Lifehacker wrote a guide for cracking a WiFi network’s WEP password using BackTrack. BackTrack is a Linux live CD used for security testing and comes with the tools needed to break WEP. Not just any wireless card will work for this; you need one that supports packet injection. The crack works by collecting legitimate packets then replaying them several times in order to generate data. They point out that this method can be hit-or-miss, especially if there are few other users on the network, as the crack requires authenticated packets. We covered cracking WEP before, but using BackTrack should smooth out compatibility issues.
The Remote Exploit Development Team has just announced BackTrack 4 Beta. BackTrack is a Linux based LiveCD intended for security testing and we’ve been watching the project since the very early days. They say this new beta is both stable and usable. They’ve moved towards behaving like an actual distribution: it’s based on Debian core, they use Ubuntu software, and they’re running their own BackTrack repositories for future updates. There are a lot of new features, but the one we’re most interested in is the built in Pico card support. You can use the FPGAs to generate rainbow tables and do lookups for things like WPA, GSM, and Bluetooth cracking. BackTrack ISO and VMWare images are available here.
InformationWeek has great article on open source data recovery tools. What type of tools you use will depend on the severity of the situation. You can use live Linux distros designed for recovery like SystemRescueCD or Partedmagic (the latter being more user friendly). Security tools distrubutions like BackTrack can also be helpful; Helix in particular was designed for forensics work. dd is a standard *nix tool for imaging drives, but something like TestDisk can help you repair partition tables for whole disk recovery. Most deletion operations don’t overwrite the data which means you can use file carving to capture the lost files. PhotoRec is able to find files in a number of common formats. Finally, if you’ve got some serious forensic work ahead of you there’s The Sleuth Kit and many other command line tools.
As an addendum, OStatic put together a list of 5 freeware tools for protecting your system.
OpenSuse and Ubuntu are perfectly serviceable Linux distros, but we’ve had a soft spot for BackTrack from the very start. Good news for us, since yesterday was the long awaited release of BackTrack 3 Final. It uses the same 126.96.36.199 kernel as before (to maintain WiFi injection compatibility) and Nessus is still out, but it is not without a great deal of other improvements. Its forensic capabilities are better than ever, largely due to included apps like a fully functional version of SAINT and a special version of Maltego made just for BackTrack. The download is free, but Remote-Exploit is asking users not to distribute it without notifying them first, because they’re trying to keep track of the number of downloads.
[via Midnight Research Labs]
At ToorCon, our friends at Midnight Research Labs released a new automated WiFi auditing tool called WiCrawl. WiCrawl automatically scans for accesspoints. Once an AP is discovered a number of plugins can be run against it ranging from getting an IP to breaking encryption. Aaron Peterson’s talk and demo is 50mins. You can download the 640×480 170MB .mov version here. The tool is going to be included in the next BackTrack CD.