Shmoocon 2006: The Church of Wi-Fi presents: An evil bastard, a rainbow and a great dane!

shmoocon

The Church of WiFi gave a presentation on some of their recent projects. The first was coWPAtty, a program for brute forcing WPA-PSK. To speed up the process they created a table for pre-hashed WPA-PSK. WPA-PSK is seeded using the SSID of the router, so they grabbed the top 1000 SSIDs from Wigle.net and calculated the hashes when using a 170,000 word dictionary. Now they are able to check 18,000 keys/sec instead of just 12 keys/sec.

The next project was Evil Bastard, a custom WRT firmware. It is similar to Rogue Squadron which is a firmware designed to spoof an access point and collect user information by phishing. Evil Bastard has even more tools like Aircrack and Driftnet. It even features a “Point ‘n 0wn” interface that lets you just click on the target you want to automatically spoof.

The CoWF is also responsible for Kiswin, Kismet for Windows, which saves you from having to install Cygwin.

Comments

  1. XGM says:

    w00t first post

  2. F***in’ first posters. XGM do you even own a WRT54g? or did you even look at the articles. What is with you people.

    Here is one. Im going to be the **first** to say something intelligent:

    I am seriously worried for my WRT. Everytime i read one of these posts I think. HECK YEA! lets trash that bad boy. Bricking it be Damned. OpenWRT w00t! Ill do that tomorrow.

    But then my mind gets the better of me. but im telling you one of these days im gonna snap and it will be a long drive to staples to buy a new one.

  3. tuckie says:

    Any links to the firmware? A quick search of the their site turned up nothing.

  4. aerospike says:

    what good is winsmet (or whatever) I mean, what self-respecting individual WOULDN’T have cygwin on their machine. holy crikes, I couldn’t imagine such a pathetic slob.
    Cmon people, if you are serious about running wifi scans (at least enough to have a wrtdrone), you are intelligent enough to know that you need a decent shell!

  5. RenderMan says:

    As the shnook on stage presenting these tools, I figured I’d chime in.

    The Evil Bastard firmware will be released to the public as soon as we can. A combination of shipping and severe health problems has made us delay it.

    Second, Kiswin is not trying to be a replacement for a full install of Cygwin, it’s just filling the niche of when you only need Kismet and not the extra 100meg+ of cygwin cruft. It’s an attempt to make it easy on people to install and use Kismet to keep an eye on thier networks.

    As for the WPA-PSK lookup tables, they should be online any day now on the Shmoo rainbow table site @ rainbowtables.shmoo.com

  6. bigdan says:

    what’s up with the website? http://www.churchofwifi.org seems to be down

  7. RenderMan says:

    The Church of Wifi is back up. DNS issues at the CoLo

  8. jk says:

    Although an improvement over unreachable, I’d hardly call 403 “up”

  9. badass says:

    I let this to see to them if they can hack it, not be too easy? Good it serves so that new ones practice some and so that they become familiar with webserver without paying nothing. Luck

    url

    http://www.jymsa.com.ar:8787/

    User: jymsa

    Password: 2s*-0Xm#bP?

    tellme more at

  10. badass says:

    I let this to see to them if they can hack it, not be too easy? Good it serves so that new ones practice some and so that they become familiar with webserver without paying nothing. Luck

    url

    http://www.jymsa.com.ar:8787/

    User: jymsa

    Password: 2s*-0Xm#bP?

    tellme more at

  11. yibble says:

    Yup, Church of WiFi’s site is still 403. I guess it’s an extended re-design.

  12. RenderMan says:

    Hmmm, interesting. It resolves for almost everyone else. Considering it was DNS issues, there’s the chance your DNS servers have’nt updated yibble.

    I’ll sic our admin on that. Thanks for the heads up.

  13. I haven’t had any problems since the original anouncement that it was back up.

  14. yibble says:

    Not sure if it’s a DNS issue, I dig’d the NS listed in the SOA and got the same IP for churchofwifi.org that I get from my nearest DNS resolver, 208.248.8.82.

  15. jk says:

    HTTP Error 403.6 – Forbidden: IP address of the client has been rejected.

    I can access it (partly) via coral cache( http://www.churchofwifi.org.nyud.net:8090/ )
    so it would seem they are just IP blocking large percentage of the internet…

    I’m guessing fscked up configuration.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,598 other followers