NetStumbler.org Forums

For Defcon, I developed a few tricks that I hoped would give my team an edge in the wardriving contest, including an easy way to make my own Spoofed target AP's to confuse and distract other teams.

It took some research, but I now have the instructions nessecary for changing the MAC on the wireless side to whatever you want! Coupled with a matching SSID you now have your own embedded 'Evil Twin' (hate that term), spoofed AP for doing whatever the hell it is you want to do. No more HostAP mode and laptops, just a small blue box, easily hidden inside a teddy bear

Personally, I see potential of extending this research further and ending up with my own embedded airsnarf box, but my scripting skills suck

For now, have fun with what I have posted at http://www.renderlab.net/projects/wrt54g/wrt54g-spoof.html

As usual, questions, comments and improvements are welcome.

Mod: Sticky again?

renderman wrote:Mod: Sticky again?

Done!

And just for the record : This confirms it, I'm NEVER EVER going to accept any gifts from you, without having it x-rayed, contained in a faraday cage, and exposed to the effects of an EMP weapon first.

Dutch

I think a good thing for you to work on would be a self charging battery powered concealed AP. You can get solar panels rather cheap now, have them power a charging circuit to some lithium ion or NIMH AA batteries. I bet you could get something to work.

I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

I'll have a go at it. PM me with what you want me to do.

Dutch

renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

Can't help ya with the last question, but let me know if you're looking for parts to work with. I have a couple of good cheap sources for things. I found some solar panels for around $4.00 and some 2200mah NiMH AA's for $2.75 each.

http://airsnarf.shmoo.com/rogue_squadron/index.html

Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck.

You know, I really should have been watching Beetles talk at Blackhat. Could have saved myself some trouble. To many damn secret projects.

"Airsnarf: Rogue Squadron" is a proof-of-concept rogue AP firmware for the Linksys WRT54G, based on the Ewrt firmware v0.3 beta 1 by Portless Networks, which is based on the Linksys 3.01.3 codebase. With this firmware you can quickly turn a Linksys WRT54G into a rogue access point that "authenticates" users and "provides" Internet access.