Archive for the ‘Wifi-Hacking’ Category

Please contribute towards this project so I can bring more technically perfect tutorials for you.any amount is acceptable

Paypal ID:Tech.secure.it@gmail.com

Send as for payment for goods.

The stats helper monkeys at WordPress.com mulled over how this blog did in 2010, and here’s a high level summary of its overall blog health:

Healthy blog!

The Blog-Health-o-Meter™ reads Wow.

Crunchy numbers

Featured image

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 80,000 times in 2010. If it were an exhibit at The Louvre Museum, it would take 3 days for that many people to see it.

In 2010, there was 1 new post, growing the total archive of this blog to 15 posts. There were 3 pictures uploaded, taking up a total of 357kb.

The busiest day of the year was December 5th with 355 views. The most popular post that day was WEP/WPA/WPA2 Cracking Dictionary.

Where did they come from?

The top referring sites in 2010 were wifi0wn.co.cc, google.com, en.wordpress.com, hackforums.net, and search.conduit.com.

Some visitors came searching, mostly for wpa dictionary, wpa dictionary download, dictionary wpa, wpa2 dictionary, and wpa dictionaries.

Attractions in 2010

These are the posts and pages that got the most views in 2010.

1

WEP/WPA/WPA2 Cracking Dictionary July 2008
12 comments

2

Wifi cards & Antenna July 2008
4 comments

3

Airsnarf-The Rogue Access-Point(BackTrack 3 As Fake AP) July 2008
3 comments

4

Back|Track 4 beta & Windows 7 Ultimate Dual Boot February 2009

5

Wireless Tools & Software July 2008
3 comments

Wepbuster-The Automatic WEP Assessment Tool

Posted: Sunday,February 7, 2010 in Wifi-Hacking

Hello to all the dear visitor of this blog.here is step by step using of wepbuster tool.first time while installation,I faced minor technical issues which I resolved later after little bit searching.

thanks to markjayson.alvarez for making such wonderful tool.

REQUIREMENTS:

                                                                         
  - aircrack-ng 1.0                      
                                                                                 
  - perl installation with standard libraries (threading support)                
     - perl modules (http://search.cpan.org)                                     
        - Term::ReadKey                                                  
        - Expect.pm 
        - Getopt::Long
        - File::Slurp
        - Number::Range
        - Algorithm::Permute
        - Pod::Usage
                                                                                                                                                 
  - macchanger   (www.alobbs.com/macchanger)                                     
                                                                                 
  - miscellaneous unix programs                                          
        - ifconfig, iwconfig, rm, pkill, stty, cp, touch, mv, route, ping,       
         dhclient, netstat

download the source code from wepbuster project site here.

Wepbuster Download

or

wget http://wepbuster.googlecode.com/files/wepbuster-1.0_beta-0.7.tgz

Download dependencies

wget http://search.cpan.org/CPAN/authors/id/J/JS/JSTOWE/TermReadKey-2.30.tar.gz
wget http://search.cpan.org/CPAN/authors/id/R/RG/RGIERSIG/Expect-1.21.tar.gz
wget http://search.cpan.org/CPAN/authors/id/J/JV/JV/Getopt-Long-2.38.tar.gz
wget http://search.cpan.org/CPAN/authors/id/D/DR/DROLSKY/File-Slurp-9999.13.tar.gz
wget http://search.cpan.org/CPAN/authors/id/L/LA/LARRYSH/Number-Range-0.07.tar.gz
wget http://search.cpan.org/CPAN/authors/id/E/ED/EDPRATOMO/Algorithm-Permute-0.12.tar.gz
wget http://search.cpan.org/CPAN/authors/id/M/MA/MAREKR/Pod-Parser-1.38.tar.gz

tar -zxvf Algorithm-Permute-0.12.tar.gz
cd Algorithm-Permute-0.12
perl Makefile.PL
make
make install

tar -zxvf Expect-1.21.tar.gz
cd Expect-1.21
perl Makefile.PL
make
make install

tar -zxvf File-Slurp-9999.13.tar.gz
cd File-Slurp-9999.13
perl Makefile.PL
make
make install

tar -zxvf Getopt-Long-2.38.tar.gz
cd Getopt-Long-2.38
perl Makefile.PL
make
make install

tar -zxvf Number-Range-0.07.tar.gz
cd Number-Range-0.07
perl Makefile.PL
make
make install

tar -zxvf Pod-Parser-1.38.tar.gz
cd Pod-Parser-1.38
perl Makefile.PL
make
make install

tar -zxvf TermReadKey-2.30.tar.gz
cd TermReadKey-2.30
perl Makefile.PL
make
make install

now you are ready to install wepbuster as all dependencies are satisfied now
tar -zxvf wepbuster-1.0_beta-0.7.tgz
cd wepbuster-1.0_beta

cp wepbuster /usr/bin
.wepbuster

by default it scans according to US standard e.g. channel 1 6 11.to change this default behavior & to force scanning on channels.edit

kwrite wepbuster

find section

my $country = ‘US’; & replace with my $country = ‘all’;

save & exit & rerun wepbuster

Normal usage commands:

  perl wepbuster [channel(s)]
  perl wepbuster [sort | connect] [hostname/ip address]
  perl wepbuster permute [OPTIONS]
  or
  perl wepbuster --help | --man for list of all supported options.

Main project page

marketing

This menufix took a lot of time to prepare and to check.there are 2 things in this tutorial.one for spoon kiddies & another who wants to know,what actual is going on.I mean step by step fixing.for automatic fixing the menu.download the package & copy the applications-kmenuedit.menu from package & overwrite to ~/.config/menus/applications-kmenuedit.menu & copy applications folder & overwrite to ~/.local/share/applications/

I have installed the following packages too and fixed menu according to them as I was missing some of interesting stuff from BT3.these things are optional to install & may vary on your wish.

apt-get install kppp
snort(Don’t use apt-get as it will install old version.2.7)
Nessus 3.2.1
apt-get install bluez(Those missing bluetooth)

from terminal type kmenuedit

expand BackTrack menu

Vulnerability Identification
All
smbclient.py
(For fixing this copy the smbclient.py to /usr/bin

expand BackTrack menu

VOIP
All
Erase_registrations
Command:./erase_registrations;sudo -s

expand BackTrack menu
apt-get install apt-get install gcc-4.2
Press Y
Download MDK3
wget http://homepages.tu-darmstadt.de/~p_larbig/wlan/mdk3-v5.tar.bz2
extract the mdk3-v5.tar.bz2
cd mdk3-v5/osdep
kwrite common.mak
find the lines
CC = $(TOOL_PREFIX)gcc & change to CC = $(TOOL_PREFIX)gcc-4.2
save & exit
cd ..
make && make install

Radio Network Analysis
80211
All
ctrl+n
type MDK3
command:/usr/local/sbin/mdk3;sudo -s
select Run in terminal

Radio Network Analysis
80211
Cracking
ctrl+n
type MDK3
command:/usr/local/sbin/mdk3;sudo -s
select Run in terminal

expand BackTrack menu

Privilege Escalation
All
ctrl+n
type Etherape
command:etherape;sudo -s

expand BackTrack menu

Privilege Escalation
Sniffers
ctrl+n
type Etherape
command:etherape;sudo -s

expand BackTrack menu

Miscellaneous
usbview
Error:cannot open the file /proc/bus/usb/devices
FIX:add these lines to /etc/fstab
none /proc/bus/usb usbfs defaults
save & exit

expand BackTrack menu

Install flash player for firefox

wget http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_10_linux.deb
dpkg -i install_flash_player_10_linux.deb
Cut & paste the /pentest/web/swfintruder to /var/www/swfintruder
copy & paste the /var/www/swfintruder/testSwf/test.swf to /var/www/swfintruder/
Miscellaneous
swfintruder
command:firefox http://127.0.0.1/swfintruder

launch the tool and in flash movie:type http://127.0.0.1/swfintruder/test.swf & hit load
now further you can put the swf files in /var/www/swfintruder & can test

expand BackTrack menu

Miscellaneous
ctrl+n
RFIDIOt
command:ls;sudo -s
Work path:/pentest/rfid/RFIDIOt-0.1w
checkmark Run in terminal

expand documents->All

Ctrl+n
type wiki.remote-exploit.org (wait untill new bt4 wiki launches)
command:konqueror http://wiki.remote-exploit.org

Ctrl+n
type http://www.isecom.org
command:konqueror http://www.isecom.org/osstmm

ctrl+n
type http://www.oissg.org
command:konqueror http://www.oissg.org/content/view/71/71

expand documents->BackTrack

ctrl+n
type http://www.remote-exploit.org
command:konqueror http://www.remote-exploit.org

ctrl+n
type forums.remote-exploit.org
command:konqueror http://forums.remote-exploit.org

expand docuements->OSSTMM

Ctrl+n
type http://www.isecom.org
command:konqueror http://www.isecom.org/osstmm

expand documents->ISSAF

type http://www.oissg.org
command:konqueror http://www.oissg.org/content/view/71/71

expand Editors

ctrl+n
type kwrite
command:kwrite %U

ctrl+n
type kate
command:kate %U

ctrl+n
type nedit
command:nedit %U

expand Internet

ctrl+n
type Network Manager
command:/etc/init.d/NetworkManager;sudo -s

ctrl+n
type vncviewer
command:vncviewer

expand Services

Right click services & choose new submenu
type Nessus

ctrl+n
type Start Nessus
command:/etc/init.d/nessusd start;sudo -s

ctrl+n
type Stop Nessus
command:/etc/init.d/nessud stop;sudo -s

For using BeEF service download beef:
wget http://www.bindshell.net/tools/beef/beef-v0.3.2.tar.gz
extract to /var/www/
copy the supplied setup-beef.sh to /usr/bin folder
test using http://127.0.0.1/beef(run apache2 first)

select BEEF
ctrl+n
Setup BeEF
command:setup-beef.sh;sudo -s
checkmark Run in terminal

select HTTPD
ctrl+n
type Start HTTPD
command:service apache2 start;sudo -s

ctrl+n
type Stop HTTPD
command:service apache2 stop;sudo -s

ctrl+n
type Restart HTTPD
command:/etc/init.d/apache2 restart;sudo -s

For using service mysql do this
delete the folder mysql in /var/lib(e.g.the /var/lib/mysql folder)
then run
dpkg-reconfigure mysql-server-5.0
Enter the password you want to use for root user.

select Mysql
ctrl+n
type Start Mysql
command:service mysql start;sudo -s

ctrl+n
type Stop Mysql
command:service mysql stop;sudo -s

ctrl+n
type Restart mysql
command:service mysql restart;sudo -s

select snort
ctrl+n
type Snort
command:snort;sudo -s

for using SSH Services first use
sshd-generate

select SSH
ctrl+n
Start SSHD
command:/bin/bash /etc/init.d/ssh start;sudo -s

ctrl+n
Stop SSHD
command:/bin/bash /etc/init.d/ssh stop;sudo -s

for using TFTP Services
mkdir /var/lib/tftpboot
chmod 777 /var/lib/tftpboot

select TFTPD
ctrl+n
Start TFTPD
command:/usr/sbin/inetd;sudo -s

ctrl+n
Stop TFTPD
command:killall -e /usr/sbin/inetd;sudo -s

select VNC
ctrl+n
Start VNC Server
command:vncserver;sudo -s

Stop VNC Server
command:vncserver -kill :1;sudo -s

expand graphics

ctrl+n
type kghostview
command:kghostview %u -caption “%c” %i %m

expand Utilities

ctrl+n
type oclock
command:oclock;sudo -s

expand utilities->desktop

ctrl+n
type kpager
command:kpager;sudo -s

ctrl+n
type Clipboard Tool
command:klipper;sudo -s

right click Utilities & choose new submenu

type peripherals
ctrl+n
type FAX Utility
command:kdeprintfax;sudo -s

expand X-Utilities

ctrl+n
type X Calc
command:xcalc;sudo -s

ctrl+n
type X Clock
command:xclock;sudo -s

ctrl+n
type X Clipboard
command:xclipboard;sudo -s

ctrl+n
type X Console
command:xconsole;sudo -s

ctrl+n
type X Editor
command:xedit %f;sudo -s

ctrl+n
type X Kill
command:xkill;sudo -s

ctrl+n
type X Load
command:xload;sudo -s

ctrl+n
type X Magnifier
command:xmag

click on File menu->new Item

type Find File/Folders
command:kfind;sudo -s

click on File menu->new submenu

type Toys
ctrl+n
type X Eyes
command:xeyes;sudo -s

ctrl+s & exit

Those who want Ettercap GUI perform this

apt-get install ettercap-gtk
press Y(Yes I know it will try to remove fasttrack as fasttrack is depend on ettercap)
cd /pentest/exploits
svn co http://svn.thepentest.com/fasttrack/
cd fasttrack
python setup.py install (Now answer some of the Q accordingly & you have done)
./fasttrack -g & ettercap -G both working correctly.

I have not used any other tools except the one’s which are included by default in BT 4 Beta.extra tools have been mentioned above only.if still something left then please let me know.thanks for reading this.below is some files which you need to download.Please CLICK here.

updating apt-get update I was getting following error

: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY CB2F6C86F77B1CA9

Solution:
Add the GPG signing key:
wget http://apt.pearsoncomputing.net/public.gpg
sudo apt-key add public.gpg

now run apt-get update

“cannot lock media/.hal-mtab” .while try to access the device

Make appropriate directory e.g. /mnt/sda1 & then put automount entry in /etc/fstab
mkdir /media
touch /media/.hal-mtab

edb: error while loading shared libraries: libQtGui.so.4: cannot open shared object file: No such file or directory

Evan’s debugger uses qt libraries and thus missing dependencies.here is how to do
download getlibs
wget http://www.boundlesssupremacy.com/Cappy/getlibs/getlibs-all.deb
dpkg -i getlibs-all.deb
getlibs libQtGui.so.4 (it will check for dependencies & packages needed)
Press Y
now run edb

MYSQL Error in db_create Metasploit

msf > load db_mysql[*] Successfully loaded plugin: db_mysql

msf > db_create

mysqladmin: connect to server at ‘localhost’ failed
error: ‘Access denied for user ‘root’@’localhost’ (using password: NO)’
ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)[*] Database creation complete (check for errors)

msf > db_import_nmap_xml xpsp2.xml
[-] Error while running command db_import_nmap_xml: Access denied for user ‘root’@’localhost’ (using password: NO)
Kindly check the Entry above for fixing Mysql-server 5.0 & just don’t assign any password while dpkg-reconfigure

Inguma GUI FIX

python ingumagui.py
Traceback (most recent call last):
File “ingumagui.py”, line 28, in <module>
from qt import *
ImportError: No module named qt
apt-get install python-qt3

SSHatter Parallel-ForkManager & Net-SSH-Perl Dependency FIX

those who installed SSHatter
root@ThUNdErbOlt:/pentest/password/SSHatter-0.6/src# ./SSHatter.pl
Can’t locate Parallel/ForkManager.pm in @INC (@INC contains: /etc/perl /usr/local/ lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/ lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./SSHatter.pl li ne 33.
BEGIN failed–compilation aborted at ./SSHatter.pl line 33.
FIX
wget http://search.cpan.org/CPAN/authors/id/D/DL/DLUX/Parallel-ForkManager-0.7.5.tar.gz
tar -zxvf Parallel-ForkManager-0.7.5.tar.gz
cd Parallel-ForkManager-0.7.5
perl Makefile.PL
make
make install
cd \
wget http://search.cpan.org/CPAN/authors/id/T/TU/TURNSTEP/Net-SSH-Perl-1.34.tar.gz
tar -zxvf Net-SSH-Perl-1.34.tar.gz
cd Net-SSH-Perl-1.34
perl Makefile.PL
make
make install



Hello to all the members & visitor to this forum.I have created a debian package for installing/updating the top-notch tools of BackTrack distro to make you stay latest one.
this tool has been created in shell programming as back-end & I have used the light one GUI tool zenity to support & looks thing good.this tool will install the bt4_tu file to /usr/bin so you can invoke it from anywhere on shell & it will create one folder in /pnetest/BackTrack Tool Updater having shell file,HELP,INSTALL,ICON file.kindly pay a look to both INSTALL & HELP File.
for working this you need a working Internet connection & zenity(Already with BT4).
this is fully automatic tool & need no user intervention.so feel free & update your security tools on day to day basis.here is list of tools which will be installed/updated.

1.Aircrack-ng
2.Metasploit Framework
3.Milw0rm Database
4.Nmap
5.Fast-Track
6.Nikto
7.Inguma
8.W3af
9.Nessus-Plugins(register yourself for getting home-feed first & using for using this you need to have nessus already installed in system)

10.Snort rules(Only version 2.8 support yet & downloading can be done with the interval of 15 mins after previous download)

11.All(All-In-One Tools Silent Updation)

The attach file is debian package.

DOWNLOAD HERE

Install it using

bt~#dpkg -i bt4_tool_updater1.0.deb

remove using

bt~#dpkg -r bt4-tu

Compiz Fusion on BT 4 beta(cube/wobbly/transparent)

Posted: Wednesday,February 11, 2009 in Wifi-Hacking

First install the display driver for your card e.g. radion/nvidia.in my case I am using Nvidia 9200 M GS Chipset.so here is link to download.also check the supported chipset models.

please refer to this page for Nvidia chipset & to know which driver is for your chipset
http://www.nvidia.com/Download/index.aspx?lang=en-us

In my case of Nvidia 9 Series Mobile chipset I am using

wget http://us.download.nvidia.com/XFree86/Linux-x86/180.22/NVIDIA-Linux-x86-180.22-pkg1.run

for installing it,its neccessary that you logout from KDE X

root@ThUnDeRbOLt:~#install NVIDIA-Linux-x86-180.22-pkg1.run nvidia
root@ThUnDeRbOLt:~#./nvidia

it will autoconfigure options according to kernel.if all went well you will see success message else note the error messages as it may be because of installing wrong drivers for chipset or mismatch in kernel version.

next
root@ThUnDeRbOLt:~#apt-get install compiz compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported emerald simple-ccsm fusion-icon

For Emerald windows decorator download:
root@ThUnDeRbOLt:~#wget http://fr.archive.ubuntu.com/ubuntu/pool/universe/e/emerald/libemeraldengine0_0.7.2-0ubuntu2_i386.deb
root@ThUnDeRbOLt:~#wget http://fr.archive.ubuntu.com/ubuntu/pool/universe/e/emerald/emerald_0.7.2-0ubuntu2_i386.deb
root@ThUnDeRbOLt:~#dpkg -i libemeraldengine0_0.7.2-0ubuntu2_i386.deb
root@ThUnDeRbOLt:~#dpkg -i emerald_0.7.2-0ubuntu2_i386.deb

Upgrade the Emerald themes using
root@ThUnDeRbOLt:~#svn ls https://svn.generation.no/emerald-themes
This will download and install the security key needed later to install these themes. When it asks, accept the certificate permanently.

More themes can be found here.Download and import in emerald theme manager

Invoke the compiz-fusion icon through backtrack menu->system->compiz fusion

right click on compiz fusion icon and choose reload window manager

some of effects you would like to play with
Cube
For cube its neccessary to have minimum 4 desktop.so first we set it
go to backtrack menu->system->settings->desktop->multiple desktops
set here 4 desktop at least

now right click on the compiz fusion icon and choose setting manager
choose genral options
select desktop size tab
move slider Horizontal Virtual Size to 4(Number of desktop you want to see)
press back to go back

now from effect choose desktop cube & Rotate cube
configure zoom setting in rotate cube->genral tab set zoom to 0.1827(play with this setting)

now when you can use this effect by holding ctrl+alt  & left mouse button or by simply pressing middle mouse button in the center of desktop.

Wobbly windows
click on this and enable it and goto genral tab & set friction to 2.1926(play with this setting)

enable 3D Windows
enable Animations

If you want cube reflection & deformation then select it as it will present cube in deform one.

cube atlantis will fill fishes etc in the depth of cube.the topmost part.see them playing.
goto cube atlantis water/ground tab & clear the checkbox render water wireframe

Transparency
goto desktop cube->transparent cube tab and adjust the “opacity during rotation” slider to 85.0000(set according to your wish)

select skydome & cube caps(upper cube caps)for desktop
goto desktop cube->appearance tab select image file
goto desktop cube->appearance tab checkbox select skydome option & choose image

now you have seen a lot of tweaks.have a beautiful desktop ahead.

compiz-effect1Water effect on backtrack 4 beta

compiz-effect2Fire effect on Back|Track 4 Beta

compiz-effect3Some Color Firy effect on BT4

compiz-effect4Blur effect on BT4 Beta

compiz-effect5Cube Relection & deformation effect in BackTrack 4 Beta

compiz-effect6Rotating 3D Cube in Back|Track 4 Beta

compiz-effect73D Cube with Transparent cube atlantis(fishes inside cube)

compiz-effect8Expo Effect of multiple desktops in BT 4

compiz-effect9cube effect after setting cube caps & skydome

For Enabling emerald theme manager
Right click on fusion icon
select window decorator as emerald
select window manager as compiz
choose the themes from Emerald Theme Manager
you should have pretty desktop now in front of you.

compiz-effect10Emerald Theme on B|T 4

compiz-effect116 desktop in rotating cube with Emerald theme


Back|Track 4 beta & Windows 7 Ultimate Dual Boot

Posted: Wednesday,February 11, 2009 in Wifi-Hacking

Hello to all the visitor of this blog.time to make some fun with back|track 4 beta along with windows 7 ultimate beta.the fun part is both of the distro’s are in beta state & will updated time to time untill final release.first install windows 7 ultimate and I assume you know how to do that(the most easiest thing is world I assume).here is what partition scheme I used.change it accordingly to your HDD partitions.also I assume you have make 3 extra partitions from the empty space from HDD using 3rd party tool like paragon partition manager as fdisk options wipe the partition.

Boot through BT4 ISO and see the mount point using

root@ThUnDerBolT:~#nano /etc/fstab

here is how my partition scheme looks like

snapshot4

Note down the partition scheme of your HDD as it will be use for later reference

now back to terminal

unmount all the NTFS & EXT,reiserfs File System

root@ThUnDerBolT:~#umount /dev/sda1

root@ThUnDerBolT:~#umount /dev/sda2

root@ThUnDerBolT:~#umount /dev/sda3

root@ThUnDerBolT:~#umount /dev/sda5

root@ThUnDerBolT:~#umount /dev/sda6

now fdisk the sda harddisk

root@ThUnDerBolT:~#fdisk /dev/sda

Here is how my hard-disk partition scheme is

snapshot5Please note down the linux partions start cylinder & last cylinder.In my case its

/dev/sda5     29561     30325     83    Linux

/dev/sda6     30326    30334     83     Linux

/dev/sda7     30335    30401     82     Linux swap / Solaris

now delete the Linux partitions carefully.use commands

d

7

d

6

d

5

w

now reboot once as the kernel is still using old tables

root@ThUnDerBolT:~#init 6

now back to terminal after reboot

root@ThUnDerBolT:~#fdisk /dev/sda

n

29561

30325

n

30326

30334

n

30335

30401

t

2  #only if you are seeing your NTFS partition as Hidden HPFS/NTFS

7  #change Hidden HPFS/NTFS to Normal HPFS/NTFS partition

t

3 #only if you are seeing your NTFS partition as Hidden HPFS/NTFS

7 #change Hidden HPFS/NTFS to Normal HPFS/NTFS partition

t

7

82 #setting last sda7 as swap partition

p

and it should look like this now

snapshot6now write the tables

w

root@ThUnDerBolT:~#mke2fs /dev/sda6

root@ThUnDerBolT:~#mkswap /dev/sda7

root@ThUnDerBolT:~#swapon /dev/sda7

root@ThUnDerBolT:~#mkreiserfs /dev/sda5

Choose Y

root@ThUnDerBolT:~#mkdir /mnt/backtrack

root@ThUnDerBolT:~#mount /dev/sda5 /mnt/backtrack

root@ThUnDerBolT:~#mkdir /mnt/backtrack/boot

root@ThUnDerBolT:~#mount /dev/sda6 /mnt/backtrack/boot

root@ThUnDerBolT:~#cp –preserve -R /{bin,dev,home,pentest,root,boot,usr,etc,lib,opt,sbin,var} /mnt/backtrack

root@ThUnDerBolT:~#cd /mnt/backtrack

root@ThUnDerBolT:~#mkdir {mnt,proc,sys,tmp}

root@ThUnDerBolT:~#chmod 1777 /mnt/backtrack/tmp

root@ThUnDerBolT:~#mount –bind /dev /mnt/backtrack/dev

root@ThUnDerBolT:~#mount -t proc proc /mnt/backtrack/proc/

root@ThUnDerBolT:~#chroot /mnt/backtrack /bin/bash

root@ThUnDerBolT:~#nano /etc/lilo.conf

your LILO config should look like this

snapshot7Replace the windows partition with yours e.g. /dev/sda1 to blah blah

save and exit

root@ThUnDerBolT:~#lilo -v

reboot

Make mount points for our windows/pen drive

root@ThUnDerBolT:~#mkdir /mnt {sda1,sda2,sda3,sdb1,sr0)

root@ThUnDerBolT:~#nano /etc/fstab

Update your fstab file & add entries of partitions there

here is how my fstab looks like.update it accordingly to your HDD partitions

snapshot8

Save & Exit

root@ThUnDerBolT:~#init 6

That’s it!

————————————————-

BUGS/Mods:

1.if you are getting error “cannot obtain lock on /media/.hal-mtab” then enter the mount partion entry into /etc/fstab file.e.g as I was getting this error while accessing DVD Drive and Pen-Drive or windows partitions then make directories and update fstab file

2.if you have used command “update-rc.d networking defaults”.every time BT starts it will look for DHCP address for NIC’s.if you don’t have any connection at that time.it will just keep looking.for getting it out press ctrl +c and enter.it will carry on booting then.

3.those who wants to manually start networking type

root@ThUnDerBolT:~#/etc/init.d/networking start

If any bugs feel free to comment it and to update on remote-exploit forum.

Look for the wiki of backtrack HCL to know which cards are having rt73 chipset.

Tested on hardware Linksys WUSB54GC rt73 chipset based.

there is new update for rt73 chipset based cards.first download the latest modules.

working with wpa_supplicant.
you need to patch wpa_supplicant
or
use the next generation rt2x00 driver which is compatible with wpa_supplicant
or
latest modules of rt73 have in-built private ioctls to support wpa_supplicant like config.

Ok we begin
http://homepages.tu-darmstadt.de/~p_larbig/wlan/rt73-k2wrlz-3.0.1.tar.bz2
extract archive

ifconfig rausb0 down
modprobe -r rt73
cd rt73-k2wrlz-3.0.1/module
make && make install

modprobe rt73 ifname=rausb0 or wlan0
(here you can choose the appropriate name according to your choice like wlan0 or rausb0 or eth1 whatever)

now use the iwpriv command to avaliable private ioctls
iwpriv wlan0

bt ~ # iwpriv wlan0
wlan0 Available private ioctls :
set (8BE2) : set 1024 char & get 0
txpower (8BF3) : set 1024 char & get 1024 char
adhocOfdm (8BE6) : set 1 int & get 0
stat (8BE9) : set 1024 char & get 1024 char
get_site_survey (8BEF) : set 1024 char & get 1024 char
get_RaAP_Cfg (8BF1) : set 1024 char & get 0
forceprism (8BF2) : set 1024 char & get 0
rfmontx (8BEC) : set 1024 char & get 0
get_rfmontx (8BED) : set 0 & get 1 int
auth (8BE7) : set 1 int & get 0
enc (8BE8) : set 1 int & get 0
wpapsk (8BEA) : set 64 char & get 0
psm (8BEB) : set 1 int & get 0

you are able to see that we got options like txpower and wpapsk,auth,enc etc to modify the settings.

if you want to set the txpower output.use
ifconfig wlan0 down
modprobe -r rt73
modprobe rt73 txPowerTuning=36 ifname=wlan0
Remember: This value will be ADDED to the default Power stored in the card’s EEPROM!
Remember: This value will be ADDED to the default Power stored in the card’s EEPROM!
Valid Values for Transmit Power: -6 to 36 (0xFA to 0x24).
WARNING: MAY DAMAGE YOUR HARDWARE! – USE AT OWN RISK!
I set it on my Linksys WUSB54GC as 36 without problem.
now you can use
iwconfig

it will show the USB NIC interface as newly created wlan0

use airodump-ng wlan0

you will get pwr much more then before.I got amazingly 90 to 110.

now you have options to use and work with WPA/WPA2 networks.
first option as already told use latest rt2x00 drivers from serialmonkey or configure the wlan0 USB NIC as following

b) WPA (802.11g)

wpa_passphrase <essid> <passphrase>
copy the psk hash(uncommented one)
iwconfig wlan0 mode managed
iwpriv wlan0 set AuthMode=WPAPSK
iwpriv wlan0 set WPAPSK=<key> #replace key with your psk-hash
iwpriv wlan0 set EncrypType=TKIP

c) WPA2 (802.11i)
wpa_passphrase <essid> <passphrase>
copy the psk hash(uncommented one)
iwpriv wlan0 set AuthMode=WPA2PSK
iwpriv wlan0 set WPAPSK=<KEY> #replace key with your psk-hash
iwpriv wlan0 set EncrypType=AES

Check that you’re associated with an AP
iwconfig wlan0

or
if you want to patch wpa_supplicant for rt73 chipset you need to patch
the wpa_supplicant file to work with rt73 based chipset
download wpa_Supplicant & patch files here.

WPA_Supplicant-0.5.10.tar.gz
wpa_supplicant-ralink_rt73.patch
wpa_supplicant-ralink_rt73-fix.patch

tar xzf wpa_supplicant-0.5.7.tar.gz
cd wpa_supplicant-0.5.7
patch -p1 < wpa_supplicant-ralink_rt73.patch
patch -p1 < wpa_supplicant-ralink_rt73-fix.patch
make
# install as usual, e.g.
cp wpa_cli wpa_supplicant /usr/local/bin

configure using wpa_supplicant(other users who looking for wpa_supplicant config. can try this)

use these commands

wpa_passphrase <essid> <passphrase>
e.g.
bt ~ # wpa_passphrase thunderbolt backtrack3
network={
ssid=”thunderbolt”
#psk=”backtrack3″
psk=7b8e62496b86b7eba28199fd9af1f560a8503b7ede9149 bd2f42e42e631bedb0
}
copy the psk-hash

for configuring wpa_supplicant
nano /etc/wpa_supplicant.conf

edit it
# WPA protected network, supply your own ESSID and WPAPSK here:
network={
scan_ssid=0 #1 is ssid is hidden
ssid=”thunderbolt” #change with your ssid/essid
proto=WPA
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP WEP104 WEP40
psk=7b8e62496b86b7eba28199fd9af1f560a8503b7ede9149 bd2f42e42e631bedb0
# change the psk hash with your psk hash you got from wpa_passphrase
}

now connect with WPA/WPA2 enable AP using

bt ~ # wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf – d rt73 -w (other user may change to ath0,wifi0)

Trying to associate with 00:21:29:68:16:c2 (SSID=’thunderbolt’ freq=2462 MHz)

Associated with 00:21:29:68:16:c2
WPA: Key negotiation completed with 00:21:29:68:16:c2 [PTK=TKIP GTK=TKIP]
CTRL-EVENT-CONNECTED – Connection to 00:21:29:68:16:c2 completed (auth) [id=0 id_str=]

Here you done configuring txpower for new rt73 module,configuring wpa/wpa2.hope you all liked this little hardware hacks and configs.