Jump to content

PR3VIOUS

Active Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by PR3VIOUS

  1. Yes, that is possible. Did a little write up that in another thread here: http://hak5.org/forums/index.php?showtopic=11078
  2. Just kick in an iptables rule in the FORWARD chain like: iptables -I FORWARD -d <lan subnet> -j DROP for example: iptables -I FORWARD -d 192.168.0/24 -j DROP That way traffic with a destination within your network get's dropped, but with a destination somewhere on the internet still get's through.
  3. That would be the files in /usr/lib/ipkg/lists/ Iirc it was in both 'packages' and 'release' and not 'X-Wrt' Those were retrieved / created during the install of webif. Easiest fix is to just delete all entries about kmod-madwifi in those files and try to install the jasager patched madwifi package again.
  4. Try to create as much room as possible. So only having the webif package file in /tmp and not all the other packages. Not sure if it really helps, but you could try killing services you don't need. Stuff like: - cron - httpd - uhdhcpd - syslogd - bwmon
  5. I believe that's part of the libpcap library. That's an optional item during the installation of wireshark. Make yourself assured libpcap is installed (winpcap is what it's named under Windows)
  6. wpa_supplicant scans for the network ssid you specify and hops to that channel (but as a result all clients do loose their connectivity to the AP due to the scanning process, even if the uplink network is on the same channel.
  7. my fon+ originally had even a newer version: 1.1.1r2. I unlocked it using http://www.fonboard.nl/wiki/HowTo_Foneraplus_unlocking2 No need for the serial cable.
  8. I don't get both the client uplink connection (ath2) to work and the AP (ath0) to work unless there is a interface in monitor mode. Seemed strange to me as well, but without it neither does connect. But, since the monitor interface exists it can be used for running mdk3 deauth from: mdk3 ath1 d For what I can see the madwifi driver doesn't do channel hopping between two interfaces. All VAP (athX) interfaces share the same channel the physical interface (wifi0) is on. This channel is the last one specified on any of the VAPs. So for example I have ath0 up in AP mode on channel 11 and there is a client connected to it. As soon as I start wpa_supplicant to have the FON connect to an uplink AP running on channel 4 all VAPs on the FON switch to channel 4. Thereby disconnecting all clients already connected to the AP on ath0. The clients start scanning again and do find the AP again on channel 4. And even if this behaviour can be changed so the AP stays on 11 and the internet connection is on 4 I can't think of reason to not have both AP and internet connection sharing the same channel...
  9. Had a little fun with the FON+ tonight. My target was to work towards not needing a wired internet connection so the FON could be dropped somewhere and not needing a wired host / wall socket to do it's work. Just to do it's work with a battery. This without a 'back-to-back' setup with a second FON as digininja suggested. And this appears to work. What you can do is adding an virtual interface (or VAP as Madwifi calls it) being a client connection to another wifi network, the uplink network. The weird thing is that this only seems to work with a third VAP in monitor mode. Basically I ended up with: ath0 - (default) bridged with eth0.1 being the gateway interface holding 192.168.1.1 on the br-lan ath1 - monitor interface, not even needed to bring this up ath2 - the client interface connecting to the 'internet enabled' network, the uplink. I got this working using iptables to do some NAT'ing for me. MASQUERADING seemed usefull in this case since it's likely to switch between internet enabled WiFi networks. Anyways, the literal steps: wlanconfig ath1 create wlandev wifi0 wlanmode monitor to create that required monitor interface (more on wlanconfig and all on madwifi manual: http://madwifi-project.org/users-guide/node14.html) wlanconfig ath2 create wlandev wifi0 wlanmode sta nosbeacon ifconfig ath2 up to create an interface we will use to setup the internet connection on (see for the 'why' of the nosbeacon the previous link to the madwifi manual) The channel/frequency of those virtual interfaces is the same, so we have to sync them with the channel our internet enabled wifi network is on, for example 4: iwconfig ath0 channel 4 iwconfig ath2 channel 4 (not sure if it's required to do this on both, but better too much than too little huh) The uplink network I used was a WPA secured network, so I used wpa_supplicant to connect to it: wpa_supplicant -iath2 -c/etc/wpa_supplicant.conf For a short example on how to setup a WPA config: http://www.enterprisenetworkingplanet.com/...cle.php/3594946 Let's request an IP from my uplink network router: udhcpc -t 0 -i ath2 -b -p /var/run/ath2.pid -R From here you should have internet access on your fon (assuming you don't have anything connected to the 'wan' interface of your fon or any other config to get a default route over the lan or wifi itnerfaces). You could test with some pings and all. To give that lovely internet access also to the poor 'clients' connecting to your FON honeypot you can use some NAT'ing: iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o ath2 -j MASQUERADE This way every packet from your 'clients' will be rewritten to be sourced from the IP of the FON has on the uplink / internet network. This way the uplink router just routes all traffic back to the FON and the FON keeps track of all the clients and knows who should get what response. The basic NAT'ing work so to say. Anyway.. this gives a FON 'router on a stick' situation which only requires a working and internet capable internet WIFI network. It's not as portable as a mobile phone used for an uplink as post_break suggested. As a suggestion I would like to tell that it's quite easy to install tcpdump and nmap on the FON. Giving it some more muscle power to do 'pentesting'. What's next? Well... I'm thinking about some black hat fun writing a small footprint app for finding passwords and all in the traffic that passes. Or maybe a ferret/hamster alike setup, but maybe a remote setup. Just thinking out loud now but: the FON filtering cookies and sending it realtime over the internet to a server (or just e-mail it) where it can be picked up for 'further processing'. Oh btw.. I have been trying to figure out how to add storage to my FON 2201+, but the docs I find are only about the 2100 / 2200, and the GPIO points on the PCB of the 2201+ aren't that obvious. So if someone has something regarding the 2201+ I would love to hear it! Another thing I would like to know is how you can make your own images of the FON. It takes quite some time to install / flash everything I like, so to create some backups / setup archive it would be great to image that. Didn't search for this at all though, so it might be very easy... :D Have fun playing! Oh! before I forget: kudo's to digi ninja for the madwifi patched drivers and jasager!
  10. I just unlocked my Fonera+ firmware 1.1.2r1 using: http://www.fonboard.nl/wiki/HowTo_Foneraplus_unlocking2
  11. I've tried this method as well on my newly received Fonera+ 1.1.1r2 but while packet sniffing. As soon as the network comes up on the Fonera (as in: it does reply to ICMP ping requests) every connection to 9000 is responded with a RST, so it seems they closed this vector on the more recent firmwares... So... if anyone has an idea to get SSH enabled or to downgrade these newer versions I would be very happy to hear it.
  12. *bump* ;) Same goes for me, having a Fonera+ fw 1.1.1r2 straight out of the box and unable to find a proper ssh enable method or downgrade instruction. I might have a try with the serial sollution, but not in the possession of proper cables / electronics to do so atm. Wondering if someone can point us in a direction for these firmwares...
×
×
  • Create New...