Jump to content

Change-Driving

hexlax

By hexlax
in Applications & Coding

 Share

Recommended Posts

hexlax Newbie

hexlax

Posted
Posted

So, I started to look in to the Jasager project and really liked what I saw there. Instead of attacking the client side, I was thinking about the AP side of the house.

You know how most wireless routers have built in web management interfaces? I'd like to work on some code that would interject our own network configuration which could include DNS or static-route poisoning.

I'm asking the forum for advice on the best implementation for this program. I have prototyped this already on a xp box by:

1) Zero Wireless Config automatically connects to an AP (based on Preferred Networks).

2) Currently only connects to SSID of "Linksys".

3) Launches wget at the default gateway URL to change router configuration (all a POST statement).

4) Brings down the interface then brings it back up which XP automatically reconnects to another Linksys access point, taking us back to step 1.

I could see how I would be able to launch this attack at multiple vendors, all because they all use a single POST statement to change router configuration. This of course implies that the router has the default user/pass, no encryption, and a simple network topology behind a public IP address (what I like to call out of the box security).

Although I have only implemented this on XP, I'm sure there are some Linux gurus out there who could shed some light on some APIs or something to implement this by. The only thing I am using wget for is the authentication to the web management interface and launching the config change. I could see how this could already be implemented in the BOOST libraries, making it nice for crossplatformability. I got kinda wordy, but please, I'm interested in what ya think.

Link to comment
Share on other sites
Bakb0ne Newbie

Bakb0ne

Posted
Posted 

~# iwconfig wlan0 essid myessidwhatever it is && wget 192.168.1.1/starthtmlorwhatever.html && ifconfig wlan0 down && ifconfig wlan0 up

Not sure what you're asking, but that should set the essid of the interface wlan0 to myessid*, wget the page you want, and restart the interface.

After sobering up slightly, you're wanting to change the configuration of the router?

Theoretically you could chroot into the AP, since most firmware is linux based, and do that.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...