So I've been designated the task of...

Status
Not open for further replies.
H

hity645

[H]F Junkie
Joined
May 11, 2005
Messages
8,380
So I've been designated the task of trying to get into a WAP a local school is going to be setting up. Is there some tools I can download and use off my laptop? Best way to try and get around some of the basics, mac filtering and such? Basically what they want me to do is see if I can get on the network and gain access to resources/internet. It is doubtful that they will turn on encryption, but in the event they do...how would it be possible for me to get the key...either via looking at thier wireless setup screen or some sort of sniffer I can use from my laptop?

If this is in any way a bad thread, feel free to close this thread.
 
hity645 said:
So I've been designated the task of trying to get into a WAP a local school is going to be setting up. Is there some tools I can download and use off my laptop? Best way to try and get around some of the basics, mac filtering and such? Basically what they want me to do is see if I can get on the network and gain access to resources/internet. It is doubtful that they will turn on encryption, but in the event they do...how would it be possible for me to get the key...either via looking at thier wireless setup screen or some sort of sniffer I can use from my laptop?

If this is in any way a bad thread, feel free to close this thread.
Click to expand...
As long as they don't turn on WPA you're golden. Any combination of WEP, MAC filtering, and SSID non-broadcasting will be super easy to crack.

You might need a new Wi-Fi card.

All the tools you need are on the Auditor Linux Live CD from Remote Exploit and you can find guides all over the internet.
 
I'd get a waiver of liability in writing first, as is common with consultants doing pen testing. That way they can't acuse you of breaking stuff or doing things you didn't do when something goes wrong later.
 
kumquat said:
All the tools you need are on the Auditor Linux Live CD from Remote Exploit and you can find guides all over the internet.
Click to expand...

Link to download site and tutorials?
 
Oh yes and this is a $600 Cisco router he wants me to get into..
 
Google, dude. It's all right there. We're not going to do your work for you.
 
I did google none of the download links work, and on top of that I see a Buy it on CD for $1.59, which I don't really want to do.
 
why would they hire you to do something you are obviously not familiar with? :rolleyes:

"It is doubtful that they will turn on encryption" & "Oh yes and this is a $600 Cisco router he wants me to get into.." :rolleyes:

None of that makes any sense. I doubt any schools run projects that would allow HS kids to attempt breaking into schools network, but since I'm not going to be a total prick and I'll attempt to help, everything you want to do can be learned about here , http://www.irongeek.com , it's a good starting point.
 
This is a cheap school district, they don't exactly do things right. They penny-pinch where ever possible, and they hold off on updating to the newest as long as possible, basically until something breaks. And now, a teacher brought in his own access point and wireless cards, without talking to the Tech Department. This forced the Tech Dep to look into getting more secure wireless, which they didn't even want wireless in the first place. Since I've been pushing them to setup wireless, and giving them ideas they asked me to do this. All they want me to do is see if I can get into the access point, without various settings turned on, and with them turned off to help stop students from getting into it.

I found Linux Auditor, i missed the Remote Exploit part, google returned that website and I was able to download it. Only problem is it won't boot off my laptop, the video card isn't supported I think.
 
Hmm what school district in OR?

This is really shady. Like the time I was asked 'If someone wanted to hack into the schools network, how would they do it? No, I dont know how to hack, a friend just talked about it'

I used to work for the IT Dept for a School District here in Oregon. Aided in implementing there wireless, and worked for them for 2 years.
 
I'm glad I'm not the only one that read this post and thought, "Some kid wants to skirt the forum rules to get info on hacking his school's network."

Honestly, if this were a valid concern, the techs of the district would attempt to break the security themselves.
 
Its just above Portland, maybe 30 min drive. Its a really small district, thus they have no money to do stuff.
 
hity645 said:
I did google none of the download links work, and on top of that I see a Buy it on CD for $1.59, which I don't really want to do.
Click to expand...


Yeah - no money to afford the basic security I can understand ...........

....
...
..

but it's 1.59
 
Malk-a-mite said:
Yeah - no money to afford the basic security I can understand ...........

....
...
..

but it's 1.59
Click to expand...
and I finally was able to download it and burn it for about, maybe 5 cents.

DarkOne_BW said:
I'm glad I'm not the only one that read this post and thought, "Some kid wants to skirt the forum rules to get info on hacking his school's network."

Honestly, if this were a valid concern, the techs of the district would attempt to break the security themselves.
Click to expand...

I graduated last year, I could care less about getting into their network, besides Ive been "behind the scenes" and there really isn't much to get at. It is a valid concern, they just don't know how to go about getting into something they setup. Where as me, who was once a student, would try to get in.

The first 3 post were helpful, now if the rest of you are gonna continue to rag on me then I won't ask for help from a bunch of stuck up pricks again. Thanks.
 
BollWeevil said:
I'd get a waiver of liability in writing first, as is common with consultants doing pen testing. That way they can't acuse you of breaking stuff or doing things you didn't do when something goes wrong later.
Click to expand...


QFT!!!!!!!!
 
I agree with the waiver in depth, if you are going to be doing any testing from a remote location in it's also a good idea to notify the provider that you will be pen testing that IP and not to shut it down if funky traffic is noticed on it.

I forgot that second part last week...i got a nice blacklist from my ISP for 24hours on everything but port 80 and 25. total suckage.
 
hity645 said:
The first 3 post were helpful, now if the rest of you are gonna continue to rag on me then I won't ask for help from a bunch of stuck up pricks again. Thanks.
Click to expand...

Many of the people in here are network admins.
You give us a story that to the best of minds seems odd.
You request information that can be googled reasonably easily.
You complain that none of the links work, despite there being tons of links available .

Then you top if off by pouting...
So you graduated last year? Great, now is the time to grow up a little bit. If you are serious about pen-testing start reading. There is no magic program to download onto a Windows machine that will do it for you. It takes a bit of time and a bit of knowledge to do the most basic of steps.

Like *any* other forum, bulletin board, IRC channel, or email list where the topic turns to hacking the people that frequent the forum, expect (nay, demand) that you put your time in and do work for yourself.
 
You need to do some growing up your self pal or at least act mature, all I wanted was a lil help. I have no experience in secutiry shy of a firewall, thus the reason I posted here. This is just a one time thing, not like Im going to turn this into a career. All I asked was if some people used tools to do what I wanted, and all those lil links you setup, only one was what I asked in my later post for. Which if you read before your post, I said I found by searching for Remote Exploit. The reason I asked for a link was because the first 3 google pages returned sites who's download links didn't work. I asked for ONE link to ONE distro of linux that someone posted. Not TONS of links to other sites. I had no idea what they wanted me to do was callen "pen testing", so how the hell would I be able to google that?

Now I was under the impression this forum was for people to help other people out and to relate some experiences they themselves had.

I knew this was going to be bad, I just didn't know there was gonna be dick heads posting in reply.

Thanks to those who did post with Tips.
 
Closed due to OP's request [and bickering]. But now that I've read this thread it was gonna be closed due to content. While a grey area, its not a road I approve of travelling down (slippery slope and all) and the forum rules forbid the discussion of breaking into networks.
 
Status
Not open for further replies.
Back
Top