Wireless hack,Wifi hack & security

As promised, the iphone-dev team has released yellowsn0w. You can install/uninstall via Cydia. It works fine with the latest firmware too. This sentence is filler.

3G Unlock creator says

We have been working hard on a few other things. The main one being the 3G unlock codenamed “yellowsn0w”. This is now completed and is currently being packaged into a user-friendly application with the simplicity that you see in QuickPwn or BootNeuter.

We specifically restrict the commercial use of our software, and yellowsn0w is included in these restrictions. This dodgy geezer is selling our software to you at a bargain £19.99 he says:-

“We can now fully unlock the iPhone 3G for use on any GSM network for just £19.99 DIY (£49.99 in-store at either London or Birmingham) - just in time for the release of the iPhone 3G PAYG in the UK (available from Carphone Warehouse and o2).”

Jody’s “software” contains our code and also copyrighted code from elsewhere. All you need is free and outlined here . What he is doing just isn’t cool.

If you are in Birmingham or London then if you could find out any information about Jody Sanders at “iph*neunl*ckuk” we’d be very appreciative.

Also if there are any UK based lawyers or student lawyers that could help us with this, then please contact us at blog@iphone-dev.org of course student lawyers can’t give us specific legal advice, but even your informal opinion helps.

Seems like even though Jody claims he doesn’t offer our software, he is offering his “own software” (that is fact just QuickPwn with some edits, also forbidden) and also claims (in relation to yellowsn0w) -

Microsoft says Internet Explorer 5.01, 6 and 8 (beta) are also potentially susceptible to the zero-day exploit, published recently. Until now it had been assumed that only Internet Explorer 7 contained the vulnerability. However, no attacks on versions 6 and 8 have yet been observed. As a result of revising its security instructions for different versions, Microsoft has highlighted further measures users can take to defend their systems against attacks until a patch is provided.

Microsoft recommends that Data Execution Prevention (DEP) and memory protection be enabled in Internet Explorer 7 (Tools/Internet Options/Advanced/Enable memory protection…) more

Apple recently patched a vulnerability Nitesh “Leisure Suit” Dhanjani and I reported to them last week (CVE-2008-4216). We had reported a similar vulnerability to Apple about two months ago (CVE-2008-3638). In fact, the exploitation technique was so similar we held off releasing details until this 2nd patch was released.
The basic gist of this vulnerability pits a browser and a browser plug-in against each other in order to cross a subtle, but important boundary. The issue starts simply enough with a victim visiting an attackers webpage. Once on the attacker’s webpage, the attacker simply loads a Java Applet. Inside of the applet is a call to getAppletContext().showDocument(URL); Code here

The PDF document holds a single paged scan of an internally distributed mail from German telecommunications company T-Systems (Deutsche Telekom), revealing over two dozen secret IP address ranges in use by the German intelligence service Bundesnachrichtendienst (BND). Independent evidence shows that the claim is almost certainly true and the document itself has been verified by a demand letter from T-systems to Wikileaks. The LIST OF IPS

How to Exploit latest MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution).

1) First Download MS08-067 check tool from http://labs.portcullis.co.uk/application/ms08-067-check/
to see if the target host is vulnerable to this exploit.

2) unzip it tar -xvf ms08-067_check-0.5.tar.gz and cd ms08-067_check-0.5/

3) python ms08-067_check-0.5.py -t 192.168.1.101 (Check if the target Machine is Vulnerable or not)

my target is windows XP SP2

4) then open Framework3-MsfGUI.

3) and click exploit/windows/smb/ms08_067_netapi

4) then Select the Target OS and then use Windows/shell/reverse_tcp (payload)

5) add the Victim IP and leave the Default settings and click next now the paylaod runs

6) double click the Session and now u will get a Command Prompt of the Victim System.

below is the Video Tutorial for the above steps

MS08-067

This Tutorial is Deticated to my Close Friend Bond

Imagination by WirelessPunter

 Yesterday Viruslist detected the onset of the latest mass hack attack – websites being hacked and links placed on them that lead to malicious servers. They were estimating that in the last two days along, between 2000 and 10,000 servers, mainly Western European and American ones, have been hacked. It’s not yet clear who’s doing this.

How do the attacks work?
The attackers add a tag,  to the html of hacked sites.)
** // more

WEP Wi-Fi security has been known as an easy-to-crack security protocol for a while now, which is why it was superseded by the more secure Wi-Fi Protected Access (WPA) standard. But now a PhD candidate studying encryption has found an exploit in the WPA standard that would allow a hacker to “send bogus data to an unsuspecting WiFi client,” completely compromising your Wi-Fi security and opening your network to all sorts of hacking. Lucky for you, it’s not terribly difficult to protect yourself against the new exploit.
The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It’s quick and easy, so do yourself a favor and make the adjustment now so you don’t run into any problems in the future.

Security researchers have cracked the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless network according to a presentation at next week’s PacSec conference in Tokyo.

There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in just 12 to 15 minutes, according to Dragos Ruiu, the conference’s organiser.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today’s Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s.

Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicised data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

“Everybody has been saying, ‘Go to WPA because WEP is broken,’” Ruiu said. “This is a break in WPA.”

Hi Friends today

i will be showing little things on how to use  Ettercap-NG for Blackhats

and below are the Topics i will be covering.

1) Sniffing HTTPS login passwords.
2) See the remote users Browsing websites.
3) Capturing remote users browser Images.

Of course we Dont recommend Breaking the law and its ur responsibility to check ur local
laws and abide by them  Dont blame us when a three Letter Organization Knocks on your door

below is the Video tutorial

Etetrcap for Blackhats
Continued

Imagination By

WirelessPunter

http://thewifihack.com/blog/

A new open-source tool called Crapto1 could allow hackers free travel on the London Underground, by decrypting communication data between RFID chips and readers. The Oyster card system is based around the Mifare chip which uses an encryption algorithm called Crypto1. An attack against this algorithm was recently detailed in an academic paper from the University of Radboud in Holland, and it is this attack which Crapto1 implements.

“I’m not aware of any other public implementations at this time, I decided to write my own. This code implements the cryptography needed, to decrypt captured communications between crypto1 based tags and readers. And even recover the shared secret,” says the says the project homepage on Google Code

http://www.pcpro.co.uk/news/233463/oyster-hacked-by-opensource-tool.html