





Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity
Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium
Prepara tus exámenes
Prepara tus exámenes y mejora tus resultados gracias a la gran cantidad de recursos disponibles en Docsity
Prepara tus exámenes con los documentos que comparten otros estudiantes como tú en Docsity
Encuentra los documentos específicos para los exámenes de tu universidad
Estudia con lecciones y exámenes resueltos basados en los programas académicos de las mejores universidades
Responde a preguntas de exámenes reales y pon a prueba tu preparación
Consigue puntos base para descargar
Gana puntos ayudando a otros estudiantes o consíguelos activando un Plan Premium
Comunidad
Pide ayuda a la comunidad y resuelve tus dudas de estudio
Ebooks gratuitos
Descarga nuestras guías gratuitas sobre técnicas de estudio, métodos para controlar la ansiedad y consejos para la tesis preparadas por los tutores de Docsity
Awk_pwnphonemanual_WPAwk_pwnphonemanual_WP
Tipo: Apuntes
1 / 9
Esta página no es visible en la vista previa
¡No te pierdas las partes importantes!






© 2011 Rapid Focus Security, LLC, DBA Pwnie Express
pdfs/RFSEULA.pdf)
the GNU General Public License: (http://www.gnu.org/licenses/gpl.html)
● Comes with a wide variety of pen-testing tools installed with quick access shortcuts ● Supports wireless monitor mode and injection for WEP cracking ● Supports promiscuous mode for sniffing other traffic passively ● Man in the middle capabilities for intercepting network traffic
● Metasploit, Fasttrack, SET, Scapy, Nikto, SSLstrip, iodine ● Kismet, Aircrack-NG, Wifite, Wifizoo, GrimWEPa, Wepbuster ● Nmap, netcat, tcpdump, wireshark, tshark, Ettercap-NG, exploitDB, macchanger ● presencevnc client, x11vnc server, conky, tor, rdesktop, openvpn, netmon, iptables
Turn the phone on by holding the small power button on the top (between volume and camera button). Phone will vibrate and white Nokia screen will appear.
The first thing to get used to is the interface to the N900. The way it works it simple, but knowing a few key things will greatly help in navigating. The main desktop screen will have most of the key pen- testing tools available via convenient shortcut icons. The screen to the left will have some key admin tools. There are 4 desktop screens by default.
By tapping the upper left hand corner you will have access to multitasking between running applications as well as different desktop areas. One of these areas is the main applications folder where all applications with an icon are stored. This is where you will find things like the application manager, file manager, and other general settings for the phone.
Also in the upper left hand corner to the right of the clock shows a battery and connection information. If you tap here you will have access to wireless devices and a basic connection manager. Use this to connect to wifi and Internet.
TIP: Once in an xterm shell, you can increase/decrease the font size with volume buttons.
● Promiscuous On/Off script is on desktop – icon is a man in green hat with sunglasses, to the left of the wireshark icon - once open wait for it to close itself. ● You can then run wireshark, tshark, tcpdump, or ettercap to see packets on the wireless network that normally you wouldn’t see. ● To Manually Enable: ifconfig wlan0 promisc ● To Manually Disable: ifconfig wlan0 -promisc
● Monitor mode allows for passive sniffing and non-passive wireless attacks. As such, you can’t be actively connected to a wireless network at the same time. ● Kismet will automatically put your wireless card in monitor mode. Just remember you’ll need to put the wireless card wlan0 back into managed mode through a rootshell terminal (or using monitor-mode icon on desktop) when you want to connect to a network again. ● When using the icon let it close itself automatically.
Enable: ifconfig wlan0 down iwconfig wlan0 mode monitor ifconfig up
Disable: ifconfig down iwconfig wlan0 mode managed ifconfig up
● For the N900 there are special drivers that support packet injection, but unfortunately when enabled they also drain the power and battery life substantially. ● The default home screen contains quick shortcuts to enable/disable injection as needed:
InjectionON (red syringe) : This script loads the injection driver and puts the card into monitor mode. Once loaded, use GrimWEPa, Wepbuster, or Aircrack-NG for WEP cracking, de-auth attacks, or handshake captures. Let this close automatically.
InjectionOFF (blue syringe): This script unloads the injection driver and loads the default wireless driver (which still supports monitor/promiscuous mode). Let this close automatically.
Note: Injection MUST be enabled for Evil AP, Wifite, Grimwepa, and Wepbuster to work.
● The aircrack-ng suite comes with many different powerful tools to attack and sniff 802. wireless networks. There are many good tutorials on youtube and aircrack-ng.org. ● On the desktop, the airodump-ng wlan0 shortcut is great for doing site surveys, monitoring signal strength, and viewing connected clients. The desktop shortcut will NOT save a packet capture, but simply show networks around you. If you wish to save a capture run (airodump- ng -w filename wlan0) from a rootshell. ● Aircrack-NG on this phone is mainly used for WEP cracking and capturing WPA handshakes for cracking on a more powerful system. If you are unfamiliar with cracking WEP, start with these videos:
http://www.youtube.com/watch?v=qe1VuhGciSI http://www.youtube.com/watch?v=oHq-cKoYcr
● On the N900, the procedure is as follows:
Example: airodump-ng --ivs --bssid 11:22:33:44:55:66 -c 6 -w test wlan
WARNING: WepBuster will automatically attempt to attack ANY wep networks within range! Use at your own risk!
To use the Evil AP first enable injection mode (red syringe) and then click the evil red face. This will run two scripts in two xterm windows simultaneously. The first xterm window will be running an AP using airbase-ng with an SSID of Linksys, hostname of WRT54G, and a randomly rolled mac address. The second xterm window will start a udhcpd server to hand out IP addresses and then start sniffing with tshark on at0 (virtual interface that is handing out IP addresses) which will be logging to a file in the pwnphone/wireless/evilap folder with a name of evilcaptured.cap. Use the upper left hand corner to switch between both windows and monitor the status of your evil AP and packets collected. After this is run you can use sslstrip or the airstrippin.sh script in the evilap folder to strip ssl in combination with evil AP mode. You can also run these scripts manually from the evil AP folder where there is a readme file with instructions.
WARNING: Evil AP by default runs with -P option which means ANYONES preferred network will be sniffed and used as a preferred network to connect to. If you do not want this, remove the -P option from the script in /home/user/MyDocs/pwnphone/wireless/evilap/airpwn.sh
Access the Metasploit console shell (msfconsole) from the red M icon on the desktop. The GUI may work but recent updates have broken it. To update Metasploit use svn update from the msf3 folder within the pwnphone directory. Fasttrack is installed but db_autopwn is not working because it will hoose the phone completely. SET is also installed and fully functional.
If you don't know metasploit here is a good guide: http://www.offensive-security.com/metasploit-unleashed/ Metasploit_Unleashed_Information_Security_Training
The steps below for the Pwn Phone side have been automated into the shortcut script on the admin desktop. The steps are still listed to do this manually for the phone. After running the reverse shell script on the phone for the first time, you will still need to do the steps required for setting up your pentesting workstation for the reverse shell to connect to.
Ctrl X (exit file)