Penetration Testing mailing list archives

Re: [PEN-TEST] Changing MAC address on Win2k

From: Peter Van Epp <vanepp () SFU CA>
Date: Tue, 13 Feb 2001 12:16:35 -0800

        Changing the arp cache entry will not change the MAC address the card
is using, it will only change the MAC address associated with the IP in the
arp cache. As someone mentioned you need to convince the card driver to change
the MAC address. Failing that you need to find the I/O address of the Ethernet
chip where the MAC address is written. This is generally trivial using debug
and the initialization ROM on the card. I always have a good laugh when a
vendor tells me that "you can't change MAC addresses so our product (which
depends on MAC addresses) is secure". Its never taken me more than 1/2 an hour
to find the necessary ports on the Ethernet chip (and your CPU writes the
MAC address from prom/flash to the Enet chip during BIOS boot up in all cases
execpt where there is a CPU on the Enet card which is quite rare). Not all
salesbeings seem to understand this however ... One note: when doing this
make sure you use a valid MAC address (such as one stolen from a card which
is disconnected and in your hand) because duplicate MAC addresses on a network
will cause excitement.

Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada


Hi all! :)
Is Working only in Win2k ??
Because i try it here in my Nt 4.0 +SP6a ...but i didn't had error in arp
command...but didn't work...look:

ConfiguraÆo de IP do Windows NT

 Nome do host . . . . . . . . . . : nt_hadrion.hadrion.com
 Servidores DNS . . . . . . . . . :
 Tipo de n¢ . . . . . . . . . . . : H¡brida

 Identificador de escopo NetBIOS. :
 Roteamento de IP ativado . . . . : Sim
 Proxy WINS ativado . . . . . . . : NÆo
 ResoluÆo NetBIOS usa DNS. . . . : NÆo

Ethernet adaptador E100B1:

 DescriÆo. . . . . . . . . . . . : Intel EtherExpress PRO PCI Adapter
 Endereo f¡sico. . . . . . . . . : 00-10-DC-0D-40-27
 DHCP ativado . . . . . . . . . . : NÆo
 Endereo IP. . . . . . . . . . . : 192.168.151.100
 M scara de sub-rede. . . . . . . : 255.255.255.0
 Gateway padrÆo . . . . . . . . . : 192.168.151.1
 Servidor WINS prim rio . . . . . : 120.120.120.2

Ethernet adaptador NdisWan4:

 DescriÆo. . . . . . . . . . . . : NdisWan Adapter
 Endereo f¡sico. . . . . . . . . : 00-00-00-00-00-00
 DHCP ativado . . . . . . . . . . : NÆo
 Endereo IP. . . . . . . . . . . : 0.0.0.0
 M scara de sub-rede. . . . . . . : 0.0.0.0
 Gateway padrÆo . . . . . . . . . :

Then i do to test: arp -s 192.168.151.100 00-10-DC-0D-40-40
changing only the ultimate 2 numbers of mac...and it didn't show-me
error...but when i verify my mac appear igual before! look (same mac):

Ethernet adaptador E100B1:

 DescriÆo. . . . . . . . . . . . : Intel EtherExpress PRO PCI Adapter
 Endereo f¡sico. . . . . . . . . : 00-10-DC-0D-40-27
 DHCP ativado . . . . . . . . . . : NÆo
 Endereo IP. . . . . . . . . . . : 192.168.151.100
 M scara de sub-rede. . . . . . . : 255.255.255.0
 Gateway padrÆo . . . . . . . . . : 192.168.151.1
 Servidor WINS prim rio . . . . . : 120.120.120.2

Thkz...
until more! =)

-----Mensagem original-----
De: N0sferatu <satan () TM NET MY>
Para: PEN-TEST () SECURITYFOCUS COM <PEN-TEST () SECURITYFOCUS COM>
Data: Domingo, 11 de Fevereiro de 2001 23:47
Assunto: Re: [PEN-TEST] Changing MAC address on Win2k


; I don't really know whether this is correct but I have tried and found
that the MAC address can be changed in Win2k by issuing this command :
arp -s ip-of-the-computer mac-address

though it might be wrong..

\

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Parth Galen
Sent: Monday, February 12, 2001 4:46 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Changing MAC address on Win2k


I recently read in Pen-Test that the MAC could be changed in Win2k. I have
looked on the web for info, and in the archives at Security Focus but can
not find any "How To" information. Nothing on my system offers any obvious
opportunity either.

So, can anyone tell my how to change the MAC on Win2k.

This has to do with better anonymity while doing Pen-Tests. It is nice to
hop through proxies, but my MAC is always there to ID me. Specifically, I
working in a multi-site company, and their ID (they tell me) is blocking my
work based on MAC. Changing IP does not help.

Thanks Much,
Parth


Get your small business started at Lycos Small Business at
http://www.lycos.com/business/mail.html

Current thread:

Re: [PEN-TEST] Changing MAC address on Win2k, (continued)
- Re: [PEN-TEST] Changing MAC address on Win2k N0sferatu (Feb 11)
  - Re: [PEN-TEST] Changing MAC address on Win2k kevin Timm (Feb 11)
    - Re: [PEN-TEST] Changing MAC address on Win2k Nelson Brito (Feb 13)
    - Re: [PEN-TEST] Changing MAC address on Win2k Shoten (Feb 13)
  - Re: [PEN-TEST] Changing MAC address on Win2k Jeff Nathan (Feb 11)
- Re: [PEN-TEST] Changing MAC address on Win2k Abe Getchell (Feb 11)
- Re: [PEN-TEST] Changing MAC address on Win2k Fulton L. Preston Jr. (Feb 12)
- Re: [PEN-TEST] Changing MAC address on Win2k Adrien de Beaupre (Feb 12)
- Re: [PEN-TEST] Changing MAC address on Win2k -=Quequero=- (Feb 13)
- Re: [PEN-TEST] Changing MAC address on Win2k sekure (Feb 13)
  - Re: [PEN-TEST] Changing MAC address on Win2k Peter Van Epp (Feb 13)
    - Re: [PEN-TEST] Changing MAC address on Win2k bacano (Feb 13)
    - Re: [PEN-TEST] Changing MAC address on Win2k Alex Tibbles (Feb 13)
    - Re: [PEN-TEST] Changing MAC address on Win2k Lars Gaarden (Feb 14)
    - Re: [PEN-TEST] Changing MAC address on Win2k Peter Van Epp (Feb 14)
    - Re: [PEN-TEST] Changing MAC address on Win2k Ryan Permeh (Feb 14)
    - Re: [PEN-TEST] Changing MAC address on Win2k Hugo Fortier (Feb 13)
    - Re: [PEN-TEST] Changing MAC address on Win2k Olli Artemjev (Feb 14)
  - [PEN-TEST] heh (Feb 13)
    - Re: [PEN-TEST] bs (Feb 14)