WRT54G Spoof AP Guide

WRT54G Spoofed AP Guide

Postby renderman » Mon Aug 15, 2005 1:24 pm

For Defcon, I developed a few tricks that I hoped would give my team an edge in the wardriving contest, including an easy way to make my own Spoofed target AP's to confuse and distract other teams.

It took some research, but I now have the instructions nessecary for changing the MAC on the wireless side to whatever you want! Coupled with a matching SSID you now have your own embedded 'Evil Twin' (hate that term), spoofed AP for doing whatever the hell it is you want to do. No more HostAP mode and laptops, just a small blue box, easily hidden inside a teddy bear :)

Personally, I see potential of extending this research further and ending up with my own embedded airsnarf box, but my scripting skills suck :)

For now, have fun with what I have posted at http://www.renderlab.net/projects/wrt54g/wrt54g-spoof.html

As usual, questions, comments and improvements are welcome.

Mod: Sticky again?
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby Dutch » Mon Aug 15, 2005 1:39 pm

renderman wrote:Mod: Sticky again?

Done!

And just for the record : This confirms it, I'm NEVER EVER going to accept any gifts from you, without having it x-rayed, contained in a faraday cage, and exposed to the effects of an EMP weapon first.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby streaker69 » Mon Aug 15, 2005 1:41 pm

I think a good thing for you to work on would be a self charging battery powered concealed AP. You can get solar panels rather cheap now, have them power a charging circuit to some lithium ion or NIMH AA batteries. I bet you could get something to work.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby renderman » Mon Aug 15, 2005 1:48 pm

I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby Dutch » Mon Aug 15, 2005 1:50 pm

renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

I'll have a go at it. PM me with what you want me to do.

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby streaker69 » Mon Aug 15, 2005 1:51 pm

renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?


Can't help ya with the last question, but let me know if you're looking for parts to work with. I have a couple of good cheap sources for things. I found some solar panels for around $4.00 and some 2200mah NiMH AA's for $2.75 each.
Treat your gun like your genitals, only whip it out when it's absolutely necessary.
User avatar
streaker69
 
Posts: 11867
Joined: Thu Jul 08, 2004 10:09 am
Location: Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA

Postby renderman » Tue Aug 16, 2005 10:41 am

http://airsnarf.shmoo.com/rogue_squadron/index.html

Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck.

You know, I really should have been watching Beetles talk at Blackhat. Could have saved myself some trouble. To many damn secret projects.

"Airsnarf: Rogue Squadron" is a proof-of-concept rogue AP firmware for the Linksys WRT54G, based on the Ewrt firmware v0.3 beta 1 by Portless Networks, which is based on the Linksys 3.01.3 codebase. With this firmware you can quickly turn a Linksys WRT54G into a rogue access point that "authenticates" users and "provides" Internet access.
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah


Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 1 guest

cron