Results 1 to 6 of 6

Thread: Backtrack boot & Clientless crack w/ Mac acess control

  1. #1
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default Backtrack boot & Clientless crack w/ Mac acess control

    Hi everyone, I need help with two things. The first of which is more important so I'll explain it first.

    The AP im trying to acess has Mac acess control enabled becuase when I try to authenticate it says the AP rejects this mac adress. When I looked for a solution it had the "tcpdump -n -e -s0 -vvv -i ath0" command w/ and w/o the grep filter. When I do it w/o the filter it comes up with a ton of stuff none of which have the DeAuthenticate thing at the end. I may have missed it though so I tried it with the grep filter but it says

    "tcpdump -n -vvv -s0 -e -i ath0 | grep -i -E "(RA:00:c0:ca:17:db:6a|Authentication|ssoc)" You will have to change “00:c0:ca:17:db:6a” to the injection MAC address. It is case sensitive and typically lowercase. You may need to look at the tcpdump output without the grep filter to verify the case. " Also when I do the tcp dump first thing it says is Warning: no Ip4v assigned or something like that is this normal?

    I have a few qestions with this. First is what do I look in the tcpdump for the mac adress, second is what does the output below im looking for mean/what am I supposed to do with it?

    "11:04:34.360700 314us BSSID:00:14:6c:7e:40:80 DA:00:09:5B:EC:EE:F2 SA:00:14:6c:7e:40:80 DeAuthentication: Class 3 frame received from nonassociated station"

    Also I noticed when other people explain how to do a clientless crack w/ mac filtering they just say wait until someone connects then use thier mac adress or use them to get the IV's. So is it not possible to do a clientless crack w/ mac filtering and not knowing an allowed adress?

    The second question is about booting. On one laptop (compaq f700, w/ Atheros ar5007 card) I can boot into BT3 usb, but only after i've selected vesa kde and once those two things load unplug and re plug in the power cord. (note i have commview drivers installed to get monitor mode working) Also on the second laptop (compaq f700 w/ Broadcom 4311) I can't boot at all no matter what I do. I know broadcom will be like impossible to get to work but theres a few drivers out there I think. Any suggestions on how to get first laptop to boot regularly? If i select anything else or dont unplug/re plug it will just go black.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Nerfhurter View Post
    I have a few qestions with this. First is what do I look in the tcpdump for the mac adress, second is what does the output below im looking for mean/what am I supposed to do with it?
    You will not be able to find a valid MAC address by looking at a tcpdump filter of any kind. The output merely confirms that the AP does not accept your injected packets, which means that there most likely is a MAC filter in place.

    Quote Originally Posted by Nerfhurter View Post
    Also I noticed when other people explain how to do a clientless crack w/ mac filtering they just say wait until someone connects then use thier mac adress or use them to get the IV's. So is it not possible to do a clientless crack w/ mac filtering and not knowing an allowed adress?
    No it is not. You will have to use a valid MAC address in order for the AP to respond to your injected packets. The only way to get hold of a accepted one in case you do not know it by default would be to intercept one as soon as a client connects, or by bruteforcing it using MDK3. Since you do not seem to know the MAC address the question why inevitably springs to mind, knowing the whole scenario would make it easier to point you in the right direction.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default

    Hey, thanks for the reply. The scenario is that we have a condo down at the lake, and our neighbors have high speed through charter. Unfortunately I don't feel like dishing out $50 a month when I would wait for dsl to become available and get it all though a little slower, half the price. Our neighbors are almost never down so to know when they are down, and exactly when they are connecting makes it pretty hard. I assume he has at least a little networking know-how as hes made the name of the network custom and as far as I can tell has mac filtering on (which may have just been on my default). I'm not exactly sure of the rules of this site/forum and so if this isnt legal or anything like that I completely understand if you don't/can't help me. I just feel like since hes never using it it's like taking wallet of a dead guy or something.

  4. #4
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Nerfhurter View Post
    Hey, thanks for the reply. The scenario is that we have a condo down at the lake, and our neighbors have high speed through charter. Unfortunately I don't feel like dishing out $50 a month when I would wait for dsl to become available and get it all though a little slower, half the price. Our neighbors are almost never down so to know when they are down, and exactly when they are connecting makes it pretty hard. I assume he has at least a little networking know-how as hes made the name of the network custom and as far as I can tell has mac filtering on (which may have just been on my default). I'm not exactly sure of the rules of this site/forum and so if this isnt legal or anything like that I completely understand if you don't/can't help me. I just feel like since hes never using it it's like taking wallet of a dead guy or something.
    Not using doesn't mean not paying. Theft is theft is theft and no, we do not condone such actions here. Take what advice has been given to you and move on. You don't have to leave, but I highly recommend staying away from these sorts of activities/discussions.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  5. #5
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    3

    Default

    Quote Originally Posted by ShadowKill View Post
    Not using doesn't mean not paying. Theft is theft is theft and no, we do not condone such actions here. Take what advice has been given to you and move on. You don't have to leave, but I highly recommend staying away from these sorts of activities/discussions.
    Hey, I understand, I could get into it and try to convince you that its right or w/e but that's fine, thanks for the forums help keep up the good work.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    thread closed.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •