WRT54G Spoof AP Guide

renderman · 08-15-2005

For Defcon, I developed a few tricks that I hoped would give my team an edge in the wardriving contest, including an easy way to make my own Spoofed target AP's to confuse and distract other teams.

It took some research, but I now have the instructions nessecary for changing the MAC on the wireless side to whatever you want! Coupled with a matching SSID you now have your own embedded 'Evil Twin' (hate that term), spoofed AP for doing whatever the hell it is you want to do. No more HostAP mode and laptops, just a small blue box, easily hidden inside a teddy bear

Personally, I see potential of extending this research further and ending up with my own embedded airsnarf box, but my scripting skills suck

For now, have fun with what I have posted at http://www.renderlab.net/projects/wr...54g-spoof.html

As usual, questions, comments and improvements are welcome.

Mod: Sticky again?

Dutch · 08-15-2005

Quote:

Originally Posted by renderman

Mod: Sticky again?

Done!

And just for the record : This confirms it, I'm NEVER EVER going to accept any gifts from you, without having it x-rayed, contained in a faraday cage, and exposed to the effects of an EMP weapon first.

Dutch

streaker69 · 08-15-2005

I think a good thing for you to work on would be a self charging battery powered concealed AP. You can get solar panels rather cheap now, have them power a charging circuit to some lithium ion or NIMH AA batteries. I bet you could get something to work.

renderman · 08-15-2005

I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

Dutch · 08-15-2005

Quote:

Originally Posted by renderman

I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

I'll have a go at it. PM me with what you want me to do.

Dutch

streaker69 · 08-15-2005

Quote:

Originally Posted by renderman

I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

Can't help ya with the last question, but let me know if you're looking for parts to work with. I have a couple of good cheap sources for things. I found some solar panels for around $4.00 and some 2200mah NiMH AA's for $2.75 each.

renderman · 08-16-2005

http://airsnarf.shmoo.com/rogue_squadron/index.html

Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck.

You know, I really should have been watching Beetles talk at Blackhat. Could have saved myself some trouble. To many damn secret projects.

Quote:

"Airsnarf: Rogue Squadron" is a proof-of-concept rogue AP firmware for the Linksys WRT54G, based on the Ewrt firmware v0.3 beta 1 by Portless Networks, which is based on the Linksys 3.01.3 codebase. With this firmware you can quickly turn a Linksys WRT54G into a rogue access point that "authenticates" users and "provides" Internet access.

08-15-2005	#1 (permalink)
renderman Drunken Stumbler Join Date: Jun 2002 Location: Anywhere but Utah Posts: 1,794	WRT54G Spoofed AP Guide For Defcon, I developed a few tricks that I hoped would give my team an edge in the wardriving contest, including an easy way to make my own Spoofed target AP's to confuse and distract other teams. It took some research, but I now have the instructions nessecary for changing the MAC on the wireless side to whatever you want! Coupled with a matching SSID you now have your own embedded 'Evil Twin' (hate that term), spoofed AP for doing whatever the hell it is you want to do. No more HostAP mode and laptops, just a small blue box, easily hidden inside a teddy bear Personally, I see potential of extending this research further and ending up with my own embedded airsnarf box, but my scripting skills suck For now, have fun with what I have posted at http://www.renderlab.net/projects/wr...54g-spoof.html As usual, questions, comments and improvements are welcome. Mod: Sticky again? __________________ Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our book: RFID Security "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables Last edited by renderman : 08-15-2005 at 02:39 PM.

08-15-2005	#3 (permalink)
streaker69 Psychic Amish Stumbler Join Date: Jul 2004 Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA Posts: 11,650	I think a good thing for you to work on would be a self charging battery powered concealed AP. You can get solar panels rather cheap now, have them power a charging circuit to some lithium ion or NIMH AA batteries. I bet you could get something to work. __________________ "One of these days, I'm going to cut you to pieces." If you're offended by this post, please feel free to report it to one of the many helpful moderators of this forum. Thank you. Last edited by streaker69 : 08-15-2005 at 02:44 PM.

08-15-2005	#4 (permalink)
renderman Drunken Stumbler Join Date: Jun 2002 Location: Anywhere but Utah Posts: 1,794	I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode. It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly? __________________ Never drink anything larger than your head! Scaramental Wine Taster for the Church Of WiFi Buy our book: RFID Security "I reject your reality, and substitute my own!" – Adam Savage CoWF WPA Hash Tables

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode