The Aircrack-ng suite is a collection of useful tools aiding you in collecting wireless data and recovering wireless passwords. Perhaps it’s questionable to call it “password recovery”, since surely it’s easier logging into the wireless access point and read the password – but at least it has some legitimate uses.

I wanted to dump all of my wireless traffic in order to check how much data I was actually transmitting. In order to do this, I needed the following:
1. A device to store and process the data
2. A wireless network card

I chose to use my Raspberry Pi together with a USB WiFi card – and this is how I did it.

Step 1 – Install Raspbian

I’ve only used raspbian, so it’s no surprise I’ll suggest you to install it prior to trying this. I’m confident you can get this to work with any Debian-based distro, but don’t quote me on it.

Step 2 – Download the Source Code for Aircrack-ng

Connect to your Raspberry Pi via SSH or use a monitor and keyboard to access it. Then run the following command (you do need internet access):

wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz

Congratulations – you now have the source code. Go ahead and unpack it with the following:

tar -zxvf aircrack-ng-1.1.tar.gz

Enter the folder with:

cd aircrack-ng-1.1

All done? Good.

Step 3 – Getting the Dependencies.

If you try to compile the source right away, you’ll get something like…

crypto.h:12:26: fatal error: openssl/hmac.h: No such file or directory

… which means you need to get OpenSSL.

This takes care of that:

sudo apt-get install libssl-dev

Step 4 – Compiling the source

You should now have the required libraries and a functioning compiler already, but if in doubt go ahead and run:

sudo apt-get install build-essential

I’ve had issues with the default makefile, so let’s fix that real quick.

nano common.mak

Find the two lines starting with “CFLAGS” and remove “-Werror” from it. Werror makes all warnings into errors, which halts the progress. It works fine anyway. Press CTRL+O and then Enter to save. Then CTRL+X to exit.

Time to make:

make

And finally:

sudo make install

(Optionally you can run “sudo airodump-ng-oui-update” as prompted to update the OUI file).

All Done!

I won’t cover how the software works, but you should now have it set up and fully functioning. Compiling and installing code from source isn’t as hard as it might first seem.

If you want to control a LED from the command line, but you’re not comfortable using the GPIO (and perhaps soldering), then feel free to use the HDD Status LED on the Raspberry Pi chip.

It’s a fun feature, but pretty useless. Most of Raspberry Pi’s LEDs are hardware-controlled, meaning you can’t control them from the operating system or software. But if you don’t mind the other LEDs flashing distractingly, then it might be more useful to you.

First you want to disable the trigger with:

echo none > /sys/class/leds/led0/trigger

Now you’re free to set the state. It goes from 0 to 255, but anything above 0 will turn the LED on. The follow would light it up:

echo 1 >/sys/class/leds/led0/brightness

And this would shut it down:

echo 0 /sys/class/leds/led0/brightness

I’d suggest a full reboot to restore the diode when (if?) you’re done playing with it.

(You might need to use sudo, as with anything fun. At your own risk and so on.)

You’re able to check the temperature of your Raspberry Pi easily. Simply run the command below

/opt/vc/bin/vcgencmd measure_temp

That should output the CPU temperature of the Raspberry Pi. Or at least the temperature of the sensor.

Works for me on Raspbian “Wheezy” (image 2013-12-09).

I used a HDMI cable with a DVI adapter without issue, but I started having issues when I ditched the adapter. The resolution went down, and the smaller image was centered, leaving a big black border.

So how did I fix it? Uncomment or add the following line to /boot/config.txt

hdmi_drive=2

Value 2 means normal HDMI (sound will be sent over HDMI if enabled). Value 1 would be DVI mode. No idea why the adapter made it work perfectly without the settings change. Autoconfig?

I think it’s amazing that the Raspberry Pi can handle 1080p.

If you install i3wm and i3status fail to detect your battery, here’s one solution:

Open /etc/i3status.conf and look for “battery 0 {“. Add the following line inside the battery config:

path = “/sys/class/power_supply/BAT1/uevent”

The location might differ, so navigate to power_supply and find the BATX appropriate for you. I’ve seen someone use BAT%d in their config (%d would refer to an integer), but I havn’t tested it.

i3status should now automatically detect your battery, log out or reboot to see the changes.

Syslog is a great standard for handling logs, especially over a network. So how do you set it up on Debian? Sending logs over a network isn’t rocket science.

Step 1 – install syslog-ng

First, run “sudo apt-get update” and “sudo apt-get upgrade” in order to update your packages. Then install syslog-ng with “sudo apt-get install syslog-ng”. Repeat this on all systems which should use syslog.

Step 2 – configure the clients

Open up “/etc/syslog-ng/syslog-ng.conf”, scroll down to the bottom and write:

destination d_tcp { tcp(“192.168.1.100″ port(1234) localport(999)); };
log { source(s_src); destination(d_tcp); };

The first line defines a destination called d_tcp, which is a TCP connection to 192.168.1.100 on port 1234 from the local port 999. You should make sure that the IP is the IP of your syslog server. You may need to change the ports, depending on your configuration.

The second line tells syslog to send everything from s_scr (which is already defines, and has everything we need) to d_tcp. Basically, everything is sent to your server.

Do this for all clients.

Step 3- configure the server

Open up “/etc/syslog-ng/syslog-ng.conf”, scroll down to the bottom and write:

source s_net { tcp(ip(192.168.1.100) port(1234)); };

destination collector {
file(“/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.log”
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)
);
};

log { source(s_net); destination(collector); };

The first line defines a source, which listens on TCP port 1234 and IP 192.168.1.100. Modify this to match your environment.

Collector is a destination which, just like d_tcp, defines where stuff goes. Here we want to write a file and automatically create folders depending on time, host and what type of log entry. The $-sign in the path means it’s a variable.

And, just like before, the last line makes sure everything we collect from s_net goes to the proper destination.

If everything works as it should, you’ll see a folder HOSTS in /var/log, which in turn contains one folder per host that is sending logs.

Eller hur är det frustrerande när saker och ting inte fungerar som man vill? Särskilt teknik. Särskilt när man inte ser varför det inte fungerar.

I tillämpad nätverkssäkerhet så ska vi sätta upp ett par maskiner och säkra upp dem så att vi ser om något händer… och vad som händer. Det finns, på gott och ont, en hel del verktyg att tillgå.

Snort

För att övervaka nätverket drog vi igång snort med acidbase. Ger en helt okej överblick och är snällt att använda. Datorn är kopplad till en Switched Port Analyzer (SPAN), och kan därför se all trafik på hela nätverket. Om man sitter fast kan jag rekommendera att läsa http://www.aboutdebian.com/snort.htm

Syslog

Men det räcker inte att se skiten på nätverket, om man inte kan se vad som sker i datorerna. När man väl har förstått hur syslog fungerar så är det inga problem att använda det, men det är en rätt tuff tröskel att ta sig över. Att få in en webbfront tog också sin lilla stund.

Jag och min labbkamrat satt först och försökte få OSSIM att fungera, men utan vidare framsteg. Bara för att det är enklare innebär inte att det… ja… är enklare.

There’s a certain beauty to automatization. The machine works silently, completing time-wasting tasks for you, while you spend your time doing things that matter.

I like to keep my computer tidy – a cluttered desktop just makes me frustrated. Why? Because it takes forever to find something in a digital mess. The desktop tends to become cluttered, however, because cleaning isn’t fun. Moving icons to the right folders is in many ways just like cleaning, and cleaning is a chore. Chores are for the most part never fun.

To battle this, I wrote a script some time back which cleaned my desktop once per boot and put the contents into a folder with today’s date. With the hard drive storage capacity available, storing the vast amounts of files isn’t an issue. I have a lot of trash stored, but it’s easy to navigate and it keeps my desktop tidy.

Today, I took care of another issue. How do you keep track of your files if you have two computers? How do you transfer files? And why should you have to spend time on moving files? I bought a new laptop for school and work, which meant I had to find a way to move files. Windows file sharing works, but it’s time consuming. Dropbox could eliminate the problem, but it’s not suitable for large amounts of data. I do use Dropbox if it’s important only to have one version of the file, or if I need to access it on other devices, however.

I wrote another script as the solution. Every time i log on, it moves all the contents of an upload-folder to my server if I’m connected to my home network. This way, I can drop files into the folder, and forget about them. The script also downloads all files from a remote folder, and stores them locally in another folder. Essentially, I can move files asynchronous via a server.

All of this took some time to set up, but I’ll save more time in the long run.