If you’ve got a special xbox from me that hasn’t been updated by me in the last 2-3 months… you really should send it my way if you enjoy playing new games.
Just saying.
Or how to “crack” super fast WEP in < 1 minute.
I’ve been known to “borrow” internet from time to time ::shifty eyes:: and my recent moves have been no different. The place I was at last month was served by Comcast so getting online was a breeze with some fancy tools, but since then I’ve now moved to a COX neighborhood and the amount of work involved has proven to be much more involved than original anticipated.
For the time being, I’m stuck waiting for COX to come out and plug in some stuff; without getting into too many details lets just say I didn’t feel like being a jerk to the techs and giving everyone on the block free TV/cable internet. More on this in a later post…
For now I was back to the old fashion wireless internet “auditing”. The nice thing about this location is the sheer number of people with some really nice high speed connections. I spent half a day blowing through as many AP’s as I could only to continuously stumble upon these 5 character long SSID’s that ended up belonging to FIOS users. Whats worse is the 64 bit WEP keys they where using where pretty similar too. Check it out:
9FRV0 : '1801169C95'
9YCQ3 : '1F905FA711'
A8GP8 : '1F90DF266A'
GV062 : '1801378BEC'
Q0BL2 : '1801426D0A'
*there where about 15 more just like these
Notice anything? Here’s a hint, the first 4 characters of the WEP key appear to be common with two variations, ’1801′ and ’1F90′, appearing in this sample set. These characters match up to the 2-6th wireless MAC address octets from the AP itself.
Now, you could capture some packets with aircrack and do something like:
aircrack-ng -d XXXX capturefile.cap
where XXX is the __:XX:XX:__:__:__ portion of the access points mac, but who has the time for that shit anymore 
At this point you should be appalled. This is security at its very worst. These users think they’re secure; as if it wasn’t bad enough that verizon is using WEP by default, a well known hackable wireless ‘encryption’. Lets delve a little deeper…
A quick google search led to someone mentioning that if you Base36 the SSID, convert it to hex, and throw that after the four characters from the MAC, it should equal the key.
Well then lets try! Let’s just use the ‘9FRV9‘ SSID from above to see if this really works.
I needed a base36 converter so I went here and did the following:
base36 of ssid: 15852492
base36 results in hex: F1E3CC
Wait wait wait, thats not right. The unknown part of our key should be ‘169C95‘!
After reading up on base36 I decided to try it myself and see what happens:
In [2]: b36d('9FRV0')
Out[2]: 1481877
In [3]: hex(1481877)
Out[3]: '0x169c95'
Well now that’s more like it!
So why the difference in my b36d function? Turns out this is not how you do base36! My implementation of base36 wasn’t reversing the string, and it appears I’m not the only one making this mistake ::cough::Verizon::cough::. That said, mine worked, so who cares.
So now giving the mac structure of: __:18:01:__:__:__ we can guess the key as: 1801169c95
Pretty cool stuff. I decided this was useful enough to automate so I threw together a quick script and its now up in a repo on my bitbucket. Check it out here: http://bitbucket.org/q/verizon_wepkey/
I’m not going to internet white knight it and tell you not to use this information in a bad way; I’m not that naive. What I do want to stress is that you secure the networks of those you can help, and maybe lend a neighborly helping hand if you see this going on.
Verizon needs to seriously reconsider their actions here and re-evaluate how they handle their customers. Right now its a free for all on fiber internet, and eventually someones going to get burned by this.
It’s been a long month, and there just doesn’t seem to be an end in sight! I’ve been living a more fulfilling life for the last 2 months than I did for the previous 1.5 years. My old job consumed me; I brought work home every night, and that was only after I had been at work well past everyone else had left. Don’t get me wrong, it was my choice, and I felt like I had nothing but work so I didn’t mind it at the time. Looking back now however, I’m glad it’s over, and I feel no regret towards taking the last two months to realize who I am and what I love.
I sent myself to pycon at the end of March as a mini ‘vacation’ of sorts (despite the fact that I can’t really afford to spend money like that). The trip started off rough with me missing my flight out, but picked up from there. Truthfully, I had a great time. I didn’t really learn much, but I did get the chance to meet some really cool guys, got to eat lunch with python superheroes and generally just enjoyed myself for a few days away from DC.
I spent the week after pycon packing my stuff up, moving it all to NoVA, and cleaning the old house. Truly an awful experience. I either need to get rid of my expensive stuff, or just generally stop buying toys. I have a spending problem, I admit it. I didn’t really need 5 turntables, or 7 rack servers, or 6 UPS (which weigh a f’n ton) just to name a few things off the top of my head.
I got a chance to hang out with some local security guys, and as an added benefit I got a feel for some of the jobs out there as well. Finished up an interview process with a company I think I could do really great things at. Got a chance to check out NoVA-DUG (really enjoy this lot!) and it inspired me to throw all of that useless Django knowledge I’ve got floating around in my fat head into an app. Don’t have a name for it now, but it’s meant to be a middle ground between VCS’s and those groups out there that just haven’t gotten on board with storing code in repo’s (I know they’re out there, I recently worked at one). Did most of the work last weekend and have spent a few hours here and there getting up to speed on jQuery to give the site that o-so-loved web2.0 look/feel. FunFact: I am terrible at web design!
This morning I got an offer letter that I need to respond to within a week. I actually like the job a lot on paper. I feel like I’d be better supported than past experience and from the looks of it I could actually walk to work in minutes! That said, I’m apprehensive about this decision and want to make sure I really weigh out my options. The way I put it: I don’t want to look back six months from now and wish I had made a different decision. I wont stick around at a job that makes me miserable again, but at the end of the day I hate saying ‘no’ to people too. I would drag it out and just make myself miserable and it wouldn’t be right. Wherever I do end up I want to feel really good about, and hopefully I’ll have a better idea of where that place is within the week. The last of my resumes have been sent to the appropriate parties and now I’m just waiting. I’ll post an update when I have a better idea of where I’m going to end up (if I can).
Last weekend I got word that my motorcycle has been fixed and is ready to go! First thought: F YEA! Second thought: FML, I don’t have a helmet. I had actually ordered a replacement the night before the call came (thinking it would still be another week till my bike was done). None the less, my helmet should be in on Thursday, and starting Friday the forecast for the next week is nothing but clear skies and 75-85*F. I’m going to try and get in as much riding as possible (while finding a job!).
Some stuff I’ve just gotta get rid of in this move because it takes up too much room and I’m poor.
Servers:
(2x) Dell PowerEdge 2650′s (Dual 2.8GHz / 6GB RAM / 5x 73GB drives) – $450 each
(1x) Dell PowerEdge 2650 (Dual 2.4GHz / 4GB RAM / 5x 73GB drives) – $400
EDIT: All gone.
Routers:
Cisco 2610 w/ (1x) WIC-1DSU – $100
Cisco 4700m (4 serial, 2eth, FDDI) – $100
Cisco 2501 – $free to whoever buys one of the others
Some cisco cables (serial & terminal)
EDIT: Routers = SOLD!
Toys: (I’ve got too many and cant afford my rent… I hate selling things I like)
(2x) Numark TTX Turntables – $250 each
(2x) Stanton TII-SK set (for use with turntables) – $50
(1x) Numark DM1050 Mixer – $75
(1x) Denon DN-S5000 – $400
Edit: Only have the TTX’s and TII-SK’s left.
Lemme know if you want details, I’ve got ‘em.
Heads up; CapSecDC March 25th – 7PM. It’ll be at Stetson’s again
