PE File Reader

Pe File Reader [Opening .exe files to analyze the PE-header] Hello_Friend, and welcome to the 20's, Cybermonkeys! Let's start this decade by learning some stuff. Last year, we already took an in-depth look at Linux-binaries (aka ELF files) , now let's start messing around with it's infamous Windows-Counterpart (that also happens to be the xBox file format). Introduction The PE-file format is around for quite some time now, and while heavy optimizations took place, it hasn't really changed all that much since then. In fact, it is one of the most widely encountered file formats out in the wilds. Although there is technically a difference between PE32 files (32bit) and PE32+ files (64bit), we will ignore this fact for the sake of this blogpost. Some file extensions deriving from this format are: .acm   [ a Windows audio-codec] .ax    [MPEG-4 DVD format] .cpl   [dynamic link libraries for control panels] .dll   [dynamic link libraries] .drv   [ha
2

Beacon Flooding Attack




Beacon Flooding Attack

[wireless mayhem with mdk3]

 Yo!
A beacon flooding attack is a funny way to mess up networks and also looks kinda freaky if you are not knowing what's going on. In fact, it can really mess up with stuff, like devices not responding or not finding their default network anymore. But one step at a time.

Introduction

A beacon flooding attack is like an overkill of beacons (obviously).
As you will know, an access points (aka router) will broadcast their basic information around the air from time to time. This way, devices and other routers will know that it's available, will see it's name etc., and are able to coordinate their mutual use of the frequency band.
Note: there are invisible wlan networks that don't send anything around sometimes. 
We can use these beacons to overload devices with fake access points, basically by spamming thesm. A general side effect of this attack is that general traffic over wlan bands increases significant, so others with the aircrack-ng suit or similar tools might have a hard time finding your device (or basicly any device). Another side effect is that users might get shocked or confused about this, giving us more time to continue keeping it up.

What happenes while attacking?

If you send a beacon frame out, any device listening will receive it and put it in a list. This list can usually be shown over the device's default network manager.
But, if the "network" was just a beacon frame, it will just load for some time and output an error.
This behaviour may or may not result in these 2 behaviours:

  1. A user trying to connect to a specific network, f.e. his home network, might not find it. In a big house, there could be many different networks anyway, and if you additionaly mix in fake ones, the result would be pure mayhem. This may really intimidate some people, especially since you have control over the potentional names of each beacon-network. This way, you could even send cryptic messages or creep somebody out badly. So, as you see, the attack has a SE and even a psychological component.
  2. If your device catched up many of these fake beacons already before your standart network is in range, it might fail to connect completely. Otherwise, you will find the network slower than usual due to high traffic and the device keeping track of several internal lists. These lists can potentionally overflow, resulting in an undefined behaviour. My friend's smartphone just would crash it's network manager and fail to reconnect until restarted, while my Xperia Z1 completely ignored the attack altogether. My old laptop, however, went full crash mode and shut off.

Setting up the attack

I assume you already read the post about setting up a wireless attack envoirement.
If not you might want to consider it now, plus it's really not that long.
In short, for this attack you will need to create an interface with airmon.

At first, let's just launch the attack and set it up so that it will always roll out random names for the networks. Doesn't look all to well, but it'll work for now.
We are using the program mdk3, so the command to use here is:

mdk3 wlan0mon b -a -g

Really not very long...
The parameters are


  • mdk3
    • the name of the program obviously
  • wlan0mon
    • this is the airmon network interface
  • b
    • activates beacon flooding mode
  • -a
    • claim to be a WPA2 encrypted network
  • -g
    • claim to have a speed of 54 MB/s
So much to the parameters. 
You can let the attack run for some time and monitor it over airodump-ng, wireshark or a similar program if you are interested. If you just want to confirm it works, however, you can just take any device and check the network manager, like in the picture.


As you see, the network bssids are still some shambled garbage, but don't worry, we'll get to it eventually.



Setting up a textfile with bssids

If you don't want mdk3 to use it's random generator to create network names for you, you can use the parameter -f file.txt to use a textfile instead. The created networks can be made to look more naturally this way, by adding real network names that actually make sense aswell as by giving the program a scope of networks to repeadedly proclaim. This will give your "networks" persistency by
camouflaging as a real world network. From here, there are multiple possibilities for follow up attacks, like catching a handshake attempt or mimik an existing access point. I will not cover this up here, but you should be able to be creative and find something to gain from it. The picture shows me messing around with some german fake networks I set up, repeadietly sending beacons.



Conclusion

This attack surely is one of the easier ones, but don't underestimate the efficiency in simplicity. In a controlled envoirement, like a fair for example, you can surely cause some confusion. Or you want to prank your neighbours because they use your netflix, AGAIN. Plus, this can easily run on a small raspberry pi, so you could basically create spam zones wherever you want. All in all, this is some nasty little technique to have prepared, so go ahed and try to automate it, cybermonkeys.
That's it for today, hope you enjoyed learning some stuff with me.

Oh, and btw. this year's gonna be the release of Cyberpunk2077.
Can't wait till it gets to march, OWWWWEEEEEEEE

- numb.3rs


Comments

Post a Comment