Of course I am a little late, but litterally the ULTIMATE guide to wrt54g hacking is shipping:
http://www.amazon.com/Linksys-WRT54G-Ultimate-Hacking-Asadoorian/dp/1597491667
Also, you can check out Paul Asadoorian and Larry Pesce at http://www.pauldotcom.com
You can also download the PDF version of the book at: http://www.syngress.com/catalog/?pid=4170
CONGRATS GUYS… now where is my free copy?
mubix
I received a Fonera router from my friend boxgamex and what was the first thing I thought of doing to it? Slaping OpenWRT on it and going to town. Well it took me 2 days of intense R&D but here is what I can tell you to make your life a little easier than mine was:
I am definitely not going to reinvent the wheel, there are some great tutorials out there and I am going to link to them through out this article.
First of all you have to decide if you are going to do straight OpenWRT or DD-WRT. Both have pluses and minuses. You just have to decide for yourself which you want, and you can always change it out. Also, the best setup for this is having your computer directly connected to the Fonera Router. A few things you need to download before you start:
Putty (only for the SSH part, using Putty for Telnet makes it impossible to backspace errors)
HTTP File Server (for loading files)
Tftpd32 (The easier way to load files)
SSH Enabler (just an html doc right click and save it)
openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma (You’ll need it)
out.hex The is the super secret code that lets you break free from the oppressive FON empire.
Now, you can either put DD-WRT or OpenWRT on the FON so here are the links for each:
http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fbeta%2FFONERA/
http://downloads.openwrt.org/snapshots/atheros-2.6/
All you need from one of the above links is a root file system (rootfs or jffs) and a kernel (vmlinux). And you are done.
Step 1: Get SSH Access, block the FON updates, and enable SSH on Boot (No problems here, just follow the guide (GUIDE LINK) and you are set.
Step 2: Enable “RedBoot” and boot into it. (Easy enough, using the guide above)
HINT I have found the best way to Telnet in before the router loads the kernel is to have a Ethereal capture or tcpdump running and wait/watch for traffic from 192.168.1.254. As soon as it shows up hit ENTER on your prepared command ( telnet 192.168.1.254 9000 ) oh and don’t use PuTTy for the telnet portion, unless you type perfectly.
Step 3: Load the new FS and Kernel. The biggest problems here is getting the memory positions (i.e. 0x80000000) correct. I will link to all of the tutorials that I have used. The memory positions that worked for me are the ones from the guide that I initially linked you to, at the bottom of this posting I will like you to a few others guides that have different memory positions to try out.
HINT Now this is a big one. Unless you want to go completely bonkers leave the telnet session alone! Step away from the keyboard and don’t touch the computer. If you run into a command (the “fs create” ones) that seems like it is frozen. Step away. It will finish. If you hit enter or any other button, the telnet client will try and poll the telnet server (your FON router) to keep the connection alive, since your FON router at that moment would be reformatting itself your telnet session would close. And yes, it took me forever to figure that one out.
Step 4: Reboot into your brand spanking new router. What you do from here with it, is on you.
Oh, now that you have gone through the hard part, here is a link to a GUI that does it all for you: Flashing GUI: http://berlin.freifunk.net/sven-ola/fonera/
Links:
Kamikaze Options: http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration
OpenWRT Forum for Kamikaze: http://forum.openwrt.org/viewforum.php?id=10
OpenWRT Fonera Info: http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
Best Guide (DD-WRT): http://uselesshacks.com/?p=23
Another Guide: http://www.mcgrewsecurity.com/blog/?p=28
Firmware Downloads:
http://downloads.openwrt.org/snapshots/atheros-2.6/
http://www.dd-wrt.com/dd-wrtv2/down.php?path=downloads%2Fbeta%2FFONERA/
Flashing GUI: http://berlin.freifunk.net/sven-ola/fonera/
mubix
P.S. My USB list/torrent is next on my TO-DO list, again, sorry for the wait.
You know, I putting together a folder that would contain a copy of all my USB apps, minus the config files and I realized; Some of these people might get a bit miffed about me redistributing their software. So, I know you guys have waited forever and a day already, but I have to drag it out just a tad more. I am going to do the work of checking into each license to see if I can redistribute it. In the mean time and while I am doing that, I will publish a list of all the apps. That way, you can either wait and get the torrent with them all, or download them individually when I publish the list.
Again, sorry for the delay, I know you wouldn’t wish to beseech me a little saving of ones arse.
So I am a complete noob when it comes to multicast and recently I have been hearing about it more and more. I know it’s been out there since the dawn of time but I simply thought it was a way of broadcasting video across the network. WRONG. So for those who don’t know, and correct me if I am wrong, a computer or device sends out a multicast packet headed for a 244.X.X.X and just like a broadcast packet (255.255.255.255) it gets heard by everyone. Also like a broadcast packet, it falls within the broadcast boundary.
So, why bring this up? Because I was thinking that a Multicast scanner would be a great tool for pentesters to use inside of a network to get a more complete picture of internal services.
Also, as per the torrent. I have started assembling and organizing it. This way each item will be in an archive that you can choose to download or not from the torrent. Family is still in town so bare with me just a bit longer.
Baby and Momma are doing great.
those of you waiting on my USB torrent, I’m sorry to say, you have officially been trumped. I will get it up there some time in the next two weeks.
Ok, so I got a lot of questions of how everything works on my encrypted U3 drive. I started off with the
Here is what goes in my go.cmd file from the SwitchBlade
@echo off
truecrypt /q /v saved.pst /lo
o:pstart.exe
So what I am doing here is connecting the saved.pst file as a truecrypt volume using /v. I am using the /q so that it doesn’t open the whole Truecrypt GUI. The /lo tells truecrypt to mount it as the drive letter O:. It will prompt you for your password, it will mount, and then it will run pstart.exe from your mounted O: drive.
Where to get what I went over in the episode:
Truecrypt: http://www.truecrypt.org/
Software Information for Windows: http://www.gtopala.com/
Baregrep: http://www.baremetalsoft.com/baregrep/
I posed this question to the forums, but I wanted to ask here as well. My USB stick is about 3 gigs worth of tools. Would ya’ll be interested in a torrent with all of those tools in it? Leave your comments.
mubix
As many of you know, I ran Hak.5 Radio for the longest time, and I am now a co-owner of the phoenixed Hak.5 radio station effort: KGMR Radio. So it shouldn’t suprise you to see that I fully support the following and expect you.. YES YOU, to click the link and tell your congress man or woman what is on my mind. 
When I checked my Amazon account today, I was amazed to find that about 90% of the books that I have in my “Saved for later” cart have increased in price. What’s going on? I guess this raises a good question. What regulates the rise and fall of prices on the internet? Do you “shop around” for books on the internet? Or do you just go to Amazon.com and buy what you need? I definitely fall in the latter category. Do you know any good sites that compare prices on books? Other than the deceased Froogle and other similar all encompassing consumer compare sites. Well, if you get nothing out of this article other than a list of good books to read, then I have done my job.
Important Messages
Please note that the price of Extrusion Detection: Security Monitoring for Internal Intrusions has decreased from $34.49 to $32.99 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed) has increased from $31.49 to $33.99 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of The Art of Deception: Controlling the Human Element of Security has increased from $25.19 to $34.19 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of 1337 h4x0r h4ndb00k has increased from $10.19 to $11.69 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Stealing the Network: How to Own the Box has decreased from $34.47 to $32.97 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of The Unofficial Guide to Ethical Hacking, Second Edition has increased from $27.99 to $32.99 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Google Hacking for Penetration Testers has increased from $24.72 to $29.67 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Gray Hat Hacking : The Ethical Hacker’s Handbook has decreased from $34.49 to $32.99 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series) has increased from $25.64 to $32.99 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks has increased from $22.37 to $26.37 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Nessus, Snort, & Ethereal Power Tools: Customizing Open Source Security Applications (Jay Beale’s Open Source Security) (Jay Beale’s Open Source Security) has increased from $27.57 to $29.16 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID has increased from $27.89 to $32.84 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Aggressive Network Self-Defense has increased from $32.97 to $37.96 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Intrusion Prevention and Active Response: Deploying Network and Host IPS has increased from $35.46 to $36.46 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Penetration Tester’s Open Source Toolkit has decreased from $39.57 to $37.77 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Ajax in Action has increased from $24.72 to $28.32 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of Somebodies and Nobodies: Overcoming the Abuse of Rank has increased from $12.37 to $13.22 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
Please note that the price of All Rise: Somebodies, Nobodies, and the Politics of Dignity (BK Currents) has increased from $15.61 to $17.90 since you placed it in your Shopping Cart. Items in your cart will always reflect the most recent price displayed on their product detail pages.
jd
Recently I was listening to Episode 66 of PaulDotCom Security Weekly and they briefly touched on Packetfence. Packet Fence is a Open Source NAC. This is the first time that I have really gotten hand on a NAC. I have heard of NAC and at ShmooCon Labs, I was part of Simple Nomad’s team and Vernier’s IPS/NAC. However, I didn’t get a chance to get hands on during the con. So that puts me in the “noob” category. So, when I explained NAC to the team at work, they asked a question I couldn’t answer with any technical expertise. So I will pose the question to you the reader: What do you use NAC systems for? Comment here. or email me. Also, the Hack or Halo image has been fixed and is up: http://blog.vulnerableminds.com/2007/04/shmoocon-07-hack-or-halo-virtual.html