Category: Hacking & Security Testing


This question has not yet appeared in my inbox, although since I have already written an explanation on the meaning of the term “Sniffer” it makes sense to write one about a tool commonly used in conjunction with a “Sniffer”. So here is an explanation on what a “Scanner” is and what it may be used for. Note I am referring to a “Network Scanner” not an optical scanner.

A “Scanner” is a shortened term for “Network Scanner”. The “Network Scanner” is a software program that can be used to passively scan for network broadcasting devices, such as a wireless access point (AP) that could potentially be exploited in order to gain unauthorized access into a system belonging to the network connected to this wireless access point, or perhaps authorized access assuming you have permission from the owner of the network or computer to perform a security audit.

 

By using the term “Passive Scan” I am referring to a scan in what is commonly known to security enthusiasts as a scan in “Monitor Mode”. This means that the wireless device will only capture data packets and broadcast beacons without sending and data packets. Thus making you much less likely to be discovered by the owner of the device or devices that you are collecting data packets from. I would also like to note that in most circumstances collecting wireless packets should be no more illegal than say peering into your neighbour’s lounge room through the front door that he left open. It is in principle no different. Just be sure that if you do choose to pursue the data packets of your surrounding access points that the owner of them is not a security freak or a person with a great lawyer, as this could result in them turning the tables on you and getting you in trouble.

 

Due to the haze between the terms “Sniffer” and “Scanner” personal opinions on each may vary. My preference in network sniffers would be Wireshark and my preference in “Scanner” would be Airodump-ng.

I hope that this has helped you understand the meaning of the term “Scanner” when referring to network security. Have fun testing your network from the outside, perhaps it is not as secure as you may have once thought.

This tutorial is designed to teach all computer users, of which are new to their Linux distribution. Read below to find out what the most commonly compatible wireless devices are and how you are to install them on your Linux-based computer with the aid of open-source driver projects.

The initial step you must take, just as you must in any other hardware installation on any type of computer system, is of course to physically connect the wireless device to your computer system, either via a PCI slot,assuming you are using a desktop or tower type computer system or a free add-on slot, assuming you are using a laptop type computer system. Also after connecting the hardware be sure to check that the system voltage has not dropped overall using your voltmeter, as strenuous load on the power supply may not be all that bad, overloading the power supply will cause hassle when trying to run your computer, most commonly random reboots and hardware failure will result under these circumstances.

 

The next step you must take is to determine the make and model of your wireless device, which can be done by reading the box that contained your wireless device at the time of purchase or you may consult a computer store or a computer savvy friend to determine the make and model of your wireless device. As it is not installed yet, thus checking for the make and model in the device list is futile.

 

Please note that this tutorial is referring to the “Chipset” in use on the wireless device, so not only the make and model of the card are being referred to here, but also more specifically the “Chipset”on board that device.

 

Below is a table of the commonly compatible wireless devices and where you are to find online hardware lists and driver installation packages for them. You may also note that below I have only listed the makes of the commonly compatible wireless devices, as listing all compatible models would take vast amounts of time, although don’t fret as the driver installation packages available online are usually compatible across most models of the same make:

 

Make Hardware List (Compatibility List) Driver Package
Atheros http://madwifi.org/wiki/Compatibility http://madwifi.org/wiki/UserDocs/GettingMadwifi
Ralink http://rt2x00.serialmonkey.com/wiki/index.php/

http://rt2x00.serialmonkey.com/wiki/index.php/

Zydas (USB) http://zydas.rapla.net http://zd1211.ath.cx
Intel I have not found a hardware list for this specific make yet. http://ipw2200.sourceforge.net/downloads.php
http://sourceforge.net/projects/ipw2200-ap (For use in AP mode)
Conexant

http://securitystartshere.org/page-training-oswa-wnicsprism54.htm

http://prism54.org/newdrivers.html (SoftMAC)
http://prism54.org/fullmac.html (FullMAC)

 

Once you have determined the make, model and chipset aboard your wireless device, you must then visit the “Hardware List (Compatibility List) link beside the make of your wireless device, once you have navigated to the webpage, you must then search the page for your specific model, which can be done by using the “Filter”/”Find” tool, which is activated by using the key combination highlighted below:

Ctrl + F            Press and hold “Ctrl” and then tap “F” now release both keys.

 

Once you have used the above key combination correctly you will be presented with a narrow, empty text box, of which you must type the model of your card into (or at least the first few characters) and then hit the “Enter”/”Return” key to search the page for the entered text.

 

If the box suddenly highlights itself “Red” then your model is most likely not on the page, if this happened check that you entered the model name correctly and try again, if the box remains “Red” then try removing one character from the end of the text at a time until the box is no longer “Red”. If your box remains the default colour then you will notice that the text you entered into the box will now be highlighted (more than likely in a pale yellow) and if the highlighted text on the webpage matches the model of your wireless device then you can be sure that your wireless device should be compatible with Linux, thus allowing your wireless device to function natively under the Linux platform.

 

Now that you have determined that your wireless device is compatible with Linux, you must then return to the top of this page and click the link beside the make of your wireless device in the “Driver Package” column. Once you have clicked the link in the column that is most appropriate to you, you must then select the driver package that is most suited to your system. In most cases, you will select the driver marked with your Linux Kernel version number of the type of processor and operating system you are running (i.e. 32-bit, 64-bit, x86, etc).

 

Once you have downloaded the driver package (which will be a file format specific to your distribution i.e. Debian = .deb or .tar or .tar.gz, etc) most appropriate to your system and wireless device, you must then install it. Depending on your distribution and wireless device this procedure will vary and I strongly recommend that you consult a computer savvy friend, a computer expert or good old http://www.google.com for any information that you may need.

 

Once you have installed the driver package, you must then reboot your system and if you have an external wireless device switch (common on factory installed wireless devices) then switch it on. Now if you have configured it correctly by using my instructions above, then you may sit back and watch the glory reveal itself in the form of blinking data transfer lights and the swift readiness to occupy our air with its wealth of bits and bytes and make all of the fidelity of the wireless variety come to life invisibly. Fascinating isn’t it? If you do not experience such pleasure and your wireless device is in fact inactive or only partially active then I would personally recommend that you continue to search this website of mine for the answer that suits you, otherwise you may consult a computer expert.

Congratulations! You have just installed your wireless device on your Linux-based computer system. Enjoy your newfound Linux hardware configuration knowledge.

This guide I am writing is intended to finally give the Facebook community the freedom to add the long awaited “Dislike” button into their statuses. Read below to find out how easy it is to post a status on your profile with a “Dislike” button. The first thing you will need to do is sign into your Facebook account. Then you will need to visit the following link to acquire the “Status Magic” app:

http://apps.facebook.com/statusmagic/ Once you have visited this URL and you have installed the application you can then post your statuses through the “Status Magic” app and add any button you would like (in place of the “Dislike” button). Once you have installed the app you can click the “Account” tab in the top right of your Facebook browser and then click “Application settings”. Once you have clicked “Application settings all you will need to do is scroll through your applications and find “Status Magic” and then click the “Status Magic” link to open it. When you open the “Status Magic” app through the “Account/Application settings” Link you will be led to a page similar to the one shown in the screenshot of my computer running the same app below: Status Magic Demo Now that you have opened “Status Magic” you can type your status in the text box provided and then type in the options for your custom button. Once you have written your post and edited the text for your custom button you can click the “Share” button and you are done. Your Post will now be published with the added option of the custom button you created.

It is that simple to create a “Dislike” button, or any custom button on Facebook for that matter. Enjoy your newfound Facebook interface enhancement knowledge.

In this guide there are a few steps on how to gain administrator access to most websites utilizing low level security. Note: this method may not work and regardless of its success I will not be held responsible for any negative repercussions of your actions. This is only intended for testing your OWN website for security flaws unless otherwise authorized by the owner of the site to do so. The term “hack” is marked with an asterisk to indicate that it is not actually a “hack” but more of a stab in the dark approach, you may be lucky and you may not be; although it is much wanted of myself and others that you do not call this a “hack” as it is not a “hack” it is a search hoping to reveal the obvious and that is all.

 

The first step in gaining some form of elevated access to a secured webpage is of course through the oldest trick in the book; reading the source code. To read the source code you will need to set your browser to be viewing the webpage that you intend to “hack” and click the “view” button in the file menu at the top of the web browser window.

 

Next you will need to search the source code looking for any suspicious looking phrases such as a mix of letters, numbers or a combination of the two. If it appears you have found something that looks like it may be password related you will need to store it on paper or in a file on your computer for later reference.

 

Now, you will need to combine this suspicious chain of numeric or alphanumeric characters with a common administrator username. The most common user names include; admin, administrator, Admin, Administrator. If you would like more common usernames then it is advised that you search the term “common administrator usernames” using your preferred search engine (I recommend Google as it is more insecure when it comes to hiding the confidential information of websites such as passwords, sensitive information and other data not intended for the public eye).

 

If you have tried many usernames and are still not satisfied with the results then the next step could be one of two things. You could attempt to search the source code for the term “password.php” or you could search the file index of the site directly using your browser and search for the file named “password.php”.

 

Also, if you believe that you have drained all of your sources of relevant passwords then you could also search the term “default administrator passwords” using Google or any other search engine that you feel comfortable with.

 

Once you have gathered what you consider to be a decent list of usernames and passwords then you can attempt to combine them either manually by combining them in the corresponding data boxes of the website or by using some kind of brute forcing program, which can be found by searching the term “brute force software”.

 

If this method works then you will have gained access to YOUR website and will now have reason to change your passwords and or usernames to one that would be a lot more difficult to break.

 

Have fun, use this guide only for constructive purposes. I will not be held responsible for any misuse of this guide as it is intended for informational purposes ONLY.

%d bloggers like this: