Page 1 of 1

WRT54G Spoofed AP Guide

PostPosted: Mon Aug 15, 2005 1:24 pm
by renderman
For Defcon, I developed a few tricks that I hoped would give my team an edge in the wardriving contest, including an easy way to make my own Spoofed target AP's to confuse and distract other teams.

It took some research, but I now have the instructions nessecary for changing the MAC on the wireless side to whatever you want! Coupled with a matching SSID you now have your own embedded 'Evil Twin' (hate that term), spoofed AP for doing whatever the hell it is you want to do. No more HostAP mode and laptops, just a small blue box, easily hidden inside a teddy bear :)

Personally, I see potential of extending this research further and ending up with my own embedded airsnarf box, but my scripting skills suck :)

For now, have fun with what I have posted at http://www.renderlab.net/projects/wrt54g/wrt54g-spoof.html

As usual, questions, comments and improvements are welcome.

Mod: Sticky again?

PostPosted: Mon Aug 15, 2005 1:39 pm
by Dutch
renderman wrote:Mod: Sticky again?

Done!

And just for the record : This confirms it, I'm NEVER EVER going to accept any gifts from you, without having it x-rayed, contained in a faraday cage, and exposed to the effects of an EMP weapon first.

Dutch

PostPosted: Mon Aug 15, 2005 1:41 pm
by streaker69
I think a good thing for you to work on would be a self charging battery powered concealed AP. You can get solar panels rather cheap now, have them power a charging circuit to some lithium ion or NIMH AA batteries. I bet you could get something to work.

PostPosted: Mon Aug 15, 2005 1:48 pm
by renderman
I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

PostPosted: Mon Aug 15, 2005 1:50 pm
by Dutch
renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?

I'll have a go at it. PM me with what you want me to do.

Dutch

PostPosted: Mon Aug 15, 2005 1:51 pm
by streaker69
renderman wrote:I had the ones at Defcon wired up to some rechargeable 2.3ah lead acid batteries. Ran for at least 7 hours in full AP mode.

It would'nt be a stretch to throw in a charging circuit and some solar panels, however, my post Defcon budget is <$0 as I spent way to much money down there and I need to pull some major overtime to cover the bills that piled up while I was away, so no hardware purchases for a while. Fortunatly the vegetable crisper is still full of Guiness

On another note, anyone care to help get a thttp server to capture logins ala airsnarf and really make this deadly?


Can't help ya with the last question, but let me know if you're looking for parts to work with. I have a couple of good cheap sources for things. I found some solar panels for around $4.00 and some 2200mah NiMH AA's for $2.75 each.

PostPosted: Tue Aug 16, 2005 10:41 am
by renderman
http://airsnarf.shmoo.com/rogue_squadron/index.html

Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck, Fuck.

You know, I really should have been watching Beetles talk at Blackhat. Could have saved myself some trouble. To many damn secret projects.

"Airsnarf: Rogue Squadron" is a proof-of-concept rogue AP firmware for the Linksys WRT54G, based on the Ewrt firmware v0.3 beta 1 by Portless Networks, which is based on the Linksys 3.01.3 codebase. With this firmware you can quickly turn a Linksys WRT54G into a rogue access point that "authenticates" users and "provides" Internet access.