.exe
-
Posts
56 -
Joined
-
Last visited
Posts posted by .exe
-
-
deauthentication requests should be sent to clients on behalf of the AP not sent to AP's themselves. also certain clients may ignore broadcast deauth requests, in which case you may need to send several packets at different intervals, or pick to send to specific clients.
Sorry for the confusion but I just meant how its carried out using the Aircrack utility which implies whats below...
-
If you have a device with a single interface your not going to be able to send deauth packets continuously (obviously to specific AP's) AND accept connections without turning things off and on - which means your going to have some clients able to re-connect to there original AP and some connecting back to your Jasager.
This was the original arguement for the seperate N:DS device handling the deauthentication and why Darren sent Snubbs round the tables in the video instead of messing around with all this on his own (except the range was inferior).
Solve this and clients will only have the options of connecting to your Jasager or being denied service.
-
hahahaha....
@ .exe UK only? yay i'm included but why not usa etc
Dont ask for details because im not at a stage to give any :) However, ruining a N: DS for the ability to run Aircrack is a little silly so dont do anything hasty in the meantime.
I'm looking at porting Lorcon to openwrt, if I can then I've got a really nice deauth script I wrote for my SANS gold paper. I'll integrate that.This is good for DOS but wont offer the ability to disconnect clients so they reauthenticate onto your Jasager. Its a very nice thing to have as an extra though.
-
First of all nice interview Digi....
I am working on a Jasager specific network setup (called the "Frankenstein") based on the EEE pc. It should eliminate the complexity of deauthenticating clients and provide internet access in a sexy ultra portable format.
This will be for the UK users only.
Details will be posted once I have completed moving house.
-
The next step is connecting the jasager to the internet. Anything free or low cost available to do this in europe? Ideally it needs to be a mobile device so any recommendations?
UPDATE: Heres the best I could come up with http://threestore.three.co.uk/dealsummary....code=18MB1GD017 but it would require running XP which is not good if you wanna run BT3 over Madwifi. A second pc is not practical either.
I have also noticed this post: http://hak5.org/forums/index.php?showtopic=10215&st=20
Its interesting that he has used ICS to leaverage his internet but this overcomplicates the setup and anchors you to XP (again).
-
PXE booting solves this nicely :D
Was I being noob and not checking the paper properly or is this a recent implementation?
Latest hak5 episode cleared up alot of questions.
-
Thats cool :)
Thats much more secure now and worth adding to the guide.
However I would advise everyone to take into account this doesnt used cookie based authentication. So to logout in firefox you will have to clear your private data so it forgets the httpd credentials.
It would be nice if you could stop clients connecting to that IP altogether though. Any news on how to do this with IPTables Darren?
-
Im just glad people are beginning to talk about this......
This needs password protection and should only be accessed via something exotic like the webif page.
-
Well allegedly Ubuntu has suffered alot of criticism by the hardcore Linux users for being too restrictive. I quite liked it though but I have only really just started using Linux.
-
If you dont ask questions you dont learn after all everyone started somewhere.
Why bother having a message board if your ignorent and stupid enough to think everyone else should know better? That attitude will change really quickly when you want something answered......
I have only just started using Linux and I am very interested in this topic even if certain people are not.
However, I would completely forget about taking Ubuntu to pieces and trying to turn it into something else. Not only are you making this harder but you will end up with a distro that echoes alot of the faults of Ubuntu.
-
The word on the street is this is very buggy......however, I have not tried this myself. Specifically the wireless is badly supported.
Anybody care to enlighten me :)
-
The way this is setup is very unusual......and unlike Darren suggested this is not lethal if users can simply connect to the jasager admin page and turn Karma off xD
-
OK, I've just got a new Fon flashed so it is completely clean. I'll go through and set it up and then let you know the process of getting it completely online.
Got to fit a new hdd to my desktop tonight so give me a day or so and I'll get what I can up.
The device is working fine :) Its just set up really weirdly from a networking prespective.
For example both interfaces share the same subnet therefore both get issued DHCP leases (wtf.....).
Ideally you want both interfaces communicating but using different subnets which should be possible if this is using OpenWRT.
-
I think its time we discussed how the network configuration of how this device works as I still cant get this setup in a way that is easy for me to use and this im sure is annoying others just as much quietly.
There are two interfaces:
1. WIFI (actually the LAN)
2. LAN (actually the link to the INTERNET, your LAN or WAN etc)
I cant seem to control the DHCP addresses assigned by the WIFI interface to connecting clients. How do I configure DNS and GATEWAY options for this interface to distribute to wireless clients? None of these settins are available on the OpenWRT config page.
The LAN interface appears to exist on the same subnet as the WIFI interface which I think is really bad as it allows clients to access the config page. Are these interfaces bridged and they need to exist on the same subnet in order to exchange information (this is what im assuming)? How to I stop wireless clients (and only wireless clients) accessing the Jasager config page (http://192.168.1.1) as I have been told this can be done with IPTables? Is it possible to change the address this is accessed from or this interfaces IP?
Finally what are the names of these interfaces within the OpenWRT OS (I think one is eth0 but i dont think the LAN interface is called this and its called br-lan).
Just a general overview of how this all works together would be really appreciated and some links would at least provide me with a starting point.
-
Give us a rough diagram and more detail on the solution you want.
Wireless is nice but if you stick to regular 100baseT not only will your network be more secure but some models of IP camera support POE (so no messing around with external power supplies). This requires a POE compatible device and a switch that supports this though.
You might also want to look at a camera with nightvision on it if this is going to be running 24/7.
-
Dont forget html injection.....I just saw some of the airpwn pictures from defcon 12 and it looks very cool.
-
The best/worst part is they claim this attack is completely un-stoppable using the conventional tcp/ip stack. I agree with the tech community that this should have been disclosed behind closed doors but I have a feeling these two invididuals wanted the credit for the discovery.
Heres hoping its bullshit :D
-
According to the TWIT security podcast this has got people shitting in there pants..........
http://it.slashdot.org/it/08/10/01/0127245.shtml
Allegedly the attached interview details exactly the procedures for instigating this attack (and this has been confirmed as new as its low bandwidth). He doesnt say how directly........but hes said enough to work it out.
This has been dubbed the affectionate term "sockstress"
NOTE: English begins a little bit into the interview.
-
Swiping means you alert the target and dicking around with liquid nitrogen is not only impracticle but if you mess it up its going to mean you lose your fingers... (although this is useful in a purely educational way).
You probably need about 30 seconds to restart the machine and dump the RAM so cooling may not come into the equation if your quick enough AND you do it at the targets machine.
Spinright would probably repair the degradation if any if you ran it on the dump. So the trade off for degradation would be fixing the data once its been grabbed.
The two most popular systems are Bitlocker (Vista) and Checkpoint (currently being used by IBM and other major brands).
What solutions are available for RAM dumping off a usb stick? If it is more practical then how would you go about doing this via firmware? Breakout box attached to a PCMCIA slot? Moves data to the board which has RAM powered by a battery.
If you can pull this data onto storage as far as the target knows there computer has just restarted (which you could put down to Windows patches, act of god, sunspots...........).
-
Is there anyway to deauthenticate connected clients to other AP's. Im pretty sure AirCrackNg will do this but I wanted to check. This would raise the chances of clients connecting to Jasager.
No - im not interested in wasting a fon with the FON BOMB guide on www.fonerahacks.com.
-
*BUMP* Has anybody got a guide for the IPTables setup or at least a webby? Ive checked and the connected clients can access the Jasager admin page :(
-
Would it be possible to attach a usb key to the computer to dump out the ram and capture the key? The specific system used where I work has integrated this encryption mechanism into the windows login screen (it unlocks machine and generates decryption key).
-
This can be overcome with the cold boot attack.
This is useful if you can get it running on a standalone usb stick. Can anyone else take this further?
Original link is: http://citp.princeton.edu/memory/
The art would be to get this to dump out quickly enough to not require any cooling.
-
It appears the more security conscious companies have become wise to the hacking communities utilities for password recovery (namely Ophcrack).
This utility relies on being able to read the SAM database of a Windows machine by booting into Linux (unless you recover these password using a hash dump (which is hard as Windows locks down access to this file when it starts). By encrypting hard drives its impossible to recover information using a live cd (distro cant read the SAM because the encryption service starts at preboot).
So is anybody working on any kind of workaround for the encryption (probably impossible as this is being rolled out by multiple vendors). Im guessing you would need a usb hack or an exploit using Jasager wirelessly in order to get at the hash?
Deauthenticating clients
in WiFi Pineapples Mark I, II, III
Posted
I believe this is exactly how the Aircrack-Ng deauth works.
Im not sure what the effect would be of occasionally stopping traffic to send these packets on clients (I have seen first hand some really weird effects of doing things like this - so you would need to test stability). IMHO it is always best to have a dedicated interface for the task at hand.