Page 1 of 4 123 ... LastLast
Results 1 to 10 of 36

Thread: How can this be possible?

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default How can this be possible?

    I tried to post this in a different sub-forum, it wouldn't let me.

    If a cheeto munching guy in a pickup truck parks close to my network. Deauths my farthest client, and then sets up his laptop to "loopback" to connect to himself, even if all my windows shares are closed and ports closed.

    Is it possible to dump my registry keys still? Because I imagine it would be as people have mentioned it b4. I am just unsure of :

    A) How it is done.
    B) How I can stop it from happening.

  2. #2

    Default

    B) How I can stop it from happening.
    Use WPA with a strong password

  3. #3
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by HitThemLow View Post
    B) How I can stop it from happening.
    Don't use wireless. I try to avoid it as good as I can, be it for customers or for myself.
    Tiocfaidh ár lá

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    I need wireless for my Laptop, as a wired connection isnt always possible.

    Use WPA with a strong password
    How would the encryption on my connection matter? Isnt the whole idea of a MITM attack to control the flow of information? He wouldnt need to connect the client to my network, since as I stated: I have no open shares, so he could very easily leech off my neighbours wifi, and use that connection for my stolen client.

    A friend of mine suggested I run nessus on the windows boxes in my network, he says ill find at least a few vulns on each one. Which makes no sense to me because:

    A) My network is using the strongest encrytion it can.
    B) All shares are disabled, even for local. ( including net bios itself )
    c) My router is passworded and webadmin is disabled.
    d) All my windows boxes are afaik fully patched, unless they need a reboot.

    The only way I see that someone could get into my net is physical access, which translates intp pwned in all circumstances.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Wait a sec, how could he possibly get access to your network if he is using your neighbors wifi?

    Or are you on your neighbors wifi too?

    If he can't connect to your AP he won't be able to get any access to any of the machines connected to your AP.
    Tiocfaidh ár lá

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by KMDave View Post
    Wait a sec, how could he possibly get access to your network if he is using your neighbors wifi?
    Or are you on your neighbors wifi too?
    Ooops! That's not right.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    @KMDave: I think he meant the truck guy could use the AP of the neighbour as gateway to the internet in a MITM Attack. Right HitThemLow?

    Okay I agree with you that deauth should work for the attacker. For this problem see KMDave's answer, it's harder to cut your cable

    So usually if you have MITM Attacks, the counter measure is a digital certificate. Never used it in wireless network, but I'm sure there are the same weaknesses like in hmm let's say https: SSLstrip and user who trust the wrong certificates (like self-signed).

    The other thing is: isn't your "stolen client" then connecting to another essid? I mean, why should a client connect to the "cheeto munching guy in a pickup truck"? As long as the client don't connect to any wireless AP by default (what would be very dumb)...

    Maybe an attacker could set up an AP with the same essid, mac, etc. but he can not use the same password for the WPA2, because he don't know it! So far so good? Did I miss something?
    Auswaertsspiel

  8. #8
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    anyway, using wireless is not that bad. Consider allowing remote access only through vpn, though. Be it people want to use the wifi when they are in front of the building, in the cafe, on the stairs - they will still need to log in via vpn to access the network. You can even open the wireless with no key at all - vpn will do the job, and days of fear will be over.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by floyd View Post
    @KMDave: I think he meant the truck guy could use the AP of the neighbour as gateway to the internet in a MITM Attack. Right HitThemLow?
    Yes that is correct, Im not on my neighbours AP, but since I have no network drives open on any of the boxes, if he were to use the neghbours as the link to the internet, my user would not notice.

    Okay I agree with you that deauth should work for the attacker. For this problem see KMDave's answer, it's harder to cut your cable
    I will look into getting a nice big roll of wire, but for the two laptops, wired isnt always a nice option.

    So usually if you have MITM Attacks, the counter measure is a digital certificate. Never used it in wireless network, but I'm sure there are the same weaknesses like in hmm let's say https: SSLstrip and user who trust the wrong certificates (like self-signed).

    The other thing is: isn't your "stolen client" then connecting to another essid? I mean, why should a client connect to the "cheeto munching guy in a pickup truck"? As long as the client don't connect to any wireless AP by default (what would be very dumb)...

    Maybe an attacker could set up an AP with the same essid, mac, etc. but he can not use the same password for the WPA2, because he don't know it! So far so good? Did I miss something?
    Thats more what I was worried about, since the extremely long pass is in the registry and is the default connection. If he does manage to get a client in a MITM environment, I was more wondering if there was any way (short of a 0 day, which noone on the good side (our side ) can really stop while it works. ) that he could manipulate the files on client he has "stolen".

    I know there have been local network only kind of exploits, so I was really wondering if he could get in by some means, then pilfer any data he wanted, including the WPA key, which would then lead him right into my network. As you can see Im more than a little over cautious

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by HitThemLow View Post
    Yes that is correct, Im not on my neighbours AP, but since I have no network drives open on any of the boxes, if he were to use the neghbours as the link to the internet, my user would not notice.



    I will look into getting a nice big roll of wire, but for the two laptops, wired isnt always a nice option.



    Thats more what I was worried about, since the extremely long pass is in the registry and is the default connection. If he does manage to get a client in a MITM environment, I was more wondering if there was any way (short of a 0 day, which noone on the good side (our side ) can really stop while it works. ) that he could manipulate the files on client he has "stolen".

    I know there have been local network only kind of exploits, so I was really wondering if he could get in by some means, then pilfer any data he wanted, including the WPA key, which would then lead him right into my network. As you can see Im more than a little over cautious
    It's pretty damn hard to mitm your internet connection from someone else's internet connection. As long as you have your wifi secured and your internet connection device(router/computer/modem/phone/whatever) properly configured, he's not going to be able to do anything to your computers.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •