ret
-
Posts
35 -
Joined
-
Last visited
Posts posted by ret
-
-
Also using multiple laptops CAN boost the speed of cracking (if they all have wifi devices which are capable of monitor mode && packet injection!)
You could use each one to do multiple attacks on the AP simultaneously! So say you've collected 33,333 IV's on each of the three laptops, now you could rename each of the capture files "something-01.cap, something-02.cap, something-03.cap"
and put them all in the same place, then when you run aircrack-ng
with something like
aircrack-ng something*.cap
it will use all three capture files instead of just one to crack the key :)
and that is exactly what i did to crack the wep key. It was a 128 bit key, the "clients" attached were a wireless printer and a desktop that was hibernating (on each of the 3 AP's). the only data transmission was the occasional beacon from the printer back to the ap. Anyhow, gathering all the capture files and running aircrack-ng *.cap proved to be successful.
Thanks again to everyone's advice.
-
Oh, and using multiple laptops will not boost results in any way possible.
Actually thats incorrect for this situation. using multiple laptops listening on seperate channels was more effective in capturing more IV's in less time. My total time spent on the scenario was just shy of 1/3 less than the rest of the students. I do however appriciate the advice.
-
Thanks for the info. I actually already got this one reslved. It was ia real pain. What i ended up doing was running airodump-ng on 3 systems (there were 3 ap's) and mdk3 with p -e essid. There was verry little data coming across and the essid in airodump-ng would switch back and forth between the public open and private "hidden". unfortunately i was unable to get aireplay to work since it was unable to obtain a beacon of the hidden essid, it would default to the public which was open anyhow so the data was useless.
Anyhow, after running the 3 laptops on each bssid after about 20 hours i was able to gather about 100000 IV's and crack the WEP. It was quite an interesting exersize. I am sure there are other tools to use that would have made life easier but for now im satisfied that i was able to complete the task.
Thanks everyone for your assistance.
-
I will have to get a screenshot for you.
In the lower section it will show a bssid of <not associated> and a station id of the client's mac under probe i will see the essid im looking for "hidlan"
In the upper section i will see several <lenght: 0> and <lenght: 1> essid's. The instructor has given one more clue... this is a multiple cisco ap environment (3ap's) there are 2 essid's on the network. "publan" and "hidlan"
publan is open hidlan is 128WEP.
-
but you won't see the SSID.
I can see a ssid when a client connects (lower half of airodump-ng) it will show me the clients mac but not the AP's bssid.
-
Thanks for the reply, i am using a BT3 live CD. I have a card in monitor mode. my concern is that there are several <lenght 0> / <lenght 1> AP's showing. i dont want to connect to the wrong device. Oddly enough i tried this out of the lab environment (at home) using a wrt54g, disabled xmit of essid, airodump found it as soon as my iphone connected. the only exception is that im using WPA2 Personal w/TKIP+AES.
-
ok so i've got a little challange in working on and hope someone here can give a hint. I have a wireless AP using WEP (i know its only a training scenario) with a hidden ESSID. I was given the ESSID and that was it. My task is to find the netowrk, crack the wep and issue a report of my methods.
I have ran airodump and found several AP's. many of them are <lenght 0>. I can however in the clients table see a bssid = unassociated client = <mac> connecting to hidlan
ive attempted to run mdk3 ath0 -p -e hidlan it ran about 20 min but then i had to go.
so to my question....
What method could i use to find the bssid of an AP with a hidden essid in this scenario? am i on the correct path with mdk3?
Thanks,
- Ret
-
No one really has a career in computing, they just do it as their job.
that comment is a bit far fetched. There are many sysadmins who have made that a career.
-
Dude...thats hawt... now i know this may sound stupid...but have you guys ever thought about Ebay?...i know im cheap so i love it
i worked for an ISP that was "powered by ebay" it was great till stuff broke and the owners refused to carry maint on the equipment. Needless to say they arent an ISP any more.
Used is cool at times however i would think Darren and the Hak5 crew would want a warranty and support for the "new platform". Should there ever be an epic fail its nice to know it will be fixed.
-
I think a hack 5 laptop bag would be cool -
Make it a "RF blocking" bag and those of us who can might be able to mandate such a bag as a security requirement LOL
-
or perhaps its an attempt for sentinent beings to get us to make what they couldnt.
you could always theorize that we were developed by alien life and bred on this planet for the sole purpose of making this thing. ie (lets see if we can force them to develop in this general direction and have their life be solely about this) kind of thing
or perhaps not lol
i dont believe that but you never know.
if that was the case wouldnt they have just outsourced the work to india?
-
Yeah that's what I have setup now, just trying to think outside the box and simplify things.
ok then, how bout this.....
if you are using a wan link between sites (your ethernet "cloud" im assuming is mpls) you could place all of the AP's on the same VLAN and assign addresses from a central server. your device, when going from site to site can have a static IP assigned.
problem solved.....
I have about 27 sites with cisco wireless AP's. we have all the users obtain addresses from a /21. the ports on the switches are on a segregated vlan with some creative ACL's for security. anyhow, let me know how it works out for ya.
-
save your energy and buy a wrt54g from bestbuy.
-
Panasonic makes a network enabled camera that also has an SD slot. if network connectivity (or dvr) are not available it will record to SD. Take a look at their security products division.
-
Good Day:
In Windows, When you right click on a shortcut/object, and select RunAs, then select "Run as the following user", there is a drop down box that allows you to put your domain\username in there.
My current list is full of OLD information and I need to clear it out so I can populate it with the current information.
I cannot seem to find where/how this is done.
this is more of a workaround than solution to the problem..... generally i run the runas command from command line or start>run runas bla bla bla. then you would not need to worry about old information as you would supply the credentials every time.
-
Its odd that no one has taken openbsd and pf, nailed a gui on top of it and created a firewall distro from it. Also, can you use a nix box as a mail relay for exchange?
Yes, were using a postfix box for inbound relay / message queue that goes to a scrubber box then to the mail server. the process is reversed for outbound relay.
-
why not place a dhcp reservation in each location for your device and create an allow all ruleset for said IP's??
-
Ok, I signed up for a 12 week A+ Certification class so I have something to keep me occupied until I can get the money for the classes I want to take at TCC. The place I'm taking the A+ Certification class at also offer's a Network + Certification class. The details on the paper didn't really explain to me what a Network + Certification was so could someone tell me if it's worth signing up for or should I just wait and take the Network classes at TCC (Community College)?
TCC (Tidewater Community College??) I assume you are in hampton roads. If you can i strongly suggest looking @ ODU. Might want to do your first 2 years @ TCC to save $$. ODU has a great CS dept and they work with NAVSTANORVA a lot. You could easily slip into the shipyard or civil service if you make the right connections. Professor Herbert Ketchum is pretty awesome.
-
Birds go really good with Ketchup mmmmmmm yummy :)
-
Here is my pet mouse, he dont eat much. I can leave for weeks at a time and he never dies.
-
whatever you do avoid the cert bootcamp places. They will give you konw knowledge to pass a test however you will not have to tools to work in "real life" Get yourself in contact with the local communite college and take some classes in fundamentals of netowrking and the such. Get a copt of teh Cisco CCNA self study guides and an IOS sim. It may be a good idea to purchase a test lab, or some older cisco equipemnt off of ebay to get practicle experience.
-
Hmm, you bring up an interesting point.
Though I could always use the 'more than guest' account. Everyone knows the username, and everyone knows the password! And at first glance it looks exactly the same as a normal account. I think you can even access the same shares as the average user!
So if I was going to be doing any account escalation, I would use the 'more than guest' account.
Now, if you please, I am interested in how this could be done (and of course, how to do it!). As by learning to do it myself, I'll have more knowledge of what people use on there computers to escalate permissions, and I'll have more of an idea how to stop it happening. Or even if I can't stop it, it will still be very useful knowledge to have.
I am training to be a network administrator... but I don't think I will continue in that job... I hope to become a White Hat Hacker with a CCNA.
So please help me work out how to escalate my permissions.
Thanks in advance,
USBHacker
look kid, dont matter what you do on the local side, you are in an AD environment. The only way to priv esc is to do so on the DC or use another set of cradentials for authentication.
good luck collecting unemployment when you get fired, or even worse put in jail for screwing with your company's infrastructure.
-
I see a pretty simple fix with the whole net lock down and net neutrality thing. And this is community driven internet.
which would be a pretty easy thing to do using Mesh networking.
the idea also means that unless ALL the access points magically die everyone has the internet ready to go.
nah, the fcc would step in, ban using the frequency by unlicensed parties then sell the band to bill gates for a bijillion dollars. new law would be created to make it a felony to use anything but the "new net".
yea, well thats my theory lol
-
Hello
I am wondering if there is a good way to remote keylog on and over my network?
And how to protect my network against it?
I am using Windows Server 2003 with XP Pro Workstations.
I am interested in the tools used to remote keylog on a network (locally).
Please tell me which ones to use, and how to protect the network against them!
Thanks in advance,
Panarchy
Use AD to lock the workstations down. create a GP that will only allow specified executables to run. run tripwire against the workstations and servers to detect changes to the environment.
hacking computer on network
in Security
Posted