It's amazing how quickly technology evolves nowadays... something you wouldn't even think could be possible, simply happens right before your eyes. Ten years ago, I first acquired my first computer and began making websites in HTML for fun, learning about web servers, programming etc.; back then, even to setup a simple local server was complicated for me. Fast forward ten years and we can carry a web server in our pockets and make changes to our website while taking a subway to central park. ;)
If you have been using Linux for a while, then you most likely know the feeling of using a system built upon a concept that is "simply right". The open source model along with world-wide collaboration gives the user a feeling of being a part of something special. The evolution from the earlier Linux distributions up to today is huge... it is no surprise that most supercomputers run Linux. Not a surprise that most smartphones run Linux either. You could probably run Linux on a toaster, but that is beyond the scope of this article.
With Android it is no different. Although being a late competitor in the smartphone race, it clearly took over the game quickly -- which reminds me, happy fifth birthday Android! In my opinion, being Linux-based and open source made a difference in comparison with other brands of smartphones out there that never really took off. The freedom Android provides is also critical to it's success when it comes to giving the user full control of their device... which brings us to this article. (...)
Today we're going to be checking out Reaver on the Nokia N900! A few months ago this new attack was released against WiFi Protected Setup (WPS) which brute forces the PIN that controls the router. This completely compromises the target router and reveals the pass phrase to the attacker. Let's check it out.
To install anything on the Nokia N900 is quite simple because of the support provided by the Advanced Packaging Tool and of course, being backed up with a legit Debian-based Linux distribution.
Before being able to install any applications, however, a few requirements must be met. The first is to have root access to the device. This can be easily done installing rootsh from the application manager. Furthermore, I have already made a video showing how to do this previously -- click here to check it out!
Besides that, as I also mentioned in a previous article ("Hacking WEP on Nokia N900") you will need the awesome bleeding-edge drivers, courtesy of David's IT Blog. The drivers are really easy to install: you simply download version 0.1 from this page then follow the instructions provided in the README instructional file. This is what makes the Nokia N900 capable of monitor mode and packet injection. (...)
This time I am going to show you a segment from a security assessment I did recently. It was mostly for practice and also to help out a friend's company to increase his defense. For obvious reasons, the company's name, IP addresses, etc. have all been left out purposefully. Although this wasn't a commercial-grade pentest by professionals -- remember, I'm still just a college student -- I would like to think of myself as successful for pointing out flaws that could lead to full compromise.
The first thing to do, as always, is recon. Ideally you would want to spoof you mac and issue a stealth scan depending on the target, but once you have been granted access to test a machine it's often easier to just go for the kill and perform a full scan with OS detection and all the good stuff (as root user, obviously).
Then of course, while waiting for Nmap to finish, also a good idea to go ahead and check online for whois information, find out the network's range, internet service provider and on and on... if the company has a website, try to look for the "obscure pieces of information" which could be simple things like birth dates, employee names, etc. (...)