Arvag’s blog

découvrez CSI Mobylette…

Vite, appelez David Caruso à la rescousse.

Read the rest of this entry »

Une petite histoire de « sysadmin » bien amusante, qui pourrait se passer  dans n’importe quelle société…

Source : remote-exploit.org

Now for the story! Physical security is of utmost importance and everybody can do it. Names and locations of story are different to prevent public embarrasment and so on.

At work I was asked by my supervisor to test network security in a « new » without exploiting devices or misconfigurations. I decided on taking a physical approach to it for a change.

It was lunch time and the vending machines were on the way so I nabbed a quick snack. So off I head toward the IT offices and server room with a chocolate bar in hand and come up to the first obstacle, a door with a card swipe lock, it usually never works and I turn the handle and the door opens! I’m now walking past the IT offices but all the doors are locked it seems everybody went out to lunch. It is good they are all out since no one is around but the doors are locked.

I head toward the IT help desk since it is not office but more of a receptionist desk near the back of the building. I arrive and the help desk geek is out to lunch also so I decide to look around. When employees have problems with there laptops the help desk geek submits a request for repair and stores the laptop in a cabinet until the PC techs can come by to pick them up. Well I try the cabinet and lo and behold it’s unlocked! About six laptops populate the cabinet all high end models. I spot a Sony VAIO with Cisco decals on it and remember that this is the Network Administrators laptop. Apparently having Cisco decals on your laptop makes you an expert on all things networking. Anyways, I grab the laptop and go out to lunch with my supervisor with the laptop in hand. We go to lunch to a cafe next to our workplace to be within range of the corporate wireless network. We’re both laughing at how we have the network adminsitrators laptop and he ask me to see what I can harvest out of it. I turn on the laptop and boot it up with my ERD Commander CD and quickly reset the administrator password. Once reset I log into Windows XP and start to snoop around. On the desktop there is an icon named « AirMagnet Console » I inform my supervisor on this and he says to attempt to break into it since here at work its a high profile piece of software that is supposed to be well secured. I connect to the corporate network and start up AirMagnet and receive a connect dialog and list of usernames to choose from and I select the network administrators account but as the login procedure starts I receive an error saying the software version is out of date and then closes the application opens a browser and requests a username and password to log into the web management console. In the connect dialog the username is visible in plaintext but the password is in ****** mode and I cant cut and paste the password into the web login. I remember a feature available in the Cain & Abel program that presents the ****** password in cleartext. I download Cain & Abel and run the decrypt utility and I now have the password. I attempt to reconnect to have the program open the browser then promptly enter the username and password and I’m in. With the password and username I have complete control of the AirMagnet infrastructure. My supervisor just laughs, we finish up our lunch and head back to work. That same day he has a meeting with the heads of IT including the network administrator. I can only imagine how many heads will roll for this considering there is a « zero tolerance » policy regarding security.

That’s all for today! Time to start collecting info for the next post.

~William

OpenWRT vs Metasploit

MSFCli.exe sous windows pour « tomber » un shell admin.

Le framework Metasploit : http://www.metasplo...ework/downloads.html

Le site : http://www.metasploit.com/

FairuzaWRT : transforme un WRT54GS en machine à « exploits » le readme associé

dédicace à Myth & Loulo

La tempête qui est passée près de nos côtes, faisant de gros dégâts chez nos voisins d’outre manche, n’a pas fait que des malheureux….

Pour preuve, le fameux porte-containers qui s’est échoué près des côtes britanniques, a permis à de nombreuses personnes de faire une pêche miraculeuse.
A lire, l’article du Monde daté du 23/01/2007.

 A la nuit tombée, dès dimanche 21 janvier, les apprentis pirates prêts à s’aventurer sur la plage la torche à la main n’ont pas été déçus. Un conteneur éventré offrait un spectacle des plus émouvants : seize énormes motos BMW 1300, flambant neuves ! L’employé de l’auberge voisine a choisi la bleue et n’en revient toujours pas. « Une moto à 16 000 livres (25 000 euros) ! Et vous ne me croirez pas : il y avait les papiers dessus, de l’essence dans le réservoir, la clef de contact prête. Je suis parti avec ! »

update du 25/01/2007

vu a Carrouf hier….

Trendnet : TEW-443PI qui est reconnue nativement sous Ubuntu GNU/Linux (chipset Atheros, driver MadWifi) dans les 30 ou 40 €

WMP54G-FR : ce serait du RaLink RT61….
Topic Chipset SiS (mon autre dongle USB) pour Linux .

Hercules HWGPCI54 à base de RaLink RT2500 (youpi ?)
un blog sympa sur linux & le wifi :

http://dszalkowski.free.fr/dotclear/index.php?tag/wifi

Les drivers REaltek 8187 sont là :

http://www.realtek...&Downloads=true

Sources de l’info ici :

http://www.aircrac...3535e1d4fcaac3b69160

http://www.aircrack-ng.org/doku.php?id=compatibility

pour patcher : le fichier est ici :

http://patches.aircrack-ng.org/

http://sid.rstack.o...php/Wifitap_PATCHING
http://ndiswrapper.sourceforge.net/mediawiki/index.php/List

• Chipset: Realtek Semiconductor Corp. RTL8187L
• usbid: 0846:6a00 Distro-specific: Debian « sid »
• Driver: realtek-driver for Windows 98SE/ME from http://www.realtek.com.tw/ look for RTL8187L or take Win-ME-driver from 1.4.0 driver from Netgear
• Other: Distro: Kanotix, kernel Linux version 2.6.17.6, ndiswrapper utils version: 1.8 ndiswrapper driver version: 1.21. Some XP/2K drivers could see ESSID but didn’t transfer bytes, others did not even scan ESSID of AP. With ME-driver it seems to work quite well

Card: NETGEAR WG111v2 802.11g Wireless USB2.0 Adapter

• Chipset: Realtek Semiconductor Corp. RTL8187L
• usbid: 0846:6a00
• Driver: Realtek Windows XP drivers Version: Realtek Semiconductor Corp.,05/04/2005,5.112.05.0504 from [206] (2.00 2005/05/31)
• Other: Extract ZIP file and install driver in WINXP directory. Kernel 2.6.12.6 with WE 18 and ndiswrapper 1.2/1.4 => 128 bit WEP works perfectly, but WPA-PSK TKIP seems not to work with current wpa_supplicant version

Tableau des Chipsets NetGear par produit

http://macwifi.co...fi-80211x-de-netgear

si il y a bien un sujet technique sur lequel je galère depuis des lustres et pour lequel j’ai un peu la flemme de m’y mettre, c’est bien l’encodage et l’édition de vidéo.

Read the rest of this entry »

déja dispo…. ?

Read the rest of this entry »

Le gang des légophiles a encore frappé !

A l’occasion de mon anniversaire, j’ai eu la surprise de recevoir de la part de Lolo & Blandine une magnifique excavatrice Lego Technique. Veulent-ils me donner le virus ?

Read the rest of this entry »