ret

http://tinyurl.com/cqs9gh

and that is exactly what i did to crack the wep key. It was a 128 bit key, the "clients" attached were a wireless printer and a desktop that was hibernating (on each of the 3 AP's). the only data transmission was the occasional beacon from the printer back to the ap. Anyhow, gathering all the capture files and running aircrack-ng *.cap proved to be successful. Thanks again to everyone's advice.

Actually thats incorrect for this situation. using multiple laptops listening on seperate channels was more effective in capturing more IV's in less time. My total time spent on the scenario was just shy of 1/3 less than the rest of the students. I do however appriciate the advice.

Thanks for the info. I actually already got this one reslved. It was ia real pain. What i ended up doing was running airodump-ng on 3 systems (there were 3 ap's) and mdk3 with p -e essid. There was verry little data coming across and the essid in airodump-ng would switch back and forth between the public open and private "hidden". unfortunately i was unable to get aireplay to work since it was unable to obtain a beacon of the hidden essid, it would default to the public which was open anyhow so the data was useless. Anyhow, after running the 3 laptops on each bssid after about 20 hours i was able to gather about 100000 IV's and crack the WEP. It was quite an interesting exersize. I am sure there are other tools to use that would have made life easier but for now im satisfied that i was able to complete the task. Thanks everyone for your assistance.

I will have to get a screenshot for you. In the lower section it will show a bssid of <not associated> and a station id of the client's mac under probe i will see the essid im looking for "hidlan" In the upper section i will see several <lenght: 0> and <lenght: 1> essid's. The instructor has given one more clue... this is a multiple cisco ap environment (3ap's) there are 2 essid's on the network. "publan" and "hidlan" publan is open hidlan is 128WEP.

I can see a ssid when a client connects (lower half of airodump-ng) it will show me the clients mac but not the AP's bssid.

Thanks for the reply, i am using a BT3 live CD. I have a card in monitor mode. my concern is that there are several <lenght 0> / <lenght 1> AP's showing. i dont want to connect to the wrong device. Oddly enough i tried this out of the lab environment (at home) using a wrt54g, disabled xmit of essid, airodump found it as soon as my iphone connected. the only exception is that im using WPA2 Personal w/TKIP+AES.

ok so i've got a little challange in working on and hope someone here can give a hint. I have a wireless AP using WEP (i know its only a training scenario) with a hidden ESSID. I was given the ESSID and that was it. My task is to find the netowrk, crack the wep and issue a report of my methods. I have ran airodump and found several AP's. many of them are <lenght 0>. I can however in the clients table see a bssid = unassociated client = <mac> connecting to hidlan ive attempted to run mdk3 ath0 -p -e hidlan it ran about 20 min but then i had to go. so to my question.... What method could i use to find the bssid of an AP with a hidden essid in this scenario? am i on the correct path with mdk3? Thanks, - Ret

that comment is a bit far fetched. There are many sysadmins who have made that a career.

i worked for an ISP that was "powered by ebay" it was great till stuff broke and the owners refused to carry maint on the equipment. Needless to say they arent an ISP any more. Used is cool at times however i would think Darren and the Hak5 crew would want a warranty and support for the "new platform". Should there ever be an epic fail its nice to know it will be fixed.

Make it a "RF blocking" bag and those of us who can might be able to mandate such a bag as a security requirement LOL

if that was the case wouldnt they have just outsourced the work to india?

ok then, how bout this..... if you are using a wan link between sites (your ethernet "cloud" im assuming is mpls) you could place all of the AP's on the same VLAN and assign addresses from a central server. your device, when going from site to site can have a static IP assigned. problem solved..... I have about 27 sites with cisco wireless AP's. we have all the users obtain addresses from a /21. the ports on the switches are on a segregated vlan with some creative ACL's for security. anyhow, let me know how it works out for ya.

save your energy and buy a wrt54g from bestbuy.

Panasonic makes a network enabled camera that also has an SD slot. if network connectivity (or dvr) are not available it will record to SD. Take a look at their security products division.

this is more of a workaround than solution to the problem..... generally i run the runas command from command line or start>run runas bla bla bla. then you would not need to worry about old information as you would supply the credentials every time.

Yes, were using a postfix box for inbound relay / message queue that goes to a scrubber box then to the mail server. the process is reversed for outbound relay.

why not place a dhcp reservation in each location for your device and create an allow all ruleset for said IP's??

TCC (Tidewater Community College??) I assume you are in hampton roads. If you can i strongly suggest looking @ ODU. Might want to do your first 2 years @ TCC to save $$. ODU has a great CS dept and they work with NAVSTANORVA a lot. You could easily slip into the shipyard or civil service if you make the right connections. Professor Herbert Ketchum is pretty awesome.

Birds go really good with Ketchup mmmmmmm yummy :)

Here is my pet mouse, he dont eat much. I can leave for weeks at a time and he never dies.

whatever you do avoid the cert bootcamp places. They will give you konw knowledge to pass a test however you will not have to tools to work in "real life" Get yourself in contact with the local communite college and take some classes in fundamentals of netowrking and the such. Get a copt of teh Cisco CCNA self study guides and an IOS sim. It may be a good idea to purchase a test lab, or some older cisco equipemnt off of ebay to get practicle experience.

look kid, dont matter what you do on the local side, you are in an AD environment. The only way to priv esc is to do so on the DC or use another set of cradentials for authentication. good luck collecting unemployment when you get fired, or even worse put in jail for screwing with your company's infrastructure.

nah, the fcc would step in, ban using the frequency by unlicensed parties then sell the band to bill gates for a bijillion dollars. new law would be created to make it a felony to use anything but the "new net". yea, well thats my theory lol

Use AD to lock the workstations down. create a GP that will only allow specified executables to run. run tripwire against the workstations and servers to detect changes to the environment.