IPv6 rebooted – web & smtp server

14 03 2012

Now that I had a new IPv6 allocation from tunnelbroker.net – it was time to get the server re-addressed & reachable from the outside world.

Apache was already configured to listen on all IPv4 & IPv6 addresses so all I needed to do was change the address, test connectivity & restart apache

sudo ip addr add 2001:470:489e::100/64 dev eth0
sudo route –inet6 add default gateway 2001:470:489e::1
ping6 2001:470:489e::1

Dont forget to update your nameserver

sudo vi /etc/resolv.conf
ping6 ipv6.google.com

Restart apache & postfix services

sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
sudo /etc/init.d/postfix stop
sudo /etc/init.d/postfix start

Update your DNS record with the new address & test connection.
You can either test from another IPv6 connected host (like a VPS)

ash@vertex:~$ dig aaaa public.blackundertone.com +short
2001:470:489e::100
ash@vertex:~$ curl public.blackundertone.com

Or use one of the many publicly available test servers – like http://ipv6-test.com/validate.php

Its as simple as that. Now my server was once again reachable via IPv6 – all this effort to get back to where I was.

Next time – I cover the DNS forward & reverse fun as well as why I needed to transfer my domain from namecheap.com free DNS hosting to the free DNS hosting provided by Hurricane Electric @ dns.he.net





knock knock knock

9 06 2010

Ok, so in the last one, we found out that NETGEAR is open

00:09:5B:1C:AA:1D 11 16 10 0 0 11 54. OPN NETGEAR

Following on from the last post, we want to drop our interface back out of monitor mode

root@bt:~# airmon-ng stop wlan0

Interface       Chipset         Driver

wlan0           ZyDAS 1211      zd1211rw - [phy0]
                                (monitor mode disabled)
mon0            ZyDAS 1211      zd1211rw - [phy0]

make sure the interface is up with the usual

root@bt:~# ifconfig wlan0 up

once the interface up, its time to associate with the access point

root@bt:~# iwconfig wlan0 essid NETGEAR
root@bt:~# iwconfig
wlan0     IEEE 802.11bg  ESSID:"NETGEAR"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 00:09:5B:1C:AA:1D
          Bit Rate=1 Mb/s   Tx-Power=27 dBm
          Retry min limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=17/100  Signal level=17/100
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

all things being equal, we should be associated with the wireless network NETGEAR through the access point we saw in the beginning 00:09:5B:1C:AA:1D. Now what … IP address of course

oot@bt:~# dhclient wlan0
There is already a pid file /var/run/dhclient.pid with pid 9985
killed old client process, removed PID file
Internet Systems Consortium DHCP Client V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/

mon0: unknown hardware address type 803
mon0: unknown hardware address type 803
Listening on LPF/wlan0/00:07:d1:88:11:0f
Sending on   LPF/wlan0/00:07:d1:88:11:0f
Sending on   Socket/fallback
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 4
DHCPOFFER of 192.168.0.10 from 192.168.0.1
DHCPREQUEST of 192.168.0.10 on wlan0 to 255.255.255.255 port 67
DHCPACK of 192.168.0.10 from 192.168.0.1
bound to 192.168.0.10 -- renewal in 39170 seconds.
root@bt:~#
root@bt:~#
root@bt:~# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:07:d1:88:11:0f
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
root@bt:~#
root@bt:~# cat /etc/resolv.conf
domain mydomain
search mydomain
nameserver 192.168.0.1
root@bt:~#
root@bt:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 wlan0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 wlan0

so there we have it, we connected to the wireless network, received an IP address, dns & default route from the DHCP server & still havent used any of the l33t fun tools in backtrack yet.





soft target selection

8 06 2010

So for the first one, lets ease into things. I have called it soft target selection as this isnt anything too exciting, no cracking, no exploiting – just natural selection 😉

So, hypothetically you are using a wifi sniffer & you stumble across a nice juicy open wifi …. so whats next …. ok – we jumped ahead a step there. How did we come to find a open wifi ? – well, there are several apps around – try here.

As with most things I will be posting, I will focus on using backtrack and in the examples, I am using a usb wifi dongle.

dmesg will hopefully show us the dongle attached

root@bt:~# dmesg
usb 1-1: new high speed USB device using ehci_hcd and address 3
usb 1-1: configuration #1 chosen from 1 choice
usb 1-1: reset high speed USB device using ehci_hcd and address 3
phy1: Selected rate control algorithm 'minstrel'
zd1211rw 1-1:1.0: phy1
usb 1-1: firmware: requesting zd1211/zd1211_ub
usb 1-1: firmware: requesting zd1211/zd1211_uphr
zd1211rw 1-1:1.0: firmware version 4605
zd1211rw 1-1:1.0: zd1211 chip 0ace:1211 v4330 high 00-03-6d RF2959_RF pa0 -----
ADDRCONF(NETDEV_UP): wlan0: link is not ready

ok, so backtrack sees our adaptor, now we need to get it up & running (dont forget the all important macchanger command)

root@bt:~# ifconfig -a
wlan0     Link encap:Ethernet  HWaddr 00:40:29:47:ca:fa
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
root@bt:~# macchanger -A wlan0
Current MAC: 00:40:29:47:ca:fa (Compex)
Faked MAC:   00:07:d1:88:11:0f (Spectrum Signal Processing Inc.)
root@bt:~# ifconfig wlan0 up

kick the card into monitor mode

root@bt:~# airmon-ng start wlan0

Interface       Chipset         Driver

wlan0           ZyDAS 1211      zd1211rw - [phy0]
                                (monitor mode enabled on mon0)

and check for the wireless nodes around you

root@bt:~# airodump-ng mon0

 CH  9 ][ Elapsed: 1 min ][ 2007-04-26 17:41 ][ WPA handshake: 00:14:6C:7E:40:80

 BSSID              PWR RXQ  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

 00:09:5B:1C:AA:1D   11  16       10        0    0  11  54.  OPN              NETGEAR
 00:14:6C:7A:41:81   34 100       57       14    1   9  11e  WEP  WEP         bigbear
 00:14:6C:7E:40:80   32 100      752       73    2   9  54   WPA  TKIP   PSK  teddy                             

 BSSID              STATION            PWR   Rate   Lost  Packets  Probes

 00:14:6C:7A:41:81  00:0F:B5:32:31:31   51   36-24    2       14
 (not associated)   00:14:A4:3F:8D:13   19    0-0     0        4    mossy
 00:14:6C:7A:41:81  00:0C:41:52:D1:D1   -1   36-36    0        5
 00:14:6C:7E:40:80  00:0F:B5:FD:FB:C2   35   54-54    0       99    teddy

BINGO!!
So, NETGEAR is OPEN – no encryption at all …. FAIL!

Well – I said it wasnt too exciting, we found an open wifi access point – tune in next time to see what we can do with it…