Category Archives: How-To

Weaponizing the GL.iNet GL-AR150

Hi all, so much time since I posted something here. I’ll try to post more regularly from now on.

Last week I was wondering if somebody had ported the latest Pineapple firmware (v.1.1.3) to the GL-AR150. As you may know, this small router has the same hardware of the WiFi Pineapple Nano (minus the second radio, of course, but there is an USB port to which you can plug a wifi adapter).

After spending some time looking for it without luck, I tried to build it myself.

Patrick Sapinski, on his own blog, posted earlier this year a small guide to do that, and it has been very helpful for me as starting point.

Those are the steps I followed to build a working WiFi Pineapple firmware for the GL-AR150:

Just remember, in make menuconfig, to select the GL-AR150 as target and to include the driver of the USB WiFi adapter you’re going to use (you must use one, the pineapple firmware is mostly useless without the second WiFi interface).

For your convenience, the firmware I built is available on my Github repo at https://github.com/SecurityAddicted/pineapple-ar150

I compiled it with support to all common USB WiFi adapters (I tested it with a TP-Link TL-WN722N).

Hope some of you will find this useful.

Enjoy!

[HOWTO] Setup your debugging and reverse engineering environment with Python tools

Hi to all, today I’ll explain how to install some Python tools for debugging and reverse engineering under a Windows XP box.
These tools are:

  • Python 2.7 (obviously)
  • Immunity Debugger (great debugger completely scriptable in Python)
  • pefile (Python library for inspecting PE file format)
  • pydasm (Python library for disassembly binary code)
  • paimei (reverse engineering framework written in Python)
  • pydbg (pure-Python win32 debugger interface)

Python 2.7 and Immunity Debugger
We can start with the installation of Immunity Debugger. He will installs also the Python 2.7 interpreter on our system.
Download it from the Immunity website (or from here if you don’t want to register). Say Yes when he asks for the permission to install Python (you should install it in the default path specified by the installer).
When the installation is finished, then it’s important to add the Python path to your system PATH, so you can run it from anywhere in the system.

pefile
Download the latest version of pefile from here, unzip it in a folder and run within this folder the following command:

pydasm
Download pydasm from here, unzip it in a folder and run within this folder the following command:

paimei & pydbg
Download paimei from here and pydbg from here. Now unzip paimei, it will create a folder named paimei-master. Unzip pydbg, move all pydbg files under paimei-master\pydbg, open a cmd window within paimei-master and launch the command:

Now, go to C:\Python27\Lib\site-packages\pydbg and delete the pydasm.pyd file (it’s compiled for an older python version and it causes the pydbg library not to load)

Now all these tools are properly installed and ready to go.
Enjoy 😉

How to repair the broken Freeradius-WPE default install on BackTrack 5 r2

Hi to all!

In my last hack lab I’ve played with some WPA-Enterprise hacking techniques. Then, I’ve see that the Freeradius-WPE default install in BackTrack 5 r2 don’t work out of the box (Segmentation fault problem). So, after some searching on Google, I’ve make this to work.

If you need to make Freeradius-WPE work on BackTrack 5 r2, follow this steps.

First, install the package libssl-dev:

Next, download the new Freeradius-WPE package:

Create your certs:

Now, Freeradius-WPE should work. Launch it with:

Feel free to leave a comment or to contact us. Any feedback will be appreciated!

How to create a fake AP on BackTrack 5 r2

Hi to all!

In my last MITM test I needed to create a fake AP that can relay all incoming traffic to a wireless interface connected to Internet.

I’ve some trouble doing this with brctl (because you cannot create a bridge with a wireless interface), so I have create a little laborous setup with the help of iptables. Obviously, you need two wireless card to follow this (one for the softAP – wlan1 in this tutorial –  and one connected to Internet – wlan0 in this tutorial).

First, you need to install a dhcp server:

Backup the default DHCP server configuration file:

Create a new DHCP server configuration file:

and add these lines into the file:

Then, start wlan1 in monitor mode:

Now, you have the interface mon0. So start your softAP (the -e option is used to specify the softAP ESSID, while the -c is used to specify the 802.11 channel):

This will create a new interface called at0. Setup this interface:

Now add a route for the traffic:

and setup new iptables rules:

Start the DHCP server on the at0 interface:

Now all the people that connect to your fake AP will be routed trasparently to the Internet.

If you are too lazy to follow this tutorial, you can use a script I make to speed up fake AP creation.

Download it -> FakeAP.tar. Now decompress all the files in the same directory. Launch the script with:

When your test are done, destroy the AP with:

Feel free to leave a comment or to contact us. Any feedback will be appreciated!