.

colubris wireless tech

<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Fri Jun 17, 2011 8:47 am

colubris wireless tech

well im trying to intercept AP signal transmitting around my home i found out with wireshark that its colubris Access point its hidden completely i can't find it via airodump or anything just wireshark ....

searched on google for while found out its the most security over wireless access points so....in real life like this im just intercepting communication between two spots the user i think and man in the middle and the access point how to connect to this access point ??

what is the next steps in this pentesting operation ...?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 17, 2011 9:14 am

Re: colubris wireless tech

If you use kismet (Linux) you should see it, typically, IF someone else attaches to it and uses it.  While SSID's aren't broadcast when they're hidden, they still HAVE to transmit in the packets, with authenticated machines / machines that KNOW about the AP, to talk to it, and kismet will then pick them up.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Fri Jun 17, 2011 10:24 am

Re: colubris wireless tech

hayabusa wrote:If you use kismet (Linux) you should see it, typically, IF someone else attaches to it and uses it.  While SSID's aren't broadcast when they're hidden, they still HAVE to transmit in the packets, with authenticated machines / machines that KNOW about the AP, to talk to it, and kismet will then pick them up.


ya buddy i know that but i believe they sending to each others in encrypted data

but the question can't i connect to any access point with just the mac ?

and what if no one appear to connected to it not in kismet at least !! ?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 17, 2011 11:11 am

Re: colubris wireless tech

You could force a deauthentication against an already authenticated client, and get the SSID that way (that's how I would get the SSID, by forcing a client to resend the SSID in an authentication packet.)  This is also how you go about speeding the process with WEP cracking, etc, as you need enough weak IV's to crack the key, and by deauth'ing attached clients, repeatedly, you force them to resend the SSID and data enough to crack it.

That way, because the client is not yet associated, fully, with the AP's encryption in play, the SSID will be transmitted in the clear, as it would anytime a new client would associate to the AP.

Edit:  To answer your last queston:

and what if no one appear to connected to it not in kismet at least !! ?

IF nobody's connected, yet, and you don't already have the SSID, you'll have to wait until someone tries to connect...
Last edited by hayabusa on Fri Jun 17, 2011 11:13 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Sat Jun 18, 2011 5:06 am

Re: colubris wireless tech

hayabusa wrote:You could force a deauthentication against an already authenticated client, and get the SSID that way (that's how I would get the SSID, by forcing a client to resend the SSID in an authentication packet.)  This is also how you go about speeding the process with WEP cracking, etc, as you need enough weak IV's to crack the key, and by deauth'ing attached clients, repeatedly, you force them to resend the SSID and data enough to crack it.

That way, because the client is not yet associated, fully, with the AP's encryption in play, the SSID will be transmitted in the clear, as it would anytime a new client would associate to the AP.

Edit:  To answer your last queston:

and what if no one appear to connected to it not in kismet at least !! ?

IF nobody's connected, yet, and you don't already have the SSID, you'll have to wait until someone tries to connect...


when im sniffing with wireshark i see communication happining with 3 sides i think with that access point but with airodunp or kismet u dont see anything how is that possible that there's some one connecting to this AP but doesn't appear on airodump  ??

and if that was encrypted video streaming ...wireshark doen't decrypt that

and check this page out to know what im trying to say and to think the way im thinking :) http://www.connect802.com/colubris.htm

thanks buddy
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sat Jun 18, 2011 8:28 pm

Re: colubris wireless tech

I'm not getting how you see it in Wireshark but not in anything else. All airodump does, is dumps all the packets that the wireless card sees. Sort of like TCPDump, but wireless.

My thoughts: Are you using the hardware that can talks the same freqs as the ap and clients? a/b/g/n? Something else?

Are you sure, since you're only seeing it in 1 packet capture device, that it's not a false positive?

are you sure it's actually the AP, and not someone's client trying to connect to an ap?

If the data is encrypted, you'll still see it transverse the air with the sniffers, you just won't be able to read it.
OSWP, Sec+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jun 18, 2011 9:16 pm

Re: colubris wireless tech

Whew...  So I'm not the only one confused by his dilemma.  We're glad to keep helping, rebrov.  But something doesn't make sense, unless we're ALL misunderstanding you...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Sun Jun 19, 2011 8:53 am

Re: colubris wireless tech

well i'll try to get more info next time to help u guys understand me more :) thanks for replying so far anyway :)
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Jun 19, 2011 5:26 pm

Re: colubris wireless tech

I'm curious, so I look forward to more info.
OSWP, Sec+
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu Oct 18, 2012 4:23 am

Re: colubris wireless tech

hey guys i know its an old thread :) but i got new info about it

ok the colubris networks if u searched google its new technology for wireless access points security purposes . when i capture it via wireshark i can get the device name and mac address ofcourse airodump getting the mac address but ...with channel 128 and changing everytime

some times i can see the channel with number 134 and if i scanned again i can see the channel 132 every time changes and some times fixed to 134 dunno wat kina of channels is this

about the ESSID its length 0 so it hidden authentication is open

no clients connected i think , i guess wireshark got that name while broadcasting its becon

i got pdf from google for colubris networks , and found its configuration and i think the only way to login to this AP via this site https://www.wifi-soft.net/wifilan/ , and if u want to login from another method would be LAN or WAN

so i think there's no access via wifi :)

any ideas ?
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Oct 18, 2012 6:32 am

Re: colubris wireless tech

I don't think you ever said, how did you first come across said signal. did it just show up?

Are you sure it's even out there, and you're not just looking at a client trying to associate with something?

Those channel numbers make no sense. that's not the wifi range.

If it is hidden there wouldn't be a broadcast beacon. It would need a client trying to connect to it.

I would, if you have the hardware and time, set up your equipment in with airodump running, and writing to a file, let it run for a few days, and then go back through all the data. Again, airodump, with your card set in promiscuous mode will see all the radio waves in use around, you which would include that access point, or it's clients.
OSWP, Sec+
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Fri Oct 19, 2012 2:36 am

Re: colubris wireless tech

chrisj wrote:I don't think you ever said, how did you first come across said signal. did it just show up?

Are you sure it's even out there, and you're not just looking at a client trying to associate with something?

Those channel numbers make no sense. that's not the wifi range.

If it is hidden there wouldn't be a broadcast beacon. It would need a client trying to connect to it.

I would, if you have the hardware and time, set up your equipment in with airodump running, and writing to a file, let it run for a few days, and then go back through all the data. Again, airodump, with your card set in promiscuous mode will see all the radio waves in use around, you which would include that access point, or it's clients.





ok you right , if its hidden then there wouldn't be any broadcast from becon , but i think i found out wat is this >>

its a surveillance cameras AP i saw it with my own eyes , searched google for a picture and it was the same , it was hanging out there beside surveillance cameras dunno about the channels , or how its hidden but i guess its a hell of a Security for AP :)

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software