digininja

Is the dhcp request coming in from the wired or wireless side? To find out if it is wired just unplug the machine from anything wired. Wireless, just turn off wireless.

46:46:3A:46:46:3A Looks like a fake MAC address, is there someone who may be attacking your network? Getting as many dhcp addresses as possible is a dhcp flooding attack which can result in a DOS.

This is how to do it on a Fon+ http://hak5.org/forums/index.php?showtopic=10565 And check the wiki and sticky post on how to do it on a Fon.

I don't exactly do ICS in linux, I setup routing so that my fon can route traffic through my normal lan. To be able to do this you need to be able to set routing rules on your default gateway. Mine is an Asus running openwrt so setting this is easy. This way the victims are kept on their own network, my internal is 192.168, the wifi is 10.0. It means that they have less access to the network than if they were dumped directly on it as I think you get when you do ICS with windows. If you want to know how to get this working shout and I'll try to document it.

I run linux so I don't know about the ICS steps in the wiki but I know that it does work. If you want to but beaware that if you don't protect it anyone can get on it and own you password sniffing airpwn site redirection dns redirection exploit injection the list goes on Two together would let you have one as a dedicated client connecting to an AP leaving the other as the AP. You'd have to wire the two together and setup routing so that traffic flows from the wireless AP, through the wire and out the client wireless. You could run Jasager on a couple of devices and set them both on different channels but most clients I've see channel hop to find the ssid they are looking for so they would always land on one if you had it running. Setting up load balancing between them, that could be interesting, not sure how much use, but interesting!

From linux, probably get into redboot and follow the steps on the openwrt wiki, from windows, follow Darrens guide which is pinned in this forum.

What, your toothbrush :-)

I'd like to know where the person with the safe was in this photo: http://www.thinkgeek.com/gadgets/security/855d/images/1653/ Why would you need to lock up your toothbrush???

Can't remember which threads it is on but have a read through the forum, there are a few mentions of adding sd cards.

I've just had this passed to me and I thought it was interesting so I'll pass it on: Both of my Fons are 87 and my Fon+ is 70. What have you guys got?

I can't remember how far I got on the nmap module and the code is on my laptop not my desktop so can't look at it easily. Have a play with it and see how far you get. If you get stuck feel free to ask for help. Karma and Jasager modules aren't compatible in themselves but they can always be built in a way that most of the code is reusable. The problem is size, Karma gets a full laptop to run in, Jasager only gets the Fon. If you know stuff about ettercap, or want to learn, let me know,my idea for that I think is quite a nice and sneaky one.

Nice

The symlink looks ok, I assume that you've got the directories right and the traversal is correct. All the scripts expect the parameters to be MAC, SSID, IP , so, if you want to call it from the command line you can pass it anything for the first two values then the IP for the last one. Watch out, it does take quite a while to run as by default it scans 1-8192 ports. To see if it is running just run top on the fon, you should see the activity. They are the same as init scripts so get executed in numeric order.

Overhauling karma... Its a bit buggy in parts, needs fully debugging. I'd like to do proper mitm with it, get ettercap or something similar running to capture packets. Stick a better front end on it, got some good ideas on that, don't want to release ideas too far in case someone nicks them without giving credit Add new modules, the version you have has the start of an nmap module I haven't had chance to finish. Having it running on a laptop gives access to a lot more software than Jasager has on the Fon, need to make use of it. If you want to work on it then I'm happy to share ideas more and having someone to work with gives me much more reason to actually get up and do it!

If there are any soldering gurus coming to Shmoocon I'll happily drinks (afterwards) for mod'ing my fon's. I've also got some ideas for my eee as well, that would be extra drinks.

it is l (ell) not 1 (one) before the 7

Don't know what the original firmware version was as I flashed it almost as soon as I got it. Seeing as we are both in the same city we could meet up and look at it together. No promises of a fix but I know that my hardware works and connects to my device, it may work with yours.

No, redboot comes up on 192.168.1.1, not .10.1. Your interface should be on an ip on the same subnet, usually 192.168.1.254.

wifizoo doesn't at the moment, stay tuned I can't remember what its called but there is a great app built on a wrt54g and a huge antenna that you setup and it seeks out whatever internet connection it can find and connects you to it.

192.168.10.1 ?

You could just try having a ping going to 192.168.1.1 then starting up the Fon, see if a normal ping gets through, that works for me as well.

what changes when you plug the fon in?

Sorry, can't help then, whatever I've done to my Fon+ I've always been able to get into redboot just by doing what I said before. Do the second set of messages start after you power on the device?

The auto refresh is done by prototype js library, it auto-refreshes the connected client and log panes every 10/20 seconds (can't remember which). I suppose you could try using a meta refresh to do a full page refresh. You'd need to add the line <meta http-equiv="refresh" content="60"> to the top of status.rb. This would cause a full page refresh every 60 seconds.

Still not sure why you want to downgrade the firmware. Redboot is available by default on the Fon+ so just plug your wired port directly into the fon, set your ip to 192.168.1.254 and bring it up. Run redboot.pl 192.168.1.1, watch for the failure messages to start then power on the Fon+. Having the two plugged together should create a link between the two so the interface should stay up. I use a cheap usb network card to do my flashes, that way my machine stays on the wired network and I can plug the devices in and play with them without losing any connections.