Tuesday, May 27, 2008

WEP pwn'age... what's next?

After all these years of known vulnerabilities with the technology, I'm still flippin' amazed the percentage of deployed, neighborhood 802.11b/g wireless access points that STILL have WEP encryption enabled. Not saying that WPA-TSIP-PSK is much better (well, if you've got a super, stellar dictionary/phrase list) but... what this oversight gives me is two things:

1) Entertainment for a very short period of time in 20 minute increments...
2) A very big 'network' to explore, play with and hide behind...

I can't give myself all the credit; `aircrack-ng` is a pretty slick tool.

However, just tonight, I've pwn'ed the last WEP-enabled access point on my block... well, all the ones I can reach without using my 20dbi gain omni antenna poking out my basement window ;-) ...now all that is left is burning my braincells watching television and reading slashdot.

Saturday, May 17, 2008

Cisco VPN client and Fedora Core 8

I recently did a kernel upgrade on my laptop and noticed my Cisco VPN software wasn't working due to needing to recompile the Cisco `vpnclient` code to build the needed modules again.

...and I discovered two things: what I forgot and what I didnt forget.

1) Forgot: how fucking ridiculously broken kernel code is in Fedora's distribution stream. OMFG. Can a person compile anything outside hello_world.c against anything released? (harsh and far from true, but I'm pissed)

2) Didn't Forget: how painful it was to get `vpnclient` going again on my laptop the first time with all the patching and 32/64-bit specific OS crap to take into consideration.

Want the steps? Here you go.

Cisco VPN client packages and patches

I'm running Fedora 8 64-bit on my laptop, and this are the packages that worked for me. Get 'em:



Unpack and patch source

Next, do the following, assuming you've put all this in the same directory or sandbox:



[testbox]$ tar -zxvf vpnclient-x86_64-4.8.01.0640-k9.tar.gz
[testbox]$ mv vpnclient vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ cd vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ patch -p1 < ../vpnclient-linux-2.6.24-final.diff
[testbox]$ patch -p1 < ../cisco_skbuff_offset.patch



...we'll also need to do a quick hack on the 'Makefile' to make `make` happy.



[testbox]$ cp Makefile Makefile.orig
[testbox]$ sed -i -r -e "s/^CFLAGS/EXTRA_CFLAGS/g" Makefile



Compile Cisco VPN source

Ok, now the part you've been waiting for: compile time. Do the following (noting that doing the install requires r00t level access, so I use `sudo` for my needs, do whatever suits yours):



[testbox]$ cd vpnclient-x86_64-4.8.01.0640-k9
[testbox]$ sudo ./vpn_install



...and then follow the on-screen instructions for installation path, etc. etc. etc.

Testing the Cisco VPN client

Assuming that the compilation of the kernel modules went successfully, now it's time to test out the Cisco VPN client. First, make sure you're actually connected on 'some' network that's going to allow you to get to your VPN. Second, make sure you copy your Cisco VPN profile out in /etc/CiscoSystemsVPNClient/Profiles so you can actually connect to your VPN.

After that, do the following:



[testbox]$ sudo /etc/init.d/vpnclient_init start
[testbox]$ sudo vpnclient connect [name_of_profile_you_copied]



...and that's pretty much about it in a quick and dirty way. Hopefully this helps someone. I wasn't going to even attempt to start hacking code to see what was really broken. I had google'd around and noticed that people had it working; the tough part was finding all the correct patches to go with certain code bases (e.g. 64-bit for my 64-bit OS I'm running).