Penetration Testing mailing list archives
RE: Rogue AP Wireless on Windows/Linux
From: "Steve A" <steve () logicallysecure org>
Date: Sun, 10 Apr 2005 20:14:17 +0100
Hi Try AirJack and MonkeyJack as they will let kill the other AP and monkey-jack will let you do the other stuff you wanted to do but didn't say. AirJack needs a Linux build (and a rather special one with lots of kernel mods if I recall correctly) anyway see (http://sourceforge.net/projects/airjack/) for the source and docs/presentation from the authors here (http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-us a-02/baird-lynn/) and here (http://802.11ninja.net/) (but last time I looked the default apache page was the only page up (I guess web security aint their thing)) and some useful stuff here (http://www.netstumbler.org/archive/index.php/t-3282.html). Note sure about the DHCP bit, you might need to use Airjack to de-auth the real AP and then set up an AP of your own (any one would probably do, but the higher powered the better, and set the DHCP scope to be the same at that of the real AP - you will need to have sussed the Default Gateway or users will loose external connectivity real fast). Hope that sort of answers your questions - we have only used airjack to de-auth an AP and thus kill a single AP network so sorry if some of it is a bit vague. Steve Steve<at>logicallysecure.org -----Original Message----- From: szynkro () gmail com [mailto:szynkro () gmail com] Sent: 08 April 2005 18:53 To: pen-test () securityfocus com Subject: Rogue AP Wireless on Windows/Linux Hi, I'm looking for a way/all in one tool to simulate a wireless Access Point on a Windows XP and/or Linux system preferably with built-in DHCP daemon and all. The goal is to see if we can trick wireless clients in connecting to the AP, sniffing for potential credentials and other interesting stuff etc... I've heard about hotspotter, airsnarf and alikes but don't know if they are valid... The scenario would be sniffing the unknown wireless network for valid SSID's and setting the SSID on the rogue AP.... then fingers crossed I guess that signal is strong enough to get some clients connecting. Can we force/help the client in associating with the rogue AP? Anyone some other valid (recent) Wireless Pen-Test scenario's? thanks
Current thread:
- Rogue AP Wireless on Windows/Linux szynkro () gmail com (Apr 08)
- Message not available
- Fwd: Rogue AP Wireless on Windows/Linux Chris Kuethe (Apr 10)
- Message not available
- Re: Rogue AP Wireless on Windows/Linux tmanster (Apr 10)
- Re: Rogue AP Wireless on Windows/Linux James Fryman (Apr 10)
- RE: Rogue AP Wireless on Windows/Linux Steve A (Apr 10)
- Re: Rogue AP Wireless on Windows/Linux Dragos Ruiu (Apr 11)
- Re: Rogue AP Wireless on Windows/Linux Franck Veysset (Apr 11)
- <Possible follow-ups>
- RE: Rogue AP Wireless on Windows/Linux Chris Mitchell (Apr 11)