Here's the beginnings of a tut I wrote for the Knoppix Auditor system. This tut goes into some of the wireless crack tools. Auditor is a CD that boots a Knoppix version of Linux and is fully functional.

I'd appreciate any comments you have on it, including of course, any boneheaded errors. (See the intro to the tut for more info and my intentions).

While I tried to write it for Linux noobs, in reality it's better if you have a bit of wireless and Unix experience. Having said that, I cut some of my Unix baby teeth on another Knoppix distro and this one was the best of the 3 similar bootable CD's I've used.

UNFORTUNATELY, I haven't finished my tut on Ethereal, which is key to using the wireless hacks. Anyone got a good tut on this? I couldn't find a simple one.

And, as usual, skip the THANKS posts (I'm presuming this may be worthy of a thanks or two, but we'll see) UNLESS you explain what you liked. I'm also interested in what you DISliked or thought confusing....

Here's some helpful info I posted earlier which describes Auditor a bit -- I'd suggest you read this first...

http://www.governmentsecurity.org/forum/in...ndpost&p=103875

Latest update:
05/09/05
. Added some more info on unmounting your USB drive.
. Corrected the cp command under Copying Files to Your Thumbdrive topic (nice catch, Packet!)
. Updated the Cracking WEP Keys LIVE with airodump & aircrack topic, explaining how to crack different size keys and how to change the fudge factor used to crack keys.
. Added Changing the fudge factor topic (for aircrack).

3/9/05 Note: When using aircrack, you can crack 64, 128, 256, and 512-bit keys. Just replace the "64" in the command with the key size you want to go after. Ex: # aircrack -n 128 AP36explosive.cap I'll update the tut next time around.

2/27/05 Update: I added much more Kismet info to this tut, plus a little more. Download the new version below! Version 2.1

Hey BN,
Was going to try out Auditor, but the link kept yeilding this...

Fehler 404 - Datei nicht gefunden!

--------------------------------------------------------------------------------


Folgender Fehler ist aufgetreten:

Die angegebene URL wurde auf diesem Server nicht gefunden.
Bitte überprüfen Sie die Schreibweise der URL oder wenden Sie sich an den Webmaster.

Tried googling another link for it with no success. Do you know where another copy of it may be laying about?

BN says:
The mirrors are listed here:
http://new.remote-exploit.org/index.php/Auditor_mirrors

Google this for the latest copy; you'll find it. Just be careful where you get it, of course: auditor-081004-01.iso.zip

nice tut buddy....

BN Says:
I especially hate to whack folks on a topic I created, but I've said it some many times (and even said it above in my post!)

QUOTE

And, as usual, skip the THANKS posts (I'm presuming this may be worthy of a thanks or two, but we'll see) UNLESS you explain what you liked.

Nice mate, the best bit i found was the usb drive cos I did loose data trying to save to my hdd.

As I'm still learning I also had problems with my g card (didn't realise gKismet) and ended up using a b card. Gonna give my wireless g card yet another go and see if i get better results.

I just got a G card, so I haven't tried it yet.

I haven't tried installing this to my HDD yet; anyone who does, pls report back.

Lost my G card. I confiscated it from a user, but it turned out to be innocent, so being the nice guy that I am (there is a soul under all that hair), I gave it back with a polite lecture. Guess the boss will just have to buy me one!

It work like a charm on my DLink DWL-G520 Card....nothing to configure, just input SSID/Channel/WEP PASSCODE and that puppy connected to my AP. I must admitt this was byfar, the EASIEST version of Linux to work with my PCI card and Router (DLink DI-624). The instructions included by beardednose was AWESOME! The only problem I ran into was trying to tell it to monitor a single channel. Card ONLY recognize as atho0..whatever that is.

Connecting to insecure WIFIs was WAY easier than letting windows xp connection manager.

All-in-all...great from CD.

I ventured and installed to HDD. Most of the applications available from LiveCD was NOT installed to HDD. There was no selector/installation notice of applications to choose. That really chaffed my arse.

Downloading the cd now. My Netgear g card works but only on linux 2.6 kernels. I have kismet and aircrack working with it on fedora core 3.

Ok any one got it working out the box for a PCMCIA card, mine has just died and has now taken a part time job as a coffee mug mat

So I need to know which ones you guys/gals have gotten to work, and no I cant just get another one the same as my olden, as the one I had was an old B card that was unbranded

Any help would be good.

Netgear WG511, but be carefull later version don't use the Prism54 driver.

I have a Cisco 350 B that works as well as a long range wireless lan PC card (also a B card) from Simple Mobility (the one that came with the class).

Thanks for the tut input. Keep it coming. I have some Kismet info to add and a note about the cisco 350 card. Coming soon.

When you make comments about the tut, please indicate whether you're a Linux and wireless beginner, intermediate, or expert so I know from which perspective you come.

I couldn't find all high range G cards with external attenane like my Simple Mobililty B. Anyone know of any?

Thanks for the tutorial BN. Apart from installing Linux sometime ago and a little bit of war driving with netstumbler, I would consider myself a newbie in both.

Recently I got a new card and antenna so I thought I would try it out.
I armed myself with a copy of WI-FOO the Secrets of Wireless Hacking which is very good and even has made me think about installing BSD.

I did notice that all I needed was iwconfig rather than the –a switch. Not sure if this is an error. Could not find the - a switch option in the man file.

Over all you made it really easy and walked me through. The tools are pretty intuitive and self-explanatory.

Just cannot wait for my high gain antenna to arrive now.

Seems to be many options for Kismet but have not had the chance to play properly with it yet so look forward to your next tutorial.

Very informative book for both those getting involved with wireless.

Recommend this reading material for those hum drum nights when you need a change of pace. Will make you want to get your wireless kit up and running in no time.

Current run is the MAC OS X laptop being wiped and having Linux Mandrake put on it.

Got a buddy who swears by this. I know everyone has there own flavor of linux that they prefer, just informing everyone of a possible solution they may want to look into.



War Driving Kit

2/27/05 Update: I added much more Kismet info to this tut, plus a little more. Download the new version by going up to the first post.

Let me know what you think.

Quite a nice tutorial you wrote there mate. I like the WEP part. I think it covers the basics quite well. What I am missing though is that many APs as a additional security feature implement MAC Address filtering. So even if you have the WEP Key you cannot access their LAN since your WLAN card doesn't have the right MAC address.

I don't know if any of this is gonna be much help since I am myself just getting into the whole WLAN with Linux thing (used Windows before). First off. The MAC address is part of a TCP Packet's header. So if the admin is stupid and thinks MAC Address filtering is enough and doesn't enable WEP Encryption you can just sniff a bit of traffic and read the MAC Adresses in plain text with ethereal for example. After that you can use a tool, such as travesty to change your WLAN card's MAC Address. Beware of trying to connect though because AFAIK it will not work since two the same MAC Addresses are being used. So come back in the night and maybe you are lucky that you spoofed MAC Address isn't up anymore. Viovla, you should have access.

If WEP Encryption is enabled you have to crack the WEP Key first and then you can read the MAC Addresses from the TCP Packet Header.

Disclaimer: I just wrote the above written stuff from memory and haven't tried it myself. I am not sure if the procedure is right but I have done some research in the past and it seems like the right way to me. So please don't kill me if it's wrong just correct me I am always eager to learn.

With that said. Thanks beardednose for the tutorial. Helped me a bit

I liked the instructions on how to mount and copy files to your thumbdrive. This is something that got me using vanilla knoppix instead of knoppix std, but with these instructions, other versions should be more useful.

I'm glad a few have found the tut helpful. S l o w l y I am adding more, with screenshots. And tweaking in spots.

I had problems using my touchpad with this set :/

Was nice from the look of it though but it's unfortunate i don't want to have to bring in a keyboard and mouse just to utilize this.

I maybe abit late, but only just read this paper

ive read many of wifi hacking, and everyone fills in another gap.... To tell you the truth, the most informative part was learning the "fdisk -t" switch, i actually never knew that. Must MAN more often Good to see one written by our own (not that its a first)... Complements on the 16 pages, I wrote an article on ARP Spoofing, so i know how hard it is, putting it together was easy, editing was the hard part.... But nice BN, keep editing




Have you any idea how hard it is when (Toshiba Laptop) the built in mouse fails, and every war-drive you forget to get a new one ? Laptops are fine for mobility, but not with a usb mouse ! In the passenger seat it can be a b'ch


EDIT: Oh, the john the ripper pipe is an interesting one aswell, will use that, cheers

I made some updates and additions to the tut. Grab a new one in the first post of this thread, which also describes the changes.

Another good liveCD distrib for auditing pros is whoppix (based on knoppix):

http://www.whoppix.net/

It comes with aircrack/kismet and a lot of other stuff (database of securityfocus exploits, audit frameworks and more).

You should give it a try.