Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Rogue AP Wireless on Windows/Linux

from [Steve A] Network Security [Permanent Link]
Subject: RE: Rogue AP Wireless on Windows/Linux
Date: Sun, 10 Apr 2005 20:14:17 +0100 
Hi

Try AirJack and MonkeyJack as they will let kill the other AP and
monkey-jack will let you do the other stuff you wanted to do but didn't
say.  

AirJack needs a Linux build (and a rather special one with lots of
kernel mods if I recall correctly) anyway see
(http://sourceforge.net/projects/airjack/)  for the source and
docs/presentation from the authors here
(http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-us
a-02/baird-lynn/) and here (http://802.11ninja.net/) (but last time I
looked the default apache page was the only page up (I guess web
security aint their thing))  and some useful stuff here
(http://www.netstumbler.org/archive/index.php/t-3282.html).

Note sure about the DHCP bit, you might need to use Airjack to de-auth
the real AP and then set up an AP of your own (any one would probably
do, but the higher powered the better, and set the DHCP scope to be the
same at that of the real AP - you will need to have sussed the Default
Gateway or users will loose external connectivity real fast). 

Hope that sort of answers your questions - we have only used airjack to
de-auth an AP and thus kill a single AP network so sorry if some of it
is a bit vague. 

Steve

Steve<at>logicallysecure.org


-----Original Message-----
From: szynkro@gmail.com [mailto:szynkro@gmail.com] 
Sent: 08 April 2005 18:53
To: pen-test@securityfocus.com
Subject: Rogue AP Wireless on Windows/Linux


Hi,

I'm looking for a way/all in one tool to simulate a wireless Access
Point on a Windows XP and/or Linux system preferably with built-in DHCP
daemon and all. The goal is to see if we can trick wireless clients in
connecting to the AP, sniffing for potential credentials and other
interesting stuff etc...

I've heard about hotspotter, airsnarf and alikes but don't know if they
are valid...

The scenario would be sniffing the unknown wireless network for valid
SSID's and setting the SSID on the rogue AP.... then fingers crossed I
guess that signal is strong enough to get some clients connecting. Can
we force/help the client in associating with the rogue AP?

Anyone some other valid (recent) Wireless Pen-Test scenario's?

thanks
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Rogue AP Wireless on Windows/Linux, James Fryman
Next by Date:  Re: sql injection with order by, Chitresh Sen
Previous by Thread:  Re: Rogue AP Wireless on Windows/Linux, James Fryman
Next by Thread:  Re: Rogue AP Wireless on Windows/Linux, Dragos Ruiu
Indexes:  [Date] [Thread] [Top] [All Lists]