Page 11 of 14 FirstFirst ... 910111213 ... LastLast
Results 101 to 110 of 137

Thread: Rogue Accesspoint + MitM Sniffing tutorial

  1. #101
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    17

    Default

    This seems more effective than cracking WPA given the time it would take for a dictionary attack to find a complex key.

    Can you emulate an AP, disassociate clients from the real AP and then capture the WPA key for the AP as the client tries to reconnect?

  2. #102
    Member
    Join Date
    Jun 2008
    Posts
    50

    Default

    My understanding is that you can:-

    create a fake AP (have successfully gotten working)

    disassociate clients from a genuine AP and if their computer is set to reconnect automatically it "may" connect to the fake AP if the signal is strong enough. Alterntaivley if your windows box is set to connect to an AP automatically but currently isnt, the fake AP can be set to use the SSID being brioadcast by the windows machine to create a fake AP. (have got this part working)

    to obtain the WPA key you would need to run Metasploit, which will only be successful if the connected machine is unpatched and has certain firewall ports open. Once the box is broken you could install wirelesskeyviewer or alternativley run the wirelesskeyharvester (see other thread - although I havent managed to get this working), another alternative is the rogue updates such a notepad plus etc (again not managed to get working)

  3. #103
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by JF1980 View Post
    This seems more effective than cracking WPA given the time it would take for a dictionary attack to find a complex key.

    Can you emulate an AP, disassociate clients from the real AP and then capture the WPA key for the AP as the client tries to reconnect?
    I assume you mean that you would create a rogue WPA encrypted AP and expect to capture the WPA key once the client, believing it is his own AP, tries to connect using it. The answer is no, the WPA handshake is a serie of challenges and responses and the key will not be transmitted in clear text at any point.

    But take a look at this thread instead as it presents an interesting alternative for getting the key. The process is a bit more complex and involves the attacker exploiting the client and obtaining all saved wireless keys from his windows registry file once he connect to the fake WAP.
    -Monkeys are like nature's humans.

  4. #104
    Just burned his ISO
    Join Date
    Jul 2006
    Posts
    17

    Default

    Has the original post been updated to reflect the most recent script or is there a newer / refined version available?

  5. #105
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    To achieve what my tutorial is aimed at, the original script will still work
    perfectly with the latest svn - no new features or anything in airbase-ng
    could of been added to the script since it was made until now.
    - Poul Wittig

  6. #106
    Junior Member
    Join Date
    Feb 2006
    Posts
    25

    Default similar problem with Alfa

    Quote Originally Posted by Silver_Seven View Post
    Yes BadKarmaPR, I sure did. I am not sure what it is. I reinstalled a new image to a lappy and have it working ........ :-)
    Hi guys,

    It seems I'm having a similar problem with my VM BT3 install with the Alfa USB card.
    After much reading and poking around I noticed that I'm getting malformed packets in wireshark (monitoring wlan0 because on at0 wireshark shows no traffic). I have the BT3 final Alfa patch (I believe it is the latest), latest VM tools and VM Ware (6.5.1 I believe) and my DHCPCD.conf is the same as yours.
    I guess I could try messing around with the MTU settings a bit more as that seems to be an issue with the Alfa, but other than that i don't really know where to look more.

    Am I correct in assuming you got this working with an Alfa card in VM Ware? If so I wonder why myself and silver seven are having problems.

    Any ideas welcome.

  7. #107
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by janus View Post
    Hi guys,

    It seems I'm having a similar problem with my VM BT3 install with the Alfa USB card.
    After much reading and poking around I noticed that I'm getting malformed packets in wireshark (monitoring wlan0 because on at0 wireshark shows no traffic). I have the BT3 final Alfa patch (I believe it is the latest), latest VM tools and VM Ware (6.5.1 I believe) and my DHCPCD.conf is the same as yours.
    I guess I could try messing around with the MTU settings a bit more as that seems to be an issue with the Alfa, but other than that i don't really know where to look more.

    Am I correct in assuming you got this working with an Alfa card in VM Ware? If so I wonder why myself and silver seven are having problems.

    Any ideas welcome.
    Nope, I never managed to fix my issues within VMWare unfortunately.
    If I recall correctly maybe a small percentage of the packets seen in wireshark came out right but far from anything that would work. From what I have heard, (think it was Tron) the patch for rtl8187 conained in BT3 is still the latest one you can get. Yes you could try playing a bit more with the MTU or go and explore some more - but don't get your hopes up. Boot BackTrack from a usb and to start having fun
    - Poul Wittig

  8. #108
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Deathray View Post
    Nope, I never managed to fix my issues within VMWare unfortunately.
    If I recall correctly maybe a small percentage of the packets seen in wireshark came out right but far from anything that would work. From what I have heard, (think it was Tron) the patch for rtl8187 conained in BT3 is still the latest one you can get. Yes you could try playing a bit more with the MTU or go and explore some more - but don't get your hopes up. Boot BackTrack from a usb and to start having fun
    Yes my setup using the latest version of VMware fusion, with VMware tools installed, and my AWUS036H running on the default r8187 driver is still working just fine. I do see the malformed packets as well when monitoring the wlan0 interface, but running Wireshark on at0 instead shows all the traffic normally. The only problems I am still having is related to the –p option, but this does not seem to be all that uncommon with the current version of airbase-ng. I am afraid that I can’t give any helpful hints on how to fix the problems a lot of the users seem to have, as apart from setting the MTU to 1500 I do nothing differently from the tutorial.
    -Monkeys are like nature's humans.

  9. #109
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    10

    Default

    Hey guys !, i need your help,

    so i run the script with no probleme, everything is working fine but .... (yea always a but :P)

    i can ping almost all site like google.com or yahoo.com
    but i cannot ping hotmail.com

    so few search in wireshark and i see

    No Time Source Destination Protocol Info
    83 308.. 10.0.0.254 208.67.222.222 ICMP Destination unreachable (Port unrechable)


    so the source is ok (it's the ip of my ''victim'' pc, the destination is the Dhcp
    i know that the problem is the Unreachable port but ... how can i ''open it'' ??

  10. #110

    Default

    Quote Originally Posted by Mattthhdp View Post
    Hey guys !, i need your help,

    so i run the script with no probleme, everything is working fine but .... (yea always a but :P)

    i can ping almost all site like google.com or yahoo.com
    but i cannot ping hotmail.com
    Some sites block ICMP. If you can ping other sites, you have connectivity. What is the problem?

Page 11 of 14 FirstFirst ... 910111213 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •