Wrt54g And Spoofing Ap?

[wuzz]

Hey everyone, this is my first post here at Hak5, I've been lurking for a bit without an account and now I need question answered that some might be familiar with around here. It's some what related to the WiFi pineapple in a sense, but I'm wondering if I can kinda of do the same what the FON 2100 with Jasager and blah blah with a Linksys WRT54G and DD-WRT or Open-WRT and either set it up so it does the same as seeing how many clients will connect to my AP or spoofing an AP or network as an AP to get clients to connect to me and pretty much go through me as their port to the internet whether it be my laptop tethered to my phone or me at a McDonalds or Starbucks with free WiFi.

Here is my visual explanation, eh sorta, it's not exactly as I explained but one of the things I could do and possibly aim for..?:

[Sparda]

The point of yaseger is to pretend to be all access points at once. Using a AP with the 'not right' adapter will allow you to easily do the MITM and sniffing and what not, but the victims have to come to you rather than you inviting them in.

[wuzz]

Hm, what are my options with my WRT54G then, would I be able to anything remotely the same as Jasager? Or as I said before could I spoof network info with the help of kistmet and just wait for clients to use me as an AP, if that's possible?

[Sparda]

you can pretty much do every thing that jasager can do except to pretend to be every AP that is looked for, which is what makes jasager so good.

[wuzz]

Gah, so I just have to spoof as an AP and wait for clients to actually connect to me by using their windows wireless zero config or what ever wireless drivers they have and actually click on the spoofed network, and would possibly be a lot better if I had a ranger extender or increase the power in this thing.

[Mr-Protocol]

Pretty much you have to go fishing/troll for users. Make your SSID something along the lines of "Free Secure WiFi" or "High Speed WiFi". SSID is your bait.

My typical setup with the Fon/Jasager is...

Client/Vic => Fon => Laptop => internet Wifi

You could also do the same...

Client/Vic => WRT => Laptop => Internet source

Or you can do what you mentioned and use the laptop for the spoof AP

Client/Vic => Laptop_AP => WRT => Internet source.

Edited October 6, 2010 by Mr-Protocol

[wuzz]

I'm really liking Client/Vic => Fon => Laptop => internet Wifi, but either method would mean just me baiting people and getting lucky, unless I did spoof AP I could just be on the edge of it with a range extender meaning other people in the area could pick it up.

[Infiltrator]

Or if you don't want to wait until a user connects to your Fake AP, you could send some Deauth packets to kick them off the wireless, so making them come right at you.

Not a nice approach, I know but it would theoretically work.

[Mr-Protocol]

Or if you don't want to wait until a user connects to your Fake AP, you could send some Deauth packets to kick them off the wireless, so making them come right at you.

Not a nice approach, I know but it would theoretically work.

Depends on signal strength. If the client is further away from you than the other access point, you will not get the connection.

Jasager is essentially Karma (The tool not whatever else you may be thinking), which was taken over by metasploit so hence we have Karmetasploit.

http://www.wirelessdefence.org/Contents/KA...ue_Services%29:

I'm sure you can just run Karmetasploit to do what you need.

http://www.metasploit.com/redmine/projects...i/Karmetasploit

Edited October 6, 2010 by Mr-Protocol

[wuzz]

Pretty much you have to go fishing/troll for users. Make your SSID something along the lines of "Free Secure WiFi" or "High Speed WiFi". SSID is your bait.

My typical setup with the Fon/Jasager is...

Client/Vic => Fon => Laptop => internet Wifi

You could also do the same...

Client/Vic => WRT => Laptop => Internet source

Or you can do what you mentioned and use the laptop for the spoof AP

Client/Vic => Laptop_AP => WRT => Internet source.

Depends on signal strength. If the client is further away from you than the other access point, you will not get the connection.

Jasager is essentially Karma (The tool not whatever else you may be thinking), which was taken over by metasploit so hence we have Karmetasploit.

http://www.wirelessdefence.org/Contents/KA...ue_Services%29:

I'm sure you can just run Karmetasploit to do what you need.

http://www.metasploit.com/redmine/projects...i/Karmetasploit

Karmetasploit is exactly what I need, thank you Mr-Protocol. Now my only problem is, I'm probably going to end up doing this on an older system or laptop I have, I'm hoping not my IBM ThinkPad 765d, but if it is, I'm praying all of this works on Damn Small Linux and the PCMCIA card I'm getting is compatible with the OS aannd Karmetasploit.

[Mr-Protocol]

You could look into BackTrack 4.

www.backtrack-linux.org

[wuzz]

You could look into BackTrack 4.

www.backtrack-linux.org

Yea I'm aware of BT4, it's actually in my pentest lab on my vmware server, but if I have to use that old laptop then I'll use DSL, my other laptop is down right now with a broken hard drive controller. :(

[Infiltrator]

Depends on signal strength. If the client is further away from you than the other access point, you will not get the connection.

Yep I know signal strenght will be an issue, if client is far away from you.

That's why a high gain anthena would be good to have. But again that may draw some attention.

Anyway will look into the Karma thing.

[wuzz]

Hm now I don't even think I'll need to flash the WRT54G if I can set it up as an AP through the Linksys Control Panel, I can just use the LAN port set it up with Karmetasploit and a battery pack (probably should test it a bit first plugged in) and technically I should be good to go after some config I believe, right?