic IDS/IPS (Intrusion Detection System / Intrusion Prevention System). In this design, the firewall would be a network-based IDS/IPS.


A final firewall to enact on your computer is a Host-based firewall; that is, a firewall running on your computer itself. This is necessary for two reasons. The first is that it provides the user with even more monitoring and configuration options. The second is in case of a network breach. With the large numbers of wireless access points in use, it is very possible for an intruder to gain access to ones network. In this case, the network IDS/IPS will not protect you. The Host IDS/IPS will. Another thought, especially in the case of laptops, is the protection offered regardless of which network you are on. It is irrelevant if you're using a public WiFi spot at the library, or your EAP-secured corporate wireless network; you are protected with that firewall.

Tuesday, March 16, 2010

Python Exercise 1


"Display series of numbers (1,2,3,4, 5....etc) in an infinite loop. The program should quit if someone hits a specific key (Say ESCAPE key)."

This exercise, for me, was a royal pain in the neck, and I ended up scouring the web for a solution. I finally found something I could modify to make work. From my understanding, it basically runs the loop in my answer until it detects something in the terminal buffer, at which point it breaks. I have it set so that anything will stop it from running, but you should be able to modify it to only respond to a certain keystroke.


Click to see Solution:

Wednesday, March 10, 2010

Learning Python

I've been working on learning Python for the last two weeks or so. The main book I'm using is O'Reily's excellent "Python for Unix and System System Administration."[link] One of the things I'm using to learn the language, I'm working through "15 Exercises for Learning a New Programming Language."[link] I'll be posting the exercise and my solution over a few days.

I chose to start with Python because of its code simplicity, power and wide-spread support. It is easily installable on any distro I use, easily interacts with the root OS, and can hook into PHP very easily. My primary use, initially, will be for log analysis on my systems and alerting.

Tuesday, March 9, 2010

Post 1

This blog is intended to share tips and techniques on various security topics of interest to my clients and people in general.