Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 44

Thread: Wireless key grabber - Backtrack 4

  1. #31
    Junior Member
    Join Date
    Jan 2010
    Posts
    47

    Default

    Have a look at the History here http://www.remote-exploit.org/codes_hotspotter.html
    As it seams microsoft has patched Xp since sp1 to not bring the client from a secure EAP/TLS network to an insecure one without any warnings from the operating system.
    So probably even the official 1.0 release of airbase will not do that!!!!

  2. #32
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    4

    Default

    Quote Originally Posted by Takedown32 View Post
    After editing

    //virustotal url

    NONE.
    can you explain more exactly editing? ... you extracted exe by UniExtract and than some hex edit? ... I read about hexa edit but it was in meterpreter.exe... can you post what did you edit (line,text)?

  3. #33
    Junior Member
    Join Date
    Jan 2010
    Posts
    47

    Default

    In this case i just edited some of the file info.(like company name version and such things)cause in this case all antivirus soft were checking only the hash of the wkv.exe

    http://img205.imageshack.us/img205/9...0421163750.jpg

  4. #34
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    7

    Cool Nice job, working very well. Let's walk one step forward!

    Hi every one:

    I've been testing for some time Wireless Key Harvester and it's a nice proof of concept and the functionality is wonderful. But let's walk one step further. Could we think about a mass attack with this honeypot.

    Imagine that after working, the clients come in, get the site, have to download the meterpreter, and after getting reverse connection, they get released from the catch and get a transparent gateway to internet. So the could resolve dns and are gatewayted to internet. We could also begin to sniff... And we begin again with a new victim. I am maybe thinking in nocat auth, or nocat splash. Could we get adressed to this new direction.

    Think about it.

  5. #35
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    yes in theory it is possible

    my previous work was on getting them to execute our "payload" and allowing them to continue surfing through our gateway

    you can do it manually no problem but to automate this is a bit tricky, you do it through assigned IP, have rules in place etc

    it is possible through iptables, but to automate after payload execution? I don't know

  6. #36
    Just burned his ISO
    Join Date
    Feb 2007
    Posts
    7

    Default Automated gateway

    Maybe the answer is the payload. Maybe executing some code in the payload rb to change the DNS resolver IP in the victim's side and maybe some routing rules could help.

    Again the other possibility is to study the work of nocat auth (called by the developers: catch and release). I have read that it does iptables change automatically. I have worked with automatic hotspot software and it simply catches the client, waits for authentication (in this case for payload execution) and releases the client from the captive portal so he can begin to surf free. I'll try to read more about it.



    In other point: Have somebody had luck with airbase -P - C probe response. I have tried with atheros and last svn and I had to return to rc2 without -P.

    And as last point: Maybe use priv dump hashes in harvester.rb to get double functionality?

  7. #37
    Member
    Join Date
    Feb 2010
    Posts
    204

    Default

    so far no luck with either ieee or mac drivers when it comes to -P on airbase,

    although mac drivers work far better, i.e able to change channels and mac using airbase

    just waiting for a new release of airbase

  8. #38
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Angry Hex keys .... WKG

    ok .... first of all i am a newbie but i liked your post...
    iwas searching for something else and i crawled up in here ...
    btw i was searching for dhcp!!! Lol...
    1.i run Wireless key grabber on win vista x64 and is a different version.... you should try uploading different version of wkp.exe for wink64 system
    2. Ok to the point Hex numbers .... the 64 bit version of windows works like charm and shows the numbers in hex .... so it is very simple math....
    how to convert them to passphrase is very easy if their are only numbers and letters .... anyway the concept is .....
    subtract by group of cuples
    ------example 1 only numbers 64bit hexkey----
    passphrase: 12345
    Wireless Key Manager output: 3132333435
    subtract 30 -3030303030
    ans =12345
    ------example 2 letters and numbers 64bit hex key ---------
    passphrase:A1B2C
    wireless key manager output: 4131423252
    sutract 30 for numbers
    ...and 40 for cap. letters where 1 is A ....
    ..or look up
    caractermap...... 41-40 31-30 42-40 32-30 43-40

    =A1B2C
    ----------------
    Cheers

  9. #39
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default another mistake !!!

    in your index.html you write in code ..." onClick="window.open('/windowsupdate.exe', 'download" wrong! erno //c/windowsupdate ..... could not be found ...

    should use onClick="window.open('windowsupdate.exe' no ---->/
    hmmmm ok ?
    ok?
    LoL nioce one dude though .... if your exploit works in x64 versions you can go deeper ....
    i have tried it and it works but i told you the errors ...

  10. #40
    Junior Member
    Join Date
    Feb 2010
    Posts
    26

    Default

    DUB-YA DUB-YA DUB-YA DOT virustotal DOT com/analisis/b969b0eacca72afb411f24e7939ab34f35711d2e1a7d194ba1 081f7fff38c999-1243636191

    Such a shame

    Looks really promising though

Page 4 of 5 FirstFirst ... 2345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •