Saturday, October 21, 2017

WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System

WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System is an open source project which is designed for both offensive and defensive purpose in mind.

This project is original created by SY Chua of SYWorks Programming. However, it is no longer maintained by him since 2014. The GitHub version is v1.0 R.6 and it is dated Oct 10, 2014. However, the demo in his tutorials and Youtube videos are displayed v1.0 R.7 dated Oct 11, 2014.

This software is a very good design in screen layout and good operation experience. Since v1.0 R.6 will crash when handshake is captured and it is not working properly on Kali Linux 2017.2, I modified the Python script to make it to work again in two days. Meanwhile, IEEE 802.11ac is also supported in my modification.

It is well tested on Kali Linux 2017.2. Other penetration testing Linux distributions may work too.

My modification is also an open source project and it is released under GPLv3.





Reference

[1] This project is forked from https://github.com/SYWorks/waidps
[2] Official tutorial - Part 1
[3] Official tutorial - Part 2
[4] Official tutorial - Part 3
[5] Official Youtube Playlist
[6] RealTek 8812AU Driver Installation
[7] TP-Link Archer T4UHP (Realtek 8812AU chipset)

That's all! See you.


Friday, October 20, 2017

HOWTO : Install RealTek 8812AU Driver with Packet Injection And Monitor Mode Support

TP-Link Archer T4UHP v1 is also supported by this driver with monitor mode and packet injection. It is a IEEE 802.11ac USB dongle.

Although Kali Linux has its own 8812au driver, I find AirCrack-ng's driver is the best.

Step 1 :

On Ubuntu Desktop 16.04.3 :

sudo apt update
sudo apt install build-essential dkms git


On Kali Linux 2017.2 :

apt update
apt install dkms


Step 2 :

git clone https://github.com/aircrack-ng/rtl8812au
cd rtl8812au


Step 3 :

On Ubuntu Desktop 16.04.3 :

Make sure to change at dkms.conf before running the following commands.

nano dkms.conf

Change all "/updates" to "/kernel/drivers/net/wireless" when using Ubuntu.


sudo bash ./dkms-install.sh

On Kali Linux 2017.2 :

bash ./dkms-install.sh

Step 4 :

To remove the dkms driver :

cd rtl8812au

Ubuntu Desktop 16.04.3 :

sudo bash ./dkms-remove.sh

Kali Linux 2017.2 :

bash ./dkms-remove.sh

Step 5 :

To control it, I suggest to use iw wireless tool.

Beware that the driver does not work properly on the following commands :

(1) airmon-ng start wlan0
(2) iw dev wlan0 interface add wlmon0 type monitor

Make sure run "airmon-ng check kill" beforehand.

Reference

AirCrack-ng RTL8812AU driver
HOWTO : Install Forked AirCrack-NG on Kali Linux 2017.3

That's all! See you.


Wednesday, October 11, 2017

HOWTO : Install GCC 7.x on Ubuntu 16.04.3 LTS

Some features require GCC 7.x to compile with, such as AVX-512.

sudo add-apt-repository ppa:ubuntu-toolchain-r/test
sudo apt update
sudo apt install gcc-7

Set gcc-7 as default in order for the compilation.

sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 60 --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-7 --slave /usr/bin/gcc-nm gcc-nm /usr/bin/gcc-nm-7 --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-7

sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-5 60 --slave /usr/bin/gcc-ar gcc-ar /usr/bin/gcc-ar-5 --slave /usr/bin/gcc-nm gcc-nm /usr/bin/gcc-nm-5 --slave /usr/bin/gcc-ranlib gcc-ranlib /usr/bin/gcc-ranlib-5

Now, gcc-7 is the default compiler. To change back to gcc-5, you need to run :

sudo update-alternatives --config gcc

Then select gcc-5.

That's all! See you.


Thursday, October 05, 2017

Vulnerability scanner can be trusted?

Many companies use vulnerability scanners to scan their systems, websites, products often to make sure they are secured. However, the former CEO of being hacked Equifax blamed that the system had been scanned after a week when the Apache Struts vulnerability had been announced. The scanner cannot detect the presence of un-patched Apache Struts implementations.

Please see the 8th paragraph of this articie for the captioned mention statement.

May be the vulnerability scanner signatures are not up-to-date that caused this fault. So, your vulnerability scanner should be up-to-date too!

That's all! See you.