Jump to content

Wep that accepts all entered passwords?


JustRelaxable

Recommended Posts

Hmm. The Pineapple will work to accept all probes, ie:answer the call to any request for an AP name, but not sure how you'd setup WEP to answer all password requests. I think it would be similar to WPA and need some sort of matching events between both sides. Even with WPA(which uses a 4 way handshake) unless the client and AP have the same info set prior to connection, the connection isn't going to work. Passwords don't just come over as sending a plain text query that you could match and accept. WEP should suffer from the same problem in some manner that a challenge/response of some kind or initiation needs to take place between client and server that matches or is expected before they start communicating and authenticating.

If anyone knows how it can be done, I'd like to know. About the only thing I can think of are WEP/WPA phishing attacks with portals set to the same AP name and  dumb clients that auotmatically connect, then prompts the user with a redirected web portal to prompt them to enter their WPA or WEP keys to continue. Something like Fruity Wifi(initially made for the Pi runs on native Kali desktops) can do the whole phishing portal thing and fake AP, but that's where I would go with it.

If you do figure this out, I think it would be news to the world and spread quickly. I've never heard of it being done, but don't let that stop you from trying. Who knows.

Link to comment
Share on other sites

The only way I could think of is trying to tell the client that your the only AP before any other AP can respond to that client. Or deauthing all the clients and making sure they only reconnect to your AP, meaning everyone has to go through that one anyway.

I just realised a flaw with a rogue AP in a cafe...Someone smart who thinks they are connected to a rogue AP (or even a store manager, who should know their own WiFi network - also knowing they don't have a portal that looks the way it does currently) could use any WiFi sniffing tool for their phone and monitor the strength of the radio bandwidth which would grow stronger while they are walking closer to the AP.

Link to comment
Share on other sites

  • 2 weeks later...
On 8/28/2017 at 10:56 AM, Dave-ee Jones said:

Someone smart who thinks they are connected to a rogue AP (or even a store manager, who should know their own WiFi network - also knowing they don't have a portal that looks the way it does currently) could use any WiFi sniffing tool for their phone and monitor the strength of the radio bandwidth which would grow stronger while they are walking closer to the AP.

 

I think you're expecting a lot of the average cafe owner, I doubt that anyone other than an outside contractor would have the ability to follow through; to be honest I don't think that anyone who's in the position to be opening a cafe is going to be able to do any more than being suspicious about the portal changing.

That might just be my experience of business owners in Australia

Link to comment
Share on other sites

1 minute ago, Rees said:

I think you're expecting a lot of the average cafe owner, I doubt that anyone other than an outside contractor would have the ability to follow through; to be honest I don't think that anyone who's in the position to be opening a cafe is going to be able to do any more than being suspicious about the portal changing.

That might just be my experience of business owners in Australia

Yeah, it's true most business owners don't know anything about that kind of thing - most just sign a contract with an IT business and have them do all the work with the intention of having it work for them and that's it - they don't need to know what's in the background as long as the whole thing works.

Link to comment
Share on other sites

On 8/27/2017 at 6:32 PM, JustRelaxable said:

is there a any way to create a ap with wep encryption but this ap needs to accept all passwords entered,is it possible?

"not for WEP, WPA, or WPA2. The password is never actually sent to the router. A handshake is made instead :) 802.11X is different - it will actually send usernames and hashes to the server which you could crack"                                          - quote from Sebkinne on IRC recently.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...