Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: How can this be possible?

  1. #11
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by HitThemLow View Post
    Deauths my farthest client, and then sets up his laptop to "loopback" to connect to himself, even if all my windows shares are closed and ports closed.
    In this scenario he's not connected to your network so you have nothing to worry about. Who cares if he deauths a client and then connects to himself? (Well other than the client that got booted)

    Is it possible to dump my registry keys still? Because I imagine it would be as people have mentioned it b4.
    They have? Where? Please provide some linkage.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  2. #12
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by HitThemLow View Post

    Thats more what I was worried about, since the extremely long pass is in the registry and is the default connection. If he does manage to get a client in a MITM environment, I was more wondering if there was any way (short of a 0 day, which noone on the good side (our side ) can really stop while it works. ) that he could manipulate the files on client he has "stolen".
    1. If he manages to get a client in a MITM, the client did something wrong --> train your users
    OR
    2. A zero day wireless xploit was abused on the client (but what kind of? can't even imagine one) --> you can do completely nothing and one of your clients and so your hole network is compromised
    Auswaertsspiel

  3. #13
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Either I don't still get it or the question is kind of pointless.

    So the scenario is: You have your own wireless lan A. It is secure, you are not worried that someone can access it. A bad guy sits in a truck and connects to your neighbor's unsafe wireless lan B.
    Now your question is can he access the machines on network A if he is connected to B.

    At least that's how I understood your question. Answered before but no, it is not easily possible to go from client->B->internet->A->your machines. It requires the attacker to know the IP of your router for instance, get through the router's security and so on.
    Tiocfaidh ár lá

  4. #14
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by KMDave View Post
    it is not easily possible to go from client->B->internet->A->your machines. It requires the attacker to know the IP of your router for instance, get through the router's security and so on.
    One relatively easy option for the attacker is to use reverse connector (exe).... I tested it 2 months before and it worked like charm (even accessed victim located in Italy from UK, well, with their permission certainly)
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  5. #15
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by kazalku View Post
    One relatively easy option for the attacker is to use reverse connector (exe).... I tested it 2 months before and it worked like charm (even accessed victim located in Italy from UK, well, with their permission certainly)
    He'd still have to get the OP to click on the exe on a custom crafted web page. He doesn't need to be on the neighbor's wifi for that.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #16
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by KMDave View Post
    Either I don't still get it or the question is kind of pointless.

    So the scenario is: You have your own wireless lan A. It is secure, you are not worried that someone can access it. A bad guy sits in a truck and connects to your neighbor's unsafe wireless lan B.
    Now your question is can he access the machines on network A if he is connected to B.

    At least that's how I understood your question. Answered before but no, it is not easily possible to go from client->B->internet->A->your machines. It requires the attacker to know the IP of your router for instance, get through the router's security and so on.
    Not what I meant: heres as defined as I can make it:

    The "Hacker" connects to neighbour's network A. He sets up a rouge AP on his laptop. He then repeatedly deauths my clients until one of them joins his AP. Is it possible for him to then manipulate the files on my "stolen" clients computer? Not actually connecting to my network, but rather get the key out of the stolen client, which he can then use to join the network with ease.

  7. #17

    Default

    I think I finally understand what you are trying to explain/say.

    First, the hacker doesn't need to connect to your neighbors network to accomplish a MITM using a Fake AP.

    To answer the second part of your question, in theory, it is possible for the "hacker" to get the keys out of the client laptop. You are talking about "wireless key grabber"

  8. #18
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Ok, thats exactly what I was trying to figure out, but how can I prevent it? Disable netbios :\ Because we use printer + file sharing.

    Oh and I know he doesnt -have- to connect to my neighbour, but if I understand it right, that would generally be a good idea to do so, so that my user doesnt go "Wtf, where did my intranet go?"

  9. #19

    Default

    Keep your system patched up to date and use a decent host firewall.

  10. #20
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by HitThemLow View Post
    Oh and I know he doesnt -have- to connect to my neighbour, but if I understand it right, that would generally be a good idea to do so, so that my user doesnt go "Wtf, where did my intranet go?"
    Correct, if you are talking of the internet

    In order to access your machine he would still have you to execute a file, do something on a suspicious site and so on. Well you might want to check the homepage of a vendor of some software if the autoupdate feature pops up, since this can be used as an attack vector too (see evilgrade).
    Tiocfaidh ár lá

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •