Security Videos

6 06 2008

Just a quick link to an excellent Security Videos site, which with a bit of support could be fantastic…

SecurityTube –

Like the man says: Watch, Learn, Contribute – You know you want to :oD

Hacking the DE-ICE pen-test labs disc 1.110 videos

16 03 2008

Hi everyone! Still no WEP crack vid due to me being way too busy to spend time reformatting my lappy and starting again so I’ve got a vid of me cracking the DE-ICE pen-test labs. They’re total and utter spoilers so if you’re trying to do them at the moment and you’re not completely stuck then you probably don’t want to be watching them. I do run through the whole thing really quickly so I’m thinking of making a transcript to go with it to make it easier to follow. I’ll keep you posted on part 2.

The music is all my own, original (kinda). If anybody would like to use it for anything please leave me a comment on this post. It’s called The Happy Taste and you should give attribution to the eloquently named group, Anal Bloodfart.

And yes, it was nearly 3am when I was making the vid. What can I say – I’ll sleep when I’m dead!
[ ?posts_id=753751&dest=-1]

To get a better res version just go here.

Step by step how to hack your PSP.

14 03 2008

Was just reading a snappy little article on modding your PSP and thought I’d pass on the info to you peeps. Never wanted one before, but it looks worth every penny now! Imagine the possibilities… PSP WARDRIVING!!! Anyhoo… Click here for the link.

WEP cracking 101

8 03 2008

Hi everyone. Yet another post today. Being a sys0p for an internet-related company, it is important to understand the various weaknesses which are inherent in the systems we use. One of these systems is Wi-Fi connectivity. This all being the case, I thought I’d look into Wi-Fi vulnerabilities. This is what I found:


It really is no feat of genius cracking WEP. It took me, having never used the programs involved and understanding very little about what I was doing, about ten minutes. No more. Over this post I’ll write a transcript of the video which I’m going to make and embed tomorrow.

The program I am going to use is the SVN release of the Aircrack-ng suite on Back|Track 2 on a laptop with an Atheros internal wireless NIC and the SVN release of the Madwifi-ng drivers to allow packet injection.


Next I switch off my Managed mode interface ath0 by using the following command:

wlanconfig ath0 destroy

Now I bring up the Monitor mode interface (replaces ath0) with airmon-ng. You will need to know the channel which the AP runs on to allow this to work.

airmon-ng start wifi0 6

Replace the ‘6’ with the channel of your AP. It locks the channel of the interface to that and stops you ‘channel hopping’, which can screw things right up.

The next step is to start airodump-ng to find any clients which are connected:

airodump-ng -c 6 --bssid 00:11:22:33:44:55 ath0

This will start up the airodump-ng console app which will show the BSSID, ESSID, channel, any associated clients and all sorts of other info which we’ll get into later.

RIght. Now you can ^ C out of that window and start it again with a couple more options.

airodump-ng -w outputfile --ivs --bssid 00:11:22:33:44:55 ath0

This will start airodump capturing all Initialisation Vectors transmitted by the AP or the

I left that running and opened a new terminal. There, I ran a deuthentication attack on the wireless client with this command:

aireplay-ng -0 10 -a 00:11:22:33:44:55 -c 55:44:33:22:11 ath0

You should see the repercussions of this on the airodump terminal. Now you need to get aireplay to find an ARP packet which has caused the sending of lots of IVs. This is done in a few different ways. The method I used was just the ARP packet replay mode. It’s slower than some of the others, but almost always works.

aireplay-ng -3 -a 00:11:22:33:44:55 ath0

When it finds a packet which can be used it will come up and ask you if you want to use it.Say yes. It will then replay this packet to generate loads of IVs. You will see this in the airmon window. The data packets will go through the roof.

Now you need to start aircrack-ng working on the captured IVs.

aircrack-ng -z -b 00:11:22:33:44:55 outputfile*.ivs

Done. If aircrack acts up then just try again when you have more IVs.

If this ain’t enough to switch you over to WPA, then you’re a lost cause.