PACKT publishing, September 2011

BackTrack 5 Wireless Penetration Testing Beginner’s Guide!

I received a copy of this book one month ago. Due to other projects, I couldn't start reading immediately.

Vivek Ramachandran wrote this book.  Vivek is a security researcher originally from India who seems to be good known on all security conferences.

The book is not too big (about 200 pages) and you find many screenshots of terminal outputs. And you will need these screenshots because they explain many things even better than a long description.

Why BackTrack Linux? The author writes his motiviation in the preface. BackTrack is a distribution with lots of security utils already on board. I tried it with Debian stable because this was already installedon my laptop. This works too, but you have to download and build several tools by your own.

I read the book like a thriller! Every chapter has several sections where you get step by step deeper into the wireless analytics. I knew most basics before. But didn't know how easy it is to crack a WEP-encrypted network. And I learned that hidden ESSIDs help absolutely nothing!

It's good to know the handling of wireless on the linux console and to understand basics of the protocoll. But if you don't: you learn it quite fast with the book howto bring up your wireless interface with iwconfig, wpa_supplicant and co.

But It's not only reading. It's practical beginner's guide. It makes fun to follow the steps described. And I was happy to fail to crack my WPA2-protected network with the dictionary attack.

There is a sample chapter online about the advanced WLAN attacks. There you can enjoy the screenshots even in color :-)

In the last chapters you start working on RADIUS networks. This complex topic is made a little easier with BackTrack Linux because there is already a preconfigured freeradios-server installed.

This week, I converted my first TYPO3 project from "tt_news" to the new "news" extension by Georg Ringer.

"news" is written from scratch for TYPO3 4.5 and higher using Extbase and Fluid. It is not compatible with the old and not maintained tt_news extension which is used very often.

But I was happy to see an "News Import" filter for the tt_news news articles and categories. In my case only the relation between news and categories got lost. It was not worth digging into this error because I only have 20 news on this system.

The "News Import" in the Web-section is only visible if you activate "Show import module [showImporter]" in the Extension Manager for news.

news is much easier than tt_news. There is only one list view which does everything you need: show a list of multiple images, show only latest, show archived, show only one category. The second view is the detailed view. And the third and last one a view called "Date Menu". Don't know what it is good for.

There are only a few settings I've done in my template:

page.headerData.500 = TEXT
page.headerData.500.value = <link rel="alternate" type="application/rss+xml" title="RSS-Feed" href="http://www.weltcafe-dresden.de/weltcafe/termine/feed.rss" /> 

plugin.tx_news.settings.displayDummyIfNoMedia = 0
plugin.tx_news.settings.defaultDetailPid = 61
plugin.tx_news.settings.facebookLocale = de_DE
plugin.tx_news.settings.list.rss.channel.language = de_DE
plugin.tx_news.settings.list.rss.channel.link = http://www.weltcafe-dresden.de/weltcafe/termine/feed.rss
plugin.tx_news.settings.list.rss.channel.title = Weltcafe Termine

To get RSS running, I added in the same template like described in the wiki:

[globalVar = TSFE:type = 9818]
 lib.stdheader >
 tt_content.stdWrap.innerWrap >
 tt_content.stdWrap.wrap >
 styles.content.get.stdWrap >

 pageNewsRSS = PAGE
 pageNewsRSS.typeNum = 9818
 pageNewsRSS.10 < styles.content.get
 pageNewsRSS.10.select.where = colPos=0 AND list_type = "news_pi1" 
 pageNewsRSS.10.select {
 orderBy = sorting ASC
 max = 1
 }
 
 config {
 # deactivate Standard-Header
 disableAllHeaderCode = 1
 # no xhtml tags
 xhtml_cleaning = none
 admPanel = 0
 metaCharset = utf-8
 # define charset
 additionalHeaders = Content-Type:text/xml;charset=utf-8
 disablePrefixComment = 1
 baseURL = http://www.weltcafe-dresden/
 absRefPrefix = http://www.weltcafe-dresden/
 }
 
 # set the format 
 plugin.tx_news.settings.format = xml
[global] 

And last, I added the following lines to my realurl config to get the same urls than before. In this way, my visitors get the right article.

• First, make a nice name for the RSS feed:

'fileName' => array(      
             'defaultToHTMLsuffixOnPrev' => 0,      
             'acceptHTMLsuffix' => 1,      
             'index' => array(          
                     'feed.rss' => array(              
                                 'keyValues' => array(                  
                                                'type' => 9818,)
                     ),      
            ), 
 ),

• Second, make speaking URLs for the news article itself

'postVarSets' =>    array (      
      '_DEFAULT' =>  array ( 
             'article' => array( 
                    array( 'GETvar' => 'tx_news_pi1[controller]', 
                             'valueMap' => array( 'nieuws' => '', ), 
                             'noMatch' => 'bypass', ), 
                    array( 'GETvar' => 'tx_news_pi1[action]', 
                             'valueMap' => array( 'detail' => '', ), 
                             'noMatch' => 'bypass', ), 
                    array( 'GETvar' => 'tx_news_pi1[news]', 
                             'lookUpTable' => array( 'table' => 'tx_news_domain_model_news', 
                                    'id_field' => 'uid', 'alias_field' => 'title', 
                                    'addWhereClause' => ' AND NOT deleted', 
                                    'useUniqueCache' => 1, 
                                    'useUniqueCache_conf' => array( 'strtolower' => 1, 
                                                                         'spaceCharacter' => '-', ), 
                      ), 
             ), 
    ), 
[...]

From time to time I play around with TemplaVoilà - the TYPO3 extension for very flexible template organization.

Most sites with TYPO3 are happy with the 2/3 column page layout but sometimes it is useful to be more flexible. TemplaVoilà is very complex and I'm still not sure if I should love or hate it.

Currently I had the order create a multilanguage capable Flexible Content Element (FCE) with text and a list of multiple images.

The multilanguage FCE is done by editing the DS (Data Structure). First I hesitated to change this by hand because I still like to make the Update Mapping via the backend wizard. But this part of the XML structure won't be overwritten if you call the Update Mapping dialog later. So you change safely the first meta array into:

<meta type="array">
 <langChildren type="integer">1</langChildren> 
 <langDisable type="integer">0</langDisable> 
</meta>

The multiple image list can't be done with the default TypoScript settings suggested by TemplaVoilà. I found a snippet in the web which suggests to edit the DS and to add some TypoScript code. But in this case you really loose the ability to change the mapping with the Update Mapping wizard.

Luckily you don't have to edit the DS! Maybe it's the luck of TYPO3 4.5. In my case it works as follows:

• create the FCE and add a mapping for a field called e.g. field_column_2 because I want the image list in the second column
• choose "Image Field" from the "Element Present" dropdown menu
• change the size and maxsize in the FORM-settings
• replace the suggested TypoScript code by the following:

10 = COA
10 {    
    10 = HTML    
    10 {     
        value.field = field_column_2   #name of the DS tv field        
        value.split {            
             token = ,            
             cObjNum = 1            
             1 {                
                10 = IMAGE                
                10 {                    
                     file {                        
                          import.current = 1                        
                          import = uploads/tx_templavoila/                        
                          format = jpg                         
                          width = 200c 
                          height = 200c                    
                     }                
                }            
              }        
       }    
    }
}

Last week, I read again some forum posts about the Compulab Trim-Slice and.... Yes, I ordered one Trim-Slice Pro directly from Compulab in Israel! It costs $370 including shipping to Germany.

It was quite fast with UPS Saver in Dresden. Compulab shipped it on Sunday, 31th July and it arrived today on Tuesday, 2th August. Yesterday, UPS from Cologne called me to get my customs-tariff-number. I have never heard about this but I applied for one and this was enough for UPS and the customs. I only had to pay the import VAT (19%) but this will be refunded later.

Puh, it was quite easy to start the Trim-Slice. I just connected my monitor with an DVI-HDMI-cable, plugged the power and after approximately 2 minutes the Ubuntu desktop was seen. There is no boot-logo, splash-screen or text console to follow. I don't know yet, howto edit e.g. the u-boot parameters. I will see later.

The system works, even wireless seemed to work at the first glance. But later I noticed that it is quite unstable with my WPA2 protected network. I'm not sure why, but I started to compile the trimslice-kernel and to replace the included rt2800usb driver with the rt2870sta from RaLink. With no success until now :-(

At the moment, the Trim-Slice seems to be slower than my Fit-PC2 and it's getting hot because the power management is not working yet. Unfortunately, I cannot measure the power consumption at the moment. This and many other details will follow in this blog.

So stay tuned!

Update:

Accessing the u-boot is so easy. That's why the Trim-Slice has an ordinary serial port! Connected with a null-modem-cable and an USB-serial-converter, you can access the console with minicom. There you follow the boot process and you login automatically as root user. Great! My own, native compiled kernel is working now.