After all these years of known vulnerabilities with the technology, I'm still flippin' amazed the percentage of deployed, neighborhood 802.11b/g wireless access points that STILL have WEP encryption enabled. Not saying that WPA-TSIP-PSK is much better (well, if you've got a super, stellar dictionary/phrase list) but... what this oversight gives me is two things:
1) Entertainment for a very short period of time in 20 minute increments...
2) A very big 'network' to explore, play with and hide behind...
I can't give myself all the credit; `aircrack-ng` is a pretty slick tool.
However, just tonight, I've pwn'ed the last WEP-enabled access point on my block... well, all the ones I can reach without using my 20dbi gain omni antenna poking out my basement window ;-) ...now all that is left is burning my braincells watching television and reading slashdot.
A good chopping block to expose my ideas, thoughts and most importantly document innovations, breakthroughs, studies and tips associated with anything technology related, along with any other flights off into the depths of humility, despair and egotism all pointed straight at society and all it's infamous devices of good, evil and otherwise.
Tuesday, May 27, 2008
Saturday, May 17, 2008
Cisco VPN client and Fedora Core 8
I recently did a kernel upgrade on my laptop and noticed my Cisco VPN software wasn't working due to needing to recompile the Cisco `vpnclient` code to build the needed modules again.
...and I discovered two things: what I forgot and what I didnt forget.
1) Forgot: how fucking ridiculously broken kernel code is in Fedora's distribution stream. OMFG. Can a person compile anything outside hello_world.c against anything released? (harsh and far from true, but I'm pissed)
2) Didn't Forget: how painful it was to get `vpnclient` going again on my laptop the first time with all the patching and 32/64-bit specific OS crap to take into consideration.
Want the steps? Here you go.
Cisco VPN client packages and patches
I'm running Fedora 8 64-bit on my laptop, and this are the packages that worked for me. Get 'em:
Unpack and patch source
Next, do the following, assuming you've put all this in the same directory or sandbox:
...we'll also need to do a quick hack on the 'Makefile' to make `make` happy.
Compile Cisco VPN source
Ok, now the part you've been waiting for: compile time. Do the following (noting that doing the install requires r00t level access, so I use `sudo` for my needs, do whatever suits yours):
...and then follow the on-screen instructions for installation path, etc. etc. etc.
Testing the Cisco VPN client
Assuming that the compilation of the kernel modules went successfully, now it's time to test out the Cisco VPN client. First, make sure you're actually connected on 'some' network that's going to allow you to get to your VPN. Second, make sure you copy your Cisco VPN profile out in /etc/CiscoSystemsVPNClient/Profiles so you can actually connect to your VPN.
After that, do the following:
...and that's pretty much about it in a quick and dirty way. Hopefully this helps someone. I wasn't going to even attempt to start hacking code to see what was really broken. I had google'd around and noticed that people had it working; the tough part was finding all the correct patches to go with certain code bases (e.g. 64-bit for my 64-bit OS I'm running).
...and I discovered two things: what I forgot and what I didnt forget.
1) Forgot: how fucking ridiculously broken kernel code is in Fedora's distribution stream. OMFG. Can a person compile anything outside hello_world.c against anything released? (harsh and far from true, but I'm pissed)
2) Didn't Forget: how painful it was to get `vpnclient` going again on my laptop the first time with all the patching and 32/64-bit specific OS crap to take into consideration.
Want the steps? Here you go.
Cisco VPN client packages and patches
I'm running Fedora 8 64-bit on my laptop, and this are the packages that worked for me. Get 'em:
- vpnclient-linux-x86_64-4.8.01.0640-k9.tar.gz
- vpnclient-linux-2.6.24-final.diff
- cisco_skbuff_offset.patch
Unpack and patch source
Next, do the following, assuming you've put all this in the same directory or sandbox:
[testbox]$ tar -zxvf vpnclient-x86_64-4.8.01.0640-k9.tar.gz
[testbox]$ mv vpnclient vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ cd vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ patch -p1 < ../vpnclient-linux-2.6.24-final.diff
[testbox]$ patch -p1 < ../cisco_skbuff_offset.patch
...we'll also need to do a quick hack on the 'Makefile' to make `make` happy.
[testbox]$ cp Makefile Makefile.orig
[testbox]$ sed -i -r -e "s/^CFLAGS/EXTRA_CFLAGS/g" Makefile
Compile Cisco VPN source
Ok, now the part you've been waiting for: compile time. Do the following (noting that doing the install requires r00t level access, so I use `sudo` for my needs, do whatever suits yours):
[testbox]$ cd vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ sudo ./vpn_install
...and then follow the on-screen instructions for installation path, etc. etc. etc.
Testing the Cisco VPN client
Assuming that the compilation of the kernel modules went successfully, now it's time to test out the Cisco VPN client. First, make sure you're actually connected on 'some' network that's going to allow you to get to your VPN. Second, make sure you copy your Cisco VPN profile out in /etc/CiscoSystemsVPNClient/Profiles so you can actually connect to your VPN.
After that, do the following:
[testbox]$ sudo /etc/init.d/vpnclient_init start
[testbox]$ sudo vpnclient connect [name_of_profile_you_copied]
...and that's pretty much about it in a quick and dirty way. Hopefully this helps someone. I wasn't going to even attempt to start hacking code to see what was really broken. I had google'd around and noticed that people had it working; the tough part was finding all the correct patches to go with certain code bases (e.g. 64-bit for my 64-bit OS I'm running).
Subscribe to:
Posts (Atom)