Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

creating fake APs

from [bLiTz] Network Security [Permanent Link]
Subject: creating fake APs
Date: Wed, 16 Apr 2008 21:08:46 -0700 (PDT) 
Hi thanks for the earlier help. We are now in phase II of the project and need 
to build a more secure network. I had the following questions:
1.  For this I was planning to use fakeap to create a large number of fake APs. 
But I am not able to configure fakeap after spending hours and hours on it. 
From what I understand, we need to have hostap inorder to run fakeap. I wasn't 
able to configure and install it ( I am trying to get this working on Ubuntu 
and then later if possible on OpenWRT on Linksys wrt 54gl) . It would be great 
if anybody out there could guide me or point me to some place where it is 
clearly explained how to get hostap and fakeap working.
2.  If there are any other similar tools out there please let me know. 
3. Advice on how to monitor our wireless network. Using wids? which WIDS would 
you guys suggest we use?


-----Original Message-----
From: bLiTz [mailto:blitztrade@yahoo.com]
Sent: Wednesday, April 02, 2008 1:47 PM
To: Nico Darrow
Subject: Re: Help for wireless penetration testing game/competition

Theywant us to break into the network in general and we get pointsdepending on 
what we do. Yes ours is not that advanced a course. Socould just cause DoS at 
all the APs. Getting the file from the serverwill get us the maximum points. 
Any idea how we could get to theirserver? Its running on  VMWare.

----- Original Message ----
From: Nico Darrow <ndarrow@airdefense.net>
To: <blitztrade@yahoo.com>; Nico Darrow <ndarrow@airdefense.net>
Sent: Wednesday, April 2, 2008 11:58:29 AM
Subject: RE: Help for wireless penetration testing game/competition

EAP-TLSwill require u to pen the client to get the certificates and 
logincredentials. If there is no server side certifcate verification then ucan 
MiTM the client and try sniffing the handshake inside the tlstunnel. Remember 
with newer EAP, the firtst handshake is always fakebut the real one happens 
inside the tunnel.

Are u sure they want u to break the eap-TLS AP? Thats a little advanced for a 
classroom project


-----Original Message-----
From:  <blitztrade@yahoo.com>
To: "Nico Darrow" <ndarrow@airdefense.net>
Sent: 4/2/2008 11:01 AM
Subject: Re: Help for wireless penetration testing game/competition


I am sorry I had to write that in a hurry and didn't really think of explaining 
in a better way. Thanks for the quick reply.
1.For this phase we are supposed to leave the DHCP on (the competition isin two 
phases and this network configuration is supposed to emulate aninsecure 
network. In the next phase we are allowed to make changes)
4. No the EAP method being used is not LEAP. I think they are using EAP-TLS



----- Original Message ----
From: Nico Darrow <ndarrow@airdefense.net>
To:<blitztrade@yahoo.com>; "pen-test@securityfocus.com" 
<pen-test@securityfocus.com>; wifisec <wifisec@securityfocus.com>
Sent: Wednesday, April 2, 2008 9:17:10 AM
Subject: RE: Help for wireless penetration testing game/competition

First of all, that was very hard to read and painful.

Things I'd recommend.
1.Your open AP, enable MAC filtering, disable DHCP (set your clientsstatic) and 
change your subnet. This will prevent them from connectingwirelessly, if they 
still can plug into your AP via a hardline thenignore this.
2. WEP, easy. If you're AP has something called "IPisolation"/"PSPF"/"MU-to-MU 
dissalow", enable this feature, it'll slowthem down depending on their level.
3. WPA-PSK, cracking thisdoesn't require traffic, you need the WPA 4-way 
handshake that happenswith a client associates to the AP. Usually the best way 
is to DoS aclient off the AP (hard and fast). Make sure you target the 
clientspecifically and not just do a broadcast deauth, some clients willignore 
the broadcast deauth or won't be sufficient enough to force ahandshake.
4. EAP, you can bet it's going to be LEAP. Take a look atthe asleep tool 
available (google is your friend). If they've setupanything else (radius 
backend) then you'll have to do a MiTM or clientpenetration to get certificates 
and credentials.
5. Client penetration, nmap, nessus, metasploit, scapy. 'nuff said.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] 
Sent: Tuesday, April 01, 2008 3:35 PM
To: pen-test@securityfocus.com; wifisec
Subject: Help for wireless penetration testing game/competition

 Hi
I am a student and am taking this course called Wirelesssecurity. Asapart of 
the course the class is divided into two teamsand we havetohack each other's 
wireless networks. It works in twophases. Ineedhelp in the first phase.
We have 4 AP's :
1.Openaccesspoint:the opposite team's access point is in our 
team'sphysicallocation(and ours is in their location). It has DHCP enabledand 
ifneeded wecan dc it and plug our client and get on thierphysicalnetwork.
2. WEP AP:  We have already cracked thier WEP key
3.WPAPSK: the problem with getting into this is that for the 1st phasethereisno 
traffic being generated by the other team so we can'tdeauth itandget the PSK.
4. WPA EAP - Not sure what EAP method they are running.
Thenetworkismanaged by a Windows server 2003 running on VMWare and thereis 
aPIXfirewall and a switch. The server has two files: one hiddenand oneisthe 
open.

So the task is now to somehow  get:
1. Access to the AP which is not open or launch a DoS
2. Get to the server files or corrupt them
WEcandothe task either wirelessly or through the wired network. Wewerealsoable 
to take one AP out of the network by ARP poisoningusingscapy. SoI wanted 
suggestions from you guys out there. I knowthereare loads ofmaterials out there 
but we don't have time. So anyhelpwill beappreciated.
Thx






      
____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Fuzzing FTPD ?, Joxean Koret
Next by Date:  Forms D2K Application Testing, iyer . anant . r
Previous by Thread:  Extreme Networks password hash, Alexander Sandström Krantz A
Next by Thread:  Re: creating fake APs, pinowudi
Indexes:  [Date] [Thread] [Top] [All Lists]