Question on wireless pen testing

Viewing 15 reply threads
  • Author
    Posts
    • #7497
      Deadpool614
      Participant

      So a co-worker of mine gave me permission to try to crack his wireless network until my router gets here. so Far I’ve found his SSID (had it hidden) and thought it would be cake because his network was open. I spoofed his MAC and tried to connect and I wasn’t able to. I ran a deauth and still no connection. I’m not sure what I’m missing here. As far as my knowledge goes he’s running an open wifi with MAC filtering. I’m fairly sure he’s using a dynamic IP config.

      Does anyone have any ideas as to what could be holding me up?

    • #46752
      hurtl0cker
      Participant

      Password profiling tools like WYD, CUPP will help creating a custom password list against a target.

      http://kaoticcreations.blogspot.com/2011/06/wordlists-password-profiling-with.html

    • #46753
      Deadpool614
      Participant

      I’m pretty sure he’s not using a password but I won’t rule it out. His network is open I just can’t connect to him even while spoofing a client MAC.

    • #46754
      DragonGorge
      Participant

      Could signal strength be an issue?

    • #46755
      Deadpool614
      Participant

      I had a fairly good signal, around -31db. I was only about 30-40m away from his AP.

    • #46756
      DragonGorge
      Participant

      Are you running airodump-ng? That should tell you if he’s using WEP, WPA, OPEN…whatever.

    • #46757
      WCNA
      Participant

      I agree with Dragon. You need to study the legitimate traffic to see what works. Capture the traffic. Packets don’t lie.

    • #46758
      Deadpool614
      Participant

      Yes, I ran airodump-ng and filtered it by channel. It comes up as an open network on there. I tried to connect via Wcid as well as using the command line, neither has worked yet. I may go try it again today but I wasn’t having much luck. I’m not sure if he even knows why I can’t connect. He got the wireless router from a Polish soldier he replaced when he got here.

    • #46759
      DragonGorge
      Participant

      It might be some incompatibility with your card (Alfa?) and his router? I have an Alfa and while it can see both 2.4 and 5 ghz bands of my dual band router it cannot connect to the 5 ghz band. Maybe his router is using N and your Alfa is b/g only?

      The way I see it, if his router is open, i.e no wep/wpa/wpa2, then you should be able to connect with any wireless laptop (providing it’s compatible). Try a different wifi card.

    • #46760
      hayabusa
      Participant

      Something I’ve seen, working with Linux connecting to some AP’s…

      Check the adapter’s wireless preamble settings, if you can.  Sometimes if it’s set a certain way, on some cards, they don’t like to connect, especially if using DHCP, and when dealing with ‘normally’ hidden / non-broadcast SSID’s.

      Used to give me fits, a lot, before I figured that out.

    • #46761
      Deadpool614
      Participant

      DragonGorge: I’ve tried using both my internal (Atheros Ath9k) and a Rosewill USB card with no success.

      Hayabusa: I didn’t think to check that, I’ll have to give it a look. You may have solved my million dollar question lol.

    • #46762
      WCNA
      Participant

      In your study of the legitimate wireless traffic, was it using dhcp? If he’s trying to lock you out, it’s possible that he’s using dhcp and is only allowing a dhcp range of one address. The packet capture should give you a clear idea of why you can’t connect.

    • #46763
      jinwald12
      Participant

      or he may have static IPs and have no DHCP what so ever

    • #46764
      kerpap
      Participant

      I agree about the IP thing.
      the router may not issue a new IP address which is why you cant connect. most of the time 192.168.1.0/24 is the network range. try social engineering his ip address from him then use that.

      or guess and check. start with .1, .2 etc..

      in wcid you can add your own IP address. this has worked for me in the past.

    • #46765
      cyber.spirit
      Participant

      I think you have problem with wireless signal because the network sounds open.

    • #46766
      jinwald12
      Participant

      if he had a problem with the signal he would not be able to tell it was open let alone know the network existed if he can identify the encryption (or lack there of) then chances are he is getting a good enough signal to pick up whole packets

Viewing 15 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?