Thanks for the info! It's amazing he was able to reverse-engineer the setup installer to arrive at the conclusion.
I'm most interested in this topic because I'm working on the exact same task with...
Type: Posts; User: ternarybit; Keyword(s):
Re: What can someone do after discovering a "exploit"?
Thanks for the info! It's amazing he was able to reverse-engineer the setup installer to arrive at the conclusion.
I'm most interested in this topic because I'm working on the exact same task with...
Re: What can someone do after discovering a "exploit"?
@Snayler this is very interesting. I suspect many router vendors employ similar means to derive default WPA keys. Since the key is ultimately the product of the non-reversible SHA1 hash function, I...
Re: Stuck in a loop: Bios - Boot BT5r2 from USB - Select Text - Repeat.
If I understand correctly, you select "Text Mode" from the BT5 boot menu, at which point the system reboots?
What's the last message or text you see on-screen before the reboot?
Does...
Re: Issues: Wardriving: Tether iPhone with BT5 R2 -> kismet to receive gps signal
I'm very interested in using a smartphone's GPS with kismet, but I don't have an iPhone (I have an Android), so I can't be much help. I'm monitoring this thread with anticipation, however :)
Re: A way of easily installing to a usb with persistence and encryption?
I followed the guide you linked to on Infosec Ramblings and got it working. Maybe I can help.
First, I'll answer your last questions:
Installing BT5 with persistence means that many things...
Re: Defending against WPS attacks
Interesting thoughts, Snayler and aerokid240. I'm fairly certain these tactics are possible, even if somewhat impractical. Still, its an interesting concept. Thanks for the input!
Re: Defending against WPS attacks
This is only partially correct, as DD-WRT will disable WPS on supported routers, but one cannot toggle it on and off because DD-WRT does not support WPS. DD-WRT uses the WPS button to optionally...
Re: Defending against WPS attacks
thanks for the input. I did mention disabling WPS is the obvious solution in my OP, I was just curious if there was anything else available to a defender, assuming their router cannot disable WPS...
Re: Defending against WPS attacks
Sure, good point.
In the event that, say, I'm running Kismet and pick up a WPS attack coming from a spoofed MAC 00:11:22:33:44:55, what can I do to stop the attack? Is there a way to deny service...
Re: Defending against WPS attacks
That would definitely make things harder for an attacker, but also very hard, if not impossible for legitimate users--especially on public or mostly-public hotspots. Thanks for the input!
Defending against WPS attacks
After some research and field testing, it's become pretty obvious that WPS is the most dangerous threat to Wi-Fi security, for APs with WPS enabled.
The most obvious solution is to simply disable...
Re: Final College Work
I found an old Linksys AP in a thrift store for $10. A lot of people replace their AP with a new 802.11n unit and retire their old one. eBay or Craigslist surely has loads of dirt cheap APs.
Do a...
Re: Recommended wireless usb adapters
Interesting, I think you're right that they may look a bit suspicious. Worth considering!
War log: Analyzing AT&T access points
Seems overnight I've found dozens of new APs in the area, all broadcasting the SSID ATT###, where ### is a 3-digit number. They all employ WPA2/CCMP encryption.
My office manager also received one...
Re: Method for users having trouble with reaver operating very slow.
Hey Str8fe, thanks for the info!
I'm currently blackbox pentesting with Reaver 1.4, and started triggering WPS lockout with Reaver's default settings, just -i and -b. It ended up running about...
Re: Recommended wireless usb adapters
Alfa Network AWUS036H or AWUS036NH. The NH supports 802.11n, but some report it's slightly less stable. I got the AWUS036H through Rokland.com for under $30 USD with free shipping.
It has...
Re: Advanced WPA(2) attack methods?
I am also very interested in understanding this attack method, with a practical explanation, if possible.
Re: bt5r2 in VMware player having problem with alfa awus036nh... if I change to dual-
Help us help you.
What does
dmesg | tail
or
Re: Pyrit + Cal++ (Radeon) How-To Guide (BT5R2 KDE 64bit)
When using attack_batch, pyrit does store the computed PMKs in the DB, and only calculates nonexistent PMKs when starting again. So yes, it does resume where it left off when using attack_batch.
...
Re: john the ripper not seeing wordlist
Great! Glad to help.
Re: Pyrit + Cal++ (Radeon) How-To Guide (BT5R2 KDE 64bit)
Oh, I just noticed!
You're running it on your laptop. I do expect it to work without segfaults, but I don't expect it to work at really really fast speeds. Any laptop video chipset won't...
Re: Pyrit + Cal++ (Radeon) How-To Guide (BT5R2 KDE 64bit)
The compliation errors and version mismatches are expected and not important. The original post mentions them and it's OK to ignore them.
Not sure where the last segfault comes from. This looks...
Re: Will using VMWare leave a bigger footprint than a normal install?
Depending on how you configure the guest OS' network settings, from the network's perspective, the guest OS will just be a separate network node apart from the host OS. I use VirtualBox, and with...
Re: john the ripper not seeing wordlist
If thorin's suggestion doesn't work, try adding --stdout to your john invocation. Pretty sure it won't pipe to stdout without it.
Re: LM, NTLM and Rainbow Tables
I believe these are what you're looking for. I've also had really good luck cracking unusual / long passwords with the free version of OphCrack. You can generate your own tables, but it's already...