Sergio González - WiFiSlax 4.0 [RootedCON 2010]

Congreso de Seguridad ~ Rooted CON2010

WiFiSlax 4.0 beta

Advances and improvements


What was?

Focused on Wireless Audit

Latest tools for Wireless Audit

Drivers of the most common chipsets in ourlaptops (innovating with packet injection support)

Ease of use for the uninitiated in GNU/Linux

Launchers and GUI tools

Basic help in spanish

2


WiFiSlax 4.0 beta

3


What?

GNU/Linux distribution

Debian Stable based

Nowadays, not only Wireless Security:/NETWORK VULNERABILITY & PENTESTING/BLUETOOTH /RFID /IRDA /SERIAL PORT /CRACKING/REVERSING /FORENSIC

Compatible with other system

GRUB as boot loader

4


What?

Live CD/DVD/USB

Kernel 2.6.32.5 SMP

KDE 3.5.10|KDE 4?

Compiz Fusion included

Drivers ATI / Drivers NVIDIA

Automount new drives

RO/RW over NTFS, HFS and NAS

Automount new devices

Wireless devices / mouse / etc

5


Which support?

Ease of use regardless of driver

Launch GUI: Broadcom bcm43xx

Intel IPW2200, IPW3945, IPW4965

Ralink rt2570, rt73

Prism, Prism2

Realtek rt8180/rt8185, rt8187

Atheros mode managed, monitor, master

Problems with your chipset? usbview, lsusb, lspci, dmesg, etc...

6


Which support?

7

IPW2100

IPW2200

IPW3945

IPW4965

Intel WiFi Link 5X000

Zydas ZD1201

Zydas ZD1211rw

Zydas ZD1211b

Realtek rtl8180

Realtek rtl8185

Realtek rtl8187B/L

Atheros AR5007EG

Prism54

Madwifi-ng

Wlan-ng

HostAP

Ralink rt2570

Ralink rt61

Ralink rt73

Ralink rt2X00

Ralink rt2860

Ralink rt2870

Ralink rt8187

Ralink rt3070

Broadcom


What included?

Konqueror 3.5.9

Iceweasel 3.6 NoScript

Live HTTP headers

ShowIP

Tamper Data

Firebug

HackBar

etc

8


What include?

Audit & security tools

Wireless chipsets for auditing & pentesting

Wireless tools

Kismet, machanger, aircrack-ng, aircrack-ptw, etc

Cryptanalysis tools (WEP/WPA/WPA2, cookieentropy, etc)

9


What included?

Wi-Spy

Channels spectrum analyzer

10


Aircrack-ng-patch

Anticipating the next speaker:

WiFiSlax 4.0 is the only distribution that is notvulnerable to 0-day of Airodump-ng 1.0

[No more details, yet]

Thanks to Iaki L. ;-)

11


What included?

More audit tools:

Zenmap

Wireshark

ettercap

asleap

Scapy

Etc.

12


What included?

wesside-ng

Automatic cracking WEP

WifiZoo v1.3

WEP/WPA support (only in WiFiSlax 4)

13


Other attacks

Karma

Airbase-ng Fake APs (MitM and hirte attack) auto-connect for

Windows & MacOS clients & mobile devices? ;-)

14


What included?

Bluetooth support: airotooth.sh

Bluetooth Sniffing

BTSniff for chipsets CSR BC4 Flash/RAM

BTCrack for Linux

15


What included?

RFID tools:

3-G support: Vodafone

Yoigo

Movistar ?

16

IrDA & Serial port:


What included?

Cracking:

17

Reversing:


What included?

Forensic:

18


What included?

Recomposition of TCP sessions:

airdecap-ng Form Fields without SSL encryption

Uncipher, WEP, WPA, WPA2 connections

Xplico

Data mining and network forensic

Wireshark Uncipher, WEP and WPA connections

VoIP

19


What included?

Karmetasploit Rogue AP attacks for e-mail and web password

interception, cookie stealing and insecure services(POP3, FTP, SMB, etc)

Lorcon Packet injection library for IEEE 802.11

Lorcon2 Packet and shellcode injection with Metasploit

20


What included?

Network security & Information gathering:

21


What included?

DNS:

and DioNiSio

22

WEB:


What do you expect?

For n-th time:

WEP IS INSECURE BY DESING!

Vendors such as Ubiquiti dont support

Forget poorly implemented ciphers

Don't exist strong passwords

Security must be transparent for the user

23


What do you expect?

Efficient alternative to another distributions

Abandon WEP and WPA

Improving wireless security

Automate and collect audit tools

Promote new security standards

Fostering interest in security

24


Updates?

Update packages :

apt-get / aptitude

WiFiSlax 4.0 repository:

Valid for all Debian

25


Who?

Staff elhacker.net ?

Staff Seguridadwireless.net ?

26

Avery

tightgrou

p ofdeve

lopers

whoknow

howto m

akething

s

clear, co

ncise, ef

fective a

nd

efficient

.


Where?

WiFiSlax.com

Oficial Webpage: http://www.wifislax.com/

WiFiSlax @ LinkedIn

Oficial Group:http://www.linkedin.com/groups?gid=2066315

27


Questions?

Thanks to:

SeguridadWireless.net

BrutalSec.net

anyone wishing to includetheir tools!

28


www.wifislax.com

Sergio Gonzlez

Technology

Sergio González - WiFiSlax 4.0 [RootedCON 2010]