.

WLAN to LAN - proof of concept

<<

sixales

Newbie
Newbie

Posts: 4

Joined: Thu Feb 19, 2009 12:44 am

Post Thu Feb 19, 2009 1:01 am

WLAN to LAN - proof of concept

Any help is greatly appreciated.  I work in a metropolitan area where there is always "free wifi" ad-hoc connections trying to trick someone to connect.  We have many users on our wired corporate LAN who have wireless cards always turned on trying to connect to something

I've heard of exploits where if someone can either spoof an AP or get someone to connect to their ad-hoc connection, they can exploit the wired network adapter and the corporate LAN the laptop is wired to.

I wanted to show my boss how this can be done, but I'm new to this area and was hoping someone could point me in the right direction of a tool or tools that I can use to bridge the wireless connection to the wired network adapter and run some exploits on the corporate LAN as the laptop user.

any help is greatly appreciated. thanks
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Feb 19, 2009 10:48 am

Re: WLAN to LAN - proof of concept

Karma is probably the tool you are talking about. It is a yes-man when devices probe for an "known" AP. After the device has associated. If course while you are the AP you can monitor (and modify) the user's traffic.
http://wirelessdefence.org/Contents/KARMAMain.htm
twitter.com/timmedin | http://blog.securitywhole.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Feb 19, 2009 12:08 pm

Re: WLAN to LAN - proof of concept

Ah yes, the tool Karma, combined with Metasploit it's quite the evil tool.

Look into these few links I've gathered up for you:

http://blog.metasploit.com/2008/08/karmetasploit-wireless-fun.html

http://trac.metasploit.com/wiki/Karmetasploit

Chris Gates Demonstration of Karmetasploit:

Karmetasploit Part 1

Karmetasploit Part 2


wooh post 200!
Last edited by KrisTeason on Thu Feb 19, 2009 12:21 pm, edited 1 time in total.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Thu Feb 19, 2009 12:45 pm

Re: WLAN to LAN - proof of concept

Check out the automated exploitation feature in [kar]metasploit. It is a bit of a pain to set up but it will help automate. I this feature is only supported on *nix.

http://blog.metasploit.com/2006/09/meta ... ation.html
twitter.com/timmedin | http://blog.securitywhole.com
<<

sixales

Newbie
Newbie

Posts: 4

Joined: Thu Feb 19, 2009 12:44 am

Post Fri Feb 20, 2009 12:04 am

Re: WLAN to LAN - proof of concept

awesome, thanks so much for the posts, I really appreciate it.

bad question I know, but I'm a windows user, and don't have a linux laptop to do this stuff on.  Are there any options to do any of this with windows?
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Fri Feb 20, 2009 2:20 am

Re: WLAN to LAN - proof of concept

I haven't seen Karma for Windows? Perhaps you could grab VMWare along with the Back Track Virtual Machine and set it up from there? Or Attempt to do it off of the live cd?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

jimbob

Post Fri Feb 20, 2009 3:55 am

Re: WLAN to LAN - proof of concept

I've not seen WiFi working in VMware, has anyone tried setting this up and been able to run tools like kismet? VMware's USB support ought to mean you can attach USB WiFi devices in the VM so in theory at least you should be able to sniff from within a VMware session.

Jimbob
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Fri Feb 20, 2009 8:53 am

Re: WLAN to LAN - proof of concept

jimbob wrote:I've not seen WiFi working in VMware, has anyone tried setting this up and been able to run tools like kismet? VMware's USB support ought to mean you can attach USB WiFi devices in the VM so in theory at least you should be able to sniff from within a VMware session.

Jimbob


I have heard you can use USB WiFi from a VM, but I've never seen it.

I'd just use the BackTrack LiveCD. You can find it at http://remote-exploit.org and all you need to do is burn a cd or use a USB stick and you can boot to BackTrack. It has all the tools installed for you.
twitter.com/timmedin | http://blog.securitywhole.com
<<

sixales

Newbie
Newbie

Posts: 4

Joined: Thu Feb 19, 2009 12:44 am

Post Sun Feb 22, 2009 10:41 pm

Re: WLAN to LAN - proof of concept

thanks again.  I've got the backtrack liveCD working now.  One question though:  Once I can get the remote laptop to connect to my access ppint wirelessly, what exploit can I use to connect or to exploit their wired network adapter?

The metasploit framework has so many in there I don't know which to use or which does what.  Or are there other exploits I should be looking at?

Thanks!
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Feb 23, 2009 2:12 am

Re: WLAN to LAN - proof of concept

Not to sound like a dick but this is definitely something you need to use google for. If you don't even know what exploit does what or even what's going on in the background during launching an exploit I wouldn't even try messing with Karmetasploit; Your really starting to come off as an unethical script kiddie - asking what exploit should you use against their wired network adapter, the reason for releasing Metasploit in general is suppose to be for ethical and proper use of the tool not to use it to attempt to own 3rd party machines. If you think you can come here asking how to hack into other computer systems your in the wrong spot, we are here to help you out but only to the extent to make sure your not going down the wrong path.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

sixales

Newbie
Newbie

Posts: 4

Joined: Thu Feb 19, 2009 12:44 am

Post Tue Mar 10, 2009 1:47 pm

Re: WLAN to LAN - proof of concept

you do sound like a dick.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software