Friday, October 16, 2015

October Weakerthan Linux 6 Update Release

Happy Halloween!! 

Additions to the ISO (Why it's bigger in size)

My New Tools and My New GitHUB

I have finally updated my GitHUB page since the Google Code migration.

Web Application Penetration Testing

ss-6271 Shell Shock Exploit Script and WPES WeakNet PHP Post Exploitation Shell/Script. Both projects can be found here:

SS-6271 Shell Shock Script coded and added to menu (
WPES WeakNet PHP Post-Exploitation Shell/Script (

I am trying my best to get an environment set up to test/create a video presentation of both. Here is a video showing off the Shell Shock Script:

New RF Utilities

I have also added 3 new RF Utilities that I made while writing my book Penetration Testing with Perl - DevList, 80211Sniff, and ChannelSet. These tools were written only using Perl and can be found under Penetration Testing->Network Utilities->RF Utilities->WeakNet Labs

Warcarrier Updated!

Warcarrier is now Warcarrier-ng and has been updated to the latest version. The latest version has a newer interface with a lot more functionality. The GitHUB repo for Warcarrier and more information can be found here: To start Warcarrier, you will need a GPS USB device, I recommend the old GlobalSat BU-353 (because it works), an 80211 network adapter which supports RFMON mode, I recommend anything made by Atheros/Qualcomm or if you really have to the ALFA 1W USB thing, and optionally you can use a USB Bluetooth dongle and the HackRF Ubertooth One for 802.15 spectrum analysis.


ISO: (2260709376 bytes) Download Link
MD5: (49 bytes) Download Link


So, each time I update the ISO, the updates get bigger and better. This is no exception as you can see from the unordered list above. I have provided links to the tools pages for those unfamiliar with them. I got no recommendations this time around so I just put in tools that I felt that I would use on a daily basis while penetration testing. I hope that you enjoy the shiny new ISO file! If you like the ISO and my work, please consider donating as every little bit helps! 


Monday, September 14, 2015

September Weakerthan Linux 6 Update Release

September is Here!

Updates to Weakerthan Linux 6

GoTTY - Added for Red Team/Terminal sharing during penetration testing
GeoTweet - Added for Social Engineering / OSINT
VLC - Compiled and added to easily play media files
Transmute - added for word list generation for Aircrack-NG, cowpatty, John the Ripper, etc
UX - The UX has been upgraded after lots of testing
menu fixes - fixed issues from submissions
OSINT submenu for Open Source Intelligence tools
Red team submenu - with GoTTY and Armitage
Sounds - Added sounds to the keyboard shortcuts
Help! added to the menu with a lot of simple descriptions,

Keyboard Shortcuts

  • Google Chrome - CTRL+ALT+g
  • Terminal - CTRL+ALT+t (or ALT+F1)
  • Wireshark - CTRL+ALT+w
  • Armitage - CTRL+ALT+a
  • MSFconsole - CTRL+ALT+e
  • Network Interfaces - CTRL+ALT+i
  • Network Manager (WiCd) - CTRL+ALT+n
  • Power options - Windows key+p
  • Logout of Fluxbox - Windows key+l (or ALT+CTRL+Backspace)

Stage Fright!

I added the Android "Stage Fright" exploit and its dependencies as soon as it became available. Check the screenshot below,

Desktop Icons!

I have added iDesk for desktop icons in Fluxbox. You can access them from the menu Personalization->Customize WT6->Show Desktop Icons. Check out the screenshots below,


You can download the ISO update directly from my server,

ISO Image: (1.7GB) wt6.09.14.iso
MD5 Checksum: (49 Bytes) wt6.09.14.iso.md5

Wednesday, September 9, 2015

Blackberry and Security

I recently found a nasty SQL Injection bug that enabled me to view personal information of Blackberry's customers and employees that was quite similar to the simple hack that Weev was incarcerated for. Rather than dump the data, or write a script to hammer away at it, I disclosed the bug and Blackberry gave me credit for it:

I have made similar disclosures in the past to other companies, all of which didn't even seem to care about the bugs. Blackberry's incident response team, however promptly emailed me and kept up to communication throughout the process,

[BIRT2015-00446] Vulnerability Report

Hi Douglas,
Hope you are doing well. I'm happy to report the issue you reported to BlackBerry Security has been resolved. BlackBerry Security appreciates you responsibly disclosing this issue to us. On our external website, we list researchers that report security issues under our acknowledgments section, If you would like to have your name added, and it has not already been listed once this calendar year, please send me the name and either Twitter or company name you would like added. As per BlackBerry Security Response's policy, you will see your name posted on our website for the last Friday of the month.

Thanks again for responsibly disclosing this issue.
BlackBerry Security Response

I have always been a big fan of Blackberry. If you're a fan too, you can check out my design gallery of Blackberry wallpapers!