Jump to content

JohnE

Active Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by JohnE

  1. rm -rf / edit: ops. already posted.. sorry, just add a +1 to that. ;)
  2. You could use linux with a windows xp theme, and run internet explorer (wine) make sure you have Windows Messenger running.. have a bad picture of a dog or a horse as your background. then in another virtual screen run airbase-ng. then its no need for a fon. you could also hide the FON in a backpack. connect wireless to it, (change the ip to 192.168.1.5 on the FON, then set your laptop to 192.168.1.1) route the internet through your laptop running 3G/4G. or something. Never use a laptop with stickers on it (like the hak5 hosts do). to be extra stealthy, make sure you use a laptop that is a typical retail store brand. ex: Acer, Toshiba or whatever is sold cheap at bestbuy or whatever. Wear a suit and complain about the temperature, then mumble about how much the free wireless network sucks when watching youtube videos. :P then grab a beer and wait. ;)
  3. hehe nice! also I can see that it's written a couple of years ago, i might rewrite some of it. ill give you more details as i go. I have some other dirty projects that I'm working on, mitm attacks/proof of concept. I might post them in this forum if i feel that the project is mature/(easy for other people to use). anyway, thank you for the Interceptor project. This is also a great tool for debugging network traffic. :)
  4. or just someone who has associated with an already hacked ssid (open ssid with default username and password on the ap/router, and a greyhat changed the ssid, and the client you see has associated with that ssid.)
  5. btw, i see that you use the following.: if [[ "$pid" != "" ]] then kill $pid fi I think that the more redundant version is: if [ ! -z "$pid" ]; then kill $pid fi or simply just do a: killall openvpn daemonlogger it basically does the same thing ;) I guess I'm an asshole trying to teach you how to do shell scripts :P hehe sorry
  6. Cool thanks. Btw, the "active" sniffing i mentioned, i just tried it out with sslstrip. It wouldn't drop packages, it will only slow down the connection. of course this is not very stealthy. (sslstriping also requires you to have a local ip on the "client" bridge interface) but it works great, and btw, disabling VPN compression saved some latency. I guess i need to make a package of this. I have to work tomorrow, so i can't really use all night. but i have vacation in a couple of weeks, would you like me(allow me) to create a package and some documentation?? I'll be happy to do so. :) after all sharing is caring ;) when i'm at it i will also make an installation script form a clean OpenWRT solution. so that it will automatically install all dependency and create certificates for the complete Interceptor package. I think it's ok to switch to a static PSK (aka ta.key) for the VPN configuration. (it limits the VPN to only allow one user at once.) but it dos not requires the user to generate RSA certificates.
  7. Thanks! I'll see if i can find a pricetag somewhere. the RouterStation looks awesome!
  8. Yes, the general idea is to allow switching to "active" sniff the client, so that you can do iptables redirects,dns spoof or other great advantages when being the man in the middle. I'm also on the lookout for a Fon2 (2202), beacuse of the USB port, and maybe compile usbip to openwrt (unless its already available.) other mods is to power the Fon+ with USB power, but currenly i only managed to feed enough power to the device on USB3 ports. guess my next mod is to try getting POE to work. the device seems to accept voltage from 5-12volts. the fon+ has an internal voltage regulator that is set to regulate the input voltage down to 3.3volts. :) I also tried a battery pack. but it doesn't hold for more than one hour or two.
  9. Also, almost forgot, :) I created a script that connects TWO vpn tunnels to the "client". then bridge eth0.0 to tap0 and eth0.1 to tap1 on the interceptor. and then bridge tap0 and tap1 on the client, which makes you the man-in-the-middle. ;) i have some small issues with performance. but if anyone is interested, i can create a guide. and some scripts to make it more unattended. (right now it's a little messy. :P) I would like to try this on a N wireless router, but i can't find any small wireless N routers with two NIC's that support OpenWRT. please, can anyone point me in the right direction?? :)
  10. Hello, I would like to inform of some minor modification to the Interceptor package. Btw I'm using a Fon+ (2201) I added "option hidden 1" to the /etc/config/network, so that the ssid doesn't broadcast the ssid. AND i had to add the following line to /etc/init.d/interceptor after ifconfig br-lan 0.0.0.0 brctl delif br-lan ath0 because if i didn't add this command, I had problems with connecting to the wlan interface of the Fon+. (which makes the fon impossible to reach without reflashing the device.) i also disabled encrypion of the vpn tunnel, (the wireless is encrypted already.) this removes some overhead. so that your able to capture more data. (just add "cipher none" to the client.conf and server.conf openvpn configuration files) i had some problems issuing "reboot" to the device (also if you replug the power.) where the device does not successfully boot, i do not have a JTAG cable/adapter so i can't really debug whats happening. The "fix" is to let the device be without power for a couple of minutes before reapplying power. this is not an issue in the real world. but if somebody know a better fix please let me know (I'm using openwrt 8.09.2-r18961) i also encountered this problem after issuing reset in the redboot shell. same solution. also, is there a reason why I shouldn't don't run the VPN -server- on the Fon+?? with a simple bash script you can make the Fon recognize when the VPN tunnel is connected and then autostart the daemonlogger. and close daeomonlogger when the client disconnect?? this way you wouldn't need to specify the ssh root password. :)
  11. Btw, you know that you can mimic the behavior of the jasagner by using the airbase-ng package available in the aircrack-ng suit. just remember that your wireless access card MUST be supported by aircrack-ng example: #make sure the wifi interface is up and running: sudo ifconfig wlan0 up #create a monitor interface sudo airmon-ng start wlan0 #(this will create mon0) #start airbase-ng this will create network device: at0 airbase-ng -i mon0 -c 6 -P -C 30 -e "FreeeWiifiii" -v mon0 #Tweak this if necessarily (man airbase-ng) #you could also specify a different listening device, if you have multiple wireless network adapters. (-i monX option), otherwise it will be limited to channel 6 (-c X option) #configure at0 ifconfig at0 up ifconfig at0 10.0.0.1 netmask 255.255.255.0 #start a dhcp server and dns server ,or something.. :) dnsmasq -c /etc/dnsmasq.my.config # the rest is up to your imagination. :) I'm currently working on a package that have allot of the same features than this one, only it's designed to be more "stealthy". # have some phun. :) ###### the end Btw guy's, this is actually a bigger threat than you might imagine. if found out that when i parked outside our office building after hours, multiple laptops associated with my computer. lot of them unpatched windows xp laptops from other companies. Imagine how fast i could attack the local network if I where a blackhat. Instead I alerted them immediately. (and they of course only took it in consideration.) lot of factory installed HP laptops will try to associate with "hpsetup". If you're an IT-admin make sure that you patch users laptops, and if you can, invest in a WIPS. :)
×
×
  • Create New...