Extracting Wi-Fi Passwords from Aruba Virtual Controller


Like usual I was conducting pentest and found an interesting way to extract the passwords for multiple access points managed using Aruba Virtual Controller IAP 105.


What is a Virtual Controller ?

Aruba Instant virtual controller gives you the flexibility of configuring multiple access points from a centralized location.
You can distribute, store and regulate configuration to distributed access points from one place. Virtual controller is basically a single point of management for your configuration and firmware.
Fimware version prior to IAP-105 are vulnerable to access points password disclosure vulnerability, any malicious user having access to the management console can extract sensitive details using just browser(chrome, firefox, IE, etc.) debugger.
You can extract the passwords using below simple steps:
1. Login to Aruba virtual controller (in my case it was default admin-admin).
2. Click on the network you want to disclose wireless key for.
3. Click edit Factory Settings >> Go to Security Settings
4. Open browser’s debugger.
5. For the password text box change type to “text” in html.
6. Voila !!

Blockchain : The Future of Digital Payment


  1. What is Blockchain?

Today we rely completely on the middle man for our day to day services like banks, service providers, and credit card companies. Blockchain is a vast global distributed system acting as middlemen which runs on systems around the world and is open for everybody. Where trust in not established by a middleman but with mass collaboration, clever code and of course cryptography and that’s what this amazing technology is.

Usually while working with digital content you are sending a copy and retaining the original with yourself but when it comes to value based things like money, stocks bonds and financial assets, sending a copy is not a good idea, for example : If I am sending you 100 dollar a payment for something, it become really important that you have those 100 dollar and I have don’t, because if I can share the same 100 dollars among other transactions than the 100 dollars becomes worth less.

  1. How Blockchain works

Using Blockchain buyers and sellers can transfer value directly to each other over the internet in the most secure way possible without the need to third party. Blockchain is a distributed ledger maintained globally on multiple systems across the globe not owned by any specific party, the database of transaction is secure with clever code and strong cryptography making it hacker proof. Blockchain will do for business what internet did for communication.

Simple Real Life Example : A journey of diamonds from mines to consumer hands covers a complex path of legal, regulatory, financial manufacturing and commercial practices. Current supply chain for diamonds has to rely on intermediaries on every step of the way from government officials, dealers and banks which adds time and cost. Smuggling and frauds in diamonds trading can hamper governments in collecting fair export taxes and as a result consumers will face the cost of counterfeit products or unethically mined stones.

This is where Blockchain can come into picture to rescue us and has the capabilities to eliminate these vulnerabilities with distributed, secure and transparent transactions. Block chain provides all parties involved with synchronized network of transactions, it records every sequence of transactions from beginning to the end, whether it is 100 steps in procuring goods  or just a single direct transaction. Each transaction that occurs is put into the block and each block is connected with the one before and after it, then groups of transaction are attached together and the fingerprint of each transactions added to the next thus creating an irreversible chain.

Block chain is capable of tracking goods from the raw materials to the finished product in consumer’s hands with embedded security and transparency. Block chain is distributed, permission-ed and secure which makes it more reliable than the traditional payment systems used currently globally.

Blockchain ledgers are distributed across the network which ensures no one person or an organization can edit the transaction records. All parties involved in the trade of goods from raw to finished products owns a copy of every single transaction data and no transactions can be added to the Blockchain without consensus of across the parties involved. This means no single entity or a company can add or alter the transactions without being permanently recorded which makes it highly secure eliminating the risk of frauds.

  1. How to use and utilize Blockchain as an individual                                  A) Set up your Blockchain wallet (https://blockchain.info/)



B) Get some bit coins (https://bitcoin.com)


C) Find merchants who accept bitcoins and start trading


D) If you want to receive bitcoins you need to share the code generated by your wallet


  1. Blockchain Benefits and Challenges


  • It enables to make exchange of value without a third party being involved
  • Wallet owners has full control over the information and resources
  • The data in Blockchain is consistent and secure
  • Due to its decentralized nature the technology is not prone to central point of failure
  • Any changes made to the transactional records is publicly viewable
  • Helps ins lowering transactions costs


  • The underlying infrastructure needs to be reliable and robust to support faster transactions
  • Blockchain technology has to be accepted by the government regulations for its widespread adoption
  • Relatively higher energy is being consumed in validating Blockchain transactions
  • High initial capital is required for large business environments
  • Still a few privacy and security concerns needs to be addressed for gaining trust from general public

Mapping Mirai Botnet

mirai A malicious botnet made out of Mirai malware has disrupted internet traffic to popular websites like twitter, github, paypal, etc in the United States. According to popular network security companies the botnet was specially crafted to attack internet-connected cameras and DVRs. The Chinese company “Hangzhou Xiongmai Technology” (network camera manufacturers) has admitted that their devices were behind Fridays DDoS attack and they are recalling 3.8 million affected devices for fixing them. DNS service provider company Dyn has also confirmed that they observed millions of discrete IP addresses associated with the Mirai botnet. Most of the service providers affected by the botnet were able to easily recover from the attack but botnets like these can attack again in coming future. Last month the same botnet took Brian Kerb’s website down through delivering 665 Gbps of traffic.

How botnet works: The botnet is designed to brute force telnet service on internet-connected cameras installed with Dahua firmware or a generic management interface called “NETSurveillance” with 62 different combinations of usernames and passwords (admin:admin, admin:12345, etc.). Once botnet is able to successfully login into the camera login portals the services like telnet, ssh and HTTP are blocked and then device is seeded with malicious program that turns it into an enslaved bot. These bots will now report to the command and control centre from where DDoS attacks can be launched to make websites unresponsive. This attacks would have be avoided if the camera login panels or the real time streaming protocol service is restricted for remote access.

Source code released online : The author behind the Mirai malware has released the code online for research and development purpose stating “I have earn my share of money and now I want to get out of this business” Follow the link to download source code : https://github.com/jgamblin/Mirai-Source-Code.
What to do : The Chinese company has advised its customers to change default passwords and update the firmware of the device and keep the devices disconnected until patched. Few researchers are also augmenting on the subject why a devices like network camera needs remote access from internet and up to a certain level I am also in favor of this response. The companies making IoT devices should enforce the user during its initial configuration to change the default password and remote access to such sensitive and weak IoT devices should not be enabled.

How you can access unprotected network cameras :
1. Try searching on Google for “inurl:index.shtml” and follow the link with IP address in the url. If lucky enough you will be able to see live view of an internet connected camera live streaming from some other continent.


2. Multiple websites are available on the internet that can be used to look for devices connected to the internet with a specific configuration. Below is the screenshot for your reference where I tried searching for specific network camera on the internet.
And clicking to any of the above listed options will take you to the login panel straight away. I think now you can also realized how easy it can be to attack a specific set of devices connected to the internet.
cam1Conclusion: It’s very probable to see such DDoS attacks in near future targeting vulnerable IoT device. The manufacturers of these devices should consider few basic security practices before shipping the products.

WI-FI (WEP) cracking with Aircrack (easy 4 steps)

In my last post I tried exploiting WEP wi-fi networks with wifite. Using  wifite was no co-incidence but I was facing few difficulties that forced me to use something simple and easy. But something kept bothering me inside, why I can not crack the same using aircrack and I desperately wanted to try it out.

So I woke up the next morning and started going through some of the best articles available on the web just to warm up a lil bit, which certainly helped. And here we are with a successful cracked WEP network

Follow the below steps to successfully crack WEP based wi-fi networks.

  1. Start your wi-fi interface in monitor mode with the command “airmon-ng start wlan0” ( I am using external wi-fi adapter for more attack surface)mon0
  2. Start listening to near available access points “airodump-ng mon0” and choose your target. For me the target will be the same as old one “*******250”.airodump
  3. Start listening to a specific WEP network “airodump -ng -c <channel no> -bssid <access point mac> -w <file name> mon0airodump2
  4. Once you see significant number of IVs are captured than go ahead and launch aircrack “aircrack-ng <file name>“.aircrack
  5. DONE !! 😀

Note : This tutorial is for educational purpose only, use the steps at your own risk and attack the AP which you own, unless and until you have permission from the owner please do not try this.

In my next post I will share my experience of trying to do get  this to  another level WPA/WPA2.

Wi-Fi (WEP) Cracking in less than 5 mins


As a part of a wireless security assessment I was asked to assess clients’s wireless security posture. A day before I decided to do some homework and try few tools available in kali linux. I started with a tutorial related to aircrack-ng and its related tools set where we capture IVs, de-authenticate clients and crack the IVs, even after a couple of hours I was unable to crack even the weakest networks around.

Out of frustation I decided to try out another tools and this time it was “wifite”, which  I never used or heard off. After reading about a bit online I planned to go ahead and start playing around. And surprisingly it took less than 3-5 mins for wifite to crack the network I was struggling with.

Below are the steps I followed to crack the WEP network.

  1. Run command “wifite” to initate and wait for at least 3-5 minutes and let the tool  collect near by wireless networks info like security protocol, signal strength, WPS yes/no, clients connected or not, etc.


2. Once you see a significant number of near by access point press “Ctrl+c” to choose which access point to attack. I selected “****250” access point as my target.

Just select your target and let the tool do it’s magic.cracked

And voila !! In less than a minute the key got cracked.

Conclusion : After trying WEP cracking I realised how weak WEP can be.

Suggestion : Never use WEP as security protocol for your access points.

Be Safe Stay Secure !! and Kudos to author of “wifite”

Note : This tutorial is for educational purpose only, use the steps at your own risk and attack the AP which you own, unless and until you have permission from the owner please do not try this.

In my next post I will share my experience of trying to do get  this to  another level WPA/WPA2.

Anonymous hackers threatens Israel

Anonymous hackers threatens israel’s govt, that they will shutdown the countries critical infrastructure by hacking into their systems, and it has been declared that they are do this massive attack on Israel on the remembrance of the Holocaust Day.

Anonymous has also pointed the youths of Israel, that the team of anonymous will be there to support them.

In a video uploaded on youtube they have give the message to the Israels government, that anonymous will wipe out the existence of Israel from the web.


For more info :  http://www.israelhayom.com/site/newsletter_article.php?id=3061

Consultant – IT Security