Wireless Security
Dictionary based AP probes Oct 11 2009 09:54PM
Rob Fuller (jd mubix gmail com) (3 replies)
Re: Dictionary based AP probes Oct 12 2009 02:40PM
Jon Janego (jonjanego gmail com) (1 replies)
Re: Dictionary based AP probes Oct 12 2009 05:29PM
Rob Fuller (jd mubix gmail com) (2 replies)
Re: Dictionary based AP probes Oct 12 2009 10:43PM
Carl Vincent (carl vincent hypermediasystems com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well im not sure if you were asking specificity to network level attacks
(longing into the ap management console itself) or encryption cracking
but the cow patty tables are pretty much the standard for wpa attacks as
far as I know (worked for me in the past). As for deauth attacks and
such, I know at least SOME of this is built into the aircrack-ng tool
suites.

Rob Fuller wrote:
> Thanks everyone who has responded, I will definitely be checking out
> MDK3 in the not so distant future. I do have one question though, a
> bunch of you have said that doing this isn't really useful or
> practical. I'm wondering why? If I'm doing a PenTest when there isn't
> any hosts connected to the client's wifi AP and it's 'cloaked', I
> could be missing an attack vector. I'm probably missing something so
> please let me know if I've overlooked something.
>
> --
> Rob Fuller | Mubix
> Room362.com | Hak5.org | TheAcademyPro.com
>
>
>
> On Mon, Oct 12, 2009 at 10:40 AM, Jon Janego <jonjanego (at) gmail (dot) com [email concealed]> wrote:
>> As Mike Kershaw said, it's not terribly practical, but there is indeed
>> a tool that will do it - MDK has an option that will do this for you.
>> See the writeup here:
>>
>> http://forums.remote-exploit.org/backtrack3-howtos/15854-how-bruteforce-
hidden-essid-using-mdk3.html
>>
>> It relies on a good dictionary file and a lot of patience..
>>
>> Basically it will just probe the ESSID with the network name from the
>> dictionary file and try and get a response.
>>
>> On Sun, Oct 11, 2009 at 4:54 PM, Rob Fuller <jd.mubix (at) gmail (dot) com [email concealed]> wrote:
>>> I don't know enough about the inner workings of 802.11 to know if this
>>> would work, but is there a tool out there that will do a dictionary
>>> attack on a non broadcasting AP by sending out probes?
>>>
>>> --
>>> Rob Fuller | Mubix
>>> Room362.com | Hak5.org | TheAcademyPro.com
>>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJK07D1AAoJELwKf/yr2hWtF4YQAK4y0Ll8Pksk02AS9cz8Li2Z
jINNDWOnEXr/ZhQylgfwpaJ1ehP2wwa7rl9L/oHXpJJP6qyZ5jEHKU2cou2pQwzv
Kj7JTtB2NDv9OqNw5u59lFDJvLKbYuxIvfrAUmTS0bLTkW328WMCZjwCw1qeIq4t
SLwGJOxTJyt//zc3s1aPGU1lF/ETYnxMjuO7rGeR38wnUb0CLYMC3cKhsWU+Ehea
diag7CR+161rAg8Hqnh+aLqZbQhaV7fbupWjgp/PromLwUYMEl/B+jc7HtGcJmE9
zIlf+0HmAkSgIfFYAoqYcSWrwaSoeZJy7JMrabmrnRipiHfvW7tYpmzgf0RUcCTb
ujUxdd+gf5A6tauETCK+F38QGyrZYlolWX7VOaFWdeY005gP1KxlhGzgLptBr9b7
r/sqRs5ZA2swi/GX7C2x8UlfDNcvlQjroEWq3gLifcL5YqYf7vzP0Q8FkoVXYtGk
J1kKtZgzJ2wMT0WS7tSTylMG0DhxA83URhWbLJTqyeAVW9XojFY+ilsx5glKMxxc
4c6YoFI0fz8cHMqamMwiypehzMWCnAuChsrHU+ZRAgrdF5Y10TKKgcLolvygdxnl
cEkt4193VHl8kIuZgl+UKn+4U+2+ggJD3y4UntN2qga05vJHTjBUu0lcMK6t6aZV
r7wEH39IBd+Bx4sAG6vm
=W4JT
-----END PGP SIGNATURE-----

[ reply ]
Re: Dictionary based AP probes Oct 12 2009 09:22PM
Mike Kershaw (dragorn kismetwireless net) (1 replies)
Re: Dictionary based AP probes Oct 12 2009 10:38PM
Rob Fuller (jd mubix gmail com)
Re: Dictionary based AP probes Oct 12 2009 08:10AM
Robin Wood (dninja gmail com) (1 replies)
Re: Dictionary based AP probes Oct 12 2009 02:34PM
Joshua Wright (jwright hasborg com)
Re: Dictionary based AP probes Oct 12 2009 04:37AM
Mike Kershaw (dragorn kismetwireless net)


 

Privacy Statement
Copyright 2010, SecurityFocus