.

Question on wireless pen testing

<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Fri Apr 06, 2012 2:54 am

Question on wireless pen testing

So a co-worker of mine gave me permission to try to crack his wireless network until my router gets here. so Far I've found his SSID (had it hidden) and thought it would be cake because his network was open. I spoofed his MAC and tried to connect and I wasn't able to. I ran a deauth and still no connection. I'm not sure what I'm missing here. As far as my knowledge goes he's running an open wifi with MAC filtering. I'm fairly sure he's using a dynamic IP config.

Does anyone have any ideas as to what could be holding me up?
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

hurtl0cker

User avatar

Jr. Member
Jr. Member

Posts: 73

Joined: Thu Nov 18, 2010 10:09 am

Location: WWW

Post Fri Apr 06, 2012 7:06 am

Re: Question on wireless pen testing

Password profiling tools like WYD, CUPP will help creating a custom password list against a target.

http://kaoticcreations.blogspot.com/201 ... -with.html
Last edited by hurtl0cker on Fri Apr 06, 2012 7:20 am, edited 1 time in total.
“Knowing is not enough; we must apply. Willing is not enough: we must do.”
- Bruce Lee
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Fri Apr 06, 2012 7:40 am

Re: Question on wireless pen testing

I'm pretty sure he's not using a password but I won't rule it out. His network is open I just can't connect to him even while spoofing a client MAC.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Fri Apr 06, 2012 3:20 pm

Re: Question on wireless pen testing

Could signal strength be an issue?
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Fri Apr 06, 2012 3:34 pm

Re: Question on wireless pen testing

I had a fairly good signal, around -31db. I was only about 30-40m away from his AP.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Fri Apr 06, 2012 4:49 pm

Re: Question on wireless pen testing

Are you running airodump-ng? That should tell you if he's using WEP, WPA, OPEN...whatever.
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Fri Apr 06, 2012 6:20 pm

Re: Question on wireless pen testing

I agree with Dragon. You need to study the legitimate traffic to see what works. Capture the traffic. Packets don't lie.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Sat Apr 07, 2012 12:04 am

Re: Question on wireless pen testing

Yes, I ran airodump-ng and filtered it by channel. It comes up as an open network on there. I tried to connect via Wcid as well as using the command line, neither has worked yet. I may go try it again today but I wasn't having much luck. I'm not sure if he even knows why I can't connect. He got the wireless router from a Polish soldier he replaced when he got here.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Sat Apr 07, 2012 4:12 pm

Re: Question on wireless pen testing

It might be some incompatibility with your card (Alfa?) and his router? I have an Alfa and while it can see both 2.4 and 5 ghz bands of my dual band router it cannot connect to the 5 ghz band. Maybe his router is using N and your Alfa is b/g only?

The way I see it, if his router is open, i.e no wep/wpa/wpa2, then you should be able to connect with any wireless laptop (providing it's compatible). Try a different wifi card.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Apr 07, 2012 5:58 pm

Re: Question on wireless pen testing

Something I've seen, working with Linux connecting to some AP's...

Check the adapter's wireless preamble settings, if you can.  Sometimes if it's set a certain way, on some cards, they don't like to connect, especially if using DHCP, and when dealing with 'normally' hidden / non-broadcast SSID's.

Used to give me fits, a lot, before I figured that out.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Sat Apr 07, 2012 8:15 pm

Re: Question on wireless pen testing

DragonGorge: I've tried using both my internal (Atheros Ath9k) and a Rosewill USB card with no success.

Hayabusa: I didn't think to check that, I'll have to give it a look. You may have solved my million dollar question lol.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Mon Apr 23, 2012 7:38 pm

Re: Question on wireless pen testing

In your study of the legitimate wireless traffic, was it using dhcp? If he's trying to lock you out, it's possible that he's using dhcp and is only allowing a dhcp range of one address. The packet capture should give you a clear idea of why you can't connect.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

jinwald12

User avatar

Jr. Member
Jr. Member

Posts: 77

Joined: Thu Nov 05, 2009 5:42 pm

Post Sat Apr 28, 2012 12:38 pm

Re: Question on wireless pen testing

or he may have static IPs and have no DHCP what so ever
where did all the fun go?
<<

kerpap

User avatar

Newbie
Newbie

Posts: 8

Joined: Tue Jul 08, 2008 2:55 pm

Post Fri Jun 15, 2012 5:04 am

Re: Question on wireless pen testing

I agree about the IP thing.
the router may not issue a new IP address which is why you cant connect. most of the time 192.168.1.0/24 is the network range. try social engineering his ip address from him then use that.

or guess and check. start with .1, .2 etc..

in wcid you can add your own IP address. this has worked for me in the past.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Jun 17, 2012 12:43 pm

Re: Question on wireless pen testing

I think you have problem with wireless signal because the network sounds open.
ICS Academy Network Security Certified
Next

Return to Wireless

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software