Linux distribution for wireless hacking Xiaopan OS

Xiaopan OS is a small Tiny Core Linux based operating system specific for wireless penetration testing, it comes with the XFE desktop environment, a very lightweight graphical front end, the distribution can run as a live CD, from a USB thumbdrive with Unetbootin or used inside a virtual machine. Numerous wireless card controllers are supported, including Atheros and Broadcom, the most widely used chipsets. As a result of the distribution being based on Tiny Core Linux all of the .tcz precompiled packages available for Tiny Core can be installed in Xiopan using the TCL Appbrowser, non hacking utilities like games, media player, CD burner, VoIP software and Truecrypt can all be optionally added to Xiopan OS.

To crack WPA/WPA2 encryption keys a tool called Reaver-wps is used , the software attacks a router Wifi Protected Setup registrar PINs, this feature comes in many routers for easy set up and it has a hard coded Personal Identification Number tied to the device, by exploiting this Reaver can find out the WPA/WPA2 password, dictionary lists in multiple languages can be downloaded from Xiopan forums.

Wifi hacking Linux distribution Xiaopan

Wifi hacking Linux distribution Xiaopan

After first scanning for the target wireless access point and gathering information like SSID, encryption mode and channel you can launch Reaver brute force attack, the screen will show you real time cracking in progress, it can take up to ten hours to find out the wireless password, or much less depending on how complex encryption and password are, factors for hacking success will involve if your wireless network card supports injection and distance to the attacked Wifi access point, some routers are more vulnerable to injection than others. You can protect your network against brute force attacks with Mac filtering, however the distribution includes other hacking tools like Inflator, Mindiwep, Aircrack-ng and Feeding Bottle,  Mac spoofing is possible.

This Linux live CD is first class penetration testing tool to audit wireless access points security and replaces Beini, a very similar distribution no longer active. Xiaopan is easy to use for beginners thanks to its graphical interface, much lighter than Backtrack, the main problem you can come across with this distribution is that your wireless network card might not be recognised, if that happens it can help troubleshooting looking at what drivers are being loaded inside the tce and cde folders and knowing your network card chipset.

Xiaopan Linux WPA2 hacking

Xiaopan Linux WPA2 hacking

If you want to protect against Reaver attacks you should disable Wifi Protected Setup in your router, unfortunately many of them do not allow you to do this manually, the other option is to use an open source router firmware like DD-WRT, it does not support WPS and Reaver can do nothing against it.

Visit Xiaopan OS homepage

Anonymous OS live CD released

A new live CD made up of Anonymous memorabilia (logos, graphics) and penetration testing tools, being marketed as “Anonymous OS” has been released to the community. The CD runs a customized Ubuntu Linux with the the Mate desktop (Linux Mint, Gnome like desktop) and comes packed with hacking tools like the Anonymous Low Orbit Ion Canon (LOIC) to launch a distributed denial of service against websites with a point and click, the Havij SQL injection utility, John The Ripper and Pyloris password crackers, anonymity tools like i2p, Vidalia, tor proxy and JonDo and packet sniffers like WireShark. The unknown developer says that the live CD is an education tool and should not be used for attacking websites, if you do it is your own responsibility.

There isn’t much on this distribution that would make you want to use it over other well established Linux distros for anonymous communications, like Tails, or well known penetration testing Linux distributions like BackTrack, Grml, Helix or DEFT.

Anonymous OS live CD

Anonymous OS live CD

The OS, which looks suspiciously close to BackTrack Linux, appears to be a marketing gimmick with someone having taken the time to put together already existing PEN testing tools with Anonymous mementos so that it looks cool, i.e. you get to see the anonymous logo during boot time instead of Ubuntu. The only tool not found in other similar Linux distributions is the Anonymous developed and branded own distributed denial of service tool (LOIC), the rest can be found elsewhere.

Like with all software from unknown sources there is the danger of getting backdoored by using it, the authors homepage claims that in Linux there are no viruses, this is inaccurate, it is very rare to find Linux malware, but it can be created, it is not impossible. I see no reason to use this OS over other more well known Linux distributions that do the same. Download at your own risk!

Anonymous OS system password is only given as md5: 2ae66f90b7788ab8950e8f81b829c947  once decrypted it will give you the password: anon ,you will need it to be root.

Visit Anonymous OS project homepage

UPDATE: SourceForge has decided to remove this project citing security concerns, misleading name and lack of transparency. I have now removed the link to Anonymous OS.