Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: avoid loging on router

  1. #1
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default avoid loging on router

    Hey, i was doing a pentest on my boss's router showing him why to change to wpa, and when i was showing him how to change it i noticed that BT "my lappy" was in the log?? is there anyway to avoid this log or even hide behind a nother ip?
    I would rather be hated for what i am,
    Then loved for what i am not.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Assuming that you're directly attacking the wireless, then the answer is "no." This is because that wireless router is what the laptop is connecting to directly, and using as next hop to the rest of the network. You can, of course, change the MAC, as well as use a false hostname. Using a MAC of DE:AD:BE:EF:00:01 or something similar is always considered good form, although it is something of a giveaway. In fact, I know of at least two wireless IDS systems that look for the DEADBEEF string in MACs as a red flag.

    Obviously, if you're attacking from the wired side, using TOR or another anonymizer, or even using local PC as a jumping off point might work.

    However, the oldest trick in the attack book is to simply wipe the logs, which you would want to do in a real attack. Additionally, in a real attack you would want to disable the logging function after wiping it.

    'Covering you tracks' is detailed in "Advanced 3vi1 1337 Hax0ring 201".
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    7

    Default

    As soon as you crack the wireless AP password and gain access to the network, find the router (gateway) and try to login with default login/pass which can be found on the internet ... if defaults don't work, then - Xhydra and try the attack. When (if) you gain access to the router's web admin interface, make sure you find the page which shows and usually lets to wipe & disable the loging.

    nothing more can i suggest for you...

  4. #4
    Junior Member
    Join Date
    Mar 2009
    Posts
    83

    Default

    Quote Originally Posted by blackroselt View Post
    As soon as you crack the wireless AP password and gain access to the network, find the router (gateway) and try to login with default login/pass which can be found on the internet ... if defaults don't work, then - Xhydra and try the attack. When (if) you gain access to the router's web admin interface, make sure you find the page which shows and usually lets to wipe & disable the loging.

    nothing more can i suggest for you...
    what if remote access to the router is turned off...

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by laffing_man View Post
    what if remote access to the router is turned off...
    You're screwed. Or, if you manage to take over an internal computer....
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Advanced 3vi1 1337 Hax0ring 201
    Oh man! When is that book comming out? Can I have autograph? Can I package your sweat for resale?

  7. #7
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by pureh@te View Post
    Oh man! When is that book comming out? Can I have autograph? Can I package your sweat for resale?
    If that book comes out he has to have an entire chapter with Chris's "I hate Apple" rant. Which reminds me, I haven't pulled that string in a while.....
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  8. #8
    Just burned his ISO
    Join Date
    May 2009
    Posts
    7

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    Hey, i was doing a pentest on my boss's router showing him why to change to wpa, and when i was showing him how to change it i noticed that BT "my lappy" was in the log?? is there anyway to avoid this log or even hide behind a nother ip?
    after you have cracked the wep password:

    you can carry a dd-wrt router programmed as a client on the wifi side and connect to the lan side of it (programmed with a different subnet) on your laptop. the dd-wrt router will show up in the router log instead of your bt "your lappy"

    don't use a belkin f5d7231-4 v2000 wireless router, coz i can tell you that it doesn't have a full routing function between the lan and wan ports and the wireless (treated as part of the lan subnet)

    i setup the belkin f5d7231-4 as a client bridge (connect on the lan and be on the same subnet as the wireless victim) or as a repeater bridge (re-broadcast a new virtual ap with no security/security of my choice) and connect to the virtual ap, but both methods are bridging and the laptop will be on the same subnet as the wireless victim. for the record, the wireless victim is my own router buffalo whr-g54s.

    one note on these 2WIRExxxx routers, they tend to have the same subnet info of 192.168.1.x/24 with a default gw of 192.168.1.254. if you give yourself a static ip (pick a high number in the subnet), there is a chance you won't show up in the log versus if you get an ip address from the dhcp server (192.168.1.254)

    from the dd-wrt help:

    # Client mode – The radio interface is used to connect the internet-facing side of the router (i.e., the WAN) as a client to a remote accesspoint. NAT or routing are performed between WAN and LAN, like in "normal" gateway or router mode. Use this mode, e.g., if your internet connection is provided by a remote accesspoint, and you want to connect a subnet of your own to it.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    Quote Originally Posted by Barry View Post
    You're screwed. Or, if you manage to take over an internal computer....

    Im assuming you've never heard of NAT Ripping? Or rather, In this case I bet it'd be PAT ripping.

    Unlikely he could do it, but its an awesome skill if you cna master it

  10. #10
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    The router/access point/modem is getting your computer's name by using the NetBIOS protocol, so just turn NetBIOS off (you can even do this in M$Windoze if you go to Connection Properties->Advanced).

    I'd be very surprised and disgusted if BT4 had NetBIOS turned on by default.

    It's getting your MAC address from the frames you're sending out. You can change your MAC address:

    ifconfig wlan0 hw ether 00:01:02:03:04:05
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •