3

Proxmark3 Installation on Kali

-

I recently purchased a Proxmark3 from GeZhi Electronics. The proxmark3 client wouldn’t work. In fact the `dmesg` output did not even show the /dev/ttyACM0 device as was said all across the forum. i tried flashing the firmware but kept getting this error:

~/proxmark3/client# ./flasher -b ../bootrom/obj/bootrom.elf 
Loading ELF file '../bootrom/obj/bootrom.elf'...
Loading usable ELF segments:
0: V 0x00100000 P 0x00100000 (0x00000200->0x00000200) [R X] @0x94
1: V 0x00200000 P 0x00100200 (0x00000b38->0x00000b38) [RWX] @0x298
Attempted to write bootloader but bootloader writes are not enabled
Error while loading ../bootrom/obj/bootrom.elf

Also this is what showed up in the dmesg:

[ 7953.991935] usb 2-1.4: new full-speed USB device number 40 using ehci_hcd
[ 7959.078302] usb 2-1.4: New USB device found, idVendor=9ac4, idProduct=4b8f
[ 7959.078314] usb 2-1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 7959.078321] usb 2-1.4: Product: ProxMark-3 RFID Instrument
[ 7959.078326] usb 2-1.4: Manufacturer: J. Westhues
[ 7959.078331] usb 2-1.4: SerialNumber: ChangeMe
[ 7959.080485] hid-generic 0003:9AC4:4B8F.0014: hiddev0,hidraw0: USB HID v1.00 Device [J. Westhues ProxMark-3 RFID Instrument] on usb-0000:00:1d.0-1.4/input0

Note that in the above the device doesn’t show up as a /dev/ttyACM0 device which is what we need for the proxmark3 client application to work.
So it seemed like there was an issue with the Proxmark3 not being recognized as a CDC device. So I went through the googlecode repository and went to a version of firmware where CDC was not being used. It also seemed that the flasher was the issue. So I used an old flasher to flash with the latest firmware and boom it worked! Remember to keep the button on the Proxmark3 pressed when you plug it in, and keep holding it down until the firmware update has finished.
Here are the commands:

# svn checkout http://proxmark3.googlecode.com/svn/trunk/ proxmark3
# export DEVKITPRO=$HOME/proxmark3/
# export DEVKITARM=$DEVKITPRO/devkitARM
# export PATH=${PATH}:${DEVKITARM}/bin
# cd proxmark3
# make all
# cd ..
# svn checkout -r 629 http://proxmark3.googlecode.com/svn/trunk/ ~/proxmark3-old-3
# cd proxmark3-old-3/
# make all
# cd client
# ./flasher -b ../../proxmark3/bootrom/obj/bootrom.elf ../../proxmark3/armsrc/obj/osimage.elf ../../proxmark3/armsrc/obj/fpgaimage.elf

And boom! There you … all flashed and now the device is recognized as a /dev/ttyACM0 device.

0

Nessus Migrating Users to a new install

-

I had to wipe my existing OS and had to reinstall Nessus on the new BT5R3 image. However, I still wanted all my previous scan data and users to be unaffected in the new OS. So how did I do that? Here’s how:

Take a backup and restore the following folders on the new install:

  1. Users Folder (/opt/nessus/var/nessus/users)
  2. Master.key (/opt/nessus/var/nessus/master.key)
  3. Policies.db (/opt/nessus/var/nessus/policies.db)

If you do get an error after this follow these steps to get rid of errors and just reactivate the nessus feed as follows:

  1. service nessusd stop
  2. /opt/nessus/sbin/nessus-fix –reset
  3. /opt/nessus/bin/nessus-fetch –register [activation code]
  4. /opt/nessus/sbin/nessusd -R
  5. service nessusd start
0

Compiling wepattack on backtrack4

-

I encountered various errors when compiling wepattack. This download does not come with a makefile that is compatible with the ubuntu distro that backtrack uses. First of all make sure that the wlan directory that you get when untarring the .tar.gz archive has execute permissions set to it.

$ cd WepAttack-0.1.3/src
$ chmod +x wlan

Once this is done “permission denied” errors should go.

/Desktop/WepAttack-0.1.3/src$ make
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o wepattack.o wepattack.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
wepattack.c: In function ‘loop_packets’:
wepattack.c:141: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:146: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:151: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c:156: warning: incompatible implicit declaration of built-in function ‘strlen’
wepattack.c: In function ‘clean_up’:
wepattack.c:184: warning: format ‘%d’ expects type ‘int’, but argument 3 has type ‘long int’
wepattack.c: In function ‘main’:
wepattack.c:309: warning: format ‘%d’ expects type ‘int’, but argument 2 has type ‘long int’
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o rc4.o rc4.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o wepfilter.o wepfilter.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o log.o log.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
gcc -fno-for-scope -c -D__LINUX_WLAN__ -D__I386__ -o modes.o modes.c
cc1: warning: command line option "-fno-for-scope" is valid for C++/ObjC++ but not for C
modes.c:25:30: error: wlan/wlan_compat.h: Permission denied
modes.c:26:28: error: wlan/p80211hdr.h: Permission denied
modes.c: In function ‘generate_rc4_key’:
modes.c:51: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c: In function ‘process_rc4_key’:
modes.c:68: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c: In function ‘mode_keygen’:
modes.c:125: warning: incompatible implicit declaration of built-in function ‘memcpy’
modes.c:127: warning: incompatible implicit declaration of built-in function ‘strcpy’
modes.c: In function ‘mode_wep’:
modes.c:145: warning: incompatible implicit declaration of built-in function ‘memcpy’
make: *** [modes.o] Error 1

The following patch file will take care of most errors and you should be able to get Wepattack compiled properly:

diff -aur WepAttack-0.1.3/src/Makefile WepAttack-patched/src/Makefile
--- WepAttack-0.1.3/src/Makefile 2002-10-23 09:11:36.000000000 -0400
+++ WepAttack-patched/src/Makefile 2010-09-26 04:54:20.000000000 -0400
@@ -6,23 +6,23 @@
LD=gcc
#
# CFLAGS
-CFLAGS=-fno-for-scope -c -D__LINUX_WLAN__ -D__I386__
+CFLAGS= -c -D__LINUX_WLAN__ -D__I386__
#
#
# LDFLAGS
-#LDFLAGS=
+LDFLAGS=-L../run
#
#
# Libraries to link against
-LIBS= -lpcap -lz -lcrypto
+LIBS= -lpcap -lz -lcrypto
#
#
# Install path for wepattack
INSTDIR=/usr/bin

+INCLUDEDIR=-Isrc/
wepattack: wepattack.o rc4.o wepfilter.o log.o modes.o misc.o verify.o keygen.o
- $(LD) $(LDFLAGS) -o $@ wepattack.o rc4.o wepfilter.o log.o\
- modes.o misc.o verify.o keygen.o $(LIBS)
+ $(LD) $(LDFLAGS) $(INCLUDEDIR) -o $@ wepattack.o rc4.o wepfilter.o log.o modes.o misc.o verify.o keygen.o $(LIBS)

wepattack.o: wepattack.c wepattack.h
$(CC) $(CFLAGS) -o $@ wepattack.c
@@ -46,7 +46,7 @@
$(CC) $(CFLAGS) -o $@ keygen.c

modes.o: modes.c modes.h
- $(CC) $(CFLAGS) -o $@ modes.c
+ $(CC) $(CFLAGS) $(INCLUDEDIR) -o $@ modes.c

misc.o: misc.c misc.h
$(CC) $(CFLAGS) -o $@ misc.c
diff -aur WepAttack-0.1.3/src/modes.c WepAttack-patched/src/modes.c
--- WepAttack-0.1.3/src/modes.c 2002-10-24 09:15:19.000000000 -0400
+++ WepAttack-patched/src/modes.c 2010-09-26 04:55:22.000000000 -0400
@@ -29,6 +29,7 @@
#include "wepattack.h"
#include "wepfilter.h"
#include "verify.h"
+#include "string.h"

static rc4_key gen_key;
static unsigned char decrypted_stream[2400];
Only in WepAttack-patched/src: wepattack
diff -aur WepAttack-0.1.3/src/wepattack.c WepAttack-patched/src/wepattack.c
--- WepAttack-0.1.3/src/wepattack.c 2002-10-24 09:14:29.000000000 -0400
+++ WepAttack-patched/src/wepattack.c 2010-09-26 04:41:18.000000000 -0400
@@ -36,7 +36,7 @@
#include "config.h"
#include "modes.h"
#include "misc.h"
-
+#include

wlan_packet_list* current_packet;

@@ -181,7 +181,7 @@

// calculate elapsed time
duration = difftime_us(&t_val_start, &t_val_end);
- printf("\ntime: %f sec\twords: %d\n\n", duration, word_count);
+ printf("\ntime: %f sec\twords: %ld\n\n", duration, word_count);

// write ucracked packets to logfile
log_uncracked(list_packet_to_crack);
@@ -306,7 +306,7 @@

// print out each 10'000 key
if ((word_count % 10000) == 0)
- printf("key no. %d: %s\n", word_count, key);
+ printf("key no. %ld: %s\n", word_count, key);
word_count++;

// main loop to process key in modes on every packet

Copy the above patch in to a file called wepattack.patch. Copy wepattack.patch into the WepAttack-0.1.3 directory and patch it as follows:

$ patch -p1 <wepattack.patch
$ cd src
make
sudo make install

You should be able to get wepattack installed!

0

Backtrack4 on USB (on Windows)

-

A simple way to install Backtrack 4 on a USB stick is to use UNetBootin. UNetbootin can be used to create live (i.e., bootable images with a fully functional OS on it) USB images. This is the first time I tried this route and it seems to work alright.
Otherwise, if you are the linux fans, our good old friend dd does a great job.

dd if=bt4-final.iso of=/dev/sda bs=4096 conv=noerror,sync
0

Cisco VPN Client on BackTrack3

-

I wanted to install Cisco VPN client on BackTrack3. You can get the Cisco VPN client source using the following command:
wget ftp://ftp.cs.cornell.edu/pub/rvr/upload/vpnclient-linux-4.8.00.0490-k9.tar.gz
tar zxvf
vpnclient-linux-4.8.00.0490-k9.tar.gz
cd vpnclient/
wget http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.22.diff
patch < vpnclient-linux-2.6.22.diff
./vpn_install

I got this information from the following blog.
I ran into an error whereby the kernel sources were not found for the VPN client to install. I then got the BackTrack3 kernel sources.
cd /lib/
wget http://www.offensive-security.com/kernel.lzm
mkdir test
lzm2dir kernel.lzm test

Now go into the vpnclient directory and execute the following:
./vpn_install

Accept the defaults (except in my case I selected “No” on automatically start VPN client). When it asks for the sources point it to:
/lib/test/usr/src/linux-2.6.21.5

Then the VPN Client should compile without any issues. Then you just need to place your Cisco VPN client Profile (.pcf) in the /etc/opt/cisco-vpnclient/Profiles directory. You will need to first start the VPN client service first using:

/etc/init.d/vpnclient_init start

Once the service is started just connect using:

vpnclient connect mypcffile user test password <whatever>

Please note that the full name of the Profile file in the above case is mypcffile.pcf but I’ve deliberately excluded the .pcf extension.
This should work.