Taylor Jolin

Hacker | Musician | Innovator | Dreamer

Blog

What's going through my mind...
28May

Packing Sniffing with Airodump-ng

Airodump-ng is part of the Airocrack-ng suite. It is a packet sniffer designed to capture packets while in monitor mode.

DISCLAIMER: As I have said before, I am not responsible if you choose to do something stupid and get yourself arrested. Hack legally and hack friendly!

How to use Airodump-ng

  1. First we must enable monitor mode on our interface. If you do not know how, read through this.
  2. Next, enter the following command to begin the program: airodump-ng INTERFACE_NAME
    NOTE: This program will run until you force it to quit.

Now analyze the data you retrieve. You will see a list of BSSIDs or Network Names.

Below is a list and explanation of what you will see.

BSSIDPWRBeacons# Data# /sCHMBENCCipherAuthESSID
Nodes MAC AddressSignal StrenghFrames sent by network to broadcast its existanceNumber of Data packetsNumber of packets collect in past 10 secondsChannel network broadcasts onMaximum Bandwidth SupportedEncryption TypeCipher used in network encryptionAuthentication used in networkName of network

NOTE: The best adapter to use to sniff packets across networks is the Alfa Network AWUS036AC* series. The one I am using is the AWUS036ACS, which is small and fits neatly into my bag. I also have a multitude of antennas to use for wireless sniffing.

How to listen to 5 Ghz channels

By default, Airodump-ng only listens to 2.4 Ghz channels, so to enable the 5 Ghz scanning do the following:

  1. Start Airodump-ng by using the band argument: airodump-ng --band a INTERFACE_NAME

You can also specify multiple bands using the band argument. For example;
airodump-ng --band abg INTERFACE_NAME

NOTE: Your wireless card needs to support this feature. Also keep in mind that this requires a great deal of power and slows resources.

28May

How to enter Monitor Mode for WiFi Hacking

Monitor mode allows you to sniff packets and capture them in real time. Using a program such as Wireshark, you can then rebuild and analyze these packet captures.

  1. First check the status of the wireless and see what mode it is in using: iwconfig
  2. Next we must disable our selected interface using: ifconfig INTERFACE-NAME down
  3. This step may be optional, but in most cases you will want to kill tasks that could be a detriment to the packet capture. Do this using: airmon-ng check kill
    • NOTE: Running the previous command will display some suggested apps to kill prior to running the capture. To kill these apps use: kill PID
  4. Now we will enable monitor mode. To do so use the following: iwconfig INTERFACE_NAME mode monitor
  5. Finally, you must re-enable the interface using: ifconfig INTERFACE_NAME up
  6. Test to make sure you are in monitor mode using: iwconfig
27May

Anonymous – How To Change Your MAC Address

In this short tutorial, I will teach you how to change your computers MAC address in order to remain anonymous while pen testing a network.

DISCLAIMER: I am not responsible for any illegal use of this technique.

NOTE: I am not using Kali Linux for my pen testing rig. I am using Ubuntu 22 and have built it out with all of the tools that I require to do my pen testing. This technique should work on newer Debian based distributions.

Why change the MAC Address

  • To maintain anonymity while performing network penetration testing.
  • To impersonate other devices on the network
  • Bypassing filters

How to change the MAC Address

  1. First, use ifconfig to list all interfaces on the machine.
  2. Find the interface you wish to choose the MAC address of.
    • note the MAC address and interface name
  3. In order to proceed with changing the MAC of your chosen interface, you must disable it first before changing it’s MAC address.
    • ifconfig INTERFACE-NAME down
  4. Now we can change the hardware address, or ether address
    • ifconfig INTERFACE-NAME hw ether 00:00:00:00:00:00
    • NOTE: you can use any address but it must start with 00
  5. Now we must re-enable the interface for it to work
    • ifconfig INTERFACE-NAME up
    • NOTE: The MAC Address will only remain until the computer is restarted. Once it is restarted it will revert back to the original hardware address.

27May

How to perform a WiFi De-authentication Attack

This is an old one but a fun one. I love doing this in my test environment and I have a lot of fun using this to prank my friends that choose to connect to it.

DISCLAIMER: Do not perform this attack on any network that you do not own. I am not responsible for any illegal use of this attack.

Now, I am assuming that you already know the basics of aircrack-ng and it’s suite of products.

This attack allows us to disconnect any device from any network.

  • Works on encrypted networks (WEP, WPA & WPA2)
  • No need to know the network key
  • No need to connect to the network

In order to do this, us the following:
aireplay-ng --deauth [#DeauthPackets] -a [NetworkMac] -c [TargetMac] [Interface]

For example
aireplay-ng --deauth 100000000 -a 00:11:22:33:44:55 -c 55:66:77:88:99:00 mon0

NOTE: In some cases you must run Airodump-ng in order to run this command. Run it in another thread or terminal using:
airodump-ng --bssid 00:11:22:33:44:55 --channel 2 mon0

This trick is handy with social engineering cases and Man In the Middle attacks. You can also use this to capture the handshake, which is used for WPA cracking.

27May

Pentesting Methodology – Recon

This workflow is in no way associated with any other framework. This is my personal general approach to hacking a machine or network.

Physical Attacks

Do you have physical access to the network or a machine? If so there are a ton of physical attacks that can be waged on a network or machine.

One attack that is fairly easy to do is outlined below. I refer to it as the SETHC Attack. Remember, you need physical access to the machine you are attacking for this hack to work.

  1. First, you need to find an boot disk of some sort. Linux Distro, Hiren’s Boot CD, anything that gives access to the file directory. Once you have your boot disc in order, insert it into the computer and reboot. Enter the Bios’ boot mode and select the media that you wish to boot to (i.e. your boot disc).
  2. Once booted, use the file manager and locate a file called SETHC.EXE. It will be located in C:\Windows\System32\
  3. Make a copy of the file and name it whatever you like.
  4. Find the executable for the CMD Prompt, CMD.EXE, which is also in that folder. Copy it and rename it SETHC.EXE
  5. Reboot the computer and let it boot into Windows.
  6. At the login screen, hit the SHIFT button 5 times and a CMD window will appear.
  7. Type in the following to reset the local administrator account:
    • net user administrator password
    • NOTE: password should be changed to your desired password
  8. Login to the computer with the local admin account.

Host or Asset Discovery

There are two types of tests that can be ran, an internal or external test. An internal test would look for hosts on the internal network whereas an external test would look for assets on the perimeter of the network.

  • Recon – The first thing you should do when approaching any device is to perform a port scan. With the right port scanning tool, you can learn all sorts of information about the host device. I prefer to use NMAP but there are a wealth of others. You can even call NMAP from Metasploit and run it. Once we have a target thoroughly mapped out and we have found all of the information we can, we can then move on to looking for vulnerabilities or known exploits.

In the event that you find multiple hosts on the network, try to do an OS discovery to see what is what and if it may be of any interest later on. One could usually assume that Linux, Mac, and Windows servers have some sort of misconfiguration somewhere. This goes the same for networking appliances such as firewalls, switches, routers, etc…

10Apr

How To Tune Lower

I get asked all the time, how do I tune my guitar lower. Well, there are numerous ways to achieve lower tunings, but the most effective way is to increase your scale length. This is easier said than done as in most cases, the guitars scale length is static and can’t be changed. So what do I do?

Well, the first thing you can do is increase your string gauge. Most standard sets of guitar strings range from .046 to .010, give or take. So you could go up in size. On a guitar like a Gibson, which is 24.75,” I’d say you’re probably safe going to an A, but you’ll need to compensate by upping your string gauge.

Most guitars are 25.5,” at least the popular ones. So I’d say you are safe to go to at least G or even F, with the appropriate strings. On my 25.5” Ibanez RG7620 I am tuned to G standard and I am using .070 gauge. Granted this is a 7 string but it is a standard size guitar.

The next thing you can do, if capable, is buy a replacement baritone neck. You can find these at Warmoth, and from my experience; the Fender styled products are almost interchangeable.

You can also invest in a pitch pedal like the Digitech Drop Tune, though I have never personally used this method.

But alas, you know why you’re here… you need to read it for validation. It’s true… the easiest way to tune lower is to buy a guitar built for that purpose. There are several guitar companies that offer baritones and other types of extended range guitars. With a simple Google search you’ll find that companies like Ibanez, ESP, Schecter, and even Gretsch, offer baritones and extended range guitars.

I can speak from experience when I recommend tuning to G on a 25.5” scale length guitar. I also have an Ibanez M80M, which is a 29.4” scale length, that I tune to D-A-D-G-C-F-A-D and I am using a .074 gauge 8 string set. My other 8 string is an Ibanez RG2228, which is a 27” scale length that uses the same .074 string set. This guitar is tuned to E-B-E-A-D-G-B-E. I also have an Ibanez RG7620, 25.5 inch scale, which is tuned to Ab. This tuning uses a standard .070-.010 set. Finally, I have two 30” Agile Interceptors. One is using a light 6 string bass set, .096-.026w, and is tuned to C-G-C-F-A-D, an octave lower. To support this tuning, the nut had to be filed to accommodate the strings and the tuning pegs were swapped to Tone Ninja locking baritone tuners. The other Agile is tuned to F, I uses a .070-.013 set.

Extended range and baritone guitars have become increasingly popular in recent years thanks to their unique tonal characteristics and versatility. These instruments offer a wider range of notes and a heavier, more powerful sound, making them an excellent choice for musicians looking to explore new genres or push the boundaries of traditional guitar playing. Whether you’re a metalhead looking for crushing low-end or a jazz guitarist searching for new harmonic possibilities, an extended range or baritone guitar could be just what you need to take your playing to the next level. With the growing popularity of these instruments, there are now more options than ever before, so don’t be afraid to try out a few different models and find the one that suits your playing style and musical goals best.

08Apr

Carcass of a Dead Star – Behold a Pale Horse

While I have been working on Born A Ghost, I took some time to work on another project, Carcass of a Dead Star. The story behind this project is pretty deep. It involves myself, Craig, Sergio, and our longtime friend and collaborator Edgar Wiest.

Edgar and I spent five days, in December, locked in an apartment with our instruments and inspiration. The outcome was Behold a Pale Horse. We definitely took things in a different direction with this release. We wrote it as is it were a 40 minute long song.

We ended up using 8 strings for this one; my RG2228 and Edgar’s RGA8. Both guitars went into three separate amp and cab combos…

  • An Ibanez Tubescreamer TS9, into my Randall RM100s Treadplate module, into my Orange 2×12 with DV77s.
  • A Boss HM2 into the clean channel of my Egnater Tweaker, into my Mesa Boogie Rectifier 2×12 with V30s.
  • An Earthquaker Plumes, into Edgar’s Revv G3, into the clean channel of the Egnater Tweaker, into the Mesa Boogie Rectifier 2×12 with V30s.

All guitars were recorded six times separately, using each of these amps mic’d up by a Shure SM57 into my Focusrite Scarlett 18i20. The lead guitars were all done with the AxeFX.

The bass was done the same way we did it on the latest Born A Ghost recordings from the last post. Same with the drums. And to top everything off we used IK Multimedia’s T-Racks to mix and master everything.

Our next goal with this project is to have someone do the vocals. Neither Edgar, nor I, want to do that in this project, as we’d both rather focus on writing riffs.

07Apr

New Born A Ghost in progress…

So we are back in the studio working on the follow up to “The Beginning To An Ending.” This offering will be a concept album and will have seven songs. We are extremely excited about this one and we hope people dig it.

We really went all over the place with the songs on this album. There is some death metal, black metal, modern elements with samples and more. I think this one will really appeal to a lot of fans. So far my favorite track is the albums closer. Once we get closer to being finished we will release some teasers and more.

As for production, we are doing everything in Reaper this time. So far the mixes sound huge. We have recently invested in some studio upgrades to accommodate the mixes. Our most notable is the purchase of the full T-Racks suite by IK Multimedia, which is a great product.

The guitars on the recordings are my Ibanez M80M with the Lundgren M8 in the bridge. The signal chain is pretty straightforward; I used a modded Boss SD1, into a modded Randall RD45H, into a Mesa Boogie Rectifier 2×12 cabinet loaded with Eminence DV-77 speakers. The cab was mic’d up with a Shure SM57 and then into my Focusrite interface.

The bass guitar is a combo of three signals. The first is just the regular DI signal taken off the pickups. Then the second track is sent into DAW and I use the Darkglass Ultra by Neural DSP. I dial in a fat SVT type of tone on it and then I add an EQ over top. Then I cut everything after about 2khz. The third and final track is again sent into the DAW but this time I apply any guitar amp sim and dial in a nasty sounding tone. Then I stack another EQ and cut everything out below 4000khz. Then I blend them to taste with the volume controls.

As for the drums, Craig recorded everything through Toontracks Superior Drummer 3 using an upgraded Alesis Strike Pro. For the preset we used the Death & Darkness SDX, whichever one is in the pool.

14Mar

Shutting down for good!

It’s been a hard decision, but I have decided to close my businesses for good. From this point on, Jolin-Systems and Jolin-Consulting will no longer exist. Those websites will be directed to this site moving forward.

21Dec

So what is Log4j and why do we care?

Well, first, we need to understand what Log4j is. Essentially, Log4j is the logging function that is built-in in Java applications. This current vulnerability is affecting Apache servers; however, I feel that it will spread to a larger domain of targets aside from web servers.

On December 9th, the initial vulnerability was discovered, and software and hardware makers scrambled to issue patches for their products. A few days later, however, Hideki Okamoto of Akamai Technologies and other researchers found additional vulnerabilities within the patches.

So why is this a big deal? Well, Java is a colossal language and has a presence in a large number of consumer products. This vulnerability allows for the remote execution of code. When exploited, Log4J enables the attacker to remotely inject code into services that use the Log4j library with system-level privileges.

So what do we do? Updating Java is not enough. One thing you can do is update to Log4j2 version 2.16. If you cannot update, you can mitigate this vulnerability by setting either the system property log4j2.formatMsgNoLookups or the environmental variable LOG4J_FORMAT_MSG_NO_LOOKUPS to TRUE.